Re: Custom IUnauthorizedComponentInstantiationListener
hi,
could u describe the proposed solution more deeply please. Idon't
know, what more i should do with my
iauthorizationstrategy , it has only 2 boolean methods and i don't see
anything, i could improve there. Btw i use RoleAuthorizationStrategy, which is
a CompoundAuthorizationStrategy.
thanks, Juraj
if you want to hide unauthorized components you should use
iauthorizationstrategy and veto component's RENDER action
-igor
On Wed, Jan 5, 2011 at 1:42 AM, Durodevelma...@yahoo.com wrote:
Hi, i am trying to customize the behavior, when in a page a component is
found, that the current user is not authorized to while he is authorized to
the page. This by default throws an exception and i want to change it so,
that the component is simply not displayed. So i did this: in my web
application, that is subclass of AuthenticatedWebApplication i have this
init() method:
@Override
protected void init() {
super.init();
// we customize the default behavior, when there is an component in
page, that
// this user can't access. Default is an exception thrown, we just
set the
// component not visible
getSecuritySettings().setUnauthorizedComponentInstantiationListener(
new IUnauthorizedComponentInstantiationListener() {
@Override
public void onUnauthorizedInstantiation(Component
component) {
if (component instanceof Page) {
onUnauthorizedPage((Page) component);
} else {
component.detach();
}
}
});
}
as i can see, if the unauthorized object is a page, than i call
onUnauthorizedPage((Page) component) which redirects to login page, else i
destroy the component.
What comes out as result is that the user after accessing protected page is
redirected to login page, logs in and is authentificated but than somehow
the session is destroyed and new is created for some reason which results in
loosing the authentication and login page is displayed again. So the user
actually can't log in and always ends only in the login page.
thanks for help in advance, Juraj
__
Do You Yahoo!?
Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz
gegen Massenmails. http://mail.yahoo.com
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
__
Do You Yahoo!?
Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails.
http://mail.yahoo.com
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
Re: Custom IUnauthorizedComponentInstantiationListener
Juraj,
...
public boolean isActionAuthorized(Component component, Action action) {
return action != Component.RENDER || shouldRender(component);
}
private boolean shouldRender(Component component){
// your logic to check if the current user should see component
}
...
This is a terse and basic implementation to make the technique clear;
you should get the idea and be able to extend it to fulfil your
specific requirements..
Regards - Cemal
jWeekend
Training, Consulting, Development
http://jWeekend.com
On 14 January 2011 10:04, Duro develma...@yahoo.com wrote:
hi,
could u describe the proposed solution more deeply please. Idon't know,
what more i should do with my
iauthorizationstrategy , it has only 2 boolean methods and i don't see
anything, i could improve there. Btw i use RoleAuthorizationStrategy, which
is a CompoundAuthorizationStrategy.
thanks, Juraj
if you want to hide unauthorized components you should use
iauthorizationstrategy and veto component's RENDER action
-igor
On Wed, Jan 5, 2011 at 1:42 AM, Durodevelma...@yahoo.com wrote:
Hi, i am trying to customize the behavior, when in a page a component is
found, that the current user is not authorized to while he is authorized
to
the page. This by default throws an exception and i want to change it so,
that the component is simply not displayed. So i did this: in my web
application, that is subclass of AuthenticatedWebApplication i have this
init() method:
@Override
protected void init() {
super.init();
// we customize the default behavior, when there is an component
in
page, that
// this user can't access. Default is an exception thrown, we just
set the
// component not visible
getSecuritySettings().setUnauthorizedComponentInstantiationListener(
new IUnauthorizedComponentInstantiationListener() {
@Override
public void onUnauthorizedInstantiation(Component
component) {
if (component instanceof Page) {
onUnauthorizedPage((Page) component);
} else {
component.detach();
}
}
});
}
as i can see, if the unauthorized object is a page, than i call
onUnauthorizedPage((Page) component) which redirects to login page, else
i
destroy the component.
What comes out as result is that the user after accessing protected page
is
redirected to login page, logs in and is authentificated but than somehow
the session is destroyed and new is created for some reason which results
in
loosing the authentication and login page is displayed again. So the user
actually can't log in and always ends only in the login page.
thanks for help in advance, Juraj
__
Do You Yahoo!?
Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz
gegen Massenmails. http://mail.yahoo.com
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
__
Do You Yahoo!?
Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz
gegen Massenmails. http://mail.yahoo.com
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
Custom IUnauthorizedComponentInstantiationListener
Hi, i am trying to customize the behavior, when in a page a component is
found, that the current user is not authorized to while he is authorized
to the page. This by default throws an exception and i want to change it
so, that the component is simply not displayed. So i did this: in my web
application, that is subclass of AuthenticatedWebApplication i have this
init() method:
@Override
protected void init() {
super.init();
// we customize the default behavior, when there is an
component in page, that
// this user can't access. Default is an exception thrown, we
just set the
// component not visible
getSecuritySettings().setUnauthorizedComponentInstantiationListener(
new IUnauthorizedComponentInstantiationListener() {
@Override
public void onUnauthorizedInstantiation(Component
component) {
if (component instanceof Page) {
onUnauthorizedPage((Page) component);
} else {
component.detach();
}
}
});
}
as i can see, if the unauthorized object is a page, than i call
onUnauthorizedPage((Page) component) which redirects to login page, else
i destroy the component.
What comes out as result is that the user after accessing protected page
is redirected to login page, logs in and is authentificated but than
somehow the session is destroyed and new is created for some reason
which results in loosing the authentication and login page is displayed
again. So the user actually can't log in and always ends only in the
login page.
thanks for help in advance, Juraj
__
Do You Yahoo!?
Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails.
http://mail.yahoo.com
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
Re: Custom IUnauthorizedComponentInstantiationListener
if you want to hide unauthorized components you should use
iauthorizationstrategy and veto component's RENDER action
-igor
On Wed, Jan 5, 2011 at 1:42 AM, Duro develma...@yahoo.com wrote:
Hi, i am trying to customize the behavior, when in a page a component is
found, that the current user is not authorized to while he is authorized to
the page. This by default throws an exception and i want to change it so,
that the component is simply not displayed. So i did this: in my web
application, that is subclass of AuthenticatedWebApplication i have this
init() method:
@Override
protected void init() {
super.init();
// we customize the default behavior, when there is an component in
page, that
// this user can't access. Default is an exception thrown, we just
set the
// component not visible
getSecuritySettings().setUnauthorizedComponentInstantiationListener(
new IUnauthorizedComponentInstantiationListener() {
�...@override
public void onUnauthorizedInstantiation(Component
component) {
if (component instanceof Page) {
onUnauthorizedPage((Page) component);
} else {
component.detach();
}
}
});
}
as i can see, if the unauthorized object is a page, than i call
onUnauthorizedPage((Page) component) which redirects to login page, else i
destroy the component.
What comes out as result is that the user after accessing protected page is
redirected to login page, logs in and is authentificated but than somehow
the session is destroyed and new is created for some reason which results in
loosing the authentication and login page is displayed again. So the user
actually can't log in and always ends only in the login page.
thanks for help in advance, Juraj
__
Do You Yahoo!?
Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz
gegen Massenmails. http://mail.yahoo.com
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
