Package org.apache.wicket.settings

Class SecuritySettings

java.lang.Object

org.apache.wicket.settings.SecuritySettings

public class SecuritySettings
extends Object

Class for security related settings

Author:

Jonathan Locke, Chris Turner, Eelco Hillenius, Juergen Donnerstag, Johan Compagner, Igor Vaynberg (ivaynberg), Martijn Dashorst, James Carman

Field Summary

Fields

Modifier and Type	Field	Description
static String	DEFAULT_ENCRYPTION_KEY	Deprecated, for removal: This API element is subject to removal in a future version.

Constructor Summary

Constructors

Constructor	Description
SecuritySettings()

Method Summary

Modifier and Type	Method	Description
IAuthenticationStrategy	getAuthenticationStrategy()	Gets the authentication strategy.
IAuthorizationStrategy	getAuthorizationStrategy()	Gets the authorization strategy.
CrossOriginEmbedderPolicyConfiguration	getCrossOriginEmbedderPolicyConfiguration()
CrossOriginOpenerPolicyConfiguration	getCrossOriginOpenerPolicyConfiguration()
ICryptFactory	getCryptFactory()	Returns the ICryptFactory.
boolean	getEnforceMounts()	Gets whether page mounts should be enforced.
ISecureRandomSupplier	getRandomSupplier()	Returns the ISecureRandomSupplier to use for secure random data.
IUnauthorizedComponentInstantiationListener	getUnauthorizedComponentInstantiationListener()
IUnauthorizedResourceRequestListener	getUnauthorizedResourceRequestListener()
SecuritySettings	setAuthenticationStrategy(IAuthenticationStrategy strategy)	Sets the authentication strategy.
SecuritySettings	setAuthorizationStrategy(IAuthorizationStrategy strategy)	Sets the authorization strategy.
SecuritySettings	setCrossOriginEmbedderPolicyConfiguration(CrossOriginEmbedderPolicyConfiguration.CoepMode mode, String... exemptions)	Sets the Cross-Origin Embedder Policy's mode and exempted paths.
SecuritySettings	setCrossOriginOpenerPolicyConfiguration(CrossOriginOpenerPolicyConfiguration.CoopMode mode, String... exemptions)	Sets the Cross-Origin Opener Policy's mode and exempted paths.
SecuritySettings	setCryptFactory(ICryptFactory cryptFactory)	Sets the factory that will be used to create crypt objects.
SecuritySettings	setEnforceMounts(boolean enforce)	Sets whether mounts should be enforced.
SecuritySettings	setRandomSupplier(ISecureRandomSupplier randomSupplier)	Sets the supplier of secure random data for Wicket.
SecuritySettings	setUnauthorizedComponentInstantiationListener(IUnauthorizedComponentInstantiationListener listener)
SecuritySettings	setUnauthorizedResourceRequestListener(IUnauthorizedResourceRequestListener listener)	Sets a listener that will be used when a request to an IResource is not allowed for some reason

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_ENCRYPTION_KEY

@Deprecated(forRemoval=true)
public static final String DEFAULT_ENCRYPTION_KEY

Deprecated, for removal: This API element is subject to removal in a future version.

encryption key is no longer used

See Also:

Constant Field Values

Constructor Detail

SecuritySettings

public SecuritySettings()

Method Detail

getAuthorizationStrategy

public IAuthorizationStrategy getAuthorizationStrategy()

Gets the authorization strategy.

Returns:

Returns the authorizationStrategy.

getCryptFactory

public ICryptFactory getCryptFactory()

Returns the ICryptFactory. If no factory is set, a KeyInSessionSunJceCryptFactory is used.

Returns:

crypt factory used to generate crypt objects

getRandomSupplier

public ISecureRandomSupplier getRandomSupplier()

Returns the ISecureRandomSupplier to use for secure random data. If no custom supplier is set, a DefaultSecureRandomSupplier is used.

Returns:

The ISecureRandomSupplier to use for secure random data.

getEnforceMounts

public boolean getEnforceMounts()

Gets whether page mounts should be enforced. If true, requests for a page will be allowed only if the page has been explicitly mounted in MyApplication#init(). This setting basically disables BookmarkableMapper

Returns:

Whether mounts should be enforced

getUnauthorizedComponentInstantiationListener

public IUnauthorizedComponentInstantiationListener getUnauthorizedComponentInstantiationListener()

Returns:

The listener

See Also:

IUnauthorizedComponentInstantiationListener

setAuthorizationStrategy

public SecuritySettings setAuthorizationStrategy(IAuthorizationStrategy strategy)

Sets the authorization strategy.

Parameters:

strategy - new authorization strategy

Returns:

this object for chaining

setCryptFactory

public SecuritySettings setCryptFactory(ICryptFactory cryptFactory)

Sets the factory that will be used to create crypt objects. The crypt object returned from the first call is cached.

Parameters:

cryptFactory -

Returns:

this object for chaining

setRandomSupplier

public SecuritySettings setRandomSupplier(ISecureRandomSupplier randomSupplier)

Sets the supplier of secure random data for Wicket. The implementation must use a strong source of random data and be able to generate a lot of random data without running out of entropy.

Parameters:

randomSupplier - The new supplier, must not be null.

Returns:

this object for chaining

setEnforceMounts

public SecuritySettings setEnforceMounts(boolean enforce)

Sets whether mounts should be enforced. If true, requests for mounted targets have to done through the mounted paths. If, for instance, a bookmarkable page is mounted to a path, a request to that same page via the bookmarkablePage parameter will be denied.

Parameters:

enforce - Whether mounts should be enforced

Returns:

this object for chaining

setUnauthorizedComponentInstantiationListener

public SecuritySettings setUnauthorizedComponentInstantiationListener(IUnauthorizedComponentInstantiationListener listener)

Parameters:

listener - The listener to set

Returns:

this object for chaining

See Also:

IUnauthorizedComponentInstantiationListener

getUnauthorizedResourceRequestListener

public IUnauthorizedResourceRequestListener getUnauthorizedResourceRequestListener()

Returns:

The listener that will be used when a request to an IResource is not allowed for some reason

setUnauthorizedResourceRequestListener

public SecuritySettings setUnauthorizedResourceRequestListener(IUnauthorizedResourceRequestListener listener)

Sets a listener that will be used when a request to an IResource is not allowed for some reason

Parameters:

listener - The listener

Returns:

this object for chaining

getAuthenticationStrategy

public IAuthenticationStrategy getAuthenticationStrategy()

Gets the authentication strategy.

Returns:

Returns the authentication strategy.

setAuthenticationStrategy

public SecuritySettings setAuthenticationStrategy(IAuthenticationStrategy strategy)

Sets the authentication strategy.

Parameters:

strategy - new authentication strategy

Returns:

this object for chaining

getCrossOriginOpenerPolicyConfiguration

public CrossOriginOpenerPolicyConfiguration getCrossOriginOpenerPolicyConfiguration()

setCrossOriginOpenerPolicyConfiguration

public SecuritySettings setCrossOriginOpenerPolicyConfiguration(CrossOriginOpenerPolicyConfiguration.CoopMode mode,
                                                                String... exemptions)

Sets the Cross-Origin Opener Policy's mode and exempted paths. The config values are only read once at startup in Application#initApplication(), changing the config at runtime will have no effect

Parameters:

mode - CoopMode, one of the 4 values: UNSAFE_NONE, SAME_ORIGIN, SAME_ORIGIN_ALLOW_POPUPS, DISABLED

exemptions - exempted paths for which COOP will be disabled

Returns:

getCrossOriginEmbedderPolicyConfiguration

public CrossOriginEmbedderPolicyConfiguration getCrossOriginEmbedderPolicyConfiguration()

setCrossOriginEmbedderPolicyConfiguration

public SecuritySettings setCrossOriginEmbedderPolicyConfiguration(CrossOriginEmbedderPolicyConfiguration.CoepMode mode,
                                                                  String... exemptions)

Sets the Cross-Origin Embedder Policy's mode and exempted paths. The config values are only read once at startup in Application#initApplication(), changing the config at runtime will have no effect

Parameters:

mode - CoepMode, one of the 3 values: ENFORCING, REPORTING, DISABLED

exemptions - exempted paths for which COEP will be disabled

Returns: