Coverage Report - org.apache.turbine.modules.screens.JSONSecureScreen
 
Classes in this File Line Coverage Branch Coverage Complexity
JSONSecureScreen
0%
0/4
0%
0/2
1,5
 
 1  
 package org.apache.turbine.modules.screens;
 2  
 
 3  
 /*
 4  
  * Licensed to the Apache Software Foundation (ASF) under one
 5  
  * or more contributor license agreements.  See the NOTICE file
 6  
  * distributed with this work for additional information
 7  
  * regarding copyright ownership.  The ASF licenses this file
 8  
  * to you under the Apache License, Version 2.0 (the
 9  
  * "License"); you may not use this file except in compliance
 10  
  * with the License.  You may obtain a copy of the License at
 11  
  *
 12  
  *   http://www.apache.org/licenses/LICENSE-2.0
 13  
  *
 14  
  * Unless required by applicable law or agreed to in writing,
 15  
  * software distributed under the License is distributed on an
 16  
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 17  
  * KIND, either express or implied.  See the License for the
 18  
  * specific language governing permissions and limitations
 19  
  * under the License.
 20  
  */
 21  
 
 22  
 import org.apache.turbine.pipeline.PipelineData;
 23  
 
 24  
 /**
 25  
  * An extension to JSONScreen that performs a Security Check before invoking
 26  
  * doBuildTemplate().  You should extend this class and add the specific
 27  
  * security check needed.  If you have a number of screens that need to perform
 28  
  * the same check, you could make a base screen by extending this class and
 29  
  * implementing the isAuthorized().  Then each screen that needs to perform the
 30  
  * same check could extend your base screen.
 31  
  *
 32  
  * <p>Typically you would extend this class and override the doOutput() method
 33  
  * to use TurbineJsonRpc to register the POJOs that will provide the functions
 34  
  * you are making available via JSON-RPC.  Use JSONScreen if you <b>do not</b>
 35  
  * need the user to be logged in prior to executing the functions you provide.</p>
 36  
  *
 37  
  * <p>Here is an example from a superclass:
 38  
  * <code>
 39  
  * public void doOutput(PipelineData data) throws Exception
 40  
  * {
 41  
  *     User user = data.getUser();
 42  
  *
 43  
  *     MySecureJsonFunctions myFunctions
 44  
  *             = new MySecureJsonFunctions(user.getName());
 45  
  *
 46  
  *     // Session specific
 47  
  *     TurbineJsonRpc.registerObject(data.getSession(), "myFunctions", myFunctions);
 48  
  *
 49  
  *     // Global
 50  
  *     //TurbineJsonRpc.registerObjectGlobal("testGlobal", testObject);
 51  
  *
 52  
  *     super.doOutput(data);
 53  
  * }
 54  
  * </code></p>
 55  
  *
 56  
  * <p>The class MyFunctions would be something like:
 57  
  * <code>
 58  
  * public class MySecureJsonFunctions
 59  
  * {
 60  
  *     private final String name;
 61  
  *
 62  
  *     public MySecureJsonFunctions(String name)
 63  
  *     {
 64  
  *         this.name = name;
 65  
  *     }
 66  
  *
 67  
  *     private String getName(String clientParameter)
 68  
  *     {
 69  
  *         return "Client " + clientParameter + " says Hello World to " + name;
 70  
  *     }
 71  
  * }
 72  
  * </code></p>
 73  
  *
 74  
  * @author <a href="mailto:seade@policypoint.net">Scott Eade</a>
 75  
  * @version $Id: JSONSecureScreen.java 1773378 2016-12-09 13:19:59Z tv $
 76  
  */
 77  0
 public abstract class JSONSecureScreen extends JSONScreen
 78  
 {
 79  
     /**
 80  
      * This method overrides the method in JSONScreen to perform a security
 81  
      * check prior to producing the output.
 82  
      *
 83  
      * @param pipelineData Turbine information.
 84  
      * @throws Exception a generic exception.
 85  
      */
 86  
     @Override
 87  
     protected void doOutput(PipelineData pipelineData) throws Exception
 88  
     {
 89  0
         if (isAuthorized(pipelineData))
 90  
         {
 91  0
             super.doOutput(pipelineData);
 92  
         }
 93  0
     }
 94  
 
 95  
     /**
 96  
      * Override this method to perform the necessary security checks.
 97  
      *
 98  
      * @param pipelineData Turbine information.
 99  
      * @return <code>true</code> if the user is authorized to access the screen.
 100  
      * @throws Exception A generic exception.
 101  
      */
 102  
     protected abstract boolean isAuthorized(PipelineData pipelineData)
 103  
             throws Exception;
 104  
 }