org.wicketstuff.security.components.markup.html.form

Class SecureForm<T>

java.lang.Object

org.apache.wicket.Component

org.apache.wicket.MarkupContainer

org.apache.wicket.markup.html.WebMarkupContainer

org.apache.wicket.markup.html.form.Form<T>

org.wicketstuff.security.components.markup.html.form.SecureForm<T>

All Implemented Interfaces:

Serializable, Iterable<org.apache.wicket.Component>, org.apache.wicket.event.IEventSink, org.apache.wicket.event.IEventSource, org.apache.wicket.IConverterLocator, org.apache.wicket.IGenericComponent<T>, org.apache.wicket.IRequestListener, org.apache.wicket.markup.html.form.IFormSubmitListener, org.apache.wicket.markup.html.IHeaderContributor, org.apache.wicket.request.component.IRequestableComponent, org.apache.wicket.util.IHierarchical<org.apache.wicket.Component>, org.apache.wicket.util.io.IClusterable, ISecureComponent

public class SecureForm<T>
extends org.apache.wicket.markup.html.form.Form<T>
implements ISecureComponent

A secure Form. if the form does not have sufficient enable rights it replaces the tag with a div to prevent clientside form submits Also it automaticly disables all children. Other than that it behaves exactly like a regular Form with a ComponentSecurityCheck attached.

Author:

marrink

See Also:

Serialized Form

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.wicket.markup.html.form.Form

org.apache.wicket.markup.html.form.Form.MethodMismatchResponse, org.apache.wicket.markup.html.form.Form.ValidationVisitor

Field Summary

Fields inherited from class org.apache.wicket.markup.html.form.Form

ENCTYPE_MULTIPART_FORM_DATA, METHOD_GET, METHOD_POST

Fields inherited from class org.apache.wicket.Component

ENABLE, FLAG_AFTER_RENDERING, FLAG_INITIALIZED, FLAG_PREPARED_FOR_RENDER, FLAG_REMOVING_FROM_HIERARCHY, FLAG_RENDERING, FLAG_RESERVED1, FLAG_RESERVED2, FLAG_RESERVED3, FLAG_RESERVED4, FLAG_RESERVED5, FLAG_RESERVED8, PARENT_PATH, PATH_SEPARATOR, RENDER, RFLAG_CONTAINER_DEQUEING

Fields inherited from interface org.apache.wicket.markup.html.form.IFormSubmitListener

INTERFACE

Constructor Summary

Constructors

Constructor and Description
SecureForm(String id) Construct.
SecureForm(String id, org.apache.wicket.model.IModel<T> model) Construct.

Method Summary

Methods

Modifier and Type	Method and Description
ISecurityCheck	getSecurityCheck() Gets the security check attached to this component.
boolean	isActionAuthorized(String waspAction) Wrapper method for the isActionAuthorized method on component.
boolean	isActionAuthorized(WaspAction action) Wrapper method for the isActionAuthorized method on component.
boolean	isAuthenticated() authenticates the user for this component.
protected void	onBeforeRender()
protected void	onComponentTag(org.apache.wicket.markup.ComponentTag tag) Override to make sure the form can not be submitted clientside.
void	setSecurityCheck(ISecurityCheck check) Sets (or removes in the case of null) the security check on this component.

Methods inherited from class org.apache.wicket.markup.html.form.Form

add, appendDefaultButtonField, beforeUpdateFormComponentModels, callOnError, clearInput, delegateSubmit, encodeUrlInHiddenFields, error, findForm, findSubmittingButton, getActionUrl, getDefaultButton, getFileMaxSize, getFormValidators, getHiddenFieldId, getInputNamePrefix, getJsForInterfaceUrl, getMaxSize, getMethod, getModel, getModelObject, getRootForm, getRootFormRelativeId, getStatelessHint, getValidatorKeyPrefix, handleMultiPart, hasError, internalOnModelChanged, isMultiPart, isRootForm, isSubmitted, markFormComponentsInvalid, markFormComponentsValid, onComponentTagBody, onDetach, onError, onFileUploadException, onFormSubmitted, onFormSubmitted, onMethodMismatch, onSubmit, onValidate, onValidateModelObjects, process, registerJavaScriptNamespaces, remove, renderHead, renderPlaceholderTag, setDefaultButton, setFileMaxSize, setMaxSize, setModel, setModelObject, setMultiPart, setVersioned, updateFormComponentModels, validate, validateComponents, validateFormValidator, validateFormValidators, visitFormComponents, visitFormComponentsPostOrder, wantSubmitOnNestedFormSubmit, wantSubmitOnParentFormSubmit, writeHiddenFields, writeParamsAsHiddenFields

Methods inherited from class org.apache.wicket.markup.html.WebMarkupContainer

getWebPage, getWebRequest, getWebResponse, getWebSession

Methods inherited from class org.apache.wicket.MarkupContainer

add, addDequeuedComponent, addOrReplace, autoAdd, canDequeueTag, contains, dequeue, dequeue, dequeuePreamble, findComponentToDequeue, get, get, getAssociatedMarkup, getAssociatedMarkupStream, getMarkup, getMarkupType, getRegionMarkup, internalAdd, internalInitialize, iterator, iterator, newDequeueContext, onAfterRenderChildren, onInitialize, onRender, queue, remove, remove, removeAll, renderAll, renderAssociatedMarkup, renderNext, replace, setDefaultModel, size, swap, toString, toString, visitChildren, visitChildren, visitChildren, visitChildren

Methods inherited from class org.apache.wicket.Component

add, addStateChange, afterRender, beforeRender, canCallListenerInterface, canCallListenerInterfaceAfterExpiry, checkComponentTag, checkComponentTagAttribute, checkHierarchyChange, clearOriginalDestination, configure, continueToOriginalDestination, debug, detach, detachModel, detachModels, determineVisibility, error, exceptionMessage, fatal, findMarkupStream, findPage, findParent, findParentWithAssociatedMarkup, getAjaxRegionMarkupId, getApplication, getBehaviorById, getBehaviorId, getBehaviors, getBehaviors, getClassRelativePath, getConverter, getDefaultModel, getDefaultModelObject, getDefaultModelObjectAsString, getDefaultModelObjectAsString, getEscapeModelStrings, getFeedbackMessages, getFlag, getId, getInnermostModel, getInnermostModel, getLocale, getLocalizer, getMarkup, getMarkupAttributes, getMarkupId, getMarkupId, getMarkupIdFromMarkup, getMarkupIdImpl, getMarkupSourcingStrategy, getMetaData, getModelComparator, getOutputMarkupId, getOutputMarkupPlaceholderTag, getPage, getPageRelativePath, getParent, getPath, getRenderBodyOnly, getRequest, getRequestCycle, getRequestFlag, getResponse, getSession, getSizeInBytes, getString, getString, getString, getStyle, getVariation, hasBeenRendered, hasErrorMessage, hasFeedbackMessage, info, initModel, internalPrepareForRender, internalRenderComponent, internalRenderHead, isActionAuthorized, isAuto, isBehaviorAccepted, isEnableAllowed, isEnabled, isEnabledInHierarchy, isIgnoreAttributeModifier, isRenderAllowed, isStateless, isVersioned, isVisibilityAllowed, isVisible, isVisibleInHierarchy, markRendering, modelChanged, modelChanging, newMarkupSourcingStrategy, onAfterRender, onConfigure, onEvent, onModelChanged, onModelChanging, onReAdd, onRemove, prepareForRender, redirectToInterceptPage, remove, remove, render, renderComponentTag, rendered, renderHead, replaceComponentTagBody, replaceWith, sameInnermostModel, sameInnermostModel, send, setAuto, setDefaultModelObject, setEnabled, setEscapeModelStrings, setFlag, setIgnoreAttributeModifier, setMarkup, setMarkupId, setMarkupIdImpl, setMetaData, setOutputMarkupId, setOutputMarkupPlaceholderTag, setParent, setRenderBodyOnly, setRequestFlag, setResponsePage, setResponsePage, setResponsePage, setVisibilityAllowed, setVisible, success, urlFor, urlFor, urlFor, urlFor, urlFor, visitParents, visitParents, warn, wrap

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

SecureForm

public SecureForm(String id)

Construct.

Parameters:

id -

SecureForm

public SecureForm(String id,
          org.apache.wicket.model.IModel<T> model)

Construct.

Parameters:

id -

model -

Method Detail

getSecurityCheck

public ISecurityCheck getSecurityCheck()

Description copied from interface: ISecureComponent

Gets the security check attached to this component.

Specified by:

getSecurityCheck in interface ISecureComponent

Returns:

the check or null if there is no check

See Also:

ISecureComponent.getSecurityCheck()

isActionAuthorized

public boolean isActionAuthorized(String waspAction)

Description copied from interface: ISecureComponent

Wrapper method for the isActionAuthorized method on component. Subclasses can use the default implementation in SecureComponentHelper.

Specified by:

isActionAuthorized in interface ISecureComponent

Returns:

true if the action is allowed, false otherwise.

See Also:

ISecureComponent.isActionAuthorized(java.lang.String)

isActionAuthorized

public boolean isActionAuthorized(WaspAction action)

Description copied from interface: ISecureComponent

Wrapper method for the isActionAuthorized method on component. Subclasses can use the default implementation in SecureComponentHelper.

Specified by:

isActionAuthorized in interface ISecureComponent

Returns:

true if the action is allowed, false otherwise.

See Also:

ISecureComponent.isActionAuthorized(WaspAction)

isAuthenticated

public boolean isAuthenticated()

Description copied from interface: ISecureComponent

authenticates the user for this component. Note authentication should usually only be done by Pages.

Specified by:

isAuthenticated in interface ISecureComponent

Returns:

true if the user is authenticated, false otherwise

See Also:

ISecureComponent.isAuthenticated()

setSecurityCheck

public void setSecurityCheck(ISecurityCheck check)

Description copied from interface: ISecureComponent

Sets (or removes in the case of null) the security check on this component.

Specified by:

setSecurityCheck in interface ISecureComponent

See Also:

ISecureComponent.setSecurityCheck(org.wicketstuff.security.checks.ISecurityCheck)

onComponentTag

protected void onComponentTag(org.apache.wicket.markup.ComponentTag tag)

Override to make sure the form can not be submitted clientside. Offcourse this does not prevent fake urls send to the server.

Overrides:

onComponentTag in class org.apache.wicket.markup.html.form.Form<T>

See Also:

Form.onComponentTag(org.apache.wicket.markup.ComponentTag)

onBeforeRender

protected void onBeforeRender()

Overrides:

onBeforeRender in class org.apache.wicket.markup.html.form.Form<T>

See Also:

Component.onBeforeRender()