Use cache is default true (i think by the constructor but i don't have
the code with me right now)
So you don't have to worry about that.
Maurice
On Thu, Feb 14, 2008 at 4:04 AM, Warren <[EMAIL PROTECTED]> wrote:
> I have started implementing your sugestions and I have a question. When I
> overide the method createHive() in PolicyFileHiveFactory do I need to set
> useHiveCache(true) if I am extending SimpleCachingHive.
>
> public Hive createHive()
> {
> // Do I need to do this
> super.useHiveCache(true);
> BasicHive hive = new MySimpleCachingHive();
> ...
> }
>
> Or should I set this method in my app after I create the factory.
>
> MyPolicyFileHiveFactory factory = new MyPolicyFileHiveFactory();
> factory.useHiveCache(true);
>
> Or should I even worry about this?
>
>
>
> > -----Original Message-----
> > From: Warren [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, February 13, 2008 4:30 PM
> > To: users@wicket.apache.org
>
>
> > Subject: RE: wicket-security Custom Access Denied Page
> >
> >
> > I think I am following your example correctly. What I will end up with is
> > the names of one or more principals that have the permission that was
> > denied. Those one or more principals will not belong to the
> > current subject.
> > Then I can use the names of those principals to construct a message. You
> > could end up with a permission that does not belong to any
> > principal. Strike
> > that, that would mean that no one would be able to access that
> > component. I
> > will give this a try. I am sure I will have more questions.
> >
> > Thanks,
> >
> > > -----Original Message-----
> > > From: Maurice Marrink [mailto:[EMAIL PROTECTED]
> > > Sent: Wednesday, February 13, 2008 2:56 PM
> > > To: users@wicket.apache.org
> > > Subject: Re: wicket-security Custom Access Denied Page
> > >
> > >
> > > It actually is a bit more trickier then that.
> > > Swarm does not check for principals it checks for permissions.
> > > The same permission might be shared by multiple principals.
> > > To get that information you need to dig deep.
> > > You can't wait for the wicket UnAuthorizedActionException since all it
> > > will tell you is the component and what wicket action was not
> > > authorized (although if you have a really simple policy you might
> > > figure it out with this information).
> > > Swarm can tell you, but truthfull the api lacks in that area, i'll see
> > > if i can fix this for 1.3.1.
> > >
> > > For now your best bet is probably to Subclass SwarmStrategy, override
> > > hasPermission(Permission). Most checks use this method but it is
> > > always possible for a custom ISecurityCheck to bypass this.
> > > public boolean hasPermission(Permission p)
> > > {
> > > if(!super.hasPermission(p)
> > > {
> > > //now we now the permission and we can find out which
> > principals have it
> > > //since the hive api does not give that info we need to use a custom
> > > hive, more on that later
> > > //for now do something like getHive().getPrincipals(p);
> > > //then we need to get the subject and check if it has any of those
> > > principals, the one (or more) that are missing are the one(s) we are
> > > interested in
> > > //use getSubject().getPrincipals()
> > > //store those principals somewhere in the requestcycle
> > > return false;
> > > }
> > > return true;
> > > }
> > > In order to use this new Strategy you need to extend
> > > SwarmStrategyFactory and overide newStrategy to return your subclass.
> > > Then you need to override setupStrategyFactory in your application to
> > > do setStrategyFactory(new MySwarmStrategyFactory(getHiveKey()));
> > >
> > > Next we need to extend our hive so we can ask it which principals
> > > belong to which permission (offcourse the hive already has this
> > > information but you can not access it)
> > > If you are using 1.3.0 rc1 you are probably using the
> > > SimpleCachingHive, extend it and override 2 methods
> > > addPrincipal(Principal , Collection ) and addPermission(Principal ,
> > > Permission )
> > > to record which principal has which permissions you can use a
> > > ManyToManyMap for this, it is also used internally the information
> > > recorded can then be exposed in a method like public Set<Principal>
> > > getPrincipals(Permission)
> > > This will duplicate all recordings but your other option is to copy
> > > BasicHive and SimpleCachingHive entirely and create the getPrincipals
> > > method.
> > >
> > > Either way you will need to use this new hive and to do that we need
> > > to extend PolicyFileHiveFactory (or SwarmPolicyFileHiveFactory if you
> > > are using the latest 1.3-snapshots), override the createHive() method.
> > > You can pretty much copy everything from PolicyFileHiveFactory except
> > > for the first 5 lines you need to create your own hive there. Also
> > > while copying you will run into a few private variables but you should
> > > be able to replace those with there getters (although i might have
> > > missed some, if that is the case you have to copy the entire class).
> > > In your application's setupHive method you are already creating the
> > > hivefactory, simply replace it with this custom one.
> > >
> > > And that should do the trick. Sorry the api is not more accommodating
> > > to your needs i'll see if i can make some improvements anytime soon
> > > for the 1.3-snapshot (1.3.1), but i also have to release 1.3.0 final
> > > sometime soon.
> > >
> > > Maurice
> > >
> > > P.S. i did not cover the part about providing the application with
> > > your own requestcycle but just look for newRequestCycle in your
> > > application ;)
> > >
> > >
> > > On Feb 13, 2008 6:49 PM, Igor Vaynberg <[EMAIL PROTECTED]> wrote:
> > > > stick that name into requestcycle's metadata, and pull it out in yoru
> > > > implementation of access denied page
> > > >
> > > > -igor
> > > >
> > > >
> > > >
> > > > On Feb 13, 2008 8:31 AM, Warren <[EMAIL PROTECTED]> wrote:
> > > > > I understand that, but what I want to do is create a message
> > > on that page
> > > > > that reads "Users in group xxx do not have access to yyy"
> > > where yyy would be
> > > > > the name of the principal that triggered the access denied. I
> > > need to get
> > > > > the name of that principal.
> > > > >
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Maurice Marrink [mailto:[EMAIL PROTECTED]
> > > > > > Sent: Wednesday, February 13, 2008 12:12 AM
> > > > > > To: users@wicket.apache.org
> > > > > > Subject: Re: wicket-security Custom Access Denied Page
> > > > > >
> > > > > >
> > > > > > In the init of your webapp do
> > > > > > getApplicationSettings().setAccessDeniedPage(MyPage.class)
> > > > > >
> > > > > > This is a wicket setting and not related to the security
> > framework.
> > > > > >
> > > > > > Maurice
> > > > > >
> > > > > > On Feb 12, 2008 7:50 PM, Warren
> > <[EMAIL PROTECTED]> wrote:
> > > > > > > How do you set-up a custom "access denied page" that has
> > > a message on it
> > > > > > > like "Users in group xxx do not have access to yyy"? I
> > > also want to have
> > > > > > > this page return to the previous page the user was on.
> > I am using
> > > > > > > wicket-security (wasp and swarm).
> > > > > > >
> > > > > > > Thanks,
> > > > > > >
> > > > > > > Warren Bell
> > > > > > >
> > > > > > >
> > > > > > >
> > > ---------------------------------------------------------------------
> > > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > ---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > > >
> > > > >
> > > > >
> > > > >
> > ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > >
> > > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
