public class SecureCompoundPropertyModel<T> extends org.apache.wicket.model.CompoundPropertyModel<T> implements ISecureModel<T>
CompoundPropertyModel. Please note that this model does not enforce a security
on get or setObject as this is left to Wicket. Please provide an override on the inner class
SecureCompoundPropertyModel.AttachedSecureCompoundPropertyModel if you wish to do so
public void setObject(Object obj)
{
if(isAuthorized(getOwner(),getActionFactory().getAction(Enable.class))
super.setObject(obj);
else
throw new UnauthorizedActionException(getOwner(),getActionFactory().getAction(Enable.class));
}
and override wrapOnInheritance(Component) to return your class. Also note that Wicket by
default only checks the setter and not the getter as that is generally equivalent to the render
check on the component. Note when setting this model on a page the model is shared with every
component on this page including the page itself, failing to grant enough rights to the page will
result in an AccessDeniedPage. Failing the 2nd will result in Wicket complaining about
missing components. Therefore it is best to set this model on a Panel or Form.
Notes for usage: When you have a model that enables the use of a form, note that you need to
enable the parent model if you want your form components enabled (like the textfield). The code
below shows (copied out the SecureCompoundPropertyModelTest) what you need to set in order to get
a form to work.
authorized.put("model:" + SecureModelPage.class.getName(), application.getActionFactory().getAction("render enable"));
authorized.put("model:label", application.getActionFactory().getAction("render"));
authorized.put("model:input", application.getActionFactory().getAction("render enable"));
| Modifier and Type | Class and Description |
|---|---|
protected class |
SecureCompoundPropertyModel.AttachedSecureCompoundPropertyModel<Y>
Component aware variation of the
SecureCompoundPropertyModel that components that
inherit the model get. |
| Constructor and Description |
|---|
SecureCompoundPropertyModel(T object)
Construct.
|
| Modifier and Type | Method and Description |
|---|---|
protected ActionFactory |
getActionFactory()
Shortcut to the
ActionFactory. |
protected WaspAuthorizationStrategy |
getStrategy()
Shortcut to the
IAuthorizationStrategy. |
boolean |
isAuthenticated(org.apache.wicket.Component component)
Checks if the user is authenticated for this model.
|
boolean |
isAuthorized(org.apache.wicket.Component component,
WaspAction action)
Checks if the component is authorized for this model.
|
String |
toString() |
<C> org.apache.wicket.model.IWrapModel<C> |
wrapOnInheritance(org.apache.wicket.Component component) |
bind, of, propertyExpressiondetach, getChainedModel, getObject, getTarget, setChainedModel, setObject, setTargetpublic SecureCompoundPropertyModel(T object)
object - protected final WaspAuthorizationStrategy getStrategy()
IAuthorizationStrategy.protected final ActionFactory getActionFactory()
ActionFactory.public <C> org.apache.wicket.model.IWrapModel<C> wrapOnInheritance(org.apache.wicket.Component component)
public boolean isAuthenticated(org.apache.wicket.Component component)
ISecureModelisAuthenticated in interface ISecureModel<T>component - the (owning) component of the model, some models might allow null.ISecureModel.isAuthenticated(org.apache.wicket.Component)public boolean isAuthorized(org.apache.wicket.Component component,
WaspAction action)
ISecureModelisAuthorized in interface ISecureModel<T>component - the (owning) component of the model, some models might allow null.ISecureModel.isAuthorized(org.apache.wicket.Component,
org.wicketstuff.security.actions.WaspAction)Copyright © 2015. All rights reserved.