Thanks Maurice and Gabriel... it was a matter of missing quotes!!!
On May 29, 2008, at 2:47 AM, Maurice Marrink wrote:
On Thu, May 29, 2008 at 12:57 AM, Monica D'Arcy
<[EMAIL PROTECTED]> wrote:
Hello,
I am currently trying to implement some authorization/
authentication using
SWARM and am running into some problems. After Logging on with a
class that
extends the UsernamePasswordContext class, I attempt to redirect
to a secure
page (a page that extends SecureWebPage). At login, I create a
DefaultSubject, and add a SimplePrincipal with "admin"
permissions (if
appropriate) to the DefaultSubject. I get the Access Denied page
regardless
of whether I am the correct user ("admin") and should therefore be
authorized to view the page or am not an authorized user. I had
also tried
something similar with the SecurePageLink. The link is never
rendered
regardless of whether all users are granted permission to view the
link, the
correct user is logged on, or an unauthorized user is logged on.
My very basic understanding of logging in to view a secureWebPage
via SWARM
is as follows:
1) application must extend SwarmWebApplication (following
instructions
listed @
http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started
+with+Swarm)
2) create a class that extends UsernamePasswordContext which is
created when
attempting to logon
Or extend LoginContext and implement your own authentication.
3) there is a hive file that delineates which permissions are
associated
with which principals???
Each principal that can be assigned to a user/subject should be
specified in a hive file (aka policy file)
Each principal holds one or more permissions for
pages/components/data/ whatever you can think of.
4) when logging on, a Subject is created and a principal is given
to that
subject
One or more.
5) pages that are to be secure extend SecureWebPage
Or implement ISecurePage, SecureWebPage is just a default
implementation.
Is there something very basic I am missing here? I apologize if
this is an
ignorant question... I am very new to the wicket & Swarm scene.
Any help would be greatly appreciated.
Below is what appears in my hive file
grant principal
org.apache.wicket.security.hive.authorization.SimplePrincipal "admin"
{
permission
org.apache.wicket.security.hive.authorization.permissions.ComponentPe
rmission
${cnv}.MyCNV, "inherit, render";
permission
org.apache.wicket.security.hive.authorization.permissions.ComponentPe
rmission
${cnv}.MyCNV, "enable";
};
Like Gabriel said, ${cnv}.MyCNV should be quoted like this "$
{cnv}.MyCNV"
Also you can shorten the line a bit by using ${ComponentPermission}
instead of
org.apache.wicket.security.hive.authorization.permissions.ComponentPer
mission
So optimally your file looks like this:
grant principal
org.apache.wicket.security.hive.authorization.SimplePrincipal "admin"
{
permission ${ComponentPermission} "${cnv}.MyCNV", "inherit, render";
permission ${ComponentPermission} "${cnv}.MyCNV", "enable";
};
The enable permission is used by your SecurePageLink, the render
permission for rendering the page.
Maurice
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
