Re: Custom IUnauthorizedComponentInstantiationListener
hi, could u describe the proposed solution more deeply please. Idon't know, what more i should do with my iauthorizationstrategy , it has only 2 boolean methods and i don't see anything, i could improve there. Btw i use RoleAuthorizationStrategy, which is a CompoundAuthorizationStrategy. thanks, Juraj if you want to hide unauthorized components you should use iauthorizationstrategy and veto component's RENDER action -igor On Wed, Jan 5, 2011 at 1:42 AM, Durodevelma...@yahoo.com wrote: Hi, i am trying to customize the behavior, when in a page a component is found, that the current user is not authorized to while he is authorized to the page. This by default throws an exception and i want to change it so, that the component is simply not displayed. So i did this: in my web application, that is subclass of AuthenticatedWebApplication i have this init() method: @Override protected void init() { super.init(); // we customize the default behavior, when there is an component in page, that // this user can't access. Default is an exception thrown, we just set the // component not visible getSecuritySettings().setUnauthorizedComponentInstantiationListener( new IUnauthorizedComponentInstantiationListener() { @Override public void onUnauthorizedInstantiation(Component component) { if (component instanceof Page) { onUnauthorizedPage((Page) component); } else { component.detach(); } } }); } as i can see, if the unauthorized object is a page, than i call onUnauthorizedPage((Page) component) which redirects to login page, else i destroy the component. What comes out as result is that the user after accessing protected page is redirected to login page, logs in and is authentificated but than somehow the session is destroyed and new is created for some reason which results in loosing the authentication and login page is displayed again. So the user actually can't log in and always ends only in the login page. thanks for help in advance, Juraj __ Do You Yahoo!? Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. http://mail.yahoo.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org __ Do You Yahoo!? Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. http://mail.yahoo.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Custom IUnauthorizedComponentInstantiationListener
Juraj, ... public boolean isActionAuthorized(Component component, Action action) { return action != Component.RENDER || shouldRender(component); } private boolean shouldRender(Component component){ // your logic to check if the current user should see component } ... This is a terse and basic implementation to make the technique clear; you should get the idea and be able to extend it to fulfil your specific requirements.. Regards - Cemal jWeekend Training, Consulting, Development http://jWeekend.com On 14 January 2011 10:04, Duro develma...@yahoo.com wrote: hi, could u describe the proposed solution more deeply please. Idon't know, what more i should do with my iauthorizationstrategy , it has only 2 boolean methods and i don't see anything, i could improve there. Btw i use RoleAuthorizationStrategy, which is a CompoundAuthorizationStrategy. thanks, Juraj if you want to hide unauthorized components you should use iauthorizationstrategy and veto component's RENDER action -igor On Wed, Jan 5, 2011 at 1:42 AM, Durodevelma...@yahoo.com wrote: Hi, i am trying to customize the behavior, when in a page a component is found, that the current user is not authorized to while he is authorized to the page. This by default throws an exception and i want to change it so, that the component is simply not displayed. So i did this: in my web application, that is subclass of AuthenticatedWebApplication i have this init() method: @Override protected void init() { super.init(); // we customize the default behavior, when there is an component in page, that // this user can't access. Default is an exception thrown, we just set the // component not visible getSecuritySettings().setUnauthorizedComponentInstantiationListener( new IUnauthorizedComponentInstantiationListener() { @Override public void onUnauthorizedInstantiation(Component component) { if (component instanceof Page) { onUnauthorizedPage((Page) component); } else { component.detach(); } } }); } as i can see, if the unauthorized object is a page, than i call onUnauthorizedPage((Page) component) which redirects to login page, else i destroy the component. What comes out as result is that the user after accessing protected page is redirected to login page, logs in and is authentificated but than somehow the session is destroyed and new is created for some reason which results in loosing the authentication and login page is displayed again. So the user actually can't log in and always ends only in the login page. thanks for help in advance, Juraj __ Do You Yahoo!? Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. http://mail.yahoo.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org __ Do You Yahoo!? Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. http://mail.yahoo.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Custom IUnauthorizedComponentInstantiationListener
Hi, i am trying to customize the behavior, when in a page a component is found, that the current user is not authorized to while he is authorized to the page. This by default throws an exception and i want to change it so, that the component is simply not displayed. So i did this: in my web application, that is subclass of AuthenticatedWebApplication i have this init() method: @Override protected void init() { super.init(); // we customize the default behavior, when there is an component in page, that // this user can't access. Default is an exception thrown, we just set the // component not visible getSecuritySettings().setUnauthorizedComponentInstantiationListener( new IUnauthorizedComponentInstantiationListener() { @Override public void onUnauthorizedInstantiation(Component component) { if (component instanceof Page) { onUnauthorizedPage((Page) component); } else { component.detach(); } } }); } as i can see, if the unauthorized object is a page, than i call onUnauthorizedPage((Page) component) which redirects to login page, else i destroy the component. What comes out as result is that the user after accessing protected page is redirected to login page, logs in and is authentificated but than somehow the session is destroyed and new is created for some reason which results in loosing the authentication and login page is displayed again. So the user actually can't log in and always ends only in the login page. thanks for help in advance, Juraj __ Do You Yahoo!? Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. http://mail.yahoo.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Custom IUnauthorizedComponentInstantiationListener
if you want to hide unauthorized components you should use iauthorizationstrategy and veto component's RENDER action -igor On Wed, Jan 5, 2011 at 1:42 AM, Duro develma...@yahoo.com wrote: Hi, i am trying to customize the behavior, when in a page a component is found, that the current user is not authorized to while he is authorized to the page. This by default throws an exception and i want to change it so, that the component is simply not displayed. So i did this: in my web application, that is subclass of AuthenticatedWebApplication i have this init() method: @Override protected void init() { super.init(); // we customize the default behavior, when there is an component in page, that // this user can't access. Default is an exception thrown, we just set the // component not visible getSecuritySettings().setUnauthorizedComponentInstantiationListener( new IUnauthorizedComponentInstantiationListener() { �...@override public void onUnauthorizedInstantiation(Component component) { if (component instanceof Page) { onUnauthorizedPage((Page) component); } else { component.detach(); } } }); } as i can see, if the unauthorized object is a page, than i call onUnauthorizedPage((Page) component) which redirects to login page, else i destroy the component. What comes out as result is that the user after accessing protected page is redirected to login page, logs in and is authentificated but than somehow the session is destroyed and new is created for some reason which results in loosing the authentication and login page is displayed again. So the user actually can't log in and always ends only in the login page. thanks for help in advance, Juraj __ Do You Yahoo!? Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. http://mail.yahoo.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org