Package org.apache.wicket.authorization.strategies.page

Source Code of org.apache.wicket.authorization.strategies.page.SimplePageAuthorizationStrategy

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements.  See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License.  You may obtain a copy of the License at
*
*      http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.wicket.authorization.strategies.page;

import java.lang.ref.WeakReference;

import org.apache.wicket.Application;
import org.apache.wicket.Component;
import org.apache.wicket.Page;
import org.apache.wicket.RestartResponseAtInterceptPageException;
import org.apache.wicket.authorization.IUnauthorizedComponentInstantiationListener;
import org.apache.wicket.authorization.UnauthorizedInstantiationException;

/**
* A very simple authorization strategy that takes a supertype (a base class or
* tagging interface) and performs a simple authorization check by calling the
* abstract method isAuthorized() whenever a Page class that extends or
* implements the supertype is about to be instantiated. If that method returns
* true, page instantiation proceeds normally. If it returns false, the user is
* automatically directed to the specified sign-in page for authentication,
* which will presumably allow authorization to succeed once they have signed
* in.
* <p>
* In your Application.init() method do something like the following:
*
* <pre>
* SimplePageAuthorizationStrategy authorizationStrategy = new SimplePageAuthorizationStrategy(
*     MySecureWebPage.class, MySignInPage.class)
* {
*     protected boolean isAuthorized()
*      {
*        // Authorize access based on user authentication in the session
*        return (((MySession)Session.get()).isSignedIn());
*      }
* };
*
* getSecuritySettings().setAuthorizationStrategy(authorizationStrategy);
* </pre>
*
* @author Eelco Hillenius
* @author Jonathan Locke
*/
public abstract class SimplePageAuthorizationStrategy extends AbstractPageAuthorizationStrategy
{
  /**
   * The supertype (class or interface) of Pages that require authorization to
   * be instantiated.
   */
  private final WeakReference/*<Class>*/ securePageSuperTypeRef;

  /**
   * Construct.
   *
   * @param securePageSuperType
   *            The class or interface supertype that indicates that a given
   *            Page requires authorization
   * @param signInPageClass
   *            The sign in page class
   */
  public SimplePageAuthorizationStrategy(final Class securePageSuperType,
      final Class signInPageClass)
  {
    if (securePageSuperType == null)
    {
      throw new IllegalArgumentException("Secure page super type must not be null");
    }

    this.securePageSuperTypeRef = new WeakReference(securePageSuperType);

    // Handle unauthorized access to pages
    Application.get().getSecuritySettings().setUnauthorizedComponentInstantiationListener(
        new IUnauthorizedComponentInstantiationListener()
        {
          public void onUnauthorizedInstantiation(final Component component)
          {
            // If there is a sign in page class declared, and the
            // unauthorized component is a page, but it's not the
            // sign in page
            if (component instanceof Page)
            {
              // Redirect to page to let the user sign in
              throw new RestartResponseAtInterceptPageException(signInPageClass);
            }
            else
            {
              // The component was not a page, so throw exception
              throw new UnauthorizedInstantiationException(component.getClass());
            }
          }
        });
  }

  /**
   * @see org.apache.wicket.authorization.strategies.page.AbstractPageAuthorizationStrategy#isPageAuthorized(java.lang.Class)
   */
  protected boolean isPageAuthorized(final Class pageClass)
  {
    if (instanceOf(pageClass, (Class)securePageSuperTypeRef.get()))
    {
      return isAuthorized();
    }

    // Allow construction by default
    return true;
  }

  /**
   * Gets whether the current user/session is authorized to instantiate a page
   * class which extends or implements the supertype (base class or tagging
   * interface) passed to the constructor.
   *
   * @return True if the instantiation should be allowed to proceed. False, if
   *         the user should be directed to the application's sign-in page.
   */
  protected abstract boolean isAuthorized();
}
TOP

Related Classes of org.apache.wicket.authorization.strategies.page.SimplePageAuthorizationStrategy

  • org.apache.wicket.authorization.IUnauthorizedComponentInstantiationListener
  • org.apache.wicket.examples.library.LibraryApplication
  • org.apache.wicket.util.tester.apps_2.Test
  • java.lang.ref.WeakReference
  • org.apache.wicket.authorization.UnauthorizedInstantiationException
  • org.apache.wicket.RestartResponseAtInterceptPageException
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.