Class SimplePageAuthorizationStrategy
- java.lang.Object
-
- org.apache.wicket.authorization.IAuthorizationStrategy.AllowAllAuthorizationStrategy
-
- org.apache.wicket.authorization.strategies.page.AbstractPageAuthorizationStrategy
-
- org.apache.wicket.authorization.strategies.page.SimplePageAuthorizationStrategy
-
- All Implemented Interfaces:
IAuthorizationStrategy
public abstract class SimplePageAuthorizationStrategy extends AbstractPageAuthorizationStrategy
A very simple authorization strategy that takes a supertype (a base class or tagging interface) and performs a simple authorization check by calling the abstract method isAuthorized() whenever a Page class that extends or implements the supertype is about to be instantiated. If that method returns true, page instantiation proceeds normally. If it returns false, the user is automatically directed to the specified sign-in page for authentication, which will presumably allow authorization to succeed once they have signed in.In your Application.init() method do something like the following:
SimplePageAuthorizationStrategy authorizationStrategy = new SimplePageAuthorizationStrategy( MySecureWebPage.class, MySignInPage.class) { protected boolean isAuthorized() { // Authorize access based on user authentication in the session return (((MySession)Session.get()).isSignedIn()); } }; getSecuritySettings().setAuthorizationStrategy(authorizationStrategy);
- Author:
- Eelco Hillenius, Jonathan Locke
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.apache.wicket.authorization.IAuthorizationStrategy
IAuthorizationStrategy.AllowAllAuthorizationStrategy
-
-
Field Summary
-
Fields inherited from interface org.apache.wicket.authorization.IAuthorizationStrategy
ALLOW_ALL
-
-
Constructor Summary
Constructors Constructor Description SimplePageAuthorizationStrategy(Class<?> securePageSuperType, Class<S> signInPageClass)
Construct.
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description protected abstract boolean
isAuthorized()
Gets whether the current user/session is authorized to instantiate a page class which extends or implements the supertype (base class or tagging interface) passed to the constructor.protected <T extends Page>
booleanisPageAuthorized(Class<T> pageClass)
Whether to page may be created.-
Methods inherited from class org.apache.wicket.authorization.strategies.page.AbstractPageAuthorizationStrategy
instanceOf, isInstantiationAuthorized
-
Methods inherited from class org.apache.wicket.authorization.IAuthorizationStrategy.AllowAllAuthorizationStrategy
isActionAuthorized, isResourceAuthorized
-
-
-
-
Constructor Detail
-
SimplePageAuthorizationStrategy
public SimplePageAuthorizationStrategy(Class<?> securePageSuperType, Class<S> signInPageClass)
Construct.- Type Parameters:
S
-- Parameters:
securePageSuperType
- The class or interface supertype that indicates that a given Page requires authorizationsignInPageClass
- The sign in page class
-
-
Method Detail
-
isPageAuthorized
protected <T extends Page> boolean isPageAuthorized(Class<T> pageClass)
Description copied from class:AbstractPageAuthorizationStrategy
Whether to page may be created. Returns true by default.- Overrides:
isPageAuthorized
in classAbstractPageAuthorizationStrategy
- Type Parameters:
T
- the type of the page- Parameters:
pageClass
- The Page class- Returns:
- True if to page may be created
- See Also:
AbstractPageAuthorizationStrategy.isPageAuthorized(java.lang.Class)
-
isAuthorized
protected abstract boolean isAuthorized()
Gets whether the current user/session is authorized to instantiate a page class which extends or implements the supertype (base class or tagging interface) passed to the constructor.- Returns:
- True if the instantiation should be allowed to proceed. False, if the user should be directed to the application's sign-in page.
-
-