[
http://wicketstuff.org/jira/browse/WSWASP-5?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_10431
]
Maurice Marrink commented on WSWASP-5:
--------------------------------------
Just committed a preliminary version where this should be fixed. It needs some
more testing but should be backwards compatible with the previous
implementation.
> ContainerSecurityCheck does not work with inherit action
> --------------------------------------------------------
>
> Key: WSWASP-5
> URL: http://wicketstuff.org/jira/browse/WSWASP-5
> Project: WicketStuff WASP
> Issue Type: Bug
> Components: Secure Components
> Affects Versions: 1.3.0
> Reporter: Maurice Marrink
> Assigned To: Maurice Marrink
> Fix For: 1.3.1
>
>
> I deployed the examples and they worked fine...however, after some
> investigation, I wanted to see if I could create a SecurePanel that would
> contain a SecureTextField and basically do some simple modifications to the
> example apps to get a better ie a how security implemented in WASP works.
> The panel shows up fine when a user is authorized to view the page. When the
> panel contains a normal text field, the user can see it. When it contains a
> 'SecureTextField', it doesn't appear. I would assume that the child
> component (SecureTextField) would also appear (inheriting parent
> permissions). We basically want to have various panels in our application
> that would allow users to view and/or edit content based on the 'inherit,
> render, enable' permissions.
> Again, I took the tabs example and created a 'SecurePanel' which appears fine
> if the user is authorized. It simply contains a SecureTextField which does
> not appear. I'm assuming that this component would inherit the permissions
> from its parent so if the user has priviliges to view the parent, they will
> also see the child. If I change the 'SecureTextField' to a normal
> 'TextField', it works fine. TestPanel is just another panel on a new
> SecuredTab that I created.
> grant principal org.apache.wicket.security.examples.authorization.MyPrincipal
> "super"
> {
> permission ${ComponentPermission}
> "org.apache.wicket.security.examples.tabs.panels.Heineken", "render, enable";
> permission ${ComponentPermission}
> "org.apache.wicket.security.examples.tabs.panels.Grolsch", "render, enable";
> //issue with SecureTextField not showing up
> permission ${ComponentPermission}
> "org.apache.wicket.security.examples.tabs.panels.TestPanel", "inherit,
> render, enable";
> };
> TestPanel.java
> ...
> /**
> * Construct.
> *
> * @param id
> */
> public TestPanel(String id)
> {
> super(id);
> add(new Label("name", getName()));
> add(new MultiLineLabel("description",
> getDescription()).setEscapeModelStrings(false));
> add(new ExternalLink("link", getUrl()));
> //Does not show up!
> add(new
> org.apache.wicket.security.components.markup.html.form.SecureTextField("secureTextField"));
> }
> ...
> }
> thank you,
> Chris
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://wicketstuff.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
