Package org.apache.wicket.authroles.authentication

Class AuthenticatedWebApplication

java.lang.Object
org.apache.wicket.Application
org.apache.wicket.protocol.http.WebApplication
org.apache.wicket.authroles.authentication.AuthenticatedWebApplication
All Implemented Interfaces:
IUnauthorizedComponentInstantiationListener, IRoleCheckingStrategy, IEventSink, IMetadataContext<Object,Application>, ISessionStore.UnboundListener
public abstract class AuthenticatedWebApplication extends WebApplication implements IRoleCheckingStrategy, IUnauthorizedComponentInstantiationListener
A web application subclass that does role-based authentication.
Author:
Jonathan Locke

  • Constructor Details

  • Method Details

    • init

      protected void init()
      Description copied from class: WebApplication
      Initialize; if you need the wicket servlet/filter for initialization, e.g. because you want to read an initParameter from web.xml or you want to read a resource from the servlet's context path, you can override this method and provide custom initialization. This method is called right after this application class is constructed, and the wicket servlet/filter is set. Use this method for any application setup instead of the constructor.
      Overrides:
      init in class WebApplication

    • hasAnyRole

      public final boolean hasAnyRole(Roles roles)
      Description copied from interface: IRoleCheckingStrategy
      Whether any of the given roles matches. For example, if a user has role USER and the provided roles are {USER, ADMIN} this method should return true as the user has at least one of the roles that were provided.
      Specified by:
      hasAnyRole in interface IRoleCheckingStrategy
      Parameters:
      roles - the roles
      Returns:
      true if a user or whatever subject this implementation wants to work with has at least on of the provided roles

    • onUnauthorizedInstantiation

      public final void onUnauthorizedInstantiation(Component component)
      Description copied from interface: IUnauthorizedComponentInstantiationListener
      Called when an unauthorized component instantiation is about to take place (but before it happens).
      Specified by:
      onUnauthorizedInstantiation in interface IUnauthorizedComponentInstantiationListener
      Parameters:
      component - The partially constructed component (only the id is guaranteed to be valid).
      See Also:

    • restartResponseAtSignInPage

      public void restartResponseAtSignInPage()
      Restarts response at sign in page. NOTE: this method internally throws a restart response exception, so no code after a call to this method will be executed

    • newSession

      public Session newSession(Request request, Response response)
      Creates a new session. Override this method if you want to provide a custom session.
      Overrides:
      newSession in class WebApplication
      Parameters:
      request - The request that will create this session.
      response - The response to initialize, for example with cookies. This is important to use cases involving unit testing because those use cases might want to be able to sign a user in automatically when the session is created.
      Returns:
      The session

    • getWebSessionClass

      protected abstract Class<? extends AbstractAuthenticatedWebSession> getWebSessionClass()
      Returns:
      BaseAuthenticatedWebSession subclass to use in this authenticated web application.

    • getSignInPageClass

      protected abstract Class<? extends WebPage> getSignInPageClass()
      Returns:
      Subclass of sign-in page

    • onUnauthorizedPage

      protected void onUnauthorizedPage(Component page)
      Called when an AUTHENTICATED user tries to navigate to a page that they are not authorized to access. You might want to override this to navigate to some explanatory page or to the application's home page.
      Parameters:
      page - The partially constructed page (only the component id is guaranteed to be valid).