/** * Construct. * * @param roleCheckingStrategy * the role checking strategy */ public RoleAuthorizationStrategy(final IRoleCheckingStrategy roleCheckingStrategy) { add(new AnnotationsRoleAuthorizationStrategy(roleCheckingStrategy)); add(new MetaDataRoleAuthorizationStrategy(roleCheckingStrategy)); } }
/** * Grants authorization to instantiate the given class to just the role NO_ROLE, effectively * denying all other roles. * * @param <T> * * @param componentClass * The component class */ public static <T extends Component> void unauthorizeAll(Class<T> componentClass) { authorizeAll(componentClass); authorize(componentClass, NO_ROLE); }
/** * Uses component level meta data to match roles for component action execution. * * @see org.apache.wicket.authorization.IAuthorizationStrategy#isActionAuthorized(org.apache.wicket.Component, * org.apache.wicket.authorization.Action) */ @Override public boolean isActionAuthorized(final Component component, final Action action) { if (component == null) { throw new IllegalArgumentException("argument component has to be not null"); } if (action == null) { throw new IllegalArgumentException("argument action has to be not null"); } final Roles roles = rolesAuthorizedToPerformAction(component, action); if (roles != null) { return hasAny(roles); } return true; }
/** * Uses application level meta data to match roles for component instantiation. * * @see org.apache.wicket.authorization.IAuthorizationStrategy#isInstantiationAuthorized(java.lang.Class) */ @Override public <T extends IRequestableComponent> boolean isInstantiationAuthorized( final Class<T> componentClass) { if (componentClass == null) { throw new IllegalArgumentException("argument componentClass cannot be null"); } // as long as the interface does not use generics, we should check this if (!Component.class.isAssignableFrom(componentClass)) { throw new IllegalArgumentException("argument componentClass must be of type " + Component.class.getName()); } final Roles roles = rolesAuthorizedToInstantiate(componentClass); if (roles != null) { return hasAny(roles); } return true; }
getSecuritySettings().setAuthorizationStrategy(new MetaDataRoleAuthorizationStrategy(this)); anyDirectoryPanelAditionalActionLinksProvider = lookup.getAnyDirectoryPanelAditionalActionLinksProvider(); lookup.getPageClasses(). forEach(cls -> MetaDataRoleAuthorizationStrategy.authorize(cls, Constants.ROLE_AUTHENTICATED));
if (SyncopeConsoleSession.get().owns(String.format("%s_CREATE", builder.type), builder.realm) && builder.realm.startsWith(SyncopeConstants.ROOT_REALM)) { MetaDataRoleAuthorizationStrategy.authorizeAll(addAjaxLink, RENDER); } else { MetaDataRoleAuthorizationStrategy.unauthorizeAll(addAjaxLink, RENDER);
@Override public void onUnauthorizedInstantiation(Component component) { if (!AbstractAuthenticatedWebSession.get().isSignedIn()) { // If a component is not authenticated unauthorize it for Rendering. // If the page is properly mounted such that the servlet container will intercept // the request and redirect to login page then authentication will occur normally. // If page is not mounted properly ie mount path does not match a security-constraint // then unauthorized page will be returned. MetaDataRoleAuthorizationStrategy.unauthorizeAll(component, Component.RENDER); } else { //Use Default implementation if authenticated. ServletContainerAuthenticatedWebApplication.this.onUnauthorizedInstantiation(component); } } }
MetaDataRoleAuthorizationStrategy.authorizeAll(actionLink, RENDER); } else { MetaDataRoleAuthorizationStrategy.unauthorizeAll(actionLink, RENDER);
/** * Uses component level meta data to match roles for component action execution. * * @see org.apache.wicket.authorization.IAuthorizationStrategy#isActionAuthorized(org.apache.wicket.Component, * org.apache.wicket.authorization.Action) */ @Override public boolean isActionAuthorized(final Component component, final Action action) { if (component == null) { throw new IllegalArgumentException("argument component has to be not null"); } if (action == null) { throw new IllegalArgumentException("argument action has to be not null"); } final Roles roles = rolesAuthorizedToPerformAction(component, action); if (roles != null) { return hasAny(roles); } return true; }
/** * Uses application level meta data to match roles for component instantiation. * * @see org.apache.wicket.authorization.IAuthorizationStrategy#isInstantiationAuthorized(java.lang.Class) */ @Override public <T extends IRequestableComponent> boolean isInstantiationAuthorized( final Class<T> componentClass) { if (componentClass == null) { throw new IllegalArgumentException("argument componentClass cannot be null"); } // as long as the interface does not use generics, we should check this if (!Component.class.isAssignableFrom(componentClass)) { throw new IllegalArgumentException("argument componentClass must be of type " + Component.class.getName()); } final Roles roles = rolesAuthorizedToInstantiate(componentClass); if (roles != null) { return hasAny(roles); } return true; }
private void authorizeList() { getListAuthRoles().forEach(role -> { MetaDataRoleAuthorizationStrategy.authorize(selectedEventsPanel, RENDER, role); }); }
/** * Grants authorization to perform the given action to just the role NO_ROLE, effectively * denying all other roles. * * @param component * the component that is subject to the authorization * @param action * the action to authorize */ public static void unauthorizeAll(final Component component, final Action action) { authorizeAll(component, action); authorize(component, action, NO_ROLE); }
/** * Construct. * * @param roleCheckingStrategy * the role checking strategy */ public RoleAuthorizationStrategy(final IRoleCheckingStrategy roleCheckingStrategy) { add(new AnnotationsRoleAuthorizationStrategy(roleCheckingStrategy)); add(new MetaDataRoleAuthorizationStrategy(roleCheckingStrategy)); } }
@Override protected AbstractLink getEventsLink(final String linkid) { BookmarkablePageLink<Remediations> remediations = BookmarkablePageLinkBuilder.build(linkid, Remediations.class); MetaDataRoleAuthorizationStrategy.authorize(remediations, WebPage.ENABLE, StandardEntitlement.REMEDIATION_LIST); return remediations; }
/** * Grants authorization to perform the given action to just the role NO_ROLE, effectively * denying all other roles. * * @param component * the component that is subject to the authorization * @param action * the action to authorize */ public static void unauthorizeAll(final Component component, final Action action) { authorizeAll(component, action); authorize(component, action, NO_ROLE); }
@Override public void populateItem( final Item<ICellPopulator<JobTO>> cellItem, final String componentId, final IModel<JobTO> rowModel) { JobTO jobTO = rowModel.getObject(); JobActionPanel panel = new JobActionPanel(componentId, jobTO, true, JobWidget.this, pageRef); MetaDataRoleAuthorizationStrategy.authorize(panel, WebPage.ENABLE, String.format("%s,%s,%s,%s", StandardEntitlement.TASK_EXECUTE, StandardEntitlement.REPORT_EXECUTE, StandardEntitlement.TASK_UPDATE, StandardEntitlement.REPORT_UPDATE)); cellItem.add(panel); }
/** * Grants authorization to instantiate the given class to just the role NO_ROLE, effectively * denying all other roles. * * @param <T> * * @param componentClass * The component class */ public static <T extends Component> void unauthorizeAll(Class<T> componentClass) { authorizeAll(componentClass); authorize(componentClass, NO_ROLE); }
public DashboardControlPanel(final String id, final PageReference pageRef) { super(id); JobWidget job = new JobWidget("job", pageRef); MetaDataRoleAuthorizationStrategy.authorize(job, Component.RENDER, String.format("%s,%s,%s", StandardEntitlement.NOTIFICATION_LIST, StandardEntitlement.TASK_LIST, StandardEntitlement.REPORT_LIST)); add(job); ReconciliationWidget reconciliation = new ReconciliationWidget("reconciliation", pageRef); MetaDataRoleAuthorizationStrategy.authorize(job, Component.RENDER, String.format("%s,%s,%s", StandardEntitlement.REPORT_EXECUTE, StandardEntitlement.REPORT_READ, StandardEntitlement.REPORT_LIST)); add(reconciliation); } }