org.apache.wicket.authorization.strategies

Class CompoundAuthorizationStrategy

java.lang.Object

org.apache.wicket.authorization.strategies.CompoundAuthorizationStrategy

All Implemented Interfaces:

IAuthorizationStrategy

Direct Known Subclasses:

RoleAuthorizationStrategy

public class CompoundAuthorizationStrategy
extends Object
implements IAuthorizationStrategy

Compound implementation of the IAuthorizationStrategy that lets you chain two or more strategies together.

Author:

ivaynberg

Nested Class Summary

Nested classes/interfaces inherited from interface org.apache.wicket.authorization.IAuthorizationStrategy

IAuthorizationStrategy.AllowAllAuthorizationStrategy

Field Summary

Fields inherited from interface org.apache.wicket.authorization.IAuthorizationStrategy

ALLOW_ALL

Constructor Summary

Constructors

Constructor and Description
CompoundAuthorizationStrategy()

Method Summary

Modifier and Type	Method and Description
void	add(IAuthorizationStrategy strategy) Adds a strategy to the chain
boolean	isActionAuthorized(Component component, Action action) Gets whether the given action is permitted.
<T extends IRequestableComponent> boolean	isInstantiationAuthorized(Class<T> componentClass) Checks whether an instance of the given component class may be created.
boolean	isResourceAuthorized(IResource resource, PageParameters parameters) Checks whether a request with some parameters is allowed to a resource.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CompoundAuthorizationStrategy

public CompoundAuthorizationStrategy()

Method Detail

add

public final void add(IAuthorizationStrategy strategy)

Adds a strategy to the chain

Parameters:

strategy - Strategy to add

isInstantiationAuthorized

public final <T extends IRequestableComponent> boolean isInstantiationAuthorized(Class<T> componentClass)

Description copied from interface: IAuthorizationStrategy

Checks whether an instance of the given component class may be created. If this method returns false, the IUnauthorizedComponentInstantiationListener that is configured in the security settings will be called. The default implementation of that listener throws a UnauthorizedInstantiationException.

If you wish to implement a strategy that authenticates users which cannot access a given Page (or other Component), you can simply throw a RestartResponseAtInterceptPageException in your implementation of this method.

Specified by:

isInstantiationAuthorized in interface IAuthorizationStrategy

Parameters:

componentClass - The component class to check

Returns:

Whether the given component may be created

See Also:

IAuthorizationStrategy.isInstantiationAuthorized(java.lang.Class)

isActionAuthorized

public final boolean isActionAuthorized(Component component,
                                        Action action)

Description copied from interface: IAuthorizationStrategy

Gets whether the given action is permitted. If it is, this method should return true. If it isn't, this method should either return false or - in case of a serious breach - throw a security exception. Returning is generally preferable over throwing an exception as that doesn't break the normal flow.

Specified by:

isActionAuthorized in interface IAuthorizationStrategy

Parameters:

component - The component to be acted upon

action - The action to authorize on the component

Returns:

Whether the given action may be taken on the given component

See Also:

IAuthorizationStrategy.isActionAuthorized(org.apache.wicket.Component, org.apache.wicket.authorization.Action)

isResourceAuthorized

public boolean isResourceAuthorized(IResource resource,
                                    PageParameters parameters)

Description copied from interface: IAuthorizationStrategy

Checks whether a request with some parameters is allowed to a resource.

Specified by:

isResourceAuthorized in interface IAuthorizationStrategy

Parameters:

resource - The resource that should be processed

parameters - The request parameters

Returns:

true if the request to this resource is allowed.