1 package org.apache.turbine.modules.actions; 2 3 /* 4 * Licensed to the Apache Software Foundation (ASF) under one 5 * or more contributor license agreements. See the NOTICE file 6 * distributed with this work for additional information 7 * regarding copyright ownership. The ASF licenses this file 8 * to you under the Apache License, Version 2.0 (the 9 * "License"); you may not use this file except in compliance 10 * with the License. You may obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, 15 * software distributed under the License is distributed on an 16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 17 * KIND, either express or implied. See the License for the 18 * specific language governing permissions and limitations 19 * under the License. 20 */ 21 22 23 import org.apache.turbine.pipeline.PipelineData; 24 25 /** 26 * VelocitySecure action. 27 * 28 * Always performs a Security Check that you've defined before 29 * executing the doPerform(). You should extend this class and 30 * add the specific security check needed. If you have a number of 31 * actions that need to perform the same check, you could make a base 32 * action by extending this class and implementing the isAuthorized(). 33 * Then each action that needs to perform the same check could extend 34 * your base action. 35 * 36 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a> 37 * @author <a href="mailto:jon@latchkey.com">Jon S. Stevens</a> 38 * @author <a href="mailto:jvanzyl@periapt.com">Jason van Zyl</a> 39 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a> 40 * @version $Id: VelocitySecureAction.java 1854786 2019-03-04 18:29:18Z tv $ 41 */ 42 public abstract class VelocitySecureAction extends VelocityAction 43 { 44 /** 45 * This method overrides the method in VelocityAction to 46 * perform a security check first. 47 * 48 * @param pipelineData Turbine information. 49 * @throws Exception a generic exception. 50 */ 51 @Override 52 public void perform(PipelineData pipelineData) throws Exception 53 { 54 if (isAuthorized(pipelineData)) 55 { 56 super.perform(pipelineData); 57 } 58 } 59 60 /** 61 * Implement this method to perform the security check needed. 62 * You should set the template in this method that you want the 63 * user to be sent to if they're unauthorized. 64 * 65 * @param pipelineData Turbine information. 66 * @return True if the user is authorized to access the screen. 67 * @throws Exception a generic exception. 68 */ 69 protected abstract boolean isAuthorized(PipelineData pipelineData) throws Exception; 70 }