Class AuthenticatedWebApplication

  extended by org.apache.wicket.Application
      extended by org.apache.wicket.protocol.http.WebApplication
          extended by org.apache.wicket.authentication.AuthenticatedWebApplication
All Implemented Interfaces:
IUnauthorizedComponentInstantiationListener, IRoleCheckingStrategy
Direct Known Subclasses:

public abstract class AuthenticatedWebApplication
extends WebApplication
implements IRoleCheckingStrategy, IUnauthorizedComponentInstantiationListener

A web application subclass that does role-based authentication.

Jonathan Locke

Field Summary
Fields inherited from class org.apache.wicket.Application
Constructor Summary
Method Summary
protected abstract  Class<? extends WebPage> getSignInPageClass()
protected abstract  Class<? extends AuthenticatedWebSession> getWebSessionClass()
 boolean hasAnyRole(Roles roles)
          Whether any of the given roles matches.
protected  void init()
          Initialize; if you need the wicket servlet for initialization, e.g.
 Session newSession(Request request, Response response)
          Creates a new session.
 void onUnauthorizedInstantiation(Component component)
          Called when an unauthorized component instantiation is about to take place (but before it happens).
protected  void onUnauthorizedPage(Page page)
          Called when an AUTHENTICATED user tries to navigate to a page that they are not authorized to access.
Methods inherited from class org.apache.wicket.protocol.http.WebApplication
addIgnoreMountPath, get, getApplicationKey, getConfigurationType, getDefaultRequestCycleFactory, getInitParameter, getRequestCycleProcessor, getResourceFinder, getServletContext, getSessionAttributePrefix, getSessionAttributePrefix, getWicketFilter, internalDestroy, internalInit, logEventTarget, logResponseTarget, mount, mount, mountBookmarkablePage, mountBookmarkablePage, mountSharedResource, newAjaxRequestTarget, newRequestCycle, newRequestCycleProcessor, newSession, newSession, newSessionStore, newWebRequest, newWebResponse, outputDevelopmentModeWarning, sessionDestroyed, setApplicationKey, setWicketFilter, unmount
Methods inherited from class org.apache.wicket.Application
addComponentInitializationListener, addComponentInstantiationListener, addComponentOnAfterRenderListener, addPostComponentOnBeforeRenderListener, addPreComponentOnBeforeRenderListener, addRenderHeadListener, configure, decorateHeaderResponse, destroy, exists, fireComponentInitializationListeners, get, getApplicationKeys, getApplicationSettings, getConverterLocator, getDebugSettings, getExceptionSettings, getFrameworkSettings, getHomePage, getMarkupCache, getMarkupSettings, getMetaData, getName, getPageSettings, getRequestCycleFactory, getRequestCycleSettings, getRequestLogger, getRequestLoggerSettings, getResourceSettings, getSecuritySettings, getSessionFactory, getSessionSettings, getSessionStore, getSharedResources, initializeComponents, newConverterLocator, newRequestCycle, newRequestLogger, notifyRenderHeadListener, onDestroy, removeComponentInstantiationListener, removeComponentOnAfterRenderListener, removePostComponentOnBeforeRenderListener, removePreComponentOnBeforeRenderListener, removeRenderHeadListener, set, setHeaderResponseDecorator, setMetaData, unset
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail


public AuthenticatedWebApplication()

Method Detail


protected void init()
Description copied from class: WebApplication
Initialize; if you need the wicket servlet for initialization, e.g. because you want to read an initParameter from web.xml or you want to read a resource from the servlet's context path, you can override this method and provide custom initialization. This method is called right after this application class is constructed, and the wicket servlet is set. Use this method for any application setup instead of the constructor.

init in class WebApplication


public final boolean hasAnyRole(Roles roles)
Description copied from interface: IRoleCheckingStrategy
Whether any of the given roles matches. For example, if a user has role USER and the provided roles are {USER, ADMIN} this method should return true as the user has at least one of the roles that were provided.

Specified by:
hasAnyRole in interface IRoleCheckingStrategy
roles - the roles
true if a user or whatever subject this implementation wants to work with has at least on of the provided roles
See Also:


public final void onUnauthorizedInstantiation(Component component)
Description copied from interface: IUnauthorizedComponentInstantiationListener
Called when an unauthorized component instantiation is about to take place (but before it happens).

Specified by:
onUnauthorizedInstantiation in interface IUnauthorizedComponentInstantiationListener
component - The partially constructed component (only the id is guaranteed to be valid).
See Also:


public Session newSession(Request request,
                          Response response)
Description copied from class: Application
Creates a new session. Override this method if you want to provide a custom session.

newSession in class WebApplication
request - The request that will create this session.
response - The response to initialize, for example with cookies. This is important to use cases involving unit testing because those use cases might want to be able to sign a user in automatically when the session is created.
The session
See Also:
WebApplication.newSession(org.apache.wicket.Request, org.apache.wicket.Response)


protected abstract Class<? extends AuthenticatedWebSession> getWebSessionClass()
AuthenticatedWebSession subclass to use in this authenticated web application.


protected abstract Class<? extends WebPage> getSignInPageClass()
Subclass of sign-in page


protected void onUnauthorizedPage(Page page)
Called when an AUTHENTICATED user tries to navigate to a page that they are not authorized to access. You might want to override this to navigate to some explanatory page or to the application's home page.

page - The page

Copyright © 2004-2011 Apache Software Foundation. All Rights Reserved.