You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by toberger <to...@gmx.de> on 2010/01/07 23:25:09 UTC
Re: TabbedPanel + authorization strategy
Hi,
I'm sorry to put such an old topic up.
But I'm searching for a way to secure tabs with wicket-auth-roles and I
don't want to display the tabs when the user has no authorization for its
content panel.
I can't find the source code which is related to. Maybe somone can just add
a little code snippet how it works? That would be really great.
Best regards,
Torben
--
View this message in context: http://old.nabble.com/TabbedPanel-%2B-authorization-strategy-tp13949910p27068118.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: TabbedPanel + authorization strategy
Posted by Jeroen Steenbeeke <j....@gmail.com>.
That could be a bit tricky. I figured out 1 way but it's a bit of a hack:
List<ITab> removeList = new ArrayList<ITab>();
for (ITab tab: tabs) {
if (!tab.getPanel("foo").isVisible()) {
removeList.add(tab);
}
}
tabs.removeAll(removeList);
No doubt somebody else has a more elegant way.
2010/1/8 toberger <to...@gmx.de>:
>
> Okay, with your example implementation I can disable the content of the tab.
> But the tab itself is still visible. And I am searching a way to disable
> this tab itself too.
>
>
>
> Jeroen Steenbeeke wrote:
>>
>> I believe the default behavior is to throw an
>> UnauthorizedInstantiationException
>> if component instantiation is not authorized, but you can tweak this
>> by calling
>> getSecuritySettings().setUnauthorizedComponentInstantiationListener(...).
>>
>
> --
> View this message in context: http://old.nabble.com/TabbedPanel-%2B-authorization-strategy-tp13949910p27073815.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
--
Jeroen Steenbeeke
www.fortuityframework.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
RE: TabbedPanel + authorization strategy
Posted by MDU <ma...@gmail.com>.
How should i impliment the ROl and Auth on the AbstractTab .
Please find the below code for ref
final List tabs = new ArrayList();
final AbstractTab ABCTab = new AbstractTab(new Model("ABC")) {
//@Override
Public Panel getPanel(final String panelId) {
return ABCPanal(panelId, Main.this);
}
};
tabs.add(ABCTab );
final AbstractTab XYXTab = new AbstractTab(new Model("XYZ")) {
@Override
public Panel getPanel(final String panelId) {
return new XYZPanal(panelId, Main.this);
}
};
tabs.add(XYZPanal);
final AjaxTabbedPanel tabPanel = new AjaxTabbedPanel("tabs", tabs);
this.add(tabPanel);
I have 2 tab on the page. How should i disable for one of the tab for
perticular rols
I have tried with the
MetaDataRoleAuthorizationStrategy.authorize(ABCTab,RENDER, "ADMIN");
but it is not working as it is Abstract Class and not the complonet.
Regards
MDU
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/TabbedPanel-authorization-strategy-tp1893255p4665674.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
RE: TabbedPanel + authorization strategy
Posted by MDU <ma...@gmail.com>.
How should i impliment the ROl and Auth on the AbstractTab .
Please find the below code for ref
final List tabs = new ArrayList();
final AbstractTab ABCTab = new AbstractTab(new Model("ABC")) {
//@Override
Public Panel getPanel(final String panelId) {
return ABCPanal(panelId, Main.this);
}
};
tabs.add(ABCTab );
final AbstractTab XYXTab = new AbstractTab(new Model("XYZ")) {
@Override
public Panel getPanel(final String panelId) {
return new XYZPanal(panelId, Main.this);
}
};
tabs.add(XYZPanal);
final AjaxTabbedPanel tabPanel = new AjaxTabbedPanel("tabs", tabs);
this.add(tabPanel);
I have 2 tab on the page. How should i disable for one of the tab for
perticular rols
I have tried with the
MetaDataRoleAuthorizationStrategy.authorize(ABCTab,RENDER, "ADMIN");
but it is not working as it is Abstract Class and not the complonet.
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/TabbedPanel-authorization-strategy-tp1893255p4665675.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
RE: TabbedPanel + authorization strategy
Posted by MDU <ma...@gmail.com>.
I have the same need of you . Could you share the implementation of
your Secure TabbedPanel?
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/TabbedPanel-authorization-strategy-tp1893255p4665666.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
RE: TabbedPanel + authorization strategy
Posted by Kai Mutz <km...@googlemail.com>.
You can extend TabbedPanel and overwrite the newLink() method.
toberger <ma...@gmx.de> wrote:
> Okay, with your example implementation I can disable the content of
> the tab. But the tab itself is still visible. And I am searching a
> way to disable this tab itself too.
>
>
>
> Jeroen Steenbeeke wrote:
>>
>> I believe the default behavior is to throw an
>> UnauthorizedInstantiationException
>> if component instantiation is not authorized, but you can tweak this
>> by calling
>> getSecuritySettings().setUnauthorizedComponentInstantiationListener(...).
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: TabbedPanel + authorization strategy
Posted by toberger <to...@gmx.de>.
Okay, with your example implementation I can disable the content of the tab.
But the tab itself is still visible. And I am searching a way to disable
this tab itself too.
Jeroen Steenbeeke wrote:
>
> I believe the default behavior is to throw an
> UnauthorizedInstantiationException
> if component instantiation is not authorized, but you can tweak this
> by calling
> getSecuritySettings().setUnauthorizedComponentInstantiationListener(...).
>
--
View this message in context: http://old.nabble.com/TabbedPanel-%2B-authorization-strategy-tp13949910p27073815.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: TabbedPanel + authorization strategy
Posted by Jeroen Steenbeeke <j....@gmail.com>.
I take it you configured wicket-auth-roles by doing
getSecuritySettings().setAuthorizationStrategy(...) in your
application's init?
If so, then the security check for that component is done by an
IComponentInstantiationListener that is automatically initialized by
the constructor of Application.
In other words: the permissions are checked automatically. I believe
the default behavior is to throw an UnauthorizedInstantiationException
if component instantiation is not authorized, but you can tweak this
by calling getSecuritySettings().setUnauthorizedComponentInstantiationListener(...).
An example implementation for making components invisible if not
authorized would be:
getSecuritySettings().setUnauthorizedComponentInstantiationListener(new
IUnauthorizedComponentInstantiationListener() {
public void onUnauthorizedInstantiation(final Component component)
{
if (component instanceof Page) {
// Redirect to index
throw new RestartResponseAtInterceptPageException(YourLoginPage.class);
// Or you can just throw the original UnauthorizedInstantiationException
} else {
component.setVisible(false);
}
}
);
DISCLAIMER: This post was constructed after studying the relevant
source for about 2 minutes and googling for about 1 minute to get some
info about wicket-auth-roles.
2010/1/8 toberger <to...@gmx.de>:
>
> This is my problem. How do I get the information, if the user has not the
> permission to see the panel?
>
> I create a tab list like this:
>
> List<ITab> tabs = new ArrayList<ITab>();
> tabs.add(new AbstractTab(new Model<String>("panel")) {
>
> public Panel getPanel(String panelId) {
> return new FooPanel(panelId);
> }
> ...
> });
>
> And I'm securing the panel through annotation:
>
> @AuthorizeInstantiation("ADMIN")
> public class FooPanel extends Panel {
> ...
> }
>
> So the tab will be added before I get the information about its auths.
>
>
>
> James Carman-3 wrote:
>>
>> Can't you just not add the tab if the user doesn't have the
>> role/permission required?
>>
>
> --
> View this message in context: http://old.nabble.com/TabbedPanel-%2B-authorization-strategy-tp13949910p27073005.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
--
Jeroen Steenbeeke
www.fortuityframework.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: TabbedPanel + authorization strategy
Posted by toberger <to...@gmx.de>.
This is my problem. How do I get the information, if the user has not the
permission to see the panel?
I create a tab list like this:
List<ITab> tabs = new ArrayList<ITab>();
tabs.add(new AbstractTab(new Model<String>("panel")) {
public Panel getPanel(String panelId) {
return new FooPanel(panelId);
}
...
});
And I'm securing the panel through annotation:
@AuthorizeInstantiation("ADMIN")
public class FooPanel extends Panel {
...
}
So the tab will be added before I get the information about its auths.
James Carman-3 wrote:
>
> Can't you just not add the tab if the user doesn't have the
> role/permission required?
>
--
View this message in context: http://old.nabble.com/TabbedPanel-%2B-authorization-strategy-tp13949910p27073005.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: TabbedPanel + authorization strategy
Posted by James Carman <jc...@carmanconsulting.com>.
Can't you just not add the tab if the user doesn't have the
role/permission required?
On Thu, Jan 7, 2010 at 5:25 PM, toberger <to...@gmx.de> wrote:
>
> Hi,
> I'm sorry to put such an old topic up.
> But I'm searching for a way to secure tabs with wicket-auth-roles and I
> don't want to display the tabs when the user has no authorization for its
> content panel.
>
> I can't find the source code which is related to. Maybe somone can just add
> a little code snippet how it works? That would be really great.
>
> Best regards,
> Torben
> --
> View this message in context: http://old.nabble.com/TabbedPanel-%2B-authorization-strategy-tp13949910p27068118.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org