br.usp.ime.xpusp.modules.actions
Class AbstractSecureAction
java.lang.Object
|
+--org.apache.turbine.modules.Assembler
|
+--org.apache.turbine.modules.Action
|
+--org.apache.turbine.modules.ActionEvent
|
+--org.apache.turbine.util.velocity.VelocityActionEvent
|
+--org.apache.turbine.modules.actions.VelocityAction
|
+--org.apache.turbine.modules.actions.VelocitySecureAction
|
+--br.usp.ime.xpusp.modules.actions.AbstractSecureAction
- Direct Known Subclasses:
- AdminAction, ProfessorAction
- public abstract class AbstractSecureAction
- extends org.apache.turbine.modules.actions.VelocitySecureAction
Abstract class for secure actions.
This class is suposed to be used in two levels, one abstract sub-class that extends it and
has a contstructor with no parameters that calls this classe's constructor with all permissions
avaliable for this hierarchy. An several concrete sub-classes of this abstract class that
implement the requires()
method. The abstract sub-class should also define
constants for the implementations of requires method.
Field Summary |
private java.lang.String[] |
PERMISSION_NAMES
This array will hold the implementing classe's permission names |
Fields inherited from class org.apache.turbine.modules.ActionEvent |
BUTTON, BUTTON_LENGTH, LENGTH, METHOD_NAME_LENGTH, METHOD_NAME_PREFIX |
Constructor Summary |
protected |
AbstractSecureAction(java.lang.String[] permission_names)
This contructor receives the names of the permissions avaliable for this
secure action. |
Method Summary |
protected java.lang.String |
getDeniedTemplate()
The template used when access is denied by the isAuthorized() method
This method returns the property "template.denied" of TurbineResources. |
protected boolean |
isAuthorized(org.apache.turbine.util.RunData data)
This is the method that actually does the checking for authorization. |
protected abstract int[] |
requires()
You should implement this method to return the positions
on the PERMISSION_NAMES array
of all permissions needed by this action.
Implementing classes should define constants for accessing theese. |
Methods inherited from class org.apache.turbine.modules.actions.VelocitySecureAction |
doPerform, perform |
Methods inherited from class org.apache.turbine.modules.actions.VelocityAction |
doPerform, getContext, setTemplate |
Methods inherited from class org.apache.turbine.util.velocity.VelocityActionEvent |
executeEvents |
Methods inherited from class org.apache.turbine.modules.ActionEvent |
, executeEvents, firstLetterCaps, formatString |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, registerNatives, toString, wait, wait, wait |
PERMISSION_NAMES
private java.lang.String[] PERMISSION_NAMES
- This array will hold the implementing classe's permission names
AbstractSecureAction
protected AbstractSecureAction(java.lang.String[] permission_names)
- This contructor receives the names of the permissions avaliable for this
secure action.
requires
protected abstract int[] requires()
- You should implement this method to return the positions
on the
PERMISSION_NAMES
array
of all permissions needed by this action.
Implementing classes should define constants for accessing theese.
Here's a simple example:
protected int[] requires() {
return new int[] { PERMISSION1, PERMISSION2 };
}
where PERMISSION1 and PERMISSION2 are constants defined by the implementing class.
- See Also:
isAuthorized(RunData)
isAuthorized
protected final boolean isAuthorized(org.apache.turbine.util.RunData data)
throws java.lang.Exception
- This is the method that actually does the checking for authorization.
To avoid the use of inexisting permissions, this method is final and
uses permissions defined by the implementing classes to do the checking.
Permissions are the only things that are checked by this class.
The method logic is:
- if there is no acl or no logged in user, then it sets the template to
getDeniedTemplate()
and returns false
- if
requires()
returns null, a log warning is printed and it returns false. The template is set to
getDeniedTemplate()
.
- for each x in requires acl is checked for permission
PERMISSION_NAMES[x]
and if it is not present or
does not exits (ie: x >= PERMISSION_NAMES.length) it returns false (on the second case a warning is printed). The template is set to
getDeniedTemplate()
.
- if all theese checks pass, it returns true;
- Overrides:
isAuthorized
in class org.apache.turbine.modules.actions.VelocitySecureAction
getDeniedTemplate
protected java.lang.String getDeniedTemplate()
- The template used when access is denied by the
isAuthorized()
method
This method returns the property "template.denied" of TurbineResources. override this
method if you want a different template to be used when access is denied.