Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
JSONSecureScreen |
|
| 1.5;1,5 |
1 | package org.apache.turbine.modules.screens; | |
2 | ||
3 | /* | |
4 | * Licensed to the Apache Software Foundation (ASF) under one | |
5 | * or more contributor license agreements. See the NOTICE file | |
6 | * distributed with this work for additional information | |
7 | * regarding copyright ownership. The ASF licenses this file | |
8 | * to you under the Apache License, Version 2.0 (the | |
9 | * "License"); you may not use this file except in compliance | |
10 | * with the License. You may obtain a copy of the License at | |
11 | * | |
12 | * http://www.apache.org/licenses/LICENSE-2.0 | |
13 | * | |
14 | * Unless required by applicable law or agreed to in writing, | |
15 | * software distributed under the License is distributed on an | |
16 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
17 | * KIND, either express or implied. See the License for the | |
18 | * specific language governing permissions and limitations | |
19 | * under the License. | |
20 | */ | |
21 | ||
22 | import org.apache.turbine.pipeline.PipelineData; | |
23 | ||
24 | /** | |
25 | * An extension to JSONScreen that performs a Security Check before invoking | |
26 | * doBuildTemplate(). You should extend this class and add the specific | |
27 | * security check needed. If you have a number of screens that need to perform | |
28 | * the same check, you could make a base screen by extending this class and | |
29 | * implementing the isAuthorized(). Then each screen that needs to perform the | |
30 | * same check could extend your base screen. | |
31 | * | |
32 | * <p>Typically you would extend this class and override the doOutput() method | |
33 | * to use TurbineJsonRpc to register the POJOs that will provide the functions | |
34 | * you are making available via JSON-RPC. Use JSONScreen if you <b>do not</b> | |
35 | * need the user to be logged in prior to executing the functions you provide.</p> | |
36 | * | |
37 | * <p>Here is an example from a superclass: | |
38 | * <code> | |
39 | * public void doOutput(PipelineData data) throws Exception | |
40 | * { | |
41 | * User user = data.getUser(); | |
42 | * | |
43 | * MySecureJsonFunctions myFunctions | |
44 | * = new MySecureJsonFunctions(user.getName()); | |
45 | * | |
46 | * // Session specific | |
47 | * TurbineJsonRpc.registerObject(data.getSession(), "myFunctions", myFunctions); | |
48 | * | |
49 | * // Global | |
50 | * //TurbineJsonRpc.registerObjectGlobal("testGlobal", testObject); | |
51 | * | |
52 | * super.doOutput(data); | |
53 | * } | |
54 | * </code></p> | |
55 | * | |
56 | * <p>The class MyFunctions would be something like: | |
57 | * <code> | |
58 | * public class MySecureJsonFunctions | |
59 | * { | |
60 | * private final String name; | |
61 | * | |
62 | * public MySecureJsonFunctions(String name) | |
63 | * { | |
64 | * this.name = name; | |
65 | * } | |
66 | * | |
67 | * private String getName(String clientParameter) | |
68 | * { | |
69 | * return "Client " + clientParameter + " says Hello World to " + name; | |
70 | * } | |
71 | * } | |
72 | * </code></p> | |
73 | * | |
74 | * @author <a href="mailto:seade@policypoint.net">Scott Eade</a> | |
75 | * @version $Id: JSONSecureScreen.java 1773378 2016-12-09 13:19:59Z tv $ | |
76 | */ | |
77 | 0 | public abstract class JSONSecureScreen extends JSONScreen |
78 | { | |
79 | /** | |
80 | * This method overrides the method in JSONScreen to perform a security | |
81 | * check prior to producing the output. | |
82 | * | |
83 | * @param pipelineData Turbine information. | |
84 | * @throws Exception a generic exception. | |
85 | */ | |
86 | @Override | |
87 | protected void doOutput(PipelineData pipelineData) throws Exception | |
88 | { | |
89 | 0 | if (isAuthorized(pipelineData)) |
90 | { | |
91 | 0 | super.doOutput(pipelineData); |
92 | } | |
93 | 0 | } |
94 | ||
95 | /** | |
96 | * Override this method to perform the necessary security checks. | |
97 | * | |
98 | * @param pipelineData Turbine information. | |
99 | * @return <code>true</code> if the user is authorized to access the screen. | |
100 | * @throws Exception A generic exception. | |
101 | */ | |
102 | protected abstract boolean isAuthorized(PipelineData pipelineData) | |
103 | throws Exception; | |
104 | } |