1 package org.apache.turbine.modules.screens;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 import org.apache.turbine.modules.screens.JSONScreen;
23 import org.apache.turbine.util.RunData;
24
25 /***
26 * An extension to JSONScreen that performs a Security Check before invoking
27 * doBuildTemplate(). You should extend this class and add the specific
28 * security check needed. If you have a number of screens that need to perform
29 * the same check, you could make a base screen by extending this class and
30 * implementing the isAuthorized(). Then each screen that needs to perform the
31 * same check could extend your base screen.
32 *
33 * <p>Typically you would extend this class and override the doOutput() method
34 * to use TurbineJsonRpc to register the POJOs that will provide the functions
35 * you are making available via JSON-RPC. Use JSONScreen if you <p>do not</b>
36 * need the user to be logged in prior to executing the functions you provide.
37 *
38 * <p>Here is an example from a superclass:
39 * <code>
40 * public void doOutput(RunData data) throws Exception
41 * {
42 * User user = data.getUser();
43 *
44 * MySecureJsonFunctions myFunctions
45 * = new MySecureJsonFunctions(user.getName());
46 *
47 * // Session specific
48 * TurbineJsonRpc.registerObject(data.getSession(), "myFunctions", myFunctions);
49 *
50 * // Global
51 * //TurbineJsonRpc.registerObjectGlobal("testGlobal", testObject);
52 *
53 * super.doOutput(data);
54 * }
55 * </code>
56 *
57 * <p>The class MyFunctions would be something like:
58 * <code>
59 * public class MySecureJsonFunctions
60 * {
61 * private final String name;
62 *
63 * public MySecureJsonFunctions(String name)
64 * {
65 * this.name = name;
66 * }
67 *
68 * private String getName(String clientParameter)
69 * {
70 * return "Client " + clientParameter + " says Hello World to " + name;
71 * }
72 * }
73 * </code>
74 *
75 * @author <a href="mailto:seade@policypoint.net">Scott Eade</a>
76 * @version $Id$
77 */
78 public abstract class JSONSecureScreen extends JSONScreen
79 {
80 /***
81 * This method overrides the method in JSONScreen to perform a security
82 * check prior to producing the output.
83 *
84 * @param data Turbine information.
85 * @exception Exception, a generic exception.
86 */
87 protected void doOutput(RunData data) throws Exception
88 {
89 if (isAuthorized(data))
90 {
91 super.doOutput(data);
92 }
93 }
94
95 /***
96 * Override this method to perform the necessary security checks.
97 *
98 * @param data Turbine information.
99 * @return <code>true</code> if the user is authorized to access the screen.
100 * @exception Exception A generic exception.
101 */
102 protected abstract boolean isAuthorized(RunData data)
103 throws Exception;
104 }