1 package org.apache.turbine.modules.screens; 2 3 /* 4 * Licensed to the Apache Software Foundation (ASF) under one 5 * or more contributor license agreements. See the NOTICE file 6 * distributed with this work for additional information 7 * regarding copyright ownership. The ASF licenses this file 8 * to you under the Apache License, Version 2.0 (the 9 * "License"); you may not use this file except in compliance 10 * with the License. You may obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, 15 * software distributed under the License is distributed on an 16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 17 * KIND, either express or implied. See the License for the 18 * specific language governing permissions and limitations 19 * under the License. 20 */ 21 22 23 import org.apache.turbine.pipeline.PipelineData; 24 import org.apache.velocity.context.Context; 25 26 /** 27 * VelocitySecureScreen 28 * 29 * Always performs a Security Check that you've defined before 30 * executing the doBuildTemplate(). You should extend this class and 31 * add the specific security check needed. If you have a number of 32 * screens that need to perform the same check, you could make a base 33 * screen by extending this class and implementing the isAuthorized(). 34 * Then each screen that needs to perform the same check could extend 35 * your base screen. 36 * 37 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a> 38 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a> 39 * @version $Id: VelocitySecureScreen.java 1773378 2016-12-09 13:19:59Z tv $ 40 */ 41 public abstract class VelocitySecureScreen 42 extends VelocityScreen 43 { 44 /** 45 * Implement this to add information to the context. 46 * 47 * @param pipelineData Turbine information. 48 * @param context Context for web pages. 49 * @throws Exception a generic exception. 50 */ 51 @Override 52 protected abstract void doBuildTemplate(PipelineData pipelineData, 53 Context context) 54 throws Exception; 55 56 /** 57 * This method overrides the method in VelocityScreen to 58 * perform a security check first. 59 * 60 * @param pipelineData Turbine information. 61 * @throws Exception a generic exception. 62 */ 63 @Override 64 protected void doBuildTemplate(PipelineData pipelineData) 65 throws Exception 66 { 67 if (isAuthorized(pipelineData)) 68 { 69 doBuildTemplate(pipelineData, velocity.getContext(pipelineData)); 70 } 71 } 72 73 /** 74 * Implement this method to perform the security check needed. 75 * You should set the template in this method that you want the 76 * user to be sent to if they're unauthorized. See the 77 * VelocitySecurityCheck utility. 78 * 79 * @param pipelineData Turbine information. 80 * @return True if the user is authorized to access the screen. 81 * @throws Exception a generic exception. 82 */ 83 protected abstract boolean isAuthorized(PipelineData pipelineData) 84 throws Exception; 85 }