You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by iv...@apache.org on 2011/11/23 07:38:51 UTC
svn commit: r1205299 - in /wicket/trunk/wicket-core/src:
main/java/org/apache/wicket/Component.java
test/java/org/apache/wicket/authorization/
test/java/org/apache/wicket/authorization/ComponentIsRenderedAllowedTest.java
Author: ivaynberg
Date: Wed Nov 23 06:38:50 2011
New Revision: 1205299
URL: http://svn.apache.org/viewvc?rev=1205299&view=rev
Log:
block onbeforerender() from being called if auth strategy vetoes render action
Issue: WICKET-4256
Added:
wicket/trunk/wicket-core/src/test/java/org/apache/wicket/authorization/
wicket/trunk/wicket-core/src/test/java/org/apache/wicket/authorization/ComponentIsRenderedAllowedTest.java
Modified:
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/Component.java
Modified: wicket/trunk/wicket-core/src/main/java/org/apache/wicket/Component.java
URL: http://svn.apache.org/viewvc/wicket/trunk/wicket-core/src/main/java/org/apache/wicket/Component.java?rev=1205299&r1=1205298&r2=1205299&view=diff
==============================================================================
--- wicket/trunk/wicket-core/src/main/java/org/apache/wicket/Component.java (original)
+++ wicket/trunk/wicket-core/src/main/java/org/apache/wicket/Component.java Wed Nov 23 06:38:50 2011
@@ -971,6 +971,9 @@ public abstract class Component
{
configure();
+ // check authorization
+ setRenderAllowed();
+
if ((determineVisibility()) && !getFlag(FLAG_RENDERING) &&
!getFlag(FLAG_PREPARED_FOR_RENDER))
{
@@ -2210,11 +2213,6 @@ public abstract class Component
}
markRendering(setRenderingFlag);
-
- // check authorization
- // first the component itself
- // (after attach as otherwise list views etc wont work)
- setRenderAllowed();
}
/**
Added: wicket/trunk/wicket-core/src/test/java/org/apache/wicket/authorization/ComponentIsRenderedAllowedTest.java
URL: http://svn.apache.org/viewvc/wicket/trunk/wicket-core/src/test/java/org/apache/wicket/authorization/ComponentIsRenderedAllowedTest.java?rev=1205299&view=auto
==============================================================================
--- wicket/trunk/wicket-core/src/test/java/org/apache/wicket/authorization/ComponentIsRenderedAllowedTest.java (added)
+++ wicket/trunk/wicket-core/src/test/java/org/apache/wicket/authorization/ComponentIsRenderedAllowedTest.java Wed Nov 23 06:38:50 2011
@@ -0,0 +1,168 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.wicket.authorization;
+
+import static org.junit.Assert.assertFalse;
+
+import org.apache.wicket.Component;
+import org.apache.wicket.MarkupContainer;
+import org.apache.wicket.markup.IMarkupResourceStreamProvider;
+import org.apache.wicket.markup.html.WebMarkupContainer;
+import org.apache.wicket.markup.html.WebPage;
+import org.apache.wicket.mock.MockApplication;
+import org.apache.wicket.request.component.IRequestableComponent;
+import org.apache.wicket.util.resource.IResourceStream;
+import org.apache.wicket.util.resource.StringResourceStream;
+import org.apache.wicket.util.tester.WicketTester;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ * Checks whether or not authorization strategy blocks rendering of components
+ *
+ * @author igor
+ */
+public class ComponentIsRenderedAllowedTest
+{
+ private WicketTester tester;
+
+ /** */
+ @Before
+ public void setupTester()
+ {
+ tester = new WicketTester(new SecuredApplication());
+ }
+
+ /** */
+ @After
+ public void destroyTester()
+ {
+ tester.destroy();
+ tester = null;
+ }
+
+ /** */
+ @Test
+ public void onBeforeRenderNotCalledOnVetoedComponents()
+ {
+ TestPage page = new TestPage();
+ tester.startPage(page);
+ assertFalse(page.normal.onBeforeRenderCalled);
+ }
+
+ /** */
+ @Test
+ public void vetoedComponentNotRendered()
+ {
+ TestPage page = new TestPage();
+ tester.startPage(page);
+ assertFalse(page.normal.onAfterRenderCalled);
+ }
+
+ /** */
+ public class TestPage extends WebPage implements IMarkupResourceStreamProvider
+ {
+ private final NormalContainer normal;
+
+ /** */
+ public TestPage()
+ {
+ ForbiddenContainer forbidden = new ForbiddenContainer("forbidden");
+ normal = new NormalContainer("normal");
+ add(forbidden);
+ forbidden.add(normal);
+ }
+
+ @Override
+ public IResourceStream getMarkupResourceStream(MarkupContainer container,
+ Class<?> containerClass)
+ {
+ return new StringResourceStream(
+ "<html><body><div wicket:id='forbidden'><div wicket:id='normal'></div></div></body></html>");
+ }
+
+ }
+
+ private static class NormalContainer extends WebMarkupContainer
+ {
+
+ private boolean onBeforeRenderCalled = false;
+ private boolean onAfterRenderCalled = false;
+
+ public NormalContainer(String id)
+ {
+ super(id);
+ }
+
+ @Override
+ protected void onBeforeRender()
+ {
+ super.onBeforeRender();
+ onBeforeRenderCalled = true;
+ }
+
+ @Override
+ protected void onAfterRender()
+ {
+ super.onAfterRender();
+ onAfterRenderCalled = true;
+ }
+
+ }
+
+ private static class ForbiddenContainer extends WebMarkupContainer implements Forbidden
+ {
+ public ForbiddenContainer(String id)
+ {
+ super(id);
+ }
+ }
+
+ private static class SecuredApplication extends MockApplication
+ {
+ @Override
+ protected void init()
+ {
+ super.init();
+ getSecuritySettings().setAuthorizationStrategy(new Authorizer());
+ }
+ }
+
+ private static interface Forbidden
+ {
+
+ }
+
+ private static class Authorizer implements IAuthorizationStrategy
+ {
+
+ @Override
+ public <T extends IRequestableComponent> boolean isInstantiationAuthorized(
+ Class<T> componentClass)
+ {
+ return true;
+ }
+
+ @Override
+ public boolean isActionAuthorized(Component component, Action action)
+ {
+ return !(component instanceof Forbidden);
+ }
+ }
+
+}