/** * @see org.apache.wicket.protocol.http.WebApplication#init() */ @Override protected void init() { super.init(); // Set authorization strategy and unauthorized instantiation listener getSecuritySettings().setAuthorizationStrategy(new RoleAuthorizationStrategy(this)); getSecuritySettings().setUnauthorizedComponentInstantiationListener(this); }
/** * @return The authorization strategy for this session */ public IAuthorizationStrategy getAuthorizationStrategy() { return getApplication().getSecuritySettings().getAuthorizationStrategy(); }
/** * @see org.apache.wicket.jmx.SecuritySettingsMBean#getCryptFactory() */ @Override public String getCryptFactory() { return Stringz.className(application.getSecuritySettings().getCryptFactory()); }
getSecuritySettings().setAuthorizationStrategy(new MetaDataRoleAuthorizationStrategy(this));
/** * Call signOut() and remove the logon data from whereever they have been persisted (e.g. * Cookies) * * @see org.apache.wicket.Session#invalidate() */ @Override public void invalidate() { if (isSessionInvalidated() == false) { getApplication().getSecuritySettings().getAuthenticationStrategy().remove(); super.invalidate(); } }
Application.get().getSecuritySettings().setUnauthorizedComponentInstantiationListener( new IUnauthorizedComponentInstantiationListener()
private void authorize() { IAuthorizationStrategy authorizationStrategy = null; if (Session.exists()) { authorizationStrategy = Session.get().getAuthorizationStrategy(); } else if (Application.exists()) { authorizationStrategy = Application.get().getSecuritySettings().getAuthorizationStrategy(); } if (authorizationStrategy != null && authorizationStrategy.isResourceAuthorized(resource, parameters) == false) { if (Application.exists()) { Application.get().getSecuritySettings().getUnauthorizedResourceRequestListener().onUnauthorizedRequest(resource, parameters); } else { new DefaultUnauthorizedResourceRequestListener().onUnauthorizedRequest(resource, parameters); } } }
/** * @see org.apache.wicket.jmx.SecuritySettingsMBean#getUnauthorizedComponentInstantiationListener() */ @Override public String getUnauthorizedComponentInstantiationListener() { return Stringz.className(application.getSecuritySettings() .getUnauthorizedComponentInstantiationListener()); } }
getSecuritySettings().setAuthorizationStrategy(authorizationStrategy);
/** * Call signOut() and remove the logon data from whereever they have been persisted (e.g. * Cookies) * * @see org.apache.wicket.Session#invalidate() */ @Override public void invalidate() { if (isSessionInvalidated() == false) { getApplication().getSecuritySettings().getAuthenticationStrategy().remove(); super.invalidate(); } }
Application.get().getSecuritySettings().setUnauthorizedComponentInstantiationListener( new IUnauthorizedComponentInstantiationListener()
private void authorize() { IAuthorizationStrategy authorizationStrategy = null; if (Session.exists()) { authorizationStrategy = Session.get().getAuthorizationStrategy(); } else if (Application.exists()) { authorizationStrategy = Application.get().getSecuritySettings().getAuthorizationStrategy(); } if (authorizationStrategy != null && authorizationStrategy.isResourceAuthorized(resource, parameters) == false) { if (Application.exists()) { Application.get().getSecuritySettings().getUnauthorizedResourceRequestListener().onUnauthorizedRequest(resource, parameters); } else { new DefaultUnauthorizedResourceRequestListener().onUnauthorizedRequest(resource, parameters); } } }
/** * @see org.apache.wicket.application.IComponentInstantiationListener#onInstantiation(org.apache.wicket.Component) */ @Override public void onInstantiation(final Component component) { final Class<? extends Component> cl = component.getClass(); // If component instantiation is not authorized if (!Session.get().getAuthorizationStrategy().isInstantiationAuthorized(cl)) { // then call any unauthorized component instantiation // listener getSecuritySettings().getUnauthorizedComponentInstantiationListener() .onUnauthorizedInstantiation(component); } } });
/** * @see org.apache.wicket.protocol.http.WebApplication#init() */ @Override protected void init() { super.init(); // Set authorization strategy and unauthorized instantiation listener getSecuritySettings().setAuthorizationStrategy(new RoleAuthorizationStrategy(this)); getSecuritySettings().setUnauthorizedComponentInstantiationListener(this); }
/** * @return The authorization strategy for this session */ public IAuthorizationStrategy getAuthorizationStrategy() { return getApplication().getSecuritySettings().getAuthorizationStrategy(); }
getSecuritySettings().setAuthorizationStrategy(authorizationStrategy);
/** * Calls when login button was clicked. * @see LoginButtonsPanel#loginConsumer * @param target {@link AjaxRequestTarget} */ protected void onLoginButtonClick(AjaxRequestTarget target) { IAuthenticationStrategy strategy = getApplication().getSecuritySettings() .getAuthenticationStrategy(); String username = name.getObject(); String password = passwordModel.getObject(); if (OrienteerWebSession.get().signIn(username, password)) { if (rememberMeModel.getObject()) { strategy.save(username, password); } else { strategy.remove(); } onSuccessLogin(); } else { onFailedLogin(target); strategy.remove(); } }
/** * @see org.apache.wicket.protocol.http.WebApplication#init() */ @Override protected void init() { super.init(); // Add overrides for bookmarkable and nonbookmarkable page creations to allow servlet container // authorization mechanism to handle redirect to login page. final ContainerSecurityInterceptorListener listener = new ContainerSecurityInterceptorListener(); getSecuritySettings().setUnauthorizedComponentInstantiationListener(listener); getRequestCycleListeners().add(listener); autoMountPages(); }
/** * Encrypt with {@link org.apache.wicket.settings.SecuritySettings#getCryptFactory()}. * <p> * <strong>Important</strong>: Encryption is done with {@link org.apache.wicket.settings.SecuritySettings#DEFAULT_ENCRYPTION_KEY} if you haven't * configured an alternative {@link ICryptFactory}. For better security it is recommended to use * {@link CryptoMapper#CryptoMapper(IRequestMapper, Supplier)} with a specific {@link ICrypt} implementation * that generates a separate key for each user. * {@link org.apache.wicket.core.util.crypt.KeyInSessionSunJceCryptFactory} provides such an implementation that stores the * key in the HTTP session. * </p> * * @param wrappedMapper * the non-crypted request mapper * @param application * the current application * @see org.apache.wicket.util.crypt.SunJceCrypt */ public CryptoMapper(final IRequestMapper wrappedMapper, final Application application) { this(wrappedMapper, () -> application.getSecuritySettings().getCryptFactory().newCrypt()); }
/** * @see org.apache.wicket.application.IComponentInstantiationListener#onInstantiation(org.apache.wicket.Component) */ @Override public void onInstantiation(final Component component) { final Class<? extends Component> cl = component.getClass(); // If component instantiation is not authorized if (!Session.get().getAuthorizationStrategy().isInstantiationAuthorized(cl)) { // then call any unauthorized component instantiation // listener getSecuritySettings().getUnauthorizedComponentInstantiationListener() .onUnauthorizedInstantiation(component); } } });