You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by mg...@apache.org on 2013/06/18 16:42:01 UTC

[1/3] git commit: WICKET-5012 Implement authorization for resources

Updated Branches:
  refs/heads/5012-authorize-resources 88b5d5cb4 -> ca2dcfa45


WICKET-5012 Implement authorization for resources

Remove unused class


Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/e91c094b
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/e91c094b
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/e91c094b

Branch: refs/heads/5012-authorize-resources
Commit: e91c094be8a0b8796798c3222dc3406ed9cf1216
Parents: 88b5d5c
Author: Martin Tzvetanov Grigorov <mg...@apache.org>
Authored: Tue Jun 18 16:39:39 2013 +0200
Committer: Martin Tzvetanov Grigorov <mg...@apache.org>
Committed: Tue Jun 18 16:39:39 2013 +0200

----------------------------------------------------------------------
 .../UnauthorizedResourceRequestException.java   | 61 --------------------
 1 file changed, 61 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/wicket/blob/e91c094b/wicket-core/src/main/java/org/apache/wicket/authorization/UnauthorizedResourceRequestException.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/main/java/org/apache/wicket/authorization/UnauthorizedResourceRequestException.java b/wicket-core/src/main/java/org/apache/wicket/authorization/UnauthorizedResourceRequestException.java
deleted file mode 100644
index 6140a08..0000000
--- a/wicket-core/src/main/java/org/apache/wicket/authorization/UnauthorizedResourceRequestException.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.wicket.authorization;
-
-import org.apache.wicket.request.mapper.parameter.PageParameters;
-import org.apache.wicket.request.resource.IResource;
-
-/**
- * Exception that is thrown when a request to a resource is not allowed.
- * 
- * @author Eelco Hillenius
- * @author Jonathan Locke
- */
-public class UnauthorizedResourceRequestException extends AuthorizationException
-{
-	private static final long serialVersionUID = 1L;
-
-	private final IResource resource;
-
-	private final PageParameters parameters;
-
-	/**
-	 * Construct.
-	 * 
-	 * @param resource
-	 *            The unauthorized resource
-	 * @param parameters
-	 *            The request parameters
-	 */
-	public UnauthorizedResourceRequestException(final IResource resource, PageParameters parameters)
-	{
-		super("Not authorized to instantiate class " + resource.getClass().getName());
-
-		this.resource = resource;
-		this.parameters = parameters;
-	}
-
-	public IResource getResource()
-	{
-		return resource;
-	}
-
-	public PageParameters getParameters()
-	{
-		return parameters;
-	}
-}

[3/3] git commit: WICKET-5012 Implement authorization for resources

Posted by mg...@apache.org.

WICKET-5012 Implement authorization for resources

Add unit tests for resource authentication


Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/ca2dcfa4
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/ca2dcfa4
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/ca2dcfa4

Branch: refs/heads/5012-authorize-resources
Commit: ca2dcfa45e96035a4e4d4ef6efb94f1e10d27037
Parents: 788e7ed
Author: Martin Tzvetanov Grigorov <mg...@apache.org>
Authored: Tue Jun 18 16:40:10 2013 +0200
Committer: Martin Tzvetanov Grigorov <mg...@apache.org>
Committed: Tue Jun 18 16:40:10 2013 +0200

----------------------------------------------------------------------
 .../resource/ResourceAuthorizationTest.java     | 101 +++++++++++++++++++
 1 file changed, 101 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/wicket/blob/ca2dcfa4/wicket-core/src/test/java/org/apache/wicket/request/handler/resource/ResourceAuthorizationTest.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/test/java/org/apache/wicket/request/handler/resource/ResourceAuthorizationTest.java b/wicket-core/src/test/java/org/apache/wicket/request/handler/resource/ResourceAuthorizationTest.java
new file mode 100644
index 0000000..26b272e
--- /dev/null
+++ b/wicket-core/src/test/java/org/apache/wicket/request/handler/resource/ResourceAuthorizationTest.java
@@ -0,0 +1,101 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.wicket.request.handler.resource;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.wicket.WicketTestCase;
+import org.apache.wicket.authorization.IAuthorizationStrategy;
+import org.apache.wicket.authorization.IUnauthorizedResourceRequestListener;
+import org.apache.wicket.request.mapper.parameter.PageParameters;
+import org.apache.wicket.request.resource.AbstractResource;
+import org.apache.wicket.request.resource.IResource;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+
+/**
+ * Tests authorization of IResources
+ */
+public class ResourceAuthorizationTest extends WicketTestCase
+{
+	private static class RejectingAuthorizationStrategy extends IAuthorizationStrategy.AllowAllAuthorizationStrategy
+	{
+		@Override
+		public boolean isResourceAuthorized(IResource resource, PageParameters pageParameters)
+		{
+			return false;
+		}
+	}
+
+	private static class TestResource extends AbstractResource
+	{
+		@Override
+		protected ResourceResponse newResourceResponse(Attributes attributes)
+		{
+			return null;
+		}
+
+		@Override
+		public String toString()
+		{
+			return "TestResource";
+		}
+	}
+
+	/**
+	 * https://issues.apache.org/jira/browse/WICKET-5012
+	 */
+	@Test
+	public void rejectWith403()
+	{
+		tester.getApplication().getSecuritySettings().setAuthorizationStrategy(new RejectingAuthorizationStrategy());
+
+		tester.startResource(new TestResource());
+
+		assertEquals(HttpServletResponse.SC_FORBIDDEN, tester.getLastResponse().getStatus());
+		assertEquals("The request to resource 'TestResource' with parameters '' cannot be authorized.",
+				tester.getLastResponse().getErrorMessage());
+	}
+
+	@Rule
+	public ExpectedException expectedException = ExpectedException.none();
+
+	/**
+	 * https://issues.apache.org/jira/browse/WICKET-5012
+	 */
+	@Test
+	public void rejectWithException()
+	{
+		tester.getApplication().getSecuritySettings().setAuthorizationStrategy(new RejectingAuthorizationStrategy());
+		tester.getApplication().getSecuritySettings().setUnauthorizedResourceRequestListener(new IUnauthorizedResourceRequestListener()
+		{
+			@Override
+			public void onUnauthorizedRequest(IResource resource, PageParameters parameters)
+			{
+				throw new RuntimeException("Not authorized to request: " + resource);
+			}
+		});
+
+		TestResource resource = new TestResource();
+
+		expectedException.expect(RuntimeException.class);
+		expectedException.expectMessage("Not authorized to request: " + resource);
+
+		tester.startResource(resource);
+	}
+}

[2/3] git commit: Minor simplification

Posted by mg...@apache.org.

Minor simplification


Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/788e7ed1
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/788e7ed1
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/788e7ed1

Branch: refs/heads/5012-authorize-resources
Commit: 788e7ed126b391359ca416c3f04ae69ea1e8c3a6
Parents: e91c094
Author: Martin Tzvetanov Grigorov <mg...@apache.org>
Authored: Tue Jun 18 16:40:01 2013 +0200
Committer: Martin Tzvetanov Grigorov <mg...@apache.org>
Committed: Tue Jun 18 16:40:01 2013 +0200

----------------------------------------------------------------------
 .../core/request/handler/ListenerInterfaceRequestHandler.java      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/wicket/blob/788e7ed1/wicket-core/src/main/java/org/apache/wicket/core/request/handler/ListenerInterfaceRequestHandler.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/main/java/org/apache/wicket/core/request/handler/ListenerInterfaceRequestHandler.java b/wicket-core/src/main/java/org/apache/wicket/core/request/handler/ListenerInterfaceRequestHandler.java
index 46c631f..84592d7 100644
--- a/wicket-core/src/main/java/org/apache/wicket/core/request/handler/ListenerInterfaceRequestHandler.java
+++ b/wicket-core/src/main/java/org/apache/wicket/core/request/handler/ListenerInterfaceRequestHandler.java
@@ -158,7 +158,7 @@ public class ListenerInterfaceRequestHandler
 		final boolean freshPage = pageComponentProvider.isPageInstanceFresh();
 		final boolean isAjax = ((WebRequest)requestCycle.getRequest()).isAjax();
 
-		IRequestableComponent component = null;
+		IRequestableComponent component;
 		try
 		{
 			component = getComponent();