RE: TabbedPanel + authorization strategy
How should i impliment the ROl and Auth on the AbstractTab . Please find the below code for ref final List tabs = new ArrayList(); final AbstractTab ABCTab = new AbstractTab(new Model(ABC)) { //@Override Public Panel getPanel(final String panelId) { return ABCPanal(panelId, Main.this); } }; tabs.add(ABCTab ); final AbstractTab XYXTab = new AbstractTab(new Model(XYZ)) { @Override public Panel getPanel(final String panelId) { return new XYZPanal(panelId, Main.this); } }; tabs.add(XYZPanal); final AjaxTabbedPanel tabPanel = new AjaxTabbedPanel(tabs, tabs); this.add(tabPanel); I have 2 tab on the page. How should i disable for one of the tab for perticular rols I have tried with the MetaDataRoleAuthorizationStrategy.authorize(ABCTab,RENDER, ADMIN); but it is not working as it is Abstract Class and not the complonet. -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/TabbedPanel-authorization-strategy-tp1893255p4665675.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
RE: TabbedPanel + authorization strategy
How should i impliment the ROl and Auth on the AbstractTab . Please find the below code for ref final List tabs = new ArrayList(); final AbstractTab ABCTab = new AbstractTab(new Model(ABC)) { //@Override Public Panel getPanel(final String panelId) { return ABCPanal(panelId, Main.this); } }; tabs.add(ABCTab ); final AbstractTab XYXTab = new AbstractTab(new Model(XYZ)) { @Override public Panel getPanel(final String panelId) { return new XYZPanal(panelId, Main.this); } }; tabs.add(XYZPanal); final AjaxTabbedPanel tabPanel = new AjaxTabbedPanel(tabs, tabs); this.add(tabPanel); I have 2 tab on the page. How should i disable for one of the tab for perticular rols I have tried with the MetaDataRoleAuthorizationStrategy.authorize(ABCTab,RENDER, ADMIN); but it is not working as it is Abstract Class and not the complonet. Regards MDU -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/TabbedPanel-authorization-strategy-tp1893255p4665674.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
RE: TabbedPanel + authorization strategy
I have the same need of you . Could you share the implementation of your Secure TabbedPanel? -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/TabbedPanel-authorization-strategy-tp1893255p4665666.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: TabbedPanel + authorization strategy
This is my problem. How do I get the information, if the user has not the permission to see the panel? I create a tab list like this: ListITab tabs = new ArrayListITab(); tabs.add(new AbstractTab(new ModelString(panel)) { public Panel getPanel(String panelId) { return new FooPanel(panelId); } ... }); And I'm securing the panel through annotation: @AuthorizeInstantiation(ADMIN) public class FooPanel extends Panel { ... } So the tab will be added before I get the information about its auths. James Carman-3 wrote: Can't you just not add the tab if the user doesn't have the role/permission required? -- View this message in context: http://old.nabble.com/TabbedPanel-%2B-authorization-strategy-tp13949910p27073005.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: TabbedPanel + authorization strategy
I take it you configured wicket-auth-roles by doing getSecuritySettings().setAuthorizationStrategy(...) in your application's init? If so, then the security check for that component is done by an IComponentInstantiationListener that is automatically initialized by the constructor of Application. In other words: the permissions are checked automatically. I believe the default behavior is to throw an UnauthorizedInstantiationException if component instantiation is not authorized, but you can tweak this by calling getSecuritySettings().setUnauthorizedComponentInstantiationListener(...). An example implementation for making components invisible if not authorized would be: getSecuritySettings().setUnauthorizedComponentInstantiationListener(new IUnauthorizedComponentInstantiationListener() { public void onUnauthorizedInstantiation(final Component component) { if (component instanceof Page) { // Redirect to index throw new RestartResponseAtInterceptPageException(YourLoginPage.class); // Or you can just throw the original UnauthorizedInstantiationException } else { component.setVisible(false); } } ); DISCLAIMER: This post was constructed after studying the relevant source for about 2 minutes and googling for about 1 minute to get some info about wicket-auth-roles. 2010/1/8 toberger torben.ber...@gmx.de: This is my problem. How do I get the information, if the user has not the permission to see the panel? I create a tab list like this: ListITab tabs = new ArrayListITab(); tabs.add(new AbstractTab(new ModelString(panel)) { public Panel getPanel(String panelId) { return new FooPanel(panelId); } ... }); And I'm securing the panel through annotation: @AuthorizeInstantiation(ADMIN) public class FooPanel extends Panel { ... } So the tab will be added before I get the information about its auths. James Carman-3 wrote: Can't you just not add the tab if the user doesn't have the role/permission required? -- View this message in context: http://old.nabble.com/TabbedPanel-%2B-authorization-strategy-tp13949910p27073005.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Jeroen Steenbeeke www.fortuityframework.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: TabbedPanel + authorization strategy
Okay, with your example implementation I can disable the content of the tab. But the tab itself is still visible. And I am searching a way to disable this tab itself too. Jeroen Steenbeeke wrote: I believe the default behavior is to throw an UnauthorizedInstantiationException if component instantiation is not authorized, but you can tweak this by calling getSecuritySettings().setUnauthorizedComponentInstantiationListener(...). -- View this message in context: http://old.nabble.com/TabbedPanel-%2B-authorization-strategy-tp13949910p27073815.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
RE: TabbedPanel + authorization strategy
You can extend TabbedPanel and overwrite the newLink() method. toberger mailto:torben.ber...@gmx.de wrote: Okay, with your example implementation I can disable the content of the tab. But the tab itself is still visible. And I am searching a way to disable this tab itself too. Jeroen Steenbeeke wrote: I believe the default behavior is to throw an UnauthorizedInstantiationException if component instantiation is not authorized, but you can tweak this by calling getSecuritySettings().setUnauthorizedComponentInstantiationListener(...). - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: TabbedPanel + authorization strategy
Hi, I'm sorry to put such an old topic up. But I'm searching for a way to secure tabs with wicket-auth-roles and I don't want to display the tabs when the user has no authorization for its content panel. I can't find the source code which is related to. Maybe somone can just add a little code snippet how it works? That would be really great. Best regards, Torben -- View this message in context: http://old.nabble.com/TabbedPanel-%2B-authorization-strategy-tp13949910p27068118.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: TabbedPanel + authorization strategy
Can't you just not add the tab if the user doesn't have the role/permission required? On Thu, Jan 7, 2010 at 5:25 PM, toberger torben.ber...@gmx.de wrote: Hi, I'm sorry to put such an old topic up. But I'm searching for a way to secure tabs with wicket-auth-roles and I don't want to display the tabs when the user has no authorization for its content panel. I can't find the source code which is related to. Maybe somone can just add a little code snippet how it works? That would be really great. Best regards, Torben -- View this message in context: http://old.nabble.com/TabbedPanel-%2B-authorization-strategy-tp13949910p27068118.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: TabbedPanel + authorization strategy
Not sure if it is of help to you, but Swarm has an example on how to do this: http://wicketstuff.org/wicketsecurity/tabs/ You probably want the hide tabs option. Source is available at https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-examples Maurice On Nov 27, 2007 8:02 AM, Marieke Vandamme [EMAIL PROTECTED] wrote: I tried that, but it won't compile. Maybe because AbstractTab doesn't extends Component? I can't add the @AuthorizeAction to the panel, because the panel is only created when the specific tab is clicked. Eelco Hillenius wrote: On Nov 26, 2007 10:38 PM, Marieke Vandamme [EMAIL PROTECTED] wrote: That was my last solution, because i hoped it could be integrated with the auth-roles so i didn't have to check the role myself. Because if i'm right, before adding the tab to the list, i check with the role from the user's session? So did you try using @AuthorizeAction(action = Action.RENDER, roles = Roles.ADMIN)? That way you could just add the panels and they wouldn't be rendered when the user isn't authorized. And you can keep the actual authorization code out of your normal component construction code. Eelco - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/TabbedPanel-%2B-authorization-strategy-tf4875256.html#a13965770 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TabbedPanel + authorization strategy
That gave me some hints indeed. Thanks ! The authorization needs to be placed on the link (that is created when overriding the newlink method from TabbedPanel). Mr Mean wrote: Not sure if it is of help to you, but Swarm has an example on how to do this: http://wicketstuff.org/wicketsecurity/tabs/ You probably want the hide tabs option. Source is available at https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-examples Maurice On Nov 27, 2007 8:02 AM, Marieke Vandamme [EMAIL PROTECTED] wrote: I tried that, but it won't compile. Maybe because AbstractTab doesn't extends Component? I can't add the @AuthorizeAction to the panel, because the panel is only created when the specific tab is clicked. Eelco Hillenius wrote: On Nov 26, 2007 10:38 PM, Marieke Vandamme [EMAIL PROTECTED] wrote: That was my last solution, because i hoped it could be integrated with the auth-roles so i didn't have to check the role myself. Because if i'm right, before adding the tab to the list, i check with the role from the user's session? So did you try using @AuthorizeAction(action = Action.RENDER, roles = Roles.ADMIN)? That way you could just add the panels and they wouldn't be rendered when the user isn't authorized. And you can keep the actual authorization code out of your normal component construction code. Eelco - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/TabbedPanel-%2B-authorization-strategy-tf4875256.html#a13965770 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/TabbedPanel-%2B-authorization-strategy-tf4875256.html#a13968886 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TabbedPanel + authorization strategy
On Nov 27, 2007 3:15 AM, Marieke Vandamme [EMAIL PROTECTED] wrote: That gave me some hints indeed. Thanks ! The authorization needs to be placed on the link (that is created when overriding the newlink method from TabbedPanel). Yeah, that makes sense :-) Eelco - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TabbedPanel + authorization strategy
Marieke Vandamme schrieb: Hello, Is it possible to use TabbedPanel from wicket extensions together with the wicket auth-roles? Because TabbedPanel contains AbstractTab (which do not extend Component), I didn't find a way to set the specific roles for each tab. Thanks ! Hello, AbstractTab contains a Panel that extends Components. Try adding the annotation to the Panel. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TabbedPanel + authorization strategy
Hello, Thanks for the idea, but I already tried that.. The problem is that the panel is only created when the user clicks on the according tab, which in my case is too late. I don't want the tab to be printed if the user is not authorized. Fridolin Jackstadt wrote: Marieke Vandamme schrieb: Hello, Is it possible to use TabbedPanel from wicket extensions together with the wicket auth-roles? Because TabbedPanel contains AbstractTab (which do not extend Component), I didn't find a way to set the specific roles for each tab. Thanks ! Hello, AbstractTab contains a Panel that extends Components. Try adding the annotation to the Panel. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/TabbedPanel-%2B-authorization-strategy-tf4875256.html#a13951278 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TabbedPanel + authorization strategy
On Nov 26, 2007 6:56 AM, Marieke Vandamme [EMAIL PROTECTED] wrote: I don't want the tab to be printed if the user is not authorized. so dont add it to the list of itabs you give the panel... ? -igor Fridolin Jackstadt wrote: Marieke Vandamme schrieb: Hello, Is it possible to use TabbedPanel from wicket extensions together with the wicket auth-roles? Because TabbedPanel contains AbstractTab (which do not extend Component), I didn't find a way to set the specific roles for each tab. Thanks ! Hello, AbstractTab contains a Panel that extends Components. Try adding the annotation to the Panel. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/TabbedPanel-%2B-authorization-strategy-tf4875256.html#a13951278 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TabbedPanel + authorization strategy
On Nov 26, 2007 6:56 AM, Marieke Vandamme [EMAIL PROTECTED] wrote: Hello, Thanks for the idea, but I already tried that.. The problem is that the panel is only created when the user clicks on the according tab, which in my case is too late. I don't want the tab to be printed if the user is not authorized. Did you try something like: @AuthorizeAction(action = Action.RENDER, roles = Roles.ADMIN) on the tab? Eelco - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TabbedPanel + authorization strategy
That was my last solution, because i hoped it could be integrated with the auth-roles so i didn't have to check the role myself. Because if i'm right, before adding the tab to the list, i check with the role from the user's session? igor.vaynberg wrote: On Nov 26, 2007 6:56 AM, Marieke Vandamme [EMAIL PROTECTED] wrote: I don't want the tab to be printed if the user is not authorized. so dont add it to the list of itabs you give the panel... ? -igor Fridolin Jackstadt wrote: Marieke Vandamme schrieb: Hello, Is it possible to use TabbedPanel from wicket extensions together with the wicket auth-roles? Because TabbedPanel contains AbstractTab (which do not extend Component), I didn't find a way to set the specific roles for each tab. Thanks ! Hello, AbstractTab contains a Panel that extends Components. Try adding the annotation to the Panel. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/TabbedPanel-%2B-authorization-strategy-tf4875256.html#a13951278 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/TabbedPanel-%2B-authorization-strategy-tf4875256.html#a13965570 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TabbedPanel + authorization strategy
On Nov 26, 2007 10:38 PM, Marieke Vandamme [EMAIL PROTECTED] wrote: That was my last solution, because i hoped it could be integrated with the auth-roles so i didn't have to check the role myself. Because if i'm right, before adding the tab to the list, i check with the role from the user's session? So did you try using @AuthorizeAction(action = Action.RENDER, roles = Roles.ADMIN)? That way you could just add the panels and they wouldn't be rendered when the user isn't authorized. And you can keep the actual authorization code out of your normal component construction code. Eelco - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TabbedPanel + authorization strategy
That won't compile.. I guess because AbstractTab doesn't extends Component.. Eelco Hillenius wrote: On Nov 26, 2007 6:56 AM, Marieke Vandamme [EMAIL PROTECTED] wrote: Hello, Thanks for the idea, but I already tried that.. The problem is that the panel is only created when the user clicks on the according tab, which in my case is too late. I don't want the tab to be printed if the user is not authorized. Did you try something like: @AuthorizeAction(action = Action.RENDER, roles = Roles.ADMIN) on the tab? Eelco - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/TabbedPanel-%2B-authorization-strategy-tf4875256.html#a13965618 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TabbedPanel + authorization strategy
I tried that, but it won't compile. Maybe because AbstractTab doesn't extends Component? I can't add the @AuthorizeAction to the panel, because the panel is only created when the specific tab is clicked. Eelco Hillenius wrote: On Nov 26, 2007 10:38 PM, Marieke Vandamme [EMAIL PROTECTED] wrote: That was my last solution, because i hoped it could be integrated with the auth-roles so i didn't have to check the role myself. Because if i'm right, before adding the tab to the list, i check with the role from the user's session? So did you try using @AuthorizeAction(action = Action.RENDER, roles = Roles.ADMIN)? That way you could just add the panels and they wouldn't be rendered when the user isn't authorized. And you can keep the actual authorization code out of your normal component construction code. Eelco - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/TabbedPanel-%2B-authorization-strategy-tf4875256.html#a13965770 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]