Maurice,
Here is my SimpleCachingHive and my Principal. I did not extend Permissin, I
didn't think I had to. I pretty much based my implementation on you tabs
example minus the tabs. Should I extend Permission and override hashCode()
and equals(Object obj). And if I do, how do I force my hive to use my
extended Permission?
import java.util.Collection;
import java.util.Iterator;
import java.util.Set;
import org.apache.wicket.security.hive.SimpleCachingHive;
import org.apache.wicket.security.hive.authorization.Permission;
import org.apache.wicket.security.hive.authorization.Principal;
import org.apache.wicket.security.util.ManyToManyMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class ScanManSimpleCachingHive extends SimpleCachingHive
{
final Logger log =
LoggerFactory.getLogger(ScanManSimpleCachingHive.class);
public ScanManSimpleCachingHive()
{
super();
}
private ManyToManyMap hivePrincipalsAndPermissions = new
ManyToManyMap();
public void addPrincipal(Principal principal, Collection permissions)
{
super.addPrincipal(principal, permissions);
boolean debug = log.isDebugEnabled();
Iterator iterator = permissions.iterator();
Permission permission = null;
while (iterator.hasNext())
{
permission = (Permission)iterator.next();
// Does not work
// hivePrincipalsAndPermissions.add(permission,
principal);
// Does work
hivePrincipalsAndPermissions.add(permission.getName(),
principal);
}
}
public void addPermission(Principal principal, Permission permission)
{
super.addPermission(principal, permission);
// Does not work
// hivePrincipalsAndPermissions.add(permission, principal);
// Does work
hivePrincipalsAndPermissions.add(permission.getName(),
principal);
}
public Set<Principal> getPrincipals(Permission p)
{
// Does not work
// return hivePrincipalsAndPermissions.get(p);
// Does work
return hivePrincipalsAndPermissions.get(p.getName());
}
}
import org.apache.wicket.security.hive.authentication.Subject;
import org.apache.wicket.security.hive.authorization.Principal;
public class ScanManPrincipal implements Principal
{
private static final long serialVersionUID = 1L;
private String name;
/**
*
* Construct.
*
* @param name
*/
public ScanManPrincipal(String name)
{
super();
this.name = name;
if (name == null)
throw new IllegalArgumentException("Name must be
specified");
}
/**
* @see
org.apache.wicket.security.hive.authorization.Principal#getName()
*/
public String getName()
{
return name;
}
/**
* @see
org.apache.wicket.security.hive.authorization.Principal#implies(Subject)
*/
public boolean implies(Subject subject)
{
// no inheritance structure in these principals.
return false;
}
/**
*
* @see java.lang.Object#toString()
*/
public String toString()
{
return getClass().getName() + ": " + getName();
}
/**
* generated hash based on class and name.
*
* @see java.lang.Object#hashCode()
*/
public int hashCode()
{
final int PRIME = 31;
int result = 1;
result = PRIME * result + ((name == null) ? 0 :
name.hashCode());
result = PRIME * result + getClass().hashCode();
return result;
}
/**
*
*
* @see java.lang.Object#equals(java.lang.Object)
*/
public boolean equals(Object obj)
{
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
final ScanManPrincipal other = (ScanManPrincipal)obj;
if (name == null)
{
if (other.name != null)
return false;
}
else if (!name.equals(other.name))
return false;
return true;
}
}
> -----Original Message-----
> From: Maurice Marrink [mailto:[EMAIL PROTECTED]
> Sent: Friday, February 15, 2008 12:49 AM
> To: [email protected]
> Subject: Re: wicket-security Custom Access Denied Page
>
>
> That is very strange, it should work doing it your way but my way
> should work too since that is exactly what the hive itself is doing.
> It might be caused by the equal or hashcode of your permission /
> principal but then the authorization by the hive should fail too.
> Would you mind pasting your principal and permission class here?
> The hive file should not matter but could you paste it too.
>
> Thanks,
>
> Maurice
>
>
> On Fri, Feb 15, 2008 at 4:14 AM, Warren
> <[EMAIL PROTECTED]> wrote:
> > Maurice,
> >
> > I had to make some changes in order for it to work. I added
> the Permission
> > names to the ManyToManyMap instead of the Permission itself
> and then query
> > the map by the Permission name. It would not return any Principals the
> > original way. The hive file I am testing with only has three
> Principals with
> > one Permission each. Will there be a problem doing it this
> way? Other than
> > that it seems to be working ok.
> >
> > I am doing this:
> >
> >
> > public void addPrincipal(Principal principal,
> Collection permissions)
> > {
> > super.addPrincipal(principal, permissions);
> > boolean debug = log.isDebugEnabled();
> > Iterator iterator = permissions.iterator();
> > Permission permission = null;
> > while (iterator.hasNext())
> > {
> > permission = (Permission)iterator.next();
> >
> hivePrincipalsAndPermissions.add(permission.getName(), principal);
> >
> > }
> > }
> >
> > public void addPermission(Principal principal,
> Permission permission)
> > {
> > super.addPermission(principal, permission);
> >
> hivePrincipalsAndPermissions.add(permission.getName(), principal);
> >
> > }
> >
> > public Set<Principal> getPrincipals(Permission p)
> > {
> > return hivePrincipalsAndPermissions.get(p.getName());
> > }
> >
> > Instead of this:
> >
> >
> > public void addPrincipal(Principal principal,
> Collection permissions)
> > {
> > super.addPrincipal(principal, permissions);
> > boolean debug = log.isDebugEnabled();
> > Iterator iterator = permissions.iterator();
> > Permission permission = null;
> > while (iterator.hasNext())
> > {
> > permission = (Permission)iterator.next();
> >
> hivePrincipalsAndPermissions.add(permission, principal);
> > }
> > }
> >
> >
> > public void addPermission(Principal principal,
> Permission permission)
> > {
> > super.addPermission(principal, permission);
> >
> > hivePrincipalsAndPermissions.add(permission, principal);
> > }
> >
> > public Set<Principal> getPrincipals(Permission p)
> > {
> > return hivePrincipalsAndPermissions.get(p);
> > }
> >
> > Thanks,
> >
> >
> > > -----Original Message-----
> > > From: Maurice Marrink [mailto:[EMAIL PROTECTED]
> >
> >
> > > Sent: Thursday, February 14, 2008 11:37 AM
> > > To: [email protected]
> > > Subject: Re: wicket-security Custom Access Denied Page
> > >
> > >
> > > Nope, you are correct.
> > > My mind must have been on vacation when i wrote that :)
> > >
> > > Sorry for the confusion.
> > >
> > > Maurice
> > >
> > > On Thu, Feb 14, 2008 at 8:32 PM, Warren
> > > <[EMAIL PROTECTED]> wrote:
> > > > Maurice,
> > > >
> > > > When you say:
> > > >
> > > >
> > > > > Also don't forget to filter the principals from the
> hive with the
> > > > > principals contained in your subject. you are only
> interested in the
> > > > > principals not contained in your hive.
> > > >
> > > > Haven't we allready done that when we check if the permission
> > > has failed
> > > > when the super.hasPermission(...) returns false. And when we call
> > > > ((MySimpleCachingHive)getHive()).getPrincipals(p) we are going
> > > to get all
> > > > the Principals that have the Permission p in it from the hive
> > > that do not
> > > > belong to the Subject since that Permission has allready been
> > > checked to see
> > > > if it belongs to a Principal that belongs to the Subect in the
> > > > super.hasPermission(...). Or am I missing how this all works?
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: Maurice Marrink [mailto:[EMAIL PROTECTED]
> > > >
> > > > > Sent: Thursday, February 14, 2008 10:49 AM
> > > > > To: [email protected]
> > > > > Subject: Re: wicket-security Custom Access Denied Page
> > > > >
> > > > >
> > > >
> > > >
> > > > > On Thu, Feb 14, 2008 at 7:13 PM, Warren
> > > > > <[EMAIL PROTECTED]> wrote:
> > > > > > Maurice,
> > > > > >
> > > > > > I have a couple more questions. In my MySwarmStrategy
> > > > > hasPermission(...)
> > > > > > method I only have to look up the principals that have the
> > > > > denied permission
> > > > > > in them, correct?
> > > > >
> > > > > Correct
> > > > >
> > > > > >Here is my overide hasPermission(...) method:
> > > > > >
> > > > > >
> > > > > > public boolean hasPermission(Permission p)
> > > > > > {
> > > > > > if (!super.hasPermission(p))
> > > > > > {
> > > > > > if
> > > > > (getHive().getClass().isInstance(MySimpleCachingHive.class))
> > > > > > {
> > > > > > Set<Principal>
> hivePrincipals =
> > > > > > ((MySimpleCachingHive)getHive()).getPrincipals(p);
> > > > > > // Place Set of Principals in
> > > > > the requestcycle or should I just place
> > > > > > the Principal names in //
> > > > > requestcycle ?
> > > > >
> > > > > This depends on how much information you want to use in your
> > > > > accessdenied page if the name is all you need then by
> all means just
> > > > > pass the names.
> > > > > Also don't forget to filter the principals from the
> hive with the
> > > > > principals contained in your subject. you are only
> interested in the
> > > > > principals not contained in your hive.
> > > > >
> > > > > > }
> > > > > > return false;
> > > > > > }
> > > > > > return true;
> > > > > > }
> > > > > >
> > > > > > I had to copy the whole PolicyFileHiveFactory I don't think I
> > > > > could get to
> > > > > > "private Set inputStreams" or "private Set inputReaders"
> > > correctly.
> > > > >
> > > > > There are getStreams and getReaders methods but they
> return a read
> > > > > only view and thus will not allow you to clear them, ok.
> > > > >
> > > > > >Here is
> > > > > > my createHive() method:
> > > > > >
> > > > > > public Hive createHive()
> > > > > > {
> > > > > > BasicHive hive;
> > > > > > if (isUsingHiveCache())
> > > > > > hive = new MySimpleCachingHive();
> > > > > > else
> > > > > > hive = new BasicHive();
> > > > > > ...
> > > > > > }
> > > > > >
> > > > > > I only changed the one line above. In my app I am doing this:
> > > > > >
> > > > > >
> > > > > > MyPolicyFileHiveFactory factory = new
> > > MyPolicyFileHiveFactory();
> > > > > > factory.useHiveCache(true);
> > > > > >
> > > > > > Will the line above make sure that my
> MySimpleCachingHive will
> > > > > be used or is
> > > > > > it possible for useHiveCache(false) to be used
> somewhere else?
> > > > >
> > > > > This will do fine, remember you are the only one in
> control of the
> > > > > policy factory. As soon as you pass it to
> HiveMind.registerHive the
> > > > > createHive method is called, after that it is discarded.
> > > > > BTW the default setting for useCache is true, but it
> does not hurt to
> > > > > explicitly set it.
> > > > >
> > > > > >
> > > > > > Last question. I am not quite sure what to do in
> > > > > MySimpleCachingHive. I know
> > > > > > this is an unrelated question, but I am not sure how
> to use your
> > > > > > ManyToManyMap. I also am not sure when the
> addPrincipal(...) and
> > > > > > addPermission(...) methods are called. Do one or the
> other get
> > > > > called per
> > > > > > Principal that is in the hive? And, will I Load up the
> > > > > ManyToManyMap within
> > > > > > these two methods ending up with this ManyToManyMap that will
> > > > > have all the
> > > > > > Pricipals of the hive with their associated
> Permissions in them?
> > > > >
> > > > > Either or both are called once or multiple times for
> each principal,
> > > > > depending on how your policy is set up.
> > > > > Anyway it does not matter how often each method is
> called since the
> > > > > ManyToManyMap will fold everything together for you.
> > > > >
> > > > > >
> > > > > > Here is my MySimpleCachingHive:
> > > > > >
> > > > > > public class MySimpleCachingHive extends SimpleCachingHive
> > > > > > {
> > > > > > ...
> > > > > >
> > > > > > private ManyToManyMap hivePrincipalsAndPermissions;
> > > > > >
> > > > > > public void addPrincipal(Principal principal,
> > > > > Collection permissions)
> > > > > > {
> > > > > > super.addPrincipal(principal, permissions);
> > > > > > // Load hivePrincipalsAndPermissions ?
> > > > >
> > > > > Iterator it = permissions.iterator();
> > > > > Permission next = null;
> > > > > boolean debug = log.isDebugEnabled();
> > > > > while (it.hasNext())
> > > > > {
> > > > > next = (Permission)it.next();
> > > > > hivePrincipalsAndPermissions.add(next,
> > > principal);
> > > > > }
> > > > >
> > > > > > }
> > > > > >
> > > > > > public void addPermission(Principal principal,
> > > > > Permission permission)
> > > > > > {
> > > > > > super.addPermission(principal, permission);
> > > > > > // Load hivePrincipalsAndPermissions ?
> > > > >
> > > > > hivePrincipalsAndPermissions
> > > > > .add(permission, principal);
> > > > >
> > > > > > }
> > > > > >
> > > > > > public Set<Principal> getPrincipals(Permission p)
> > > > > > {
> > > > > > // Return Set of Principals related
> to permission
> > > > >
> > > > > return hivePrincipalsAndPermissions.get(p)
> > > > > > }
> > > > > >
> > > > > > }
> > > > >
> > > > > Maurice
> > > > >
> > > >
> > > >
> > > > >
> ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > >
> > > >
> > > >
> > > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
