1 package org.apache.turbine.modules.actions;
2
3 /*
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
19 * under the License.
20 */
21
22
23 import org.apache.turbine.pipeline.PipelineData;
24 import org.apache.turbine.util.RunData;
25
26 /**
27 * VelocitySecure action.
28 *
29 * Always performs a Security Check that you've defined before
30 * executing the doPerform(). You should extend this class and
31 * add the specific security check needed. If you have a number of
32 * actions that need to perform the same check, you could make a base
33 * action by extending this class and implementing the isAuthorized().
34 * Then each action that needs to perform the same check could extend
35 * your base action.
36 *
37 * @author <a href="mailto:tv@apache.org">Thomas Vandahl</a>
38 * @deprecated Use VelocitySecureAction directly
39 */
40 @Deprecated
41 public abstract class LegacyVelocitySecureAction extends LegacyVelocityAction
42 {
43 /**
44 * This method overrides the method in VelocityAction to
45 * perform a security check first.
46 *
47 * @param pipelineData Turbine information.
48 * @throws Exception a generic exception.
49 */
50 @Override
51 protected void perform(PipelineData pipelineData) throws Exception
52 {
53 if (isAuthorized(getRunData(pipelineData)))
54 {
55 super.perform(pipelineData);
56 }
57 }
58
59 /**
60 * Implement this method to perform the security check needed.
61 * You should set the template in this method that you want the
62 * user to be sent to if they're unauthorized.
63 *
64 * @param data Turbine information.
65 * @return True if the user is authorized to access the screen.
66 * @throws Exception a generic exception.
67 */
68 protected abstract boolean isAuthorized(RunData data) throws Exception;
69 }