Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
XPUSP - Home
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

br.usp.ime.xpusp.modules.actions
Class AbstractSecureAction

java.lang.Object
  |
  +--org.apache.turbine.modules.Assembler
        |
        +--org.apache.turbine.modules.Action
              |
              +--org.apache.turbine.modules.ActionEvent
                    |
                    +--org.apache.turbine.util.velocity.VelocityActionEvent
                          |
                          +--org.apache.turbine.modules.actions.VelocityAction
                                |
                                +--org.apache.turbine.modules.actions.VelocitySecureAction
                                      |
                                      +--br.usp.ime.xpusp.modules.actions.AbstractSecureAction
Direct Known Subclasses:
AdminAction, ProfessorAction
public abstract class AbstractSecureAction
extends org.apache.turbine.modules.actions.VelocitySecureAction

Abstract class for secure actions.
This class is suposed to be used in two levels, one abstract sub-class that extends it and has a contstructor with no parameters that calls this classe's constructor with all permissions avaliable for this hierarchy. An several concrete sub-classes of this abstract class that implement the requires() method. The abstract sub-class should also define constants for the implementations of requires method.

SourceForge LogoSource Forge Info
CVS File :AbstractSecureAction.java
User :krico
Version :1.4
Date :2002/03/08 11:31:37

Field Summary
private  java.lang.String[] PERMISSION_NAMES
          This array will hold the implementing classe's permission names
 
Fields inherited from class org.apache.turbine.modules.ActionEvent
BUTTON, BUTTON_LENGTH, LENGTH, METHOD_NAME_LENGTH, METHOD_NAME_PREFIX
 
Constructor Summary
protected AbstractSecureAction(java.lang.String[] permission_names)
          This contructor receives the names of the permissions avaliable for this secure action.
 
Method Summary
protected  java.lang.String getDeniedTemplate()
          The template used when access is denied by the isAuthorized() method
This method returns the property "template.denied" of TurbineResources.
protected  boolean isAuthorized(org.apache.turbine.util.RunData data)
          This is the method that actually does the checking for authorization.
protected abstract  int[] requires()
          You should implement this method to return the positions on the PERMISSION_NAMES array of all permissions needed by this action.
Implementing classes should define constants for accessing theese.
 
Methods inherited from class org.apache.turbine.modules.actions.VelocitySecureAction
doPerform, perform
 
Methods inherited from class org.apache.turbine.modules.actions.VelocityAction
doPerform, getContext, setTemplate
 
Methods inherited from class org.apache.turbine.util.velocity.VelocityActionEvent
executeEvents
 
Methods inherited from class org.apache.turbine.modules.ActionEvent
, executeEvents, firstLetterCaps, formatString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, registerNatives, toString, wait, wait, wait
 

Field Detail

PERMISSION_NAMES

private java.lang.String[] PERMISSION_NAMES
This array will hold the implementing classe's permission names
Constructor Detail

AbstractSecureAction

protected AbstractSecureAction(java.lang.String[] permission_names)
This contructor receives the names of the permissions avaliable for this secure action.
Method Detail

requires

protected abstract int[] requires()
You should implement this method to return the positions on the PERMISSION_NAMES array of all permissions needed by this action.
Implementing classes should define constants for accessing theese. Here's a simple example:
 protected int[] requires() {
     return new int[] { PERMISSION1, PERMISSION2 };
 }
where PERMISSION1 and PERMISSION2 are constants defined by the implementing class.
See Also:
isAuthorized(RunData)

isAuthorized

protected final boolean isAuthorized(org.apache.turbine.util.RunData data)
                              throws java.lang.Exception
This is the method that actually does the checking for authorization. To avoid the use of inexisting permissions, this method is final and uses permissions defined by the implementing classes to do the checking. Permissions are the only things that are checked by this class.
The method logic is:
  1. if there is no acl or no logged in user, then it sets the template to getDeniedTemplate() and returns false
  2. if requires() returns null, a log warning is printed and it returns false. The template is set to getDeniedTemplate().
  3. for each x in requires acl is checked for permission PERMISSION_NAMES[x] and if it is not present or does not exits (ie: x >= PERMISSION_NAMES.length) it returns false (on the second case a warning is printed). The template is set to getDeniedTemplate().
  4. if all theese checks pass, it returns true;
Overrides:
isAuthorized in class org.apache.turbine.modules.actions.VelocitySecureAction

getDeniedTemplate

protected java.lang.String getDeniedTemplate()
The template used when access is denied by the isAuthorized() method
This method returns the property "template.denied" of TurbineResources. override this method if you want a different template to be used when access is denied.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
XPUSP - Home
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD