org.apache.wicket.authorization.strategies.page

Class SimplePageAuthorizationStrategy

java.lang.Object

org.apache.wicket.authorization.IAuthorizationStrategy.AllowAllAuthorizationStrategy

org.apache.wicket.authorization.strategies.page.AbstractPageAuthorizationStrategy

org.apache.wicket.authorization.strategies.page.SimplePageAuthorizationStrategy

All Implemented Interfaces:

IAuthorizationStrategy

public abstract class SimplePageAuthorizationStrategy
extends AbstractPageAuthorizationStrategy

A very simple authorization strategy that takes a supertype (a base class or tagging interface) and performs a simple authorization check by calling the abstract method isAuthorized() whenever a Page class that extends or implements the supertype is about to be instantiated. If that method returns true, page instantiation proceeds normally. If it returns false, the user is automatically directed to the specified sign-in page for authentication, which will presumably allow authorization to succeed once they have signed in.

In your Application.init() method do something like the following:

 SimplePageAuthorizationStrategy authorizationStrategy = new SimplePageAuthorizationStrategy(
        MySecureWebPage.class, MySignInPage.class)
 {
        protected boolean isAuthorized()
        {
                // Authorize access based on user authentication in the session
                return (((MySession)Session.get()).isSignedIn());
        }
 };
 
 getSecuritySettings().setAuthorizationStrategy(authorizationStrategy);
 

Author:

Eelco Hillenius, Jonathan Locke

Nested Class Summary

Nested classes/interfaces inherited from interface org.apache.wicket.authorization.IAuthorizationStrategy

IAuthorizationStrategy.AllowAllAuthorizationStrategy

Field Summary

Fields inherited from interface org.apache.wicket.authorization.IAuthorizationStrategy

ALLOW_ALL

Constructor Summary

Constructors

Constructor and Description
SimplePageAuthorizationStrategy(Class<?> securePageSuperType, Class<S> signInPageClass) Construct.

Method Summary

Methods

Modifier and Type	Method and Description
protected abstract boolean	isAuthorized() Gets whether the current user/session is authorized to instantiate a page class which extends or implements the supertype (base class or tagging interface) passed to the constructor.
protected <T extends Page> boolean	isPageAuthorized(Class<T> pageClass) Whether to page may be created.

Methods inherited from class org.apache.wicket.authorization.strategies.page.AbstractPageAuthorizationStrategy

instanceOf, isInstantiationAuthorized

Methods inherited from class org.apache.wicket.authorization.IAuthorizationStrategy.AllowAllAuthorizationStrategy

isActionAuthorized, isResourceAuthorized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SimplePageAuthorizationStrategy

public SimplePageAuthorizationStrategy(Class<?> securePageSuperType,
                               Class<S> signInPageClass)

Construct.

Type Parameters:

S -

Parameters:

securePageSuperType - The class or interface supertype that indicates that a given Page requires authorization

signInPageClass - The sign in page class

Method Detail

isPageAuthorized

protected <T extends Page> boolean isPageAuthorized(Class<T> pageClass)

Description copied from class: AbstractPageAuthorizationStrategy

Whether to page may be created. Returns true by default.

Overrides:

isPageAuthorized in class AbstractPageAuthorizationStrategy

Type Parameters:

T - the type of the page

Parameters:

pageClass - The Page class

Returns:

True if to page may be created

See Also:

AbstractPageAuthorizationStrategy.isPageAuthorized(java.lang.Class)

isAuthorized

protected abstract boolean isAuthorized()

Gets whether the current user/session is authorized to instantiate a page class which extends or implements the supertype (base class or tagging interface) passed to the constructor.

Returns:

True if the instantiation should be allowed to proceed. False, if the user should be directed to the application's sign-in page.