subject:"Swarm\: Link authorization"

Re: Swarm: Link authorization

2008-05-15 Thread Andrea Jahn



 

The DataPermission solution works :)

Thanks
Andrea


*Von:* users@wicket.apache.org
*Gesendet:* 15.05.08 16:06:54
*An:* users@wicket.apache.org
*Betreff:* Re: Swarm: Link authorization



Yes there are other solutions :)

In this case you would use a DataPermission.
Something like
permission ${DataPermission} "delete_product", "enable";
coupled with a DatasecurityCheck on your links like so:
setSecurityCheck(new DataSecurityCheck("delete_product"));
will do the trick.

Maurice

On Thu, May 15, 2008 at 3:22 PM, Andrea Jahn <[EMAIL PROTECTED]> wrote:
>
>
> Hi,
>
> for every item in a table there's a "delete" link, which should be only 
> visible for certain users.
>
> ProductAreaListPage.html:
> -
>
> 
> [id]
> [name]
> [description]
> Edit…
> Products…
> Delete…
> 
>
> I created a class for the secure link:
> ---
>
> public abstract class SecureLink extends Link implements ISecureComponent
> {
> private static final long serialVersionUID = 1L;
>
> public SecureLink(String id, Class c)
> {
> super(id);
> setSecurityCheck(new LinkSecurityCheck(this, c));
> }
>
> public ISecurityCheck getSecurityCheck()
> {
> return SecureComponentHelper.getSecurityCheck(this);
> }
>
> public boolean isActionAuthorized(String waspAction)
> {
> return SecureComponentHelper.isActionAuthorized(this, waspAction);
> }
>
> public boolean isActionAuthorized(WaspAction action)
> {
> return SecureComponentHelper.isActionAuthorized(this, action);
> }
>
> public boolean isAuthenticated()
> {
> return SecureComponentHelper.isAuthenticated(this);
> }
>
> public void setSecurityCheck(ISecurityCheck check)
> {
> SecureComponentHelper.setSecurityCheck(this, check);
> }
> }
>
> First I tried to use the ComponentSecurityCheck, because I have no real click 
> target ( I used ProductAreaListPage.class as parameter in the constructor as 
> dummy). Because the LinkSecurityCheck behaves as ClassSecurityCheck per 
> default, I called setUseAlternativeRenderCheck to change to 
> ComponentSecurityCheck.
>
>
> ProductAreaListPage.java:
> -
> private class ProductAreaVisibleDataView extends ProductAreaDataView
> {
> public ProductAreaVisibleDataView(String id, IDataProvider dataProvider) {
> super(id, dataProvider);
> }
>
> protected void populateItem(final Item item) {
> super.populateItem(item);
> final ProductArea productArea = (ProductArea) item.getModelObject();
>
> SecureLink deleteLink = new SecureLink("deleteProductArea", 
> ProductAreaListPage.class) {
> private static final long serialVersionUID = 1L;
>
> public void onClick() {
> if (productArea.getDeleted())
> return;
>
> productArea.setDeleted(true);
> productAreaService.save(productArea);
> invalidateDataProviders();
> }
> };
> ((LinkSecurityCheck)deleteLink.getSecurityCheck()).setUseAlternativeRenderCheck(true);
> item.add(deleteLink);
> }
> }
>
>
>
> Because the wicket id deleteProductArea exists for each item in the list, my 
> policy file would need such permission for each item. This is no real 
> solution, because I don't know, how many items the list will contain (But it 
> worked in the example for the first 4 items).
>
>
> Appl.hive:
> 
> // Product area list page - Delete link
> permission ${ComponentPermission} 
> "${front}.ProductAreaListPage:resultPanel:productAreaTable:1:deleteProductArea",
>  "inherit, render";
> permission ${ComponentPermission} 
> "${front}.ProductAreaListPage:resultPanel:productAreaTable:2:deleteProductArea",
>  "inherit, render";
> permission ${ComponentPermission} 
> "${front}.ProductAreaListPage:resultPanel:productAreaTable:3:deleteProductArea",
>  "inherit, render";
> permission ${ComponentPermission} 
> "${front}.ProductAreaListPage:resultPanel:productAreaTable:4:deleteProductArea",
>  "inherit, render";
>
>
> So I tried to change to use the ClassSecurityCheck. There the user must have 
> rights for the target class. I created a dummy class:
>
> ClickTargetDummy.java:
> --*
>
> *package xxx.yyy.zzz.front.security;
>
> public class ClickTargetDummy
> {
> }
>
> ProductAreaListPage.java:
> -
>
> SecureLink deleteLink = new SecureLink("deleteProductArea", 
> ClickTargetDummy.class) {
> private static final long serialVersionUID = 1L;
>
> public void onClick() {
> if (productArea.getDeleted())
>

Re: Swarm: Link authorization

2008-05-15 Thread Maurice Marrink

Yes there are other solutions :)

In this case you would use a DataPermission.
Something like
permission ${DataPermission} "delete_product", "enable";
coupled with a DatasecurityCheck on your links  like so:
setSecurityCheck(new DataSecurityCheck("delete_product"));
will do the trick.

Maurice

On Thu, May 15, 2008 at 3:22 PM, Andrea Jahn <[EMAIL PROTECTED]> wrote:
>
>
> Hi,
>
> for every item in a table there's a "delete" link, which should be only 
> visible for certain users.
>
> ProductAreaListPage.html:
> -
>
> 
>  [id]
>  [name]
>  [description]
>  Edit…
>  Products…
>  Delete…
> 
>
> I created a class for the secure link:
> ---
>
> public abstract class SecureLink extends Link implements ISecureComponent
> {
>  private static final long serialVersionUID = 1L;
>
>  public SecureLink(String id, Class c)
>  {
>  super(id);
>  setSecurityCheck(new LinkSecurityCheck(this, c));
>  }
>
>  public ISecurityCheck getSecurityCheck()
>  {
>  return SecureComponentHelper.getSecurityCheck(this);
>  }
>
>  public boolean isActionAuthorized(String waspAction)
>  {
>  return SecureComponentHelper.isActionAuthorized(this, waspAction);
>  }
>
>  public boolean isActionAuthorized(WaspAction action)
>  {
>  return SecureComponentHelper.isActionAuthorized(this, action);
>  }
>
>  public boolean isAuthenticated()
>  {
>  return SecureComponentHelper.isAuthenticated(this);
>  }
>
>  public void setSecurityCheck(ISecurityCheck check)
>  {
>  SecureComponentHelper.setSecurityCheck(this, check);
>  }
> }
>
> First I tried to use the ComponentSecurityCheck, because I have no real click 
> target ( I used ProductAreaListPage.class as parameter in the constructor as 
> dummy). Because the LinkSecurityCheck behaves as ClassSecurityCheck per 
> default, I called setUseAlternativeRenderCheck to change to 
> ComponentSecurityCheck.
>
>
> ProductAreaListPage.java:
> -
> private class ProductAreaVisibleDataView extends ProductAreaDataView
> {
>  public ProductAreaVisibleDataView(String id, IDataProvider dataProvider) {
>  super(id, dataProvider);
>  }
>
>  protected void populateItem(final Item item) {
>  super.populateItem(item);
>  final ProductArea productArea = (ProductArea) item.getModelObject();
>
>  SecureLink deleteLink = new SecureLink("deleteProductArea", 
> ProductAreaListPage.class) {
>  private static final long serialVersionUID = 1L;
>
>  public void onClick() {
>  if (productArea.getDeleted())
>  return;
>
>  productArea.setDeleted(true);
>  productAreaService.save(productArea);
>  invalidateDataProviders();
>  }
>  };
>  
> ((LinkSecurityCheck)deleteLink.getSecurityCheck()).setUseAlternativeRenderCheck(true);
>  item.add(deleteLink);
>  }
>  }
>
>
>
> Because the wicket id deleteProductArea exists for each item in the list, my 
> policy file would need such permission for each item. This is no real 
> solution, because I don't know, how many items the list will contain (But it 
> worked in the example for the first 4 items).
>
>
> Appl.hive:
> 
> // Product area list page - Delete link
> permission ${ComponentPermission} 
> "${front}.ProductAreaListPage:resultPanel:productAreaTable:1:deleteProductArea",
>  "inherit, render";
> permission ${ComponentPermission} 
> "${front}.ProductAreaListPage:resultPanel:productAreaTable:2:deleteProductArea",
>  "inherit, render";
> permission ${ComponentPermission} 
> "${front}.ProductAreaListPage:resultPanel:productAreaTable:3:deleteProductArea",
>  "inherit, render";
> permission ${ComponentPermission} 
> "${front}.ProductAreaListPage:resultPanel:productAreaTable:4:deleteProductArea",
>  "inherit, render";
>
>
> So I tried to change to use the ClassSecurityCheck. There the user must have 
> rights for the target class. I created a dummy class:
>
> ClickTargetDummy.java:
> --*
>
> *package xxx.yyy.zzz.front.security;
>
> public class ClickTargetDummy
> {
> }
>
> ProductAreaListPage.java:
> -
>
> SecureLink deleteLink = new SecureLink("deleteProductArea", 
> ClickTargetDummy.class) {
> private static final long serialVersionUID = 1L;
>
> public void onClick() {
>  if (productArea.getDeleted())
>  return;
>
>  productArea.setDeleted(true);
>  productAreaService.save(productArea);
>  invalidateDataProviders();
> }
> };
>
> Appl.hive:
> -
> permission ${ComponentPermission} "${front}.security.ClickTargetDummy", 
> "inherit, render, enable";
>
>
>
> This solution works, but I have to create the dummy class. Perhaps other 
> solutions are possible ???
>
> Thanks in advance
> Andrea
>
>
>
>
>
>
>
>
>
> Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
> *http://smartsurfer.web.de/?mc=100071&distributionid=0066* 
> [http://smartsurfer.web.de/?mc=100071&distributionid=0066]
>

-
To unsubscribe, e-mail:

Swarm: Link authorization

2008-05-15 Thread Andrea Jahn



Hi,

for every item in a table there's a "delete" link, which should be only visible 
for certain users.

ProductAreaListPage.html:
-


 [id]
 [name]
 [description]
 Edit…
 Products…
 Delete…


I created a class for the secure link:
---

public abstract class SecureLink extends Link implements ISecureComponent
{
 private static final long serialVersionUID = 1L;

 public SecureLink(String id, Class c)
 {
 super(id);
 setSecurityCheck(new LinkSecurityCheck(this, c));
 }

 public ISecurityCheck getSecurityCheck()
 {
 return SecureComponentHelper.getSecurityCheck(this);
 }

 public boolean isActionAuthorized(String waspAction)
 {
 return SecureComponentHelper.isActionAuthorized(this, waspAction);
 }

 public boolean isActionAuthorized(WaspAction action)
 {
 return SecureComponentHelper.isActionAuthorized(this, action);
 }

 public boolean isAuthenticated()
 {
 return SecureComponentHelper.isAuthenticated(this);
 }

 public void setSecurityCheck(ISecurityCheck check)
 {
 SecureComponentHelper.setSecurityCheck(this, check);
 }
} 

First I tried to use the ComponentSecurityCheck, because I have no real click 
target ( I used ProductAreaListPage.class as parameter in the constructor as 
dummy). Because the LinkSecurityCheck behaves as ClassSecurityCheck per 
default, I called setUseAlternativeRenderCheck to change to 
ComponentSecurityCheck.


ProductAreaListPage.java:
-
private class ProductAreaVisibleDataView extends ProductAreaDataView
{
 public ProductAreaVisibleDataView(String id, IDataProvider dataProvider) {
 super(id, dataProvider);
 }
 
 protected void populateItem(final Item item) {
 super.populateItem(item);
 final ProductArea productArea = (ProductArea) item.getModelObject();
 
 SecureLink deleteLink = new SecureLink("deleteProductArea", 
ProductAreaListPage.class) {
 private static final long serialVersionUID = 1L;

 public void onClick() {
 if (productArea.getDeleted())
 return;
 
 productArea.setDeleted(true);
 productAreaService.save(productArea);
 invalidateDataProviders();
 }
 }; 
 
((LinkSecurityCheck)deleteLink.getSecurityCheck()).setUseAlternativeRenderCheck(true);
 item.add(deleteLink);
 }
 }

 

Because the wicket id deleteProductArea exists for each item in the list, my 
policy file would need such permission for each item. This is no real solution, 
because I don't know, how many items the list will contain (But it worked in 
the example for the first 4 items).
 

Appl.hive:

// Product area list page - Delete link
permission ${ComponentPermission} 
"${front}.ProductAreaListPage:resultPanel:productAreaTable:1:deleteProductArea",
 "inherit, render";
permission ${ComponentPermission} 
"${front}.ProductAreaListPage:resultPanel:productAreaTable:2:deleteProductArea",
 "inherit, render";
permission ${ComponentPermission} 
"${front}.ProductAreaListPage:resultPanel:productAreaTable:3:deleteProductArea",
 "inherit, render";
permission ${ComponentPermission} 
"${front}.ProductAreaListPage:resultPanel:productAreaTable:4:deleteProductArea",
 "inherit, render";


So I tried to change to use the ClassSecurityCheck. There the user must have 
rights for the target class. I created a dummy class:

ClickTargetDummy.java:
--*

*package xxx.yyy.zzz.front.security;

public class ClickTargetDummy
{
}

ProductAreaListPage.java:
-

SecureLink deleteLink = new SecureLink("deleteProductArea", 
ClickTargetDummy.class) {
private static final long serialVersionUID = 1L;

public void onClick() {
 if (productArea.getDeleted())
 return;
 
 productArea.setDeleted(true);
 productAreaService.save(productArea);
 invalidateDataProviders();
}
}; 

Appl.hive:
-
permission ${ComponentPermission} "${front}.security.ClickTargetDummy", 
"inherit, render, enable";

 

This solution works, but I have to create the dummy class. Perhaps other 
solutions are possible ???

Thanks in advance
Andrea

 

 

 



Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! 
*http://smartsurfer.web.de/?mc=100071&distributionid=0066* 
[http://smartsurfer.web.de/?mc=100071&distributionid=0066]

Re: Swarm: Link authorization

Re: Swarm: Link authorization

Swarm: Link authorization

3 matches

Site Navigation

Mail list logo

Footer information