Hi,
I tried to create a "SecureWebMarkupContainer" (contains a DataView, Label,..),
which should be only visible for authorized users. But although the user has
the permission "APPL_ADMIN", he cannot see the "resultHiddenPanel".
Within the hive I used the wicket id "resultHiddenPanel" to identify the
component, but within the logfile there's the message, that the component
"SecureWebMarkupContainer" (class name) is not found.
Perhaps do I have to create a subclass of SecureWebMarkupContainer for each
WebMarkupContainer component and add that classname to the hive ?
---
Code:
Hive:<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office"
/><o:p></o:p>
<o:p> </o:p>
01 // pages allowed for all users<o:p></o:p>
02 grant<o:p></o:p>
03 {<o:p></o:p>
04 permission ${ComponentPermission} "xxx.yyy.zzz.front.Login", "inherit,
render";<o:p></o:p>
05 permission ${ComponentPermission} "xxx.yyy.zzz.front.Login",
"enable";<o:p></o:p>
06 permission ${ComponentPermission} "xxx.yyy.zzz.front.Welcome", "inherit,
render";<o:p></o:p>
07 permission ${ComponentPermission} "xxx.yyy.zzz.front.Welcome",
"enable";<o:p></o:p>
08<o:p></o:p>
09 };<o:p></o:p>
10<o:p></o:p>
11 grant principal
org.apache.wicket.security.hive.authorization.SimplePrincipal
"APPL_ADMIN"<o:p></o:p>
12 { <o:p></o:p>
13 // Menu Administration - Product areas<o:p></o:p>
14 permission ${ComponentPermission} "xxx.yyy.zzz.front.ProductAreaListPage",
"inherit, render";<o:p></o:p>
15 permission ${ComponentPermission} "xxx.yyy.zzz.front.ProductAreaListPage",
"enable";<o:p></o:p>
16 <o:p></o:p>
17 // Product area list page - Hidden panel<o:p></o:p>
18 permission ${ComponentPermission}
"xxx.yyy.zzz.front.ProductAreaListPage:resultHiddenPanel", "inherit, render,
enable";<o:p></o:p>
19 permission ${ComponentPermission}
"xxx.yyy.zzz.front.ProductAreaListPage:resultHiddenPanel", "enable";<o:p></o:p>
20 };<o:p></o:p>
21<o:p></o:p>
22<o:p></o:p>
<o:p> </o:p>
<o:p> </o:p>
Application.log<o:p></o:p>
<o:p> </o:p>
2008-05-13 12:26:14,566 DEBUG
org.apache.wicket.security.hive.config.PolicyFileHiveFactory.skipLine(PolicyFileHiveFactory.java:949)
- skipping line 1: // pages allowed for all users<o:p></o:p>
2008-05-13 12:26:14,566 DEBUG
org.apache.wicket.security.hive.config.PolicyFileHiveFactory.resolveAliases(PolicyFileHiveFactory.java:294)
- resolved alias: ComponentPermission to
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission<o:p></o:p>
2008-05-13 12:26:14,566 DEBUG
org.apache.wicket.security.hive.config.PolicyFileHiveFactory.resolveAliases(PolicyFileHiveFactory.java:294)
- resolved alias: ComponentPermission to
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission<o:p></o:p>
2008-05-13 12:26:14,566 DEBUG
org.apache.wicket.security.hive.config.PolicyFileHiveFactory.resolveAliases(PolicyFileHiveFactory.java:294)
- resolved alias: ComponentPermission to
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission<o:p></o:p>
2008-05-13 12:26:14,566 DEBUG
org.apache.wicket.security.hive.config.PolicyFileHiveFactory.resolveAliases(PolicyFileHiveFactory.java:294)
- resolved alias: ComponentPermission to
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission<o:p></o:p>
2008-05-13 12:26:14,566 DEBUG
org.apache.wicket.security.hive.config.PolicyFileHiveFactory.skipLine(PolicyFileHiveFactory.java:949)
- skipping line 8: <o:p></o:p>
2008-05-13 12:26:14,566 DEBUG
org.apache.wicket.security.hive.BasicHive.addPrincipal(BasicHive.java:108) -
Adding
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"xxx.yyy.zzz.front.Login" "access, inherit, render" to everybody<o:p></o:p>
2008-05-13 12:26:14,566 DEBUG
org.apache.wicket.security.hive.BasicHive.addPrincipal(BasicHive.java:108) -
Adding
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"xxx.yyy.zzz.front.Welcome" "access, render, enable" to everybody<o:p></o:p>
2008-05-13 12:26:14,566 DEBUG
org.apache.wicket.security.hive.BasicHive.addPrincipal(BasicHive.java:108) -
Adding
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"xxx.yyy.zzz.front.Welcome" "access, inherit, render" to everybody<o:p></o:p>
2008-05-13 12:26:14,566 DEBUG
org.apache.wicket.security.hive.BasicHive.addPrincipal(BasicHive.java:108) -
Adding
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"xxx.yyy.zzz.front.Login" "access, render, enable" to everybody<o:p></o:p>
2008-05-13 12:26:14,566 DEBUG
org.apache.wicket.security.hive.config.PolicyFileHiveFactory.skipLine(PolicyFileHiveFactory.java:949)
- skipping line 10: <o:p></o:p>
2008-05-13 12:26:14,566 DEBUG
org.apache.wicket.security.hive.config.PolicyFileHiveFactory.skipLine(PolicyFileHiveFactory.java:949)
- skipping line 13: // Menu Administration - Product areas<o:p></o:p>
2008-05-13 12:26:14,581 DEBUG
org.apache.wicket.security.hive.config.PolicyFileHiveFactory.resolveAliases(PolicyFileHiveFactory.java:294)
- resolved alias: ComponentPermission to
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission<o:p></o:p>
2008-05-13 12:26:14,581 DEBUG
org.apache.wicket.security.hive.config.PolicyFileHiveFactory.resolveAliases(PolicyFileHiveFactory.java:294)
- resolved alias: ComponentPermission to
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission<o:p></o:p>
2008-05-13 12:26:14,581 DEBUG
org.apache.wicket.security.hive.config.PolicyFileHiveFactory.skipLine(PolicyFileHiveFactory.java:949)
- skipping line 16: <o:p></o:p>
2008-05-13 12:26:14,581 DEBUG
org.apache.wicket.security.hive.config.PolicyFileHiveFactory.skipLine(PolicyFileHiveFactory.java:949)
- skipping line 17: // Product area list page - Hidden panel<o:p></o:p>
2008-05-13 12:26:14,581 DEBUG
org.apache.wicket.security.hive.config.PolicyFileHiveFactory.resolveAliases(PolicyFileHiveFactory.java:294)
- resolved alias: ComponentPermission to
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission<o:p></o:p>
2008-05-13 12:26:14,581 DEBUG
org.apache.wicket.security.hive.config.PolicyFileHiveFactory.resolveAliases(PolicyFileHiveFactory.java:294)
- resolved alias: ComponentPermission to
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission<o:p></o:p>
2008-05-13 12:26:14,581 DEBUG
org.apache.wicket.security.hive.BasicHive.addPrincipal(BasicHive.java:108) -
Adding
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"xxx.yyy.zzz.front.ProductAreaListPage" "access, inherit, render" to [EMAIL
PROTECTED]<o:p></o:p>
2008-05-13 12:26:14,581 DEBUG
org.apache.wicket.security.hive.BasicHive.addPrincipal(BasicHive.java:108) -
Adding
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"*xxx.yyy.zzz.front.ProductAreaListPage:resultHiddenPanel*" "access, render,
enable" to [EMAIL PROTECTED]<o:p></o:p>
2008-05-13 12:26:14,581 DEBUG
org.apache.wicket.security.hive.BasicHive.addPrincipal(BasicHive.java:108) -
Adding
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"*xxx.yyy.zzz.front.ProductAreaListPage:resultHiddenPanel*" "access, inherit,
render, enable" to [EMAIL PROTECTED]<o:p></o:p>
2008-05-13 12:26:14,581 DEBUG
org.apache.wicket.security.hive.BasicHive.addPrincipal(BasicHive.java:108) -
Adding
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"xxx.yyy.zzz.front.ProductAreaListPage" "access, render, enable" to [EMAIL
PROTECTED]<o:p></o:p>
2008-05-13 12:26:14,581 DEBUG
org.apache.wicket.security.hive.config.PolicyFileHiveFactory.skipLine(PolicyFileHiveFactory.java:949)
- skipping line 21: <o:p></o:p>
2008-05-13 12:26:14,581 DEBUG
org.apache.wicket.security.hive.config.PolicyFileHiveFactory.skipLine(PolicyFileHiveFactory.java:949)
- skipping line 22: <o:p></o:p>
<o:p> </o:p>
<o:p> </o:p>
2008-05-13 12:26:31,741 DEBUG
org.apache.wicket.security.hive.BasicHive.hasPermission(BasicHive.java:214) -
Subjects[HashKey: 821489378, sortOrder 0 = [EMAIL PROTECTED] implies
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"xxx.yyy.zzz.front.Welcome" "access"<o:p></o:p>
<o:p> </o:p>
<o:p> </o:p>
2008-05-13 12:26:31,960 DEBUG
org.apache.wicket.security.hive.BasicHive.hasPermission(BasicHive.java:214) -
Subjects[HashKey: 821489378, sortOrder 0 = [EMAIL PROTECTED] implies
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"xxx.yyy.zzz.front.Welcome" "access, render"<o:p></o:p>
2008-05-13 12:26:31,960 DEBUG
org.apache.wicket.security.hive.BasicHive.hasPermission(BasicHive.java:188) -
Subjects[HashKey: 821489378, sortOrder 0 = [EMAIL PROTECTED] has a cached match
for
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"xxx.yyy.zzz.front.Welcome" "access, render", result true<o:p></o:p>
<o:p> </o:p>
2008-05-13 12:26:31,960 DEBUG
org.apache.wicket.security.hive.BasicHive.hasPermission(BasicHive.java:214) -
Subjects[HashKey: 821489378, sortOrder 0 = [EMAIL PROTECTED] implies
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"xxx.yyy.zzz.front.ProductAreaListPage" "access, render"<o:p></o:p>
<o:p> </o:p>
<o:p> </o:p>
2008-05-13 12:26:32,178 DEBUG
org.apache.wicket.security.hive.BasicHive.hasPermission(BasicHive.java:195) -
Subjects[HashKey: 821489378, sortOrder 0 = [EMAIL PROTECTED] has an exact match
for
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"xxx.yyy.zzz.front.ProductAreaListPage" "access, render, enable"<o:p></o:p>
<o:p> </o:p>
2008-05-13 12:26:32,178 DEBUG
org.apache.wicket.security.hive.BasicHive.hasPermission(BasicHive.java:188) -
Subjects[HashKey: 821489378, sortOrder 0 = [EMAIL PROTECTED] has a cached match
for
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"xxx.yyy.zzz.front.ProductAreaListPage" "access, render, enable", result
true<o:p></o:p>
<o:p> </o:p>
2008-05-13 12:26:32,178 DEBUG
org.apache.wicket.security.hive.BasicHive.hasPermission(BasicHive.java:188) -
Subjects[HashKey: 821489378, sortOrder 0 = [EMAIL PROTECTED] has a cached match
for
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"xxx.yyy.zzz.front.ProductAreaListPage" "access, render, enable", result
true<o:p></o:p>
<o:p> </o:p>
2008-05-13 12:26:35,582 DEBUG
org.apache.wicket.security.hive.BasicHive.hasPermission(BasicHive.java:214) -
Subjects[HashKey: 821489378, sortOrder 0 = [EMAIL PROTECTED] implies
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"xxx.yyy.zzz.front.ProductAreaListPage" "access"<o:p></o:p>
<o:p> </o:p>
2008-05-13 12:26:35,613 DEBUG
org.apache.wicket.security.hive.BasicHive.hasPermission(BasicHive.java:188) -
Subjects[HashKey: 821489378, sortOrder 0 = [EMAIL PROTECTED] has a cached match
for
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"xxx.yyy.zzz.front.ProductAreaListPage" "access, render", result true<o:p></o:p>
<o:p> </o:p>
2008-05-13 12:26:35,613 DEBUG
org.apache.wicket.security.hive.BasicHive.hasPermission(BasicHive.java:188) -
Subjects[HashKey: 821489378, sortOrder 0 = [EMAIL PROTECTED] has a cached match
for
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"xxx.yyy.zzz.front.ProductAreaListPage" "access, render", result true<o:p></o:p>
<o:p> </o:p>
2008-05-13 12:26:35,629 DEBUG
org.apache.wicket.security.hive.BasicHive.hasPermission(BasicHive.java:188) -
Subjects[HashKey: 821489378, sortOrder 0 = [EMAIL PROTECTED] has a cached match
for
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"xxx.yyy.zzz.front.ProductAreaListPage" "access, render", result true<o:p></o:p>
<o:p> </o:p>
2008-05-13 12:26:35,629 DEBUG
org.apache.wicket.security.hive.BasicHive.hasPermission(BasicHive.java:221) -
Subjects[HashKey: 821489378, sortOrder 0 = [EMAIL PROTECTED] does not have or
implies
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"*xxx.yyy.zzz.front.security.SecureWebMarkupContainer*" "access,
render"<o:p></o:p>
<o:p> </o:p>
2008-05-13 12:26:37,237 DEBUG
org.apache.wicket.security.hive.BasicHive.hasPermission(BasicHive.java:188) -
Subjects[HashKey: 821489378, sortOrder 0 = [EMAIL PROTECTED] has a cached match
for
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"xxx.yyy.zzz.front.ProductAreaListPage" "access, render", result true<o:p></o:p>
<o:p> </o:p>
2008-05-13 12:26:37,346 DEBUG
org.apache.wicket.security.hive.BasicHive.hasPermission(BasicHive.java:188) -
Subjects[HashKey: 821489378, sortOrder 0 = [EMAIL PROTECTED] has a cached match
for
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"xxx.yyy.zzz.front.ProductAreaListPage" "access, render", result true<o:p></o:p>
<o:p> </o:p>
2008-05-13 12:26:37,346 DEBUG
org.apache.wicket.security.hive.BasicHive.hasPermission(BasicHive.java:188) -
Subjects[HashKey: 821489378, sortOrder 0 = [EMAIL PROTECTED] has a cached match
for
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"xxx.yyy.zzz.front.ProductAreaListPage" "access, render", result true<o:p></o:p>
<o:p> </o:p>
2008-05-13 12:26:37,362 DEBUG
org.apache.wicket.security.hive.BasicHive.hasPermission(BasicHive.java:188) -
Subjects[HashKey: 821489378, sortOrder 0 = [EMAIL PROTECTED] has a cached match
for
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"*xxx.yyy.zzz.front.security.SecureWebMarkupContainer*" "access, render",
result false<o:p></o:p>
<o:p> </o:p>
<o:p> </o:p>
<o:p> </o:p>
<o:p> </o:p>
<o:p> </o:p>
ProductAreaListPage.html <o:p></o:p>
<o:p> </o:p>
<o:p></o:p>
<div wicket:id="resultHiddenPanel"><o:p></o:p>
<h3 style="margin-top:20pt;">Hidden/Deleted Items</h3><o:p></o:p>
<span style="font-size:75%"><o:p></o:p>
<span wicket:id="productAreaHiddenNavigator">[PagingNavigator
[|<][<]]</span><o:p></o:p>
Results: <span wicket:id="resultHiddenCountLabel">[Number of
results]</span><o:p></o:p>
</span><o:p></o:p>
<o:p></o:p>
<table class="list"><o:p></o:p>
<tr class="list"><o:p></o:p>
<th>ID</th><o:p></o:p>
<th>Name</th><o:p></o:p>
<th>Description</th><o:p></o:p>
<th> </th><o:p></o:p>
<th> </th><o:p></o:p>
</tr><o:p></o:p>
<tr wicket:id="productAreaHiddenTable" class="list"><o:p></o:p>
<td><span wicket:id="id">[id]</span></td><o:p></o:p>
<td><span wicket:id="name">[name]</span></td><o:p></o:p>
<td><span wicket:id="description">[description]</span></td><o:p></o:p>
<td><span wicket:id="status">[status]</span></td><o:p></o:p>
<td><a
wicket:id="reactivateProductAreaLink">Reactivate…</a></td><o:p></o:p>
</tr><o:p></o:p>
</table><o:p></o:p>
</div><o:p></o:p>
<o:p></o:p>
<o:p> </o:p>
ProductAreaListPage.java<o:p></o:p>
<o:p> </o:p>
*public* *class* ProductAreaListPage *extends* SecuredBasePage<o:p></o:p>
{<o:p></o:p>
<o:p></o:p>
*private* SecureWebMarkupContainer resultHiddenPanel;<o:p></o:p>
<o:p> </o:p>
*public* ProductAreaListPage() {<o:p></o:p>
<o:p> </o:p>
resultHiddenPanel = *new*
SecureWebMarkupContainer("resultHiddenPanel");<o:p></o:p>
<o:p> </o:p>
//
add DataView, Label,
to resultHiddenPanel<o:p></o:p>
<o:p> </o:p>
add(resultHiddenPanel);<o:p></o:p>
<o:p></o:p>
}<o:p></o:p>
<o:p></o:p>
}<o:p></o:p>
<o:p> </o:p>
<o:p> </o:p>
SecureWebMarkupContainer.java<o:p></o:p>
<o:p> </o:p>
*package* xxx.yyy.zzz.front.security;<o:p></o:p>
<o:p> </o:p>
*public* *class* SecureWebMarkupContainer *extends* WebMarkupContainer
*implements* ISecureContainer<o:p></o:p>
{<o:p></o:p>
<o:p> </o:p>
<o:p></o:p>
*private* *static* *final* *long* /serialVersionUID/ = 1L;<o:p></o:p>
<o:p> </o:p>
<o:p></o:p>
*public* SecureWebMarkupContainer(String id)<o:p></o:p>
{<o:p></o:p>
*super*(id);<o:p></o:p>
setSecurityCheck(*new* ContainerSecurityCheck(*this*));<o:p></o:p>
}<o:p></o:p>
<o:p> </o:p>
<o:p></o:p>
*public* SecureWebMarkupContainer(String id, IModel model)<o:p></o:p>
{<o:p></o:p>
*super*(id, model);<o:p></o:p>
setSecurityCheck(*new* ContainerSecurityCheck(*this*));<o:p></o:p>
}<o:p></o:p>
<o:p> </o:p>
<o:p></o:p>
*public* ISecurityCheck getSecurityCheck()<o:p></o:p>
{<o:p></o:p>
*return* SecureComponentHelper./getSecurityCheck/(*this*);<o:p></o:p>
}<o:p></o:p>
<o:p> </o:p>
<o:p></o:p>
*public* *boolean* isActionAuthorized(String waspAction)<o:p></o:p>
{<o:p></o:p>
*return* SecureComponentHelper./isActionAuthorized/(*this*,
waspAction);<o:p></o:p>
}<o:p></o:p>
<o:p> </o:p>
<o:p></o:p>
*public* *boolean* isActionAuthorized(WaspAction action)<o:p></o:p>
{<o:p></o:p>
*return* SecureComponentHelper./isActionAuthorized/(*this*, action);<o:p></o:p>
}<o:p></o:p>
<o:p> </o:p>
<o:p></o:p>
*public* *boolean* isAuthenticated()<o:p></o:p>
{<o:p></o:p>
*return* SecureComponentHelper./isAuthenticated/(*this*);<o:p></o:p>
}<o:p></o:p>
<o:p> </o:p>
<o:p></o:p>
*public* *void* setSecurityCheck(ISecurityCheck check)<o:p></o:p>
{<o:p></o:p>
SecureComponentHelper./setSecurityCheck/(*this*, check);<o:p></o:p>
}<o:p></o:p>
<o:p> </o:p>
}<o:p></o:p>
<o:p> </o:p>
<o:p></o:p>
----
Maurice,
thank's for the quick reply to my first question ! Should I (or could you)
delete this question from the "Getting started with SWARM" page, as it was the
wrong place to post the question ?
Thanks
Andrea
Jetzt neu! Schützen Sie Ihren PC mit McAfee und WEB.DE. 30 Tage
kostenlos testen. *http://www.pc-sicherheit.web.de/startseite/?mc=022220*
[http://www.pc-sicherheit.web.de/startseite/?mc=022220]
