org.wicketstuff.security.checks

Class LinkSecurityCheck

java.lang.Object

org.wicketstuff.security.checks.AbstractSecurityCheck

org.wicketstuff.security.checks.ComponentSecurityCheck

org.wicketstuff.security.checks.LinkSecurityCheck

All Implemented Interfaces:

Serializable, ISecurityCheck

public class LinkSecurityCheck
extends ComponentSecurityCheck

A security check designed for Links. This check has 2 modes for the Render action. In the regular mode the check behaves as a ClassSecurityCheck meaning the user must have render rights for the target class of the link, If not the link will not be rendered. In the alternative mode the check behaves as a ComponentSecurityCheck (render action only) allowing the link to be visible but disabled. Note that for all other actions this check behaves as a ClassSecurityCheck (with option to check the model). Although the check was designed to work on pages it now also works on any class. So Panel and the like may be used as clickTarget

Author:

marrink

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
LinkSecurityCheck(org.apache.wicket.markup.html.link.AbstractLink component, Class<?> clickTarget, boolean checkSecureModelIfExists) Constructs a new check, the check uses the regular mode.
LinkSecurityCheck(org.apache.wicket.Component component, Class<?> clickTarget) Constructs a new check, the check uses the regular mode.

Method Summary

Methods

Modifier and Type	Method and Description
Class<?>	getClickTarget() Returns the target page of the link.
boolean	isActionAuthorized(WaspAction action) Checks if the user is authorized for this component.
boolean	isUseAlternativeRenderCheck() Flags which mode is active.
LinkSecurityCheck	setUseAlternativeRenderCheck(boolean useAlternativeRenderCheck) Sets which mode to use.

Methods inherited from class org.wicketstuff.security.checks.ComponentSecurityCheck

checkSecureModel, getComponent, isAuthenticated

Methods inherited from class org.wicketstuff.security.checks.AbstractSecurityCheck

getActionFactory, getLoginPage, getStrategy, isActionAuthorized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

LinkSecurityCheck

public LinkSecurityCheck(org.apache.wicket.Component component,
                 Class<?> clickTarget)

Constructs a new check, the check uses the regular mode.

Parameters:

component - the link, although any component may be used this should typically be a subclass of AbstractLink

clickTarget - the Class redirected to when clicking on the link. This could be a Page or a Panel or something completely different.

Throws:

IllegalArgumentException - if clickTarget is null

LinkSecurityCheck

public LinkSecurityCheck(org.apache.wicket.markup.html.link.AbstractLink component,
                 Class<?> clickTarget,
                 boolean checkSecureModelIfExists)

Constructs a new check, the check uses the regular mode.

Parameters:

component - the link

clickTarget - the Class redirected to when clicking on the link. This could be a Page or a Panel or something completely different.

checkSecureModelIfExists - forces the model to be checked after this check is fired

Throws:

IllegalArgumentException - if clickTarget is null

Method Detail

getClickTarget

public final Class<?> getClickTarget()

Returns the target page of the link.

Returns:

Returns the clickTarget.

isActionAuthorized

public boolean isActionAuthorized(WaspAction action)

Description copied from class: ComponentSecurityCheck

Checks if the user is authorized for this component. if the model is also checked both the model and the component need to be authorized before we return true.

Specified by:

isActionAuthorized in interface ISecurityCheck

Overrides:

isActionAuthorized in class ComponentSecurityCheck

Parameters:

action - the action(s) like render or enable.

Returns:

true if the component (and optionally the model) are authorized, false otherwise.

See Also:

ComponentSecurityCheck.isActionAuthorized(org.wicketstuff.security.actions.WaspAction)

isUseAlternativeRenderCheck

public final boolean isUseAlternativeRenderCheck()

Flags which mode is active.

Returns:

true if the alternative mode is enabled, false otherwise

setUseAlternativeRenderCheck

public final LinkSecurityCheck setUseAlternativeRenderCheck(boolean useAlternativeRenderCheck)

Sets which mode to use. In regular mode this check behaves as a ClassSecurityCheck, using the same check for render and enabled. In alternative mode this check behaves as a ComponentSecurityCheck for render actions and as a ClassSecurityCheck for enabled actions.

Parameters:

useAlternativeRenderCheck - true, if you want to use the alternative mode.

Returns:

this