View Javadoc

1   package org.apache.turbine.modules.actions;
2   
3   /*
4    * Copyright 2001-2005 The Apache Software Foundation.
5    *
6    * Licensed under the Apache License, Version 2.0 (the "License")
7    * you may not use this file except in compliance with the License.
8    * You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  import org.apache.turbine.util.RunData;
20  import org.apache.velocity.context.Context;
21  
22  /***
23   * VelocitySecure action.
24   *
25   * Always performs a Security Check that you've defined before
26   * executing the doBuildtemplate().  You should extend this class and
27   * add the specific security check needed.  If you have a number of
28   * screens that need to perform the same check, you could make a base
29   * screen by extending this class and implementing the isAuthorized().
30   * Then each action that needs to perform the same check could extend
31   * your base action.
32   *
33   * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
34   * @author <a href="mailto:jon@latchkey.com">Jon S. Stevens</a>
35   * @author <a href="mailto:jvanzyl@periapt.com">Jason van Zyl</a>
36   * @version $Id: VelocitySecureAction.java 264148 2005-08-29 14:21:04Z henning $
37   */
38  public abstract class VelocitySecureAction extends VelocityAction
39  {
40      /***
41       * Implement this to add information to the context.
42       *
43       * @param data Turbine information.
44       * @param context Context for web pages.
45       * @throws Exception a generic exception.
46       */
47      public abstract void doPerform(RunData data, Context context)
48              throws Exception;
49  
50      /***
51       * This method overrides the method in WebMacroSiteAction to
52       * perform a security check first.
53       *
54       * @param data Turbine information.
55       * @throws Exception a generic exception.
56       */
57      protected void perform(RunData data) throws Exception
58      {
59          if (isAuthorized(data))
60          {
61              super.perform(data);
62          }
63      }
64  
65      /***
66       * Implement this method to perform the security check needed.
67       * You should set the template in this method that you want the
68       * user to be sent to if they're unauthorized.
69       *
70       * @param data Turbine information.
71       * @return True if the user is authorized to access the screen.
72       * @throws Exception a generic exception.
73       */
74      protected abstract boolean isAuthorized(RunData data)
75              throws Exception;
76  }