Ok, so i did some testing (and in the process found another bug,
unrelated to your issue :)), but i could not reproduce your permission
denied.
Here is my simple setup:
public class ContainerPage2 extends SecureWebPage
{
/**
* Construct.
*/
public ContainerPage2()
{
add(new Label("label", "always visible"));
SecureMarkupContainer container = new
SecureMarkupContainer("secure");
container.add(new Label("hidden", "hidden label"));
add(container);
}
/**
* Simple secure container.
*
* @author marrink
*/
private static final class SecureMarkupContainer extends
WebMarkupContainer
implements
ISecureComponent
{
/**
*
*/
private static final long serialVersionUID = 1L;
/**
*
* Construct.
*
* @param id
*/
public SecureMarkupContainer(String id)
{
super(id);
setSecurityCheck(new ContainerSecurityCheck(this));
}
/**
*
* @see
org.apache.wicket.security.components.ISecureComponent#getSecurityCheck()
*/
public ISecurityCheck getSecurityCheck()
{
return SecureComponentHelper.getSecurityCheck(this);
}
/**
*
* @see
org.apache.wicket.security.components.ISecureComponent#isActionAuthorized(java.lang.String)
*/
public boolean isActionAuthorized(String waspAction)
{
return SecureComponentHelper.isActionAuthorized(this,
waspAction);
}
/**
*
* @see
org.apache.wicket.security.components.ISecureComponent#isActionAuthorized(org.apache.wicket.security.actions.WaspAction)
*/
public boolean isActionAuthorized(WaspAction action)
{
return SecureComponentHelper.isActionAuthorized(this,
action);
}
/**
*
* @see
org.apache.wicket.security.components.ISecureComponent#isAuthenticated()
*/
public boolean isAuthenticated()
{
return SecureComponentHelper.isAuthenticated(this);
}
/**
*
* @see
org.apache.wicket.security.components.ISecureComponent#setSecurityCheck(org.apache.wicket.security.checks.ISecurityCheck)
*/
public void setSecurityCheck(ISecurityCheck check)
{
SecureComponentHelper.setSecurityCheck(this, check);
}
}
}
and my policy file looks like this:
grant principal ${SimplePrincipal} "container4"
{
//this does not permit secure components on a ContainerPage2 to be visible
permission ${ComponentPermission} "${myPackage}.ContainerPage2",
"render";
permission ${ComponentPermission} "${myPackage}.ContainerPage2",
"enable";
};
grant principal ${SimplePrincipal} "container5"
{
//this grants the permission to any component with id "secure" on a
ContainerPage2
permission ${ComponentPermission}
"${myPackage}.ContainerPage2:secure", "inherit, render";
permission ${ComponentPermission} "${myPackage}.ContainerPage2",
"enable";
};
grant principal ${SimplePrincipal} "container6"
{
//this grants the permission to any SecureMarkupContainer inside a
ContainerPage2
permission ${ComponentPermission}
"${myPackage}.ContainerPage2:${myPackage}.ContainerPage2$SecureMarkupContainer",
"inherit, render";
permission ${ComponentPermission} "${myPackage}.ContainerPage2",
"enable";
};
grant principal ${SimplePrincipal} "container7"
{
//this grants the permission to any SecureMarkupContainer, even when
placed on other pages (if it wasn't a private class)
permission ${ComponentPermission}
"${myPackage}.ContainerPage2$SecureMarkupContainer", "inherit,
render";
permission ${ComponentPermission} "${myPackage}.ContainerPage2",
"enable";
};
Argh, i am only just reading you are using 1.3.1-SNAPSHOT. You should
be using 1.3-SNAPSHOT. That does it i am deleting those jars.
Maurice
On Tue, May 13, 2008 at 8:10 PM, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> On Tue, May 13, 2008 at 6:48 PM, Andrea Jahn <[EMAIL PROTECTED]> wrote:
> >
> > Hi,
> >
>
> > I've changed to the 1.3.1-SNAPSHOT version. Therefore I have only replaced
> > the constructor PolicyFileHiveFactory() by
> > PolicyFileHiveFactory(ActionFactory).
> > The result was the same as with version 1.3.0 (resultHiddenPanel not
> visible and the same output in the logfile).
>
> Are you using the SwarmPolicyFileHiveFactory? see
>
> http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security+1.3.1#Wicket-Security1.3.1-migrateto1.3.1
>
>
> >
> > Then I changed the ContainerSecurityCheck with a ComponentSecurityCheck
> in the class SecureWebMarkupContainer.
> > The resultHiddenPanel now is always visible (also when the user has not
> the permission).
>
> Well like i said earlier permission ${ComponentPermission}
> "xxx.yyy.zzz.front.ProductAreaListPage", "inherit, render"; is
> sufficient to allow the entire page to be rendered, does your policy
> file contain another grant statement with a similar permission?
>
>
> >
> > Logfile:
> >
> > 2008-05-13 18:30:30,880 DEBUG
> org.apache.wicket.security.hive.BasicHive.hasPermission(BasicHive.java:214) -
> Subjects[HashKey: 821489378, sortOrder 0 = [EMAIL PROTECTED] [mailto:[EMAIL
> PROTECTED] implies
> org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
> "xxx.yyy.zzz.front.ProductAreaListPage:resultHiddenPanel" "access, render"
> >
> > 2008-05-13 18:30:32,583 DEBUG
> org.apache.wicket.security.hive.BasicHive.hasPermission(BasicHive.java:188) -
> Subjects[HashKey: 821489378, sortOrder 0 = [EMAIL PROTECTED] [mailto:[EMAIL
> PROTECTED] has a cached match for
> org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
> "xxx.yyy.zzz.front.ProductAreaListPage:resultHiddenPanel" "access, render",
> result true
> >
> >
> > Perhaps I have made another mistake ?
>
> Hmm, the ContainerSecurityCheck should have worked, let me see if i
> can reproduce that with a test.
>
>
>
> >
> >
> >
> > Maurice,
> >
> > thank you very much for the quick replies !
> > Should I (or could you) delete my first question from the "Getting
> started with SWARM" page, as it was the wrong place to post the question ?
> >
>
> Deleted.
>
> Maurice
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
