wicket.authorization.strategies.page
Class AbstractPageAuthorizationStrategy

java.lang.Object
  wicket.authorization.strategies.page.AbstractPageAuthorizationStrategy

All Implemented Interfaces:

IAuthorizationStrategy

Direct Known Subclasses:

SimplePageAuthorizationStrategy

public abstract class AbstractPageAuthorizationStrategy
extends java.lang.Object
implements IAuthorizationStrategy

An abstract base class for implementing simple authorization of Pages. Users should override isPageAuthorized(Class), which gets called for Page classes when they are being constructed.

Author:

Jonathan Locke, Eelco Hillenius

Field Summary

Fields inherited from interface wicket.authorization.IAuthorizationStrategy

ALLOW_ALL

Constructor Summary

AbstractPageAuthorizationStrategy()

Method Summary

protected boolean	instanceOf(java.lang.Class type, java.lang.Class superType) Works like instanceof operator where instanceOf(a, b) is the runtime equivalent of (a instanceof b).
boolean	isActionAuthorized(Component component, Action action) Gets whether the given action is permitted.
boolean	isInstantiationAuthorized(java.lang.Class componentClass) Checks whether an instance of the given component class may be created.
protected boolean	isPageAuthorized(java.lang.Class pageClass) Whether to page may be created.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AbstractPageAuthorizationStrategy

public AbstractPageAuthorizationStrategy()

Method Detail

isActionAuthorized

public boolean isActionAuthorized(Component component,
                                  Action action)

Description copied from interface: IAuthorizationStrategy

Gets whether the given action is permitted. If it is, this method should return true. If it isn't, this method should either return false or - in case of a serious breach - throw a security exception. Returning is generally preferable over throwing an exception as that doesn't break the normal flow.

Specified by:

isActionAuthorized in interface IAuthorizationStrategy

Parameters:

component - The component to be acted upon

action - The action to authorize on the component

Returns:

Whether the given action may be taken on the given component

See Also:

IAuthorizationStrategy.isActionAuthorized(wicket.Component, wicket.authorization.Action)

isInstantiationAuthorized

public final boolean isInstantiationAuthorized(java.lang.Class componentClass)

Description copied from interface: IAuthorizationStrategy

Checks whether an instance of the given component class may be created. If this method returns false, the IUnauthorizedComponentInstantiationListener that is configured in the security settings will be called. The default implementation of that listener throws a UnauthorizedInstantiationException.

If you wish to implement a strategy that authenticates users which cannot access a given Page (or other Component), you can simply throw a RestartResponseAtInterceptPageException in your implementation of this method.

Specified by:

isInstantiationAuthorized in interface IAuthorizationStrategy

Parameters:

componentClass - The component class to check

Returns:

Whether the given component may be created

See Also:

IAuthorizationStrategy.isInstantiationAuthorized(java.lang.Class)

instanceOf

protected boolean instanceOf(java.lang.Class type,
                             java.lang.Class superType)

Works like instanceof operator where instanceOf(a, b) is the runtime equivalent of (a instanceof b).

Parameters:

type - The type to check

superType - The interface or superclass that the type needs to implement or extend

Returns:

True if the type is an instance of the superType

isPageAuthorized

protected boolean isPageAuthorized(java.lang.Class pageClass)

Whether to page may be created. Returns true by default.

Parameters:

pageClass - The Page class

Returns:

True if to page may be created