org.apache.wicket.authorization.strategies.role.metadata
Class MetaDataRoleAuthorizationStrategy

java.lang.Object
  extended by org.apache.wicket.authorization.strategies.role.AbstractRoleAuthorizationStrategy
      extended by org.apache.wicket.authorization.strategies.role.metadata.MetaDataRoleAuthorizationStrategy
All Implemented Interfaces:
IAuthorizationStrategy

public class MetaDataRoleAuthorizationStrategy
extends AbstractRoleAuthorizationStrategy

Strategy that uses the Wicket metadata facility to check authorization. The static authorize methods are for authorizing component actions and component instantiation by role. This class is the main entry point for users wanting to use the roles-based authorization of the wicket-auth-roles package based on wicket metadata. For instance, use like:

 MetaDataRoleAuthorizationStrategy.authorize(myPanel, RENDER, "ADMIN");
 
for actions on component instances, or:
 MetaDataRoleAuthorizationStrategy.authorize(AdminBookmarkablePage.class, "ADMIN");
 
for doing role based authorization for component instantation.

Author:
Eelco Hillenius, Jonathan Locke
See Also:
MetaDataKey

Field Summary
static MetaDataKey ACTION_PERMISSIONS
          Component meta data key for actions/roles information.
static MetaDataKey INSTANTIATION_PERMISSIONS
          Application meta data key for actions/roles information.
static java.lang.String NO_ROLE
          Special role string for denying access to all
 
Fields inherited from interface org.apache.wicket.authorization.IAuthorizationStrategy
ALLOW_ALL
 
Constructor Summary
MetaDataRoleAuthorizationStrategy(IRoleCheckingStrategy roleCheckingStrategy)
          Construct.
 
Method Summary
static void authorize(java.lang.Class<? extends Component> componentClass, java.lang.String roles)
          Authorizes the given role to create component instances of type componentClass.
static void authorize(Component component, Action action, java.lang.String roles)
          Authorizes the given role to perform the given action on the given component.
static void authorizeAll(java.lang.Class<? extends Component> componentClass)
          Grants permission to all roles to create instances of the given component class.
static void authorizeAll(Component component, Action action)
          Grants permission to all roles to perform the given action on the given component.
 boolean isActionAuthorized(Component component, Action action)
          Uses component level meta data to match roles for component action execution.
 boolean isInstantiationAuthorized(java.lang.Class componentClass)
          Uses application level meta data to match roles for component instantiation.
static void unauthorize(java.lang.Class<? extends Component> componentClass, java.lang.String roles)
          Removes permission for the given roles to create instances of the given component class.
static void unauthorize(Component component, Action action, java.lang.String roles)
          Removes permission for the given role to perform the given action on the given component.
static void unauthorizeAll(java.lang.Class<? extends Component> componentClass)
          Grants authorization to instantiate the given class to just the role NO_ROLE, effectively denying all other roles.
static void unauthorizeAll(Component component, Action action)
          Grants authorization to perform the given action to just the role NO_ROLE, effectively denying all other roles.
 
Methods inherited from class org.apache.wicket.authorization.strategies.role.AbstractRoleAuthorizationStrategy
hasAny, isEmpty
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ACTION_PERMISSIONS

public static final MetaDataKey ACTION_PERMISSIONS
Component meta data key for actions/roles information. Typically, you do not need to use this meta data key directly, but instead use one of the bind methods of this class.


INSTANTIATION_PERMISSIONS

public static final MetaDataKey INSTANTIATION_PERMISSIONS
Application meta data key for actions/roles information. Typically, you do not need to use this meta data key directly, but instead use one of the bind methods of this class.


NO_ROLE

public static final java.lang.String NO_ROLE
Special role string for denying access to all

See Also:
Constant Field Values
Constructor Detail

MetaDataRoleAuthorizationStrategy

public MetaDataRoleAuthorizationStrategy(IRoleCheckingStrategy roleCheckingStrategy)
Construct.

Parameters:
roleCheckingStrategy - the authorizer object
Method Detail

authorize

public static final void authorize(java.lang.Class<? extends Component> componentClass,
                                   java.lang.String roles)
Authorizes the given role to create component instances of type componentClass. This authorization is added to any previously authorized roles.

Parameters:
componentClass - The component type that is subject for the authorization
roles - The comma separated roles that are authorized to create component instances of type componentClass

authorize

public static final void authorize(Component component,
                                   Action action,
                                   java.lang.String roles)
Authorizes the given role to perform the given action on the given component.

Parameters:
component - The component that is subject to the authorization
action - The action to authorize
roles - The comma separated roles to authorize

authorizeAll

public static final void authorizeAll(java.lang.Class<? extends Component> componentClass)
Grants permission to all roles to create instances of the given component class.

Parameters:
componentClass - The component class

authorizeAll

public static final void authorizeAll(Component component,
                                      Action action)
Grants permission to all roles to perform the given action on the given component.

Parameters:
component - The component that is subject to the authorization
action - The action to authorize

unauthorize

public static final void unauthorize(java.lang.Class<? extends Component> componentClass,
                                     java.lang.String roles)
Removes permission for the given roles to create instances of the given component class. There is no danger in removing authorization by calling this method. If the last authorization grant is removed for a given componentClass, the internal role NO_ROLE will automatically be added, effectively denying access to all roles (if this was not done, all roles would suddenly have access since no authorization is equivalent to full access).

Parameters:
componentClass - The component type
roles - The comma separated list of roles that are no longer to be authorized to create instances of type componentClass

unauthorize

public static final void unauthorize(Component component,
                                     Action action,
                                     java.lang.String roles)
Removes permission for the given role to perform the given action on the given component. There is no danger in removing authorization by calling this method. If the last authorization grant is removed for a given action, the internal role NO_ROLE will automatically be added, effectively denying access to all roles (if this was not done, all roles would suddenly have access since no authorization is equivalent to full access).

Parameters:
component - The component
action - The action
roles - The comma separated list of roles that are no longer allowed to perform the given action

unauthorizeAll

public static final void unauthorizeAll(java.lang.Class<? extends Component> componentClass)
Grants authorization to instantiate the given class to just the role NO_ROLE, effectively denying all other roles.

Parameters:
componentClass - The component class

unauthorizeAll

public static final void unauthorizeAll(Component component,
                                        Action action)
Grants authorization to perform the given action to just the role NO_ROLE, effectively denying all other roles.

Parameters:
component - the component that is subject to the authorization
action - the action to authorize

isActionAuthorized

public boolean isActionAuthorized(Component component,
                                  Action action)
Uses component level meta data to match roles for component action execution.

Parameters:
component - The component to be acted upon
action - The action to authorize on the component
Returns:
Whether the given action may be taken on the given component
See Also:
IAuthorizationStrategy.isActionAuthorized(org.apache.wicket.Component, org.apache.wicket.authorization.Action)

isInstantiationAuthorized

public boolean isInstantiationAuthorized(java.lang.Class componentClass)
Uses application level meta data to match roles for component instantiation.

Parameters:
componentClass - The component class to check
Returns:
Whether the given component may be created
See Also:
IAuthorizationStrategy.isInstantiationAuthorized(java.lang.Class)


Copyright © 2004-2010 Apache Software Foundation. All Rights Reserved.