Author: ivaynberg
Date: Wed Nov 23 21:39:44 2011
New Revision: 1205615
URL: http://svn.apache.org/viewvc?rev=1205615&view=rev
Log:
block onbeforerender() from being called if auth strategy vetoes render action
Issue: WICKET-4256
Added:
wicket/branches/wicket-1.4.x/wicket/src/test/java/org/apache/wicket/authorization/
wicket/branches/wicket-1.4.x/wicket/src/test/java/org/apache/wicket/authorization/ComponentIsRenderedAllowedTest.java
Modified:
wicket/branches/wicket-1.4.x/wicket/src/main/java/org/apache/wicket/Component.java
Modified:
wicket/branches/wicket-1.4.x/wicket/src/main/java/org/apache/wicket/Component.java
URL:
http://svn.apache.org/viewvc/wicket/branches/wicket-1.4.x/wicket/src/main/java/org/apache/wicket/Component.java?rev=1205615&r1=1205614&r2=1205615&view=diff
==============================================================================
---
wicket/branches/wicket-1.4.x/wicket/src/main/java/org/apache/wicket/Component.java
(original)
+++
wicket/branches/wicket-1.4.x/wicket/src/main/java/org/apache/wicket/Component.java
Wed Nov 23 21:39:44 2011
@@ -1163,6 +1163,8 @@ public abstract class Component implemen
if (!getFlag(FLAG_CONFIGURED))
{
onConfigure();
+ setRenderAllowed();
+
List<IComponentConfigurationBehavior> behaviors =
getBehaviors(IComponentConfigurationBehavior.class);
for (IComponentConfigurationBehavior behavior :
behaviors)
{
@@ -2314,11 +2316,6 @@ public abstract class Component implemen
}
markRendering(setRenderingFlag);
-
- // check authorization
- // first the component itself
- // (after attach as otherwise list views etc wont work)
- setRenderAllowed();
}
/**
Added:
wicket/branches/wicket-1.4.x/wicket/src/test/java/org/apache/wicket/authorization/ComponentIsRenderedAllowedTest.java
URL:
http://svn.apache.org/viewvc/wicket/branches/wicket-1.4.x/wicket/src/test/java/org/apache/wicket/authorization/ComponentIsRenderedAllowedTest.java?rev=1205615&view=auto
==============================================================================
---
wicket/branches/wicket-1.4.x/wicket/src/test/java/org/apache/wicket/authorization/ComponentIsRenderedAllowedTest.java
(added)
+++
wicket/branches/wicket-1.4.x/wicket/src/test/java/org/apache/wicket/authorization/ComponentIsRenderedAllowedTest.java
Wed Nov 23 21:39:44 2011
@@ -0,0 +1,136 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.wicket.authorization;
+
+import org.apache.wicket.Component;
+import org.apache.wicket.MarkupContainer;
+import org.apache.wicket.WicketTestCase;
+import org.apache.wicket.markup.IMarkupResourceStreamProvider;
+import org.apache.wicket.markup.html.WebMarkupContainer;
+import org.apache.wicket.markup.html.WebPage;
+import org.apache.wicket.util.resource.IResourceStream;
+import org.apache.wicket.util.resource.StringResourceStream;
+
+/**
+ * Checks whether or not authorization strategy blocks rendering of components
+ *
+ * @author igor
+ */
+public class ComponentIsRenderedAllowedTest extends WicketTestCase
+{
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ super.setUp();
+
tester.getApplication().getSecuritySettings().setAuthorizationStrategy(new
Authorizer());
+ }
+
+ /** */
+ public void testOnBeforeRenderNotCalledOnVetoedComponents()
+ {
+ TestPage page = new TestPage();
+ tester.startPage(page);
+ assertFalse(page.normal.onBeforeRenderCalled);
+ }
+
+ /** */
+ public void testVetoedComponentNotRendered()
+ {
+ TestPage page = new TestPage();
+ tester.startPage(page);
+
assertFalse(tester.getServletResponse().getDocument().contains("normal"));
+ }
+
+ /** */
+ public class TestPage extends WebPage implements
IMarkupResourceStreamProvider
+ {
+ private final NormalContainer normal;
+
+ /** */
+ public TestPage()
+ {
+ ForbiddenContainer forbidden = new
ForbiddenContainer("forbidden");
+ normal = new NormalContainer("normal");
+ add(forbidden);
+ forbidden.add(normal);
+ }
+
+ public IResourceStream getMarkupResourceStream(MarkupContainer
container,
+ Class<?> containerClass)
+ {
+ return new StringResourceStream(
+ "<html><body><div wicket:id='forbidden'><div
wicket:id='normal'>normal</div></div></body></html>");
+ }
+
+ }
+
+ private static class NormalContainer extends WebMarkupContainer
+ {
+ private boolean onBeforeRenderCalled = false;
+ private boolean onAfterRenderCalled = false;
+
+ public NormalContainer(String id)
+ {
+ super(id);
+ }
+
+ @Override
+ protected void onBeforeRender()
+ {
+ super.onBeforeRender();
+ onBeforeRenderCalled = true;
+ }
+
+ @Override
+ protected void onAfterRender()
+ {
+ super.onAfterRender();
+ onAfterRenderCalled = true;
+ }
+
+ }
+
+ private static class ForbiddenContainer extends WebMarkupContainer
implements Forbidden
+ {
+ public ForbiddenContainer(String id)
+ {
+ super(id);
+ }
+ }
+
+ private static interface Forbidden
+ {
+
+ }
+
+ private static class Authorizer implements IAuthorizationStrategy
+ {
+ public <T extends Component> boolean
isInstantiationAuthorized(Class<T> componentClass)
+ {
+ return true;
+ }
+
+ public boolean isActionAuthorized(Component component, Action
action)
+ {
+ return !(component instanceof Forbidden);
+ }
+
+
+ }
+
+}
