ComponentSecurityCheck (WicketStuff Core Parent 7.0.0-SNAPSHOT API)

java.lang.Object
- org.wicketstuff.security.checks.AbstractSecurityCheck
- - org.wicketstuff.security.checks.ComponentSecurityCheck

All Implemented Interfaces:

Serializable, ISecurityCheck

Direct Known Subclasses:

ContainerSecurityCheck, LinkSecurityCheck
```
public class ComponentSecurityCheck
extends AbstractSecurityCheck
```
Basic security check for components. Tries to authorize the component and optionally its ISecureModel if it exists. Note that this check always authenticates the user, this is only to make it easier to put a secure component on a non secure page and have it redirect to the login. Usually the secure page will have checked authentication already. Both ISecureModel and this check need to authenticate / authorize the user before an approval is given.

Author:

marrink

See Also:
Serialized Form

Constructor Summary

Constructors
Constructor and Description
`ComponentSecurityCheck(org.apache.wicket.Component component)` Constructs a ComponentSecurityCheck that never checks the model.
`ComponentSecurityCheck(org.apache.wicket.Component component, boolean checkSecureModelIfExists)` Constructs a ComponentSecurityCheck that optionally checks the model.

Method Summary

Methods
Modifier and Type	Method and Description
`protected boolean`	`checkSecureModel()` Flags if we need to check the `ISecureModel` of a component if it exists at all.
`protected org.apache.wicket.Component`	`getComponent()` Returns the target component for this securitycheck.
`boolean`	`isActionAuthorized(WaspAction action)` Checks if the user is authorized for this component.
`boolean`	`isAuthenticated()` Checks if the user is authenticated for this component.

Methods inherited from class org.wicketstuff.security.checks.AbstractSecurityCheck
getActionFactory, getLoginPage, getStrategy, isActionAuthorized

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - ComponentSecurityCheck
```
public ComponentSecurityCheck(org.apache.wicket.Component component)
```
    Constructs a ComponentSecurityCheck that never checks the model. Note that the check still needs to be manually added to the component.
    
    Parameters:
    component - the target component for this security check.
    See Also:
    ISecureComponent.setSecurityCheck(ISecurityCheck), SecureComponentHelper.setSecurityCheck(Component, ISecurityCheck)
  - ComponentSecurityCheck
```
public ComponentSecurityCheck(org.apache.wicket.Component component,
                      boolean checkSecureModelIfExists)
```
    Constructs a ComponentSecurityCheck that optionally checks the model. Note that the check still needs to be manually added to the component.
    
    Parameters:
    component - the target component for this security check.
    checkSecureModelIfExists - forces the model to be checked after this check is fired
    See Also:
    ISecureComponent.setSecurityCheck(ISecurityCheck), SecureComponentHelper.setSecurityCheck(Component, ISecurityCheck)
- Method Detail
  - isAuthenticated
```
public boolean isAuthenticated()
```
    Checks if the user is authenticated for this component. if the model is also checked both the model and the component need to be authenticated before we return true.
    
    Returns:
    true if an authenticated user is available, false otherwise.
    See Also:
    ISecurityCheck.isAuthenticated(), WaspAuthorizationStrategy.isComponentAuthenticated(Component)
  - getComponent
```
protected final org.apache.wicket.Component getComponent()
```
    Returns the target component for this securitycheck.
    
    Returns:
    the component
  - isActionAuthorized
```
public boolean isActionAuthorized(WaspAction action)
```
    Checks if the user is authorized for this component. if the model is also checked both the model and the component need to be authorized before we return true.
    
    Parameters:
    action - the action(s) like render or enable.
    
    Returns:
    true if the component (and optionally the model) are authorized, false otherwise.
    See Also:
    ISecurityCheck.isActionAuthorized(WaspAction), WaspAuthorizationStrategy.isComponentAuthorized(Component, WaspAction), WaspAuthorizationStrategy.isModelAuthorized(ISecureModel, Component, WaspAction)
  - checkSecureModel
```
protected final boolean checkSecureModel()
```
    Flags if we need to check the ISecureModel of a component if it exists at all.
    
    Returns:
    true if we must check the model, false otherwise.

Class ComponentSecurityCheck

Constructor Summary

Method Summary

Methods inherited from class org.wicketstuff.security.checks.AbstractSecurityCheck

Methods inherited from class java.lang.Object

Constructor Detail

ComponentSecurityCheck

ComponentSecurityCheck

Method Detail

isAuthenticated

getComponent

isActionAuthorized

checkSecureModel