Module org.apache.wicket.auth.roles
Class AnnotationsRoleAuthorizationStrategy
java.lang.Object
org.apache.wicket.authorization.IAuthorizationStrategy.AllowAllAuthorizationStrategy
org.apache.wicket.authroles.authorization.strategies.role.AbstractRoleAuthorizationStrategy
org.apache.wicket.authroles.authorization.strategies.role.annotations.AnnotationsRoleAuthorizationStrategy
- All Implemented Interfaces:
IAuthorizationStrategy
Strategy that checks the
AuthorizeInstantiation annotation.- Author:
- Eelco Hillenius
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.apache.wicket.authorization.IAuthorizationStrategy
IAuthorizationStrategy.AllowAllAuthorizationStrategy -
Field Summary
Fields inherited from interface org.apache.wicket.authorization.IAuthorizationStrategy
ALLOW_ALL -
Constructor Summary
ConstructorsConstructorDescriptionAnnotationsRoleAuthorizationStrategy(IRoleCheckingStrategy roleCheckingStrategy) Construct. -
Method Summary
Modifier and TypeMethodDescriptionprotected booleanisActionAuthorized(Class<?> componentClass, Action action) booleanisActionAuthorized(Component component, Action action) Gets whether the given action is permitted.<T extends IRequestableComponent>
booleanisInstantiationAuthorized(Class<T> componentClass) Checks whether an instance of the given component class may be created.booleanisResourceAuthorized(IResource resource, PageParameters pageParameters) Checks whether a request with some parameters is allowed to a resource.Methods inherited from class org.apache.wicket.authroles.authorization.strategies.role.AbstractRoleAuthorizationStrategy
hasAny, isEmpty
-
Constructor Details
-
AnnotationsRoleAuthorizationStrategy
Construct.- Parameters:
roleCheckingStrategy- the authorizer delegate
-
-
Method Details
-
isInstantiationAuthorized
Description copied from interface:IAuthorizationStrategyChecks whether an instance of the given component class may be created. If this method returns false, theIUnauthorizedComponentInstantiationListenerthat is configured in thesecurity settingswill be called. The default implementation of that listener throws aUnauthorizedInstantiationException.If you wish to implement a strategy that authenticates users which cannot access a given Page (or other Component), you can simply throw a
RestartResponseAtInterceptPageExceptionin your implementation of this method.- Specified by:
isInstantiationAuthorizedin interfaceIAuthorizationStrategy- Overrides:
isInstantiationAuthorizedin classIAuthorizationStrategy.AllowAllAuthorizationStrategy- Parameters:
componentClass- The component class to check- Returns:
- Whether the given component may be created
- See Also:
-
isActionAuthorized
Description copied from interface:IAuthorizationStrategyGets whether the given action is permitted. If it is, this method should return true. If it isn't, this method should either return false or - in case of a serious breach - throw a security exception. Returning is generally preferable over throwing an exception as that doesn't break the normal flow.- Specified by:
isActionAuthorizedin interfaceIAuthorizationStrategy- Overrides:
isActionAuthorizedin classIAuthorizationStrategy.AllowAllAuthorizationStrategy- Parameters:
component- The component to be acted uponaction- The action to authorize on the component- Returns:
- Whether the given action may be taken on the given component
- See Also:
-
isActionAuthorized
-
isResourceAuthorized
Description copied from interface:IAuthorizationStrategyChecks whether a request with some parameters is allowed to a resource.- Specified by:
isResourceAuthorizedin interfaceIAuthorizationStrategy- Overrides:
isResourceAuthorizedin classIAuthorizationStrategy.AllowAllAuthorizationStrategy- Parameters:
resource- The resource that should be processedpageParameters- The request parameters- Returns:
trueif the request to this resource is allowed.
-