Swarm FAQ

In this section we try to answer the most frequently asked questions from users. If your question is not here or you would like additional information you can always post your questions on the mailinglist.

1. What do all these actions do?
2. Why is my component (not) being checked for class instantiation?
3. Does every secure component need to implement ISecureComponent?
4. Why is my SwarmModel not being used to check permissions of the user?
5. I am receiving a NullPointerException in WaspSession because the StrategyFactory is not instantiated

1 What do all these actions do?

• access is used to check if a component is allowed to be created.
• render is used to check if a component is allowed to be rendered.
• enable is used to check if a component is allowed to be enabled, for links this means: can the user click on them, for components that take user input (like a textfield) this means: can the user write to them.

• inherit, is for container components and specifies that all the actions for this container are inherited by its childs, meaning you do not need to specify permissions for each component individually.

2 Why is my component (not) being checked for class instantiation?

By default only components implementing ISecurePage are checked if the class is allowed to be created. If your pages extend from SecurePage or SecureWebPage this will happen automatically for them. To check if every ISecureComponent is allowed to be created would be overkill and a burden to maintain since every (anonymous) subclass of such a component must then be specified in your policy file. You may however change which classes are being checked by overridding the setupStrategyFactory method from SwarmWebApplication with the following line

setStrategyFactory(new SwarmStrategyFactory(MyClassHere,getHiveKey()));

3 Does every secure component need to implement ISecureComponent?

No, ISecureComponent is just a convenient  interface to handle most common manipulations of secure components. Any component can be made secure by storing an ISecurityCheck or a SwarmModel on it. The models can be set through the setModel method or constructors from the component and the checks can be stored on a component with the SecureComponentHelper helper class.

4 Why is my SwarmModel not being used to check permissions of the user?

By default Swarm only uses the secure model if there is no securitycheck on the component or if the check itself consults the model. For instance ComponentSecurityCheck has such an option.

5 I am receiving a NullPointerException in WaspSession because the StrategyFactory is not instantiated

This is most likely caused because you forgot to call super.init() in your application's init method.