1 package org.apache.turbine.modules.screens;
2
3 /*
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
19 * under the License.
20 */
21
22 import org.apache.turbine.pipeline.PipelineData;
23
24 /**
25 * An extension to JSONScreen that performs a Security Check before invoking
26 * doBuildTemplate(). You should extend this class and add the specific
27 * security check needed. If you have a number of screens that need to perform
28 * the same check, you could make a base screen by extending this class and
29 * implementing the isAuthorized(). Then each screen that needs to perform the
30 * same check could extend your base screen.
31 *
32 * <p>Typically you would extend this class and override the doOutput() method
33 * to use TurbineJsonRpc to register the POJOs that will provide the functions
34 * you are making available via JSON-RPC. Use JSONScreen if you <p>do not</b>
35 * need the user to be logged in prior to executing the functions you provide.
36 *
37 * <p>Here is an example from a superclass:
38 * <code>
39 * public void doOutput(PipelineData data) throws Exception
40 * {
41 * User user = data.getUser();
42 *
43 * MySecureJsonFunctions myFunctions
44 * = new MySecureJsonFunctions(user.getName());
45 *
46 * // Session specific
47 * TurbineJsonRpc.registerObject(data.getSession(), "myFunctions", myFunctions);
48 *
49 * // Global
50 * //TurbineJsonRpc.registerObjectGlobal("testGlobal", testObject);
51 *
52 * super.doOutput(data);
53 * }
54 * </code>
55 *
56 * <p>The class MyFunctions would be something like:
57 * <code>
58 * public class MySecureJsonFunctions
59 * {
60 * private final String name;
61 *
62 * public MySecureJsonFunctions(String name)
63 * {
64 * this.name = name;
65 * }
66 *
67 * private String getName(String clientParameter)
68 * {
69 * return "Client " + clientParameter + " says Hello World to " + name;
70 * }
71 * }
72 * </code>
73 *
74 * @author <a href="mailto:seade@policypoint.net">Scott Eade</a>
75 * @version $Id: JSONSecureScreen.java 1695634 2015-08-13 00:35:47Z tv $
76 */
77 public abstract class JSONSecureScreen extends JSONScreen
78 {
79 /**
80 * This method overrides the method in JSONScreen to perform a security
81 * check prior to producing the output.
82 *
83 * @param pipelineData Turbine information.
84 * @exception Exception, a generic exception.
85 */
86 @Override
87 protected void doOutput(PipelineData pipelineData) throws Exception
88 {
89 if (isAuthorized(pipelineData))
90 {
91 super.doOutput(pipelineData);
92 }
93 }
94
95 /**
96 * Override this method to perform the necessary security checks.
97 *
98 * @param pipelineData Turbine information.
99 * @return <code>true</code> if the user is authorized to access the screen.
100 * @exception Exception A generic exception.
101 */
102 protected abstract boolean isAuthorized(PipelineData pipelineData)
103 throws Exception;
104 }