Package org.apache.wicket.authroles.authentication

Class AuthenticatedWebApplication

java.lang.Object

org.apache.wicket.Application

org.apache.wicket.protocol.http.WebApplication

org.apache.wicket.authroles.authentication.AuthenticatedWebApplication

All Implemented Interfaces:

IUnauthorizedComponentInstantiationListener, IRoleCheckingStrategy, IEventSink, IMetadataContext<Object,Application>, ISessionStore.UnboundListener

public abstract class AuthenticatedWebApplication
extends WebApplication
implements IRoleCheckingStrategy, IUnauthorizedComponentInstantiationListener

A web application subclass that does role-based authentication.

Author:

Jonathan Locke

Field Summary

Fields inherited from class org.apache.wicket.protocol.http.WebApplication

META_INF_RESOURCES

Fields inherited from class org.apache.wicket.Application

CONFIGURATION

Constructor Summary

Constructors

Constructor	Description
AuthenticatedWebApplication()

Method Summary

Modifier and Type	Method	Description
protected abstract Class<? extends WebPage>	getSignInPageClass()
protected abstract Class<? extends AbstractAuthenticatedWebSession>	getWebSessionClass()
boolean	hasAnyRole(Roles roles)	Whether any of the given roles matches.
protected void	init()	Initialize; if you need the wicket servlet/filter for initialization, e.g.
Session	newSession(Request request, Response response)	Creates a new session.
void	onUnauthorizedInstantiation(Component component)	Called when an unauthorized component instantiation is about to take place (but before it happens).
protected void	onUnauthorizedPage(Component page)	Called when an AUTHENTICATED user tries to navigate to a page that they are not authorized to access.
void	restartResponseAtSignInPage()	Restarts response at sign in page.

Methods inherited from class org.apache.wicket.protocol.http.WebApplication

addResourceReplacement, addResourceReplacement, get, getAjaxRequestTargetListeners, getAjaxRequestTargetProvider, getAndRemoveBufferedResponse, getApplicationKey, getConfigurationType, getCspSettings, getFilterFactoryManager, getInitParameter, getMimeType, getServletContext, getSessionAttributePrefix, getWicketFilter, hasBufferedResponse, hasFilterFactoryManager, internalDestroy, internalInit, logEventTarget, logResponseTarget, mount, mountPackage, mountPage, mountResource, newAjaxRequestTarget, newCspSettings, newWebRequest, newWebResponse, outputDevelopmentModeWarning, renderXmlDecl, sessionUnbound, setAjaxRequestTargetProvider, setConfigurationType, setCspSettings, setServletContext, setWicketFilter, storeBufferedResponse, unmount, validateInit

Methods inherited from class org.apache.wicket.Application

checkSettingsAvailable, configure, createRequestCycle, decorateHeaderResponse, exists, fetchCreateAndSetSession, get, getApplicationKeys, getApplicationListeners, getApplicationSettings, getBehaviorInstantiationListeners, getComponentInitializationListeners, getComponentInstantiationListeners, getComponentOnAfterRenderListeners, getComponentOnConfigureListeners, getComponentPostOnBeforeRenderListeners, getComponentPreOnBeforeRenderListeners, getConverterLocator, getDebugSettings, getExceptionMapperProvider, getExceptionSettings, getFrameworkSettings, getHeaderContributorListeners, getHeaderResponseDecorators, getHomePage, getInitializers, getJavaScriptLibrarySettings, getMapperContext, getMarkupSettings, getMetaData, getName, getOnComponentTagListeners, getPageFactory, getPageManagerProvider, getPageRendererProvider, getPageSettings, getRequestCycleListeners, getRequestCycleProvider, getRequestCycleSettings, getRequestLogger, getRequestLoggerSettings, getResourceBundles, getResourceReferenceRegistry, getResourceSettings, getRootRequestMapper, getRootRequestMapperAsCompound, getSecuritySettings, getSessionListeners, getSessionStore, getSessionStoreProvider, getSharedResources, getStoreSettings, initApplication, newConverterLocator, newMapperContext, newPageFactory, newRequestLogger, newResourceBundles, newResourceReferenceRegistry, newSharedResources, onDestroy, onEvent, setApplicationSettings, setDebugSettings, setExceptionMapperProvider, setExceptionSettings, setFrameworkSettings, setHeaderResponseDecorator, setJavaScriptLibrarySettings, setMarkupSettings, setMetaData, setName, setPageManagerProvider, setPageRendererProvider, setPageSettings, setRequestCycleProvider, setRequestCycleSettings, setRequestLoggerSettings, setResourceSettings, setRootRequestMapper, setSecuritySettings, setSessionStoreProvider, setStoreSettings, usesDeploymentConfig, usesDevelopmentConfig

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthenticatedWebApplication

public AuthenticatedWebApplication()

Method Detail

init

protected void init()

Description copied from class: WebApplication

Initialize; if you need the wicket servlet/filter for initialization, e.g. because you want to read an initParameter from web.xml or you want to read a resource from the servlet's context path, you can override this method and provide custom initialization. This method is called right after this application class is constructed, and the wicket servlet/filter is set. Use this method for any application setup instead of the constructor.

Overrides:

init in class WebApplication

hasAnyRole

public final boolean hasAnyRole(Roles roles)

Description copied from interface: IRoleCheckingStrategy

Whether any of the given roles matches. For example, if a user has role USER and the provided roles are {USER, ADMIN} this method should return true as the user has at least one of the roles that were provided.

Specified by:

hasAnyRole in interface IRoleCheckingStrategy

Parameters:

roles - the roles

Returns:

true if a user or whatever subject this implementation wants to work with has at least on of the provided roles

onUnauthorizedInstantiation

public final void onUnauthorizedInstantiation(Component component)

Description copied from interface: IUnauthorizedComponentInstantiationListener

Called when an unauthorized component instantiation is about to take place (but before it happens).

Specified by:

onUnauthorizedInstantiation in interface IUnauthorizedComponentInstantiationListener

Parameters:

component - The partially constructed component (only the id is guaranteed to be valid).

See Also:

IComponentInstantiationListener

restartResponseAtSignInPage

public void restartResponseAtSignInPage()

Restarts response at sign in page. NOTE: this method internally throws a restart response exception, so no code after a call to this method will be executed

newSession

public Session newSession(Request request,
                          Response response)

Creates a new session. Override this method if you want to provide a custom session.

Overrides:

newSession in class WebApplication

Parameters:

request - The request that will create this session.

response - The response to initialize, for example with cookies. This is important to use cases involving unit testing because those use cases might want to be able to sign a user in automatically when the session is created.

Returns:

The session

getWebSessionClass

protected abstract Class<? extends AbstractAuthenticatedWebSession> getWebSessionClass()

Returns:

BaseAuthenticatedWebSession subclass to use in this authenticated web application.

getSignInPageClass

protected abstract Class<? extends WebPage> getSignInPageClass()

Returns:

Subclass of sign-in page

onUnauthorizedPage

protected void onUnauthorizedPage(Component page)

Called when an AUTHENTICATED user tries to navigate to a page that they are not authorized to access. You might want to override this to navigate to some explanatory page or to the application's home page.

Parameters:

page - The partially constructed page (only the component id is guaranteed to be valid).