Ok, i just finished a SecureContainerLink that should do what your
SecurePanelLink does, but it is a bit less complex. I haven't checked
it in yet or tested it for that matter but hope to hear from you if
this is what you meant. If so i will make it a part of wasp.
Maurice
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed
with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License,
Version 2.0
* (the "License"); you may not use this file except in compliance
with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.wicket.security.components.markup.html.links;
import org.apache.wicket.Component;
import org.apache.wicket.MarkupContainer;
import org.apache.wicket.WicketRuntimeException;
import org.apache.wicket.markup.html.link.Link;
import org.apache.wicket.model.IModel;
import org.apache.wicket.security.actions.AbstractWaspAction;
import org.apache.wicket.security.checks.ISecurityCheck;
import org.apache.wicket.security.checks.LinkSecurityCheck;
import org.apache.wicket.security.components.ISecureComponent;
import org.apache.wicket.security.components.SecureComponentHelper;
/**
* A secure link to handle panel replacements or any other type of
* [EMAIL PROTECTED] MarkupContainer}s. It is also usable as a link to switch
between 2 or
* more panels. Security is enforced on the replacing class.
*
* @author marrink
*/
public abstract class SecureContainerLink extends Link implements
ISecureComponent
{
/**
*
*/
private static final long serialVersionUID = 1L;
private Class replacementClass;
private MarkupContainer containerParent;
private String containerId;
/**
* Constructs a new replacement link.
*
* @param id
* id of the link
* @param replacementPanel
* the class of the container replacing the component
on the
* supplied parent
* @param parentOfReplaceablePanel
* the parent component where the replacement needs to
take place
* @param panelId
* the id of the component to be replaced
*/
public SecureContainerLink(String id, Class replacementPanel,
MarkupContainer parentOfReplaceablePanel, String
panelId)
{
this(id, null, replacementPanel, parentOfReplaceablePanel,
panelId);
}
/**
* Constructs a new replacement link.
*
* @param id
* id of the link
* @param object
* model of the link
* @param replacementPanel
* the class of the container replacing the component
on the
* supplied parent
* @param parentOfReplaceablePanel
* the parent component where the replacement needs to
take place
* @param panelId
* the id of the component to be replaced
*/
public SecureContainerLink(String id, IModel object, Class
replacementPanel,
MarkupContainer parentOfReplaceablePanel, String
panelId)
{
super(id, object);
setReplacementClass(replacementPanel);
if (parentOfReplaceablePanel == null)
throw new WicketRuntimeException("Parent required for
replacing
components.");
containerParent = parentOfReplaceablePanel;
if (panelId == null)
throw new WicketRuntimeException("Id required from
component to be
replaced.");
containerId = panelId;
}
/**
* Performs the replacement, only if an actual replacement was
constructed.
*
* @see org.apache.wicket.markup.html.link.Link#onClick()
* @see #getReplacementFor(Component, String, Class)
* @throws WicketRuntimeException
* if a problem occurs in replacing the container.
*/
public final void onClick()
{
Component replaceMe = containerParent.get(containerId);
if (replaceMe == null)
throw new WicketRuntimeException("unable to find child with
id: " +
containerId
+ " on parent: " + containerParent);
Class myReplacementClass = getReplacementClass();
MarkupContainer replacement = getReplacementFor(replaceMe,
containerId, myReplacementClass);
if (replacement == null)
return; // do nothing
if (!containerId.equals(replacement.getId()))
throw new WicketRuntimeException("The replacement does
not have the
specified id: "
+ containerId + ", but id: " +
replacement.getId());
if (myReplacementClass.isAssignableFrom(replacement.getClass()))
containerParent.replace(replacement);
else
throw new WicketRuntimeException("The replacement for "
+
containerId + " on "
+ containerParent + " is not assignable from " +
myReplacementClass);
}
/**
* Creates a replacement for a component. although the component
to be
* replaced does not need to be a [EMAIL PROTECTED] MarkupContainer} it
typically is.
* The replacement however does need to be a MarkupContainer, more
* specifically a (sub)class of replacementClass. Implementation
may choose
* at this point to do the next replacement with a different class
by using
* [EMAIL PROTECTED] #setReplacementClass(Class)} in order to create a switch
like
* behavior.
*
* @param current
* the component to be replaced
* @param id
* the id of the new container
* @param replacementClass
* the class of the replacement
* @return a new replacement or null if the original component is
not to be
* replaced
* @see #setReplacementClass(Class)
*/
protected abstract MarkupContainer getReplacementFor(Component
current, String id,
Class replacementClass);
/**
* Generates the securitycheck for this link. by default this is a
* [EMAIL PROTECTED] LinkSecurityCheck} but implementations may choose to
override
* this. Note that the returned LinkSecurityCheck should not be
placed in
* alternative rendering mode as this will completely change the
intended
* behavior.
*
* @return the securitycheck for this link or null if no security
is to be
* enforced
*/
protected ISecurityCheck generateSecurityCheck()
{
return new LinkSecurityCheck(this, getReplacementClass());
}
/**
* @see
org.apache.wicket.security.components.ISecureComponent#getSecurityChec
k()
*/
public ISecurityCheck getSecurityCheck()
{
return SecureComponentHelper.getSecurityCheck(this);
}
/**
* @see
org.apache.wicket.security.components.ISecureComponent#isActionAuthori
zed(java.lang.String)
*/
public boolean isActionAuthorized(String waspAction)
{
return SecureComponentHelper.isActionAuthorized(this,
waspAction);
}
/**
* @see
org.apache.wicket.security.components.ISecureComponent#isActionAuthori
zed(org.apache.wicket.security.actions.AbstractWaspAction)
*/
public boolean isActionAuthorized(AbstractWaspAction action)
{
return SecureComponentHelper.isActionAuthorized(this, action);
}
/**
* @see
org.apache.wicket.security.components.ISecureComponent#isAuthenticated
()
*/
public boolean isAuthenticated()
{
return SecureComponentHelper.isAuthenticated(this);
}
/**
* @see
org.apache.wicket.security.components.ISecureComponent#setSecurityChec
k(org.apache.wicket.security.checks.ISecurityCheck)
*/
public void setSecurityCheck(ISecurityCheck check)
{
SecureComponentHelper.setSecurityCheck(this, check);
}
/**
* Gets replacementClass.
*
* @return replacementClass
*/
protected final Class getReplacementClass()
{
return replacementClass;
}
/**
* Sets replacementClass. Note by changing the replacement class a
new
* securitycheck is automatically created.
*
* @param replacementClass
* replacementClass
* @see #generateSecurityCheck()
* @throws WicketRuntimeException
* if the class is null or not a [EMAIL PROTECTED]
MarkupContainer}
*/
protected final void setReplacementClass(Class replacementClass)
{
if (replacementClass == null ||
!MarkupContainer.class.isAssignableFrom(replacementClass))
throw new WicketRuntimeException("This link requires a
" +
MarkupContainer.class
+ ", not a " + replacementClass);
this.replacementClass = replacementClass;
setSecurityCheck(generateSecurityCheck());
}
}
On 9/11/07, Martijn Dashorst <[EMAIL PROTECTED]> wrote:
Create your custom request cycle, and add a getter that uses the
session's username/id to retrieve the user from the database, and
cache it locally.
Martijn
On 9/11/07, Anthony Schexnaildre <[EMAIL PROTECTED]> wrote:
This makes sense. Where would you stick the user on the
requestcycle?
It's not obvious from the javadocs. Is there a "wicket way"?
-Anthony
On Sep 11, 2007, at 10:05 AM, Maurice Marrink wrote:
Martijn, you are absolutely right, i forgot we moved the user
from the
session to the requestcycle. Just keep the id for your user in the
session and keep the actual user for this request in the
requestcycle.
This way each thread will have its own instance of the user.
Maurice
On 9/11/07, Martijn Dashorst <[EMAIL PROTECTED]> wrote:
Just a quick note: storing objects that are not thread safe in
your
session is asking for trouble. While Wicket does limit page
processing
to one request at a time, other requests like resources can run in
parallel. What does this mean?
One thing that comes to mind is that when two requests for the
same
session are being processed, and one is done before the other
it will
detach the user model. What are the semantics now for the other
thread?
For instance if you have a detachable model storing a User
object in
your session and use Hibernate you are in a world of hurt, or
rather
Hibernate will sometimes bork because your Session tries to attach
the
single User instance to multiple Hibernate Session objects.
Exceptions
will be having a party.
Now this is not meant as a Hibernate bashing reply, it just
happens
that Hibernate correctly detects multiple threads modifying the
same
object's state and stops tampering with it.
Martijn
--
Buy Wicket in Action: http://manning.com/dashorst
Apache Wicket 1.3.0-beta3 is released
Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.0-
beta3/
------------------------------------------------------------------
---
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-------------------------------------------------------------------
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Buy Wicket in Action: http://manning.com/dashorst
Apache Wicket 1.3.0-beta3 is released
Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.0-beta3/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]