You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Kees van Dieren <ke...@gmail.com> on 2009/08/25 09:42:37 UTC
Hide component when instantiating component not authorized to
Hi all,
We would like to hide a Panel marked with
@AuthorizeInstantiation("RoleNotAuthorizedTo");
The default behaviour is that wicket sends AccessDeniedPage.
We are using wicket 1.3.7.
I implemented the desired solution by duplicating the complete
org.apache.wicket.authentication.AuthenticatedWebApplication class in our
source tree, and changing the onUnauthorizedInstantiation method to:
public final void onUnauthorizedInstantiation(final Component component)
{
// If there is a sign in page class declared, and the unauthorized
// component is a page, but it's not the sign in page
if (component instanceof Page)
{
if (!AuthenticatedWebSession.get().isSignedIn())
{
// Redirect to intercept page to let the user sign in
throw new
RestartResponseAtInterceptPageException(getSignInPageClass());
}
else
{
onUnauthorizedPage((Page)component);
}
}
else
{
// Kees / IOO change: delegate to new onUnAuthorizedComponent
onUnautorizedComponent(component);
}
}
/**
* Kees / IOO change: created delegate method
* @param component
* a (non-page) component that user is not authorized to to
construct.
*/
protected void onUnautorizedComponent(final Component component) {
// The component was not a page, so throw an exception
throw new UnauthorizedInstantiationException(component.getClass());
}
Our WicketApplication subclass overrides the onUnautorizedComponent with:
protected void onUnautorizedComponent(final Component component) {
component.setVisible(false);
}
Is this the only way to achieve this? I'd like to not duplicate the complete
class, but some kind of hook where I can implement this in.
Is that possible?
Thanks in advance!
Best regards,
Kees van Dieren
--
Squins | IT, Honestly
Oranjestraat 23
2983 HL Ridderkerk
The Netherlands
Phone: +31 (0)180 414520
Mobile: +31 (0)6 30413841
www.squins.com
Chamber of commerce Rotterdam: 22048547
SV: Hide component when instantiating component not authorized to
Posted by Wilhelmsen Tor Iver <To...@arrive.no>.
> What was wrong with implementing
> IAuthorizationStrategy.isActionAuthorized() and adding
> getSecuritySettings().setAuthorizationStrategy(new
> YourParticularImplementation()); in your Application.init()? The action
> to test for is Component.RENDER.
Ah, perhaps the other method is more to your question (isInstantiationAuthorized()), and also set the IUnauthorizedComponentInstantiationListener in the security settings to an implementation that sets the component invisible, or throws a RuntimeException you probably need to handle in the code that tries to instantiate the component.
- Tor Iver
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Hide component when instantiating component not authorized to
Posted by Wilhelmsen Tor Iver <To...@arrive.no>.
> I implemented the desired solution by duplicating the complete
> org.apache.wicket.authentication.AuthenticatedWebApplication class in
> our
> source tree,
What was wrong with implementing IAuthorizationStrategy.isActionAuthorized() and adding getSecuritySettings().setAuthorizationStrategy(new YourParticularImplementation()); in your Application.init()? The action to test for is Component.RENDER.
- Tor Iver
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Hide component when instantiating component not authorized to
Posted by Igor Vaynberg <ig...@gmail.com>.
you can use oncomponentaction(action) { if action==component.render
return false; }
to hide any components that should not be visible.
-igor
On Tue, Aug 25, 2009 at 12:42 AM, Kees van
Dieren<ke...@gmail.com> wrote:
> Hi all,
>
> We would like to hide a Panel marked with
> @AuthorizeInstantiation("RoleNotAuthorizedTo");
>
> The default behaviour is that wicket sends AccessDeniedPage.
>
> We are using wicket 1.3.7.
>
> I implemented the desired solution by duplicating the complete
> org.apache.wicket.authentication.AuthenticatedWebApplication class in our
> source tree, and changing the onUnauthorizedInstantiation method to:
>
> public final void onUnauthorizedInstantiation(final Component component)
> {
> // If there is a sign in page class declared, and the unauthorized
> // component is a page, but it's not the sign in page
> if (component instanceof Page)
> {
> if (!AuthenticatedWebSession.get().isSignedIn())
> {
> // Redirect to intercept page to let the user sign in
> throw new
> RestartResponseAtInterceptPageException(getSignInPageClass());
> }
> else
> {
> onUnauthorizedPage((Page)component);
> }
> }
> else
> {
> // Kees / IOO change: delegate to new onUnAuthorizedComponent
> onUnautorizedComponent(component);
> }
> }
>
> /**
> * Kees / IOO change: created delegate method
> * @param component
> * a (non-page) component that user is not authorized to to
> construct.
> */
> protected void onUnautorizedComponent(final Component component) {
> // The component was not a page, so throw an exception
> throw new UnauthorizedInstantiationException(component.getClass());
> }
>
> Our WicketApplication subclass overrides the onUnautorizedComponent with:
> protected void onUnautorizedComponent(final Component component) {
> component.setVisible(false);
> }
>
> Is this the only way to achieve this? I'd like to not duplicate the complete
> class, but some kind of hook where I can implement this in.
>
> Is that possible?
>
> Thanks in advance!
>
> Best regards,
>
> Kees van Dieren
> --
> Squins | IT, Honestly
> Oranjestraat 23
> 2983 HL Ridderkerk
> The Netherlands
> Phone: +31 (0)180 414520
> Mobile: +31 (0)6 30413841
> www.squins.com
> Chamber of commerce Rotterdam: 22048547
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org