01: package org.apache.turbine.modules.screens;
02:
03: /*
04: * Licensed to the Apache Software Foundation (ASF) under one
05: * or more contributor license agreements. See the NOTICE file
06: * distributed with this work for additional information
07: * regarding copyright ownership. The ASF licenses this file
08: * to you under the Apache License, Version 2.0 (the
09: * "License"); you may not use this file except in compliance
10: * with the License. You may obtain a copy of the License at
11: *
12: * http://www.apache.org/licenses/LICENSE-2.0
13: *
14: * Unless required by applicable law or agreed to in writing,
15: * software distributed under the License is distributed on an
16: * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17: * KIND, either express or implied. See the License for the
18: * specific language governing permissions and limitations
19: * under the License.
20: */
21:
22: import org.apache.turbine.services.velocity.TurbineVelocity;
23: import org.apache.turbine.util.RunData;
24:
25: import org.apache.velocity.context.Context;
26:
27: /**
28: * VelocitySecureScreen
29: *
30: * Always performs a Security Check that you've defined before
31: * executing the doBuildTemplate(). You should extend this class and
32: * add the specific security check needed. If you have a number of
33: * screens that need to perform the same check, you could make a base
34: * screen by extending this class and implementing the isAuthorized().
35: * Then each screen that needs to perform the same check could extend
36: * your base screen.
37: *
38: * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
39: * @version $Id: VelocitySecureScreen.java 536036 2007-05-08 00:44:53Z seade $
40: */
41: public abstract class VelocitySecureScreen extends VelocityScreen {
42: /**
43: * Implement this to add information to the context.
44: *
45: * @param data Turbine information.
46: * @param context Context for web pages.
47: * @exception Exception, a generic exception.
48: */
49: protected abstract void doBuildTemplate(RunData data,
50: Context context) throws Exception;
51:
52: /**
53: * This method overrides the method in VelocityScreen to
54: * perform a security check first.
55: *
56: * @param data Turbine information.
57: * @exception Exception, a generic exception.
58: */
59: protected void doBuildTemplate(RunData data) throws Exception {
60: if (isAuthorized(data)) {
61: doBuildTemplate(data, TurbineVelocity.getContext(data));
62: }
63: }
64:
65: /**
66: * Implement this method to perform the security check needed.
67: * You should set the template in this method that you want the
68: * user to be sent to if they're unauthorized.
69: *
70: * @param data Turbine information.
71: * @return True if the user is authorized to access the screen.
72: * @exception Exception, a generic exception.
73: */
74: protected abstract boolean isAuthorized(RunData data)
75: throws Exception;
76: }
|