Module org.apache.wicket.core
Package org.apache.wicket.authorization
Interface IAuthorizationStrategy
- All Known Implementing Classes:
AbstractPageAuthorizationStrategy
,AbstractRoleAuthorizationStrategy
,ActionAuthorizationStrategy
,AnnotationsRoleAuthorizationStrategy
,CompoundAuthorizationStrategy
,IAuthorizationStrategy.AllowAllAuthorizationStrategy
,MetaDataRoleAuthorizationStrategy
,RoleAuthorizationStrategy
,SimplePageAuthorizationStrategy
public interface IAuthorizationStrategy
Authorization strategies specify aspect-like constraints on significant actions taken by the
framework in a given application. These constraints are guaranteed by the framework to be applied
consistently throughout. Violations will result in a security action directed by the strategy,
such as the throwing of an AuthorizationException or the filtering out of security-sensitive
information.
- Since:
- Wicket 1.2
- Author:
- Eelco Hillenius, Jonathan Locke
-
Nested Class Summary
Modifier and TypeInterfaceDescriptionstatic class
-
Field Summary
Modifier and TypeFieldDescriptionstatic final IAuthorizationStrategy
Implementation ofIAuthorizationStrategy
that allows everything. -
Method Summary
Modifier and TypeMethodDescriptionboolean
isActionAuthorized
(Component component, Action action) Gets whether the given action is permitted.<T extends IRequestableComponent>
booleanisInstantiationAuthorized
(Class<T> componentClass) Checks whether an instance of the given component class may be created.boolean
isResourceAuthorized
(IResource resource, PageParameters parameters) Checks whether a request with some parameters is allowed to a resource.
-
Field Details
-
ALLOW_ALL
Implementation ofIAuthorizationStrategy
that allows everything.
-
-
Method Details
-
isInstantiationAuthorized
Checks whether an instance of the given component class may be created. If this method returns false, theIUnauthorizedComponentInstantiationListener
that is configured in thesecurity settings
will be called. The default implementation of that listener throws aUnauthorizedInstantiationException
.If you wish to implement a strategy that authenticates users which cannot access a given Page (or other Component), you can simply throw a
RestartResponseAtInterceptPageException
in your implementation of this method.- Type Parameters:
T
-- Parameters:
componentClass
- The component class to check- Returns:
- Whether the given component may be created
-
isActionAuthorized
Gets whether the given action is permitted. If it is, this method should return true. If it isn't, this method should either return false or - in case of a serious breach - throw a security exception. Returning is generally preferable over throwing an exception as that doesn't break the normal flow.- Parameters:
component
- The component to be acted uponaction
- The action to authorize on the component- Returns:
- Whether the given action may be taken on the given component
- Throws:
AuthorizationException
- Can be thrown by implementation if action is unauthorized- See Also:
-
isResourceAuthorized
Checks whether a request with some parameters is allowed to a resource.- Parameters:
resource
- The resource that should be processedparameters
- The request parameters- Returns:
true
if the request to this resource is allowed.
-