org.apache.wicket.authroles.authorization.strategies.role.metadata

Class MetaDataRoleAuthorizationStrategy

java.lang.Object

org.apache.wicket.authorization.IAuthorizationStrategy.AllowAllAuthorizationStrategy

org.apache.wicket.authroles.authorization.strategies.role.AbstractRoleAuthorizationStrategy

org.apache.wicket.authroles.authorization.strategies.role.metadata.MetaDataRoleAuthorizationStrategy

All Implemented Interfaces:

org.apache.wicket.authorization.IAuthorizationStrategy

public class MetaDataRoleAuthorizationStrategy
extends AbstractRoleAuthorizationStrategy

Strategy that uses the Wicket metadata facility to check authorization. The static authorize methods are for authorizing component actions and component instantiation by role. This class is the main entry point for users wanting to use the roles-based authorization of the wicket-auth-roles package based on wicket metadata. For instance, use like:

 MetaDataRoleAuthorizationStrategy.authorize(myPanel, RENDER, "ADMIN");
 

for actions on component instances, or:

 MetaDataRoleAuthorizationStrategy.authorize(AdminBookmarkablePage.class, "ADMIN");
 

for doing role based authorization for component instantation.

Author:

Eelco Hillenius, Jonathan Locke

See Also:

MetaDataKey

Nested Class Summary

Nested classes/interfaces inherited from interface org.apache.wicket.authorization.IAuthorizationStrategy

org.apache.wicket.authorization.IAuthorizationStrategy.AllowAllAuthorizationStrategy

Field Summary

Fields

Modifier and Type	Field and Description
static org.apache.wicket.MetaDataKey<ActionPermissions>	ACTION_PERMISSIONS Component meta data key for actions/roles information.
static org.apache.wicket.MetaDataKey<InstantiationPermissions>	INSTANTIATION_PERMISSIONS Application meta data key for actions/roles information.
static String	NO_ROLE Special role string for denying access to all

Fields inherited from interface org.apache.wicket.authorization.IAuthorizationStrategy

ALLOW_ALL

Constructor Summary

Constructors

Constructor and Description
MetaDataRoleAuthorizationStrategy(IRoleCheckingStrategy roleCheckingStrategy) Construct.

Method Summary

Modifier and Type	Method and Description
static <T extends org.apache.wicket.Component> void	authorize(Class<T> componentClass, String roles) Authorizes the given role to create component instances of type componentClass.
static void	authorize(org.apache.wicket.Component component, org.apache.wicket.authorization.Action action, String roles) Authorizes the given role to perform the given action on the given component.
static <T extends org.apache.wicket.Component> void	authorizeAll(Class<T> componentClass) Grants permission to all roles to create instances of the given component class.
static void	authorizeAll(org.apache.wicket.Component component, org.apache.wicket.authorization.Action action) Grants permission to all roles to perform the given action on the given component.
boolean	isActionAuthorized(org.apache.wicket.Component component, org.apache.wicket.authorization.Action action) Uses component level meta data to match roles for component action execution.
<T extends org.apache.wicket.request.component.IRequestableComponent> boolean	isInstantiationAuthorized(Class<T> componentClass) Uses application level meta data to match roles for component instantiation.
static <T extends org.apache.wicket.Component> void	unauthorize(Class<T> componentClass, String roles) Removes permission for the given roles to create instances of the given component class.
static void	unauthorize(org.apache.wicket.Component component, org.apache.wicket.authorization.Action action, String roles) Removes permission for the given role to perform the given action on the given component.
static <T extends org.apache.wicket.Component> void	unauthorizeAll(Class<T> componentClass) Grants authorization to instantiate the given class to just the role NO_ROLE, effectively denying all other roles.
static void	unauthorizeAll(org.apache.wicket.Component component, org.apache.wicket.authorization.Action action) Grants authorization to perform the given action to just the role NO_ROLE, effectively denying all other roles.

Methods inherited from class org.apache.wicket.authroles.authorization.strategies.role.AbstractRoleAuthorizationStrategy

hasAny, isEmpty

Methods inherited from class org.apache.wicket.authorization.IAuthorizationStrategy.AllowAllAuthorizationStrategy

isResourceAuthorized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ACTION_PERMISSIONS

public static final org.apache.wicket.MetaDataKey<ActionPermissions> ACTION_PERMISSIONS

Component meta data key for actions/roles information. Typically, you do not need to use this meta data key directly, but instead use one of the bind methods of this class.

INSTANTIATION_PERMISSIONS

public static final org.apache.wicket.MetaDataKey<InstantiationPermissions> INSTANTIATION_PERMISSIONS

Application meta data key for actions/roles information. Typically, you do not need to use this meta data key directly, but instead use one of the bind methods of this class.

NO_ROLE

public static final String NO_ROLE

Special role string for denying access to all

See Also:

Constant Field Values

Constructor Detail

MetaDataRoleAuthorizationStrategy

public MetaDataRoleAuthorizationStrategy(IRoleCheckingStrategy roleCheckingStrategy)

Construct.

Parameters:

roleCheckingStrategy - the authorizer object

Method Detail

authorize

public static <T extends org.apache.wicket.Component> void authorize(Class<T> componentClass,
                                                                     String roles)

Authorizes the given role to create component instances of type componentClass. This authorization is added to any previously authorized roles.

Type Parameters:

T -

Parameters:

componentClass - The component type that is subject for the authorization

roles - The comma separated roles that are authorized to create component instances of type componentClass

authorize

public static void authorize(org.apache.wicket.Component component,
                             org.apache.wicket.authorization.Action action,
                             String roles)

Authorizes the given role to perform the given action on the given component.

Parameters:

component - The component that is subject to the authorization

action - The action to authorize

roles - The comma separated roles to authorize

authorizeAll

public static <T extends org.apache.wicket.Component> void authorizeAll(Class<T> componentClass)

Grants permission to all roles to create instances of the given component class.

Type Parameters:

T -

Parameters:

componentClass - The component class

authorizeAll

public static void authorizeAll(org.apache.wicket.Component component,
                                org.apache.wicket.authorization.Action action)

Grants permission to all roles to perform the given action on the given component.

Parameters:

component - The component that is subject to the authorization

action - The action to authorize

unauthorize

public static <T extends org.apache.wicket.Component> void unauthorize(Class<T> componentClass,
                                                                       String roles)

Removes permission for the given roles to create instances of the given component class. There is no danger in removing authorization by calling this method. If the last authorization grant is removed for a given componentClass, the internal role NO_ROLE will automatically be added, effectively denying access to all roles (if this was not done, all roles would suddenly have access since no authorization is equivalent to full access).

Type Parameters:

T -

Parameters:

componentClass - The component type

roles - The comma separated list of roles that are no longer to be authorized to create instances of type componentClass

unauthorize

public static void unauthorize(org.apache.wicket.Component component,
                               org.apache.wicket.authorization.Action action,
                               String roles)

Removes permission for the given role to perform the given action on the given component. There is no danger in removing authorization by calling this method. If the last authorization grant is removed for a given action, the internal role NO_ROLE will automatically be added, effectively denying access to all roles (if this was not done, all roles would suddenly have access since no authorization is equivalent to full access).

Parameters:

component - The component

action - The action

roles - The comma separated list of roles that are no longer allowed to perform the given action

unauthorizeAll

public static <T extends org.apache.wicket.Component> void unauthorizeAll(Class<T> componentClass)

Grants authorization to instantiate the given class to just the role NO_ROLE, effectively denying all other roles.

Type Parameters:

T -

Parameters:

componentClass - The component class

unauthorizeAll

public static void unauthorizeAll(org.apache.wicket.Component component,
                                  org.apache.wicket.authorization.Action action)

Grants authorization to perform the given action to just the role NO_ROLE, effectively denying all other roles.

Parameters:

component - the component that is subject to the authorization

action - the action to authorize

isActionAuthorized

public boolean isActionAuthorized(org.apache.wicket.Component component,
                                  org.apache.wicket.authorization.Action action)

Uses component level meta data to match roles for component action execution.

Specified by:

isActionAuthorized in interface org.apache.wicket.authorization.IAuthorizationStrategy

Overrides:

isActionAuthorized in class org.apache.wicket.authorization.IAuthorizationStrategy.AllowAllAuthorizationStrategy

See Also:

IAuthorizationStrategy.isActionAuthorized(org.apache.wicket.Component, org.apache.wicket.authorization.Action)

isInstantiationAuthorized

public <T extends org.apache.wicket.request.component.IRequestableComponent> boolean isInstantiationAuthorized(Class<T> componentClass)

Uses application level meta data to match roles for component instantiation.

Specified by:

isInstantiationAuthorized in interface org.apache.wicket.authorization.IAuthorizationStrategy

Overrides:

isInstantiationAuthorized in class org.apache.wicket.authorization.IAuthorizationStrategy.AllowAllAuthorizationStrategy

See Also:

IAuthorizationStrategy.isInstantiationAuthorized(java.lang.Class)