You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Duro <de...@yahoo.com> on 2011/01/05 10:42:25 UTC
Custom IUnauthorizedComponentInstantiationListener
Hi, i am trying to customize the behavior, when in a page a component is
found, that the current user is not authorized to while he is authorized
to the page. This by default throws an exception and i want to change it
so, that the component is simply not displayed. So i did this: in my web
application, that is subclass of AuthenticatedWebApplication i have this
init() method:
@Override
protected void init() {
super.init();
// we customize the default behavior, when there is an
component in page, that
// this user can't access. Default is an exception thrown, we
just set the
// component not visible
getSecuritySettings().setUnauthorizedComponentInstantiationListener(
new IUnauthorizedComponentInstantiationListener() {
@Override
public void onUnauthorizedInstantiation(Component
component) {
if (component instanceof Page) {
onUnauthorizedPage((Page) component);
} else {
component.detach();
}
}
});
}
as i can see, if the unauthorized object is a page, than i call
onUnauthorizedPage((Page) component) which redirects to login page, else
i destroy the component.
What comes out as result is that the user after accessing protected page
is redirected to login page, logs in and is authentificated but than
somehow the session is destroyed and new is created for some reason
which results in loosing the authentication and login page is displayed
again. So the user actually can't log in and always ends only in the
login page.
thanks for help in advance, Juraj
__________________________________________________
Do You Yahoo!?
Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails.
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Custom IUnauthorizedComponentInstantiationListener
Posted by Cemal Bayramoglu <jW...@cabouge.com>.
Juraj,
...
public boolean isActionAuthorized(Component component, Action action) {
return action != Component.RENDER || shouldRender(component);
}
private boolean shouldRender(Component component){
// your logic to check if the current "user" should see component
}
...
This is a terse and basic implementation to make the technique clear;
you should get the idea and be able to extend it to fulfil your
specific requirements..
Regards - Cemal
jWeekend
Training, Consulting, Development
http://jWeekend.com
On 14 January 2011 10:04, Duro <de...@yahoo.com> wrote:
> hi,
> could u describe the proposed solution more deeply please. Idon't know,
> what more i should do with my
>
> iauthorizationstrategy , it has only 2 boolean methods and i don't see
> anything, i could improve there. Btw i use RoleAuthorizationStrategy, which
> is a CompoundAuthorizationStrategy.
>
> thanks, Juraj
>
>> if you want to hide unauthorized components you should use
>> iauthorizationstrategy and veto component's RENDER action
>>
>> -igor
>>
>> On Wed, Jan 5, 2011 at 1:42 AM, Duro<de...@yahoo.com> wrote:
>>>
>>> Hi, i am trying to customize the behavior, when in a page a component is
>>> found, that the current user is not authorized to while he is authorized
>>> to
>>> the page. This by default throws an exception and i want to change it so,
>>> that the component is simply not displayed. So i did this: in my web
>>> application, that is subclass of AuthenticatedWebApplication i have this
>>> init() method:
>>>
>>> @Override
>>> protected void init() {
>>> super.init();
>>> // we customize the default behavior, when there is an component
>>> in
>>> page, that
>>> // this user can't access. Default is an exception thrown, we just
>>> set the
>>> // component not visible
>>>
>>> getSecuritySettings().setUnauthorizedComponentInstantiationListener(
>>> new IUnauthorizedComponentInstantiationListener() {
>>> @Override
>>> public void onUnauthorizedInstantiation(Component
>>> component) {
>>> if (component instanceof Page) {
>>> onUnauthorizedPage((Page) component);
>>> } else {
>>> component.detach();
>>> }
>>> }
>>> });
>>> }
>>>
>>> as i can see, if the unauthorized object is a page, than i call
>>> onUnauthorizedPage((Page) component) which redirects to login page, else
>>> i
>>> destroy the component.
>>> What comes out as result is that the user after accessing protected page
>>> is
>>> redirected to login page, logs in and is authentificated but than somehow
>>> the session is destroyed and new is created for some reason which results
>>> in
>>> loosing the authentication and login page is displayed again. So the user
>>> actually can't log in and always ends only in the login page.
>>> thanks for help in advance, Juraj
>>>
>>> __________________________________________________
>>> Do You Yahoo!?
>>> Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz
>>> gegen Massenmails. http://mail.yahoo.com
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>
> __________________________________________________
> Do You Yahoo!?
> Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz
> gegen Massenmails. http://mail.yahoo.com
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Custom IUnauthorizedComponentInstantiationListener
Posted by Duro <de...@yahoo.com>.
hi,
could u describe the proposed solution more deeply please. Idon't
know, what more i should do with my
iauthorizationstrategy , it has only 2 boolean methods and i don't see anything, i could improve there. Btw i use RoleAuthorizationStrategy, which is a CompoundAuthorizationStrategy.
thanks, Juraj
> if you want to hide unauthorized components you should use
> iauthorizationstrategy and veto component's RENDER action
>
> -igor
>
> On Wed, Jan 5, 2011 at 1:42 AM, Duro<de...@yahoo.com> wrote:
>> Hi, i am trying to customize the behavior, when in a page a component is
>> found, that the current user is not authorized to while he is authorized to
>> the page. This by default throws an exception and i want to change it so,
>> that the component is simply not displayed. So i did this: in my web
>> application, that is subclass of AuthenticatedWebApplication i have this
>> init() method:
>>
>> @Override
>> protected void init() {
>> super.init();
>> // we customize the default behavior, when there is an component in
>> page, that
>> // this user can't access. Default is an exception thrown, we just
>> set the
>> // component not visible
>> getSecuritySettings().setUnauthorizedComponentInstantiationListener(
>> new IUnauthorizedComponentInstantiationListener() {
>> @Override
>> public void onUnauthorizedInstantiation(Component
>> component) {
>> if (component instanceof Page) {
>> onUnauthorizedPage((Page) component);
>> } else {
>> component.detach();
>> }
>> }
>> });
>> }
>>
>> as i can see, if the unauthorized object is a page, than i call
>> onUnauthorizedPage((Page) component) which redirects to login page, else i
>> destroy the component.
>> What comes out as result is that the user after accessing protected page is
>> redirected to login page, logs in and is authentificated but than somehow
>> the session is destroyed and new is created for some reason which results in
>> loosing the authentication and login page is displayed again. So the user
>> actually can't log in and always ends only in the login page.
>> thanks for help in advance, Juraj
>>
>> __________________________________________________
>> Do You Yahoo!?
>> Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz
>> gegen Massenmails. http://mail.yahoo.com
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
__________________________________________________
Do You Yahoo!?
Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails.
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Custom IUnauthorizedComponentInstantiationListener
Posted by Igor Vaynberg <ig...@gmail.com>.
if you want to hide unauthorized components you should use
iauthorizationstrategy and veto component's RENDER action
-igor
On Wed, Jan 5, 2011 at 1:42 AM, Duro <de...@yahoo.com> wrote:
> Hi, i am trying to customize the behavior, when in a page a component is
> found, that the current user is not authorized to while he is authorized to
> the page. This by default throws an exception and i want to change it so,
> that the component is simply not displayed. So i did this: in my web
> application, that is subclass of AuthenticatedWebApplication i have this
> init() method:
>
> @Override
> protected void init() {
> super.init();
> // we customize the default behavior, when there is an component in
> page, that
> // this user can't access. Default is an exception thrown, we just
> set the
> // component not visible
> getSecuritySettings().setUnauthorizedComponentInstantiationListener(
> new IUnauthorizedComponentInstantiationListener() {
> @Override
> public void onUnauthorizedInstantiation(Component
> component) {
> if (component instanceof Page) {
> onUnauthorizedPage((Page) component);
> } else {
> component.detach();
> }
> }
> });
> }
>
> as i can see, if the unauthorized object is a page, than i call
> onUnauthorizedPage((Page) component) which redirects to login page, else i
> destroy the component.
> What comes out as result is that the user after accessing protected page is
> redirected to login page, logs in and is authentificated but than somehow
> the session is destroyed and new is created for some reason which results in
> loosing the authentication and login page is displayed again. So the user
> actually can't log in and always ends only in the login page.
> thanks for help in advance, Juraj
>
> __________________________________________________
> Do You Yahoo!?
> Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz
> gegen Massenmails. http://mail.yahoo.com
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org