Module org.apache.wicket.auth.roles
Class MetaDataRoleAuthorizationStrategy
java.lang.Object
org.apache.wicket.authorization.IAuthorizationStrategy.AllowAllAuthorizationStrategy
org.apache.wicket.authroles.authorization.strategies.role.AbstractRoleAuthorizationStrategy
org.apache.wicket.authroles.authorization.strategies.role.metadata.MetaDataRoleAuthorizationStrategy
- All Implemented Interfaces:
IAuthorizationStrategy
Strategy that uses the Wicket metadata facility to check authorization. The static
authorize
methods are for authorizing component actions and component instantiation
by role. This class is the main entry point for users wanting to use the roles-based
authorization of the wicket-auth-roles package based on wicket metadata.
For instance, use like:
MetaDataRoleAuthorizationStrategy.authorize(myPanel, RENDER, "ADMIN");for actions on component instances, or:
MetaDataRoleAuthorizationStrategy.authorize(AdminBookmarkablePage.class, "ADMIN");for doing role based authorization for component instantation.
- Author:
- Eelco Hillenius, Jonathan Locke
- See Also:
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.apache.wicket.authorization.IAuthorizationStrategy
IAuthorizationStrategy.AllowAllAuthorizationStrategy
-
Field Summary
Modifier and TypeFieldDescriptionstatic final MetaDataKey<ActionPermissions>
Component meta data key for actions/roles information.static final MetaDataKey<InstantiationPermissions>
Application meta data key for actions/roles information.static final String
Special role string for denying access to allFields inherited from interface org.apache.wicket.authorization.IAuthorizationStrategy
ALLOW_ALL
-
Constructor Summary
ConstructorDescriptionMetaDataRoleAuthorizationStrategy
(IRoleCheckingStrategy roleCheckingStrategy) Construct. -
Method Summary
Modifier and TypeMethodDescriptionstatic <T extends Component>
voidAuthorizes the given role to create component instances of type componentClass.static void
Authorizes the given role to perform the given action on the given component.static <T extends Component>
voidauthorizeAll
(Class<T> componentClass) Grants permission to all roles to create instances of the given component class.static void
authorizeAll
(Component component, Action action) Grants permission to all roles to perform the given action on the given component.boolean
isActionAuthorized
(Component component, Action action) Uses component level meta data to match roles for component action execution.<T extends IRequestableComponent>
booleanisInstantiationAuthorized
(Class<T> componentClass) Uses application level meta data to match roles for component instantiation.static <T extends Component>
voidunauthorize
(Class<T> componentClass, String roles) Removes permission for the given roles to create instances of the given component class.static void
unauthorize
(Component component, Action action, String roles) Removes permission for the given role to perform the given action on the given component.static <T extends Component>
voidunauthorizeAll
(Class<T> componentClass) Grants authorization to instantiate the given class to just the role NO_ROLE, effectively denying all other roles.static void
unauthorizeAll
(Component component, Action action) Grants authorization to perform the given action to just the role NO_ROLE, effectively denying all other roles.Methods inherited from class org.apache.wicket.authroles.authorization.strategies.role.AbstractRoleAuthorizationStrategy
hasAny, isEmpty
Methods inherited from class org.apache.wicket.authorization.IAuthorizationStrategy.AllowAllAuthorizationStrategy
isResourceAuthorized
-
Field Details
-
ACTION_PERMISSIONS
Component meta data key for actions/roles information. Typically, you do not need to use this meta data key directly, but instead use one of the bind methods of this class. -
INSTANTIATION_PERMISSIONS
Application meta data key for actions/roles information. Typically, you do not need to use this meta data key directly, but instead use one of the bind methods of this class. -
NO_ROLE
Special role string for denying access to all- See Also:
-
-
Constructor Details
-
MetaDataRoleAuthorizationStrategy
Construct.- Parameters:
roleCheckingStrategy
- the authorizer object
-
-
Method Details
-
authorize
Authorizes the given role to create component instances of type componentClass. This authorization is added to any previously authorized roles.- Type Parameters:
T
-- Parameters:
componentClass
- The component type that is subject for the authorizationroles
- The comma separated roles that are authorized to create component instances of type componentClass
-
authorize
Authorizes the given role to perform the given action on the given component.- Parameters:
component
- The component that is subject to the authorizationaction
- The action to authorizeroles
- The comma separated roles to authorize
-
authorizeAll
Grants permission to all roles to create instances of the given component class.- Type Parameters:
T
-- Parameters:
componentClass
- The component class
-
authorizeAll
Grants permission to all roles to perform the given action on the given component.- Parameters:
component
- The component that is subject to the authorizationaction
- The action to authorize
-
unauthorize
Removes permission for the given roles to create instances of the given component class. There is no danger in removing authorization by calling this method. If the last authorization grant is removed for a given componentClass, the internal role NO_ROLE will automatically be added, effectively denying access to all roles (if this was not done, all roles would suddenly have access since no authorization is equivalent to full access).- Type Parameters:
T
-- Parameters:
componentClass
- The component typeroles
- The comma separated list of roles that are no longer to be authorized to create instances of type componentClass
-
unauthorize
Removes permission for the given role to perform the given action on the given component. There is no danger in removing authorization by calling this method. If the last authorization grant is removed for a given action, the internal role NO_ROLE will automatically be added, effectively denying access to all roles (if this was not done, all roles would suddenly have access since no authorization is equivalent to full access).- Parameters:
component
- The componentaction
- The actionroles
- The comma separated list of roles that are no longer allowed to perform the given action
-
unauthorizeAll
Grants authorization to instantiate the given class to just the role NO_ROLE, effectively denying all other roles.- Type Parameters:
T
-- Parameters:
componentClass
- The component class
-
unauthorizeAll
Grants authorization to perform the given action to just the role NO_ROLE, effectively denying all other roles.- Parameters:
component
- the component that is subject to the authorizationaction
- the action to authorize
-
isActionAuthorized
Uses component level meta data to match roles for component action execution.- Specified by:
isActionAuthorized
in interfaceIAuthorizationStrategy
- Overrides:
isActionAuthorized
in classIAuthorizationStrategy.AllowAllAuthorizationStrategy
- Parameters:
component
- The component to be acted uponaction
- The action to authorize on the component- Returns:
- Whether the given action may be taken on the given component
- See Also:
-
isInstantiationAuthorized
Uses application level meta data to match roles for component instantiation.- Specified by:
isInstantiationAuthorized
in interfaceIAuthorizationStrategy
- Overrides:
isInstantiationAuthorized
in classIAuthorizationStrategy.AllowAllAuthorizationStrategy
- Parameters:
componentClass
- The component class to check- Returns:
- Whether the given component may be created
- See Also:
-