Re: AbstractAjaxRestartableTimerBehavior while stop the behavior Access denied page is appeared in wicket 1.5.8
Thanks martin.. we are planing to upgrade to wicket 6.x On Thu, Oct 4, 2012 at 3:59 PM, Martin Grigorov wrote: > See the impl in 6.x and merge the improvements in your custom behavior. > > On Thu, Oct 4, 2012 at 10:55 AM, Vignesh Palanisamy > wrote: > > thanks martin for the quick reply.. > > > > is there any other way to solve the problem in wicket 1.5.8. because > right > > now only we are upgraded to 1.5.8 > > > > > > > > > > On Thu, Oct 4, 2012 at 3:34 PM, Martin Grigorov >wrote: > > > >> Hi, > >> > >> I haven't looked at your app but I think I know what is the problem. > >> AccessDeniedPage will be shown if you try to use a disabled Behavior. > >> I.e. your custom behavior schedules JavaScript timer (setTimeout) that > >> will trigger after 2 secs, then you stop it, then the timer fires and > >> at the server side Wicket realizes that the behavior is not enabled > >> (stopped). > >> > >> This problem is solved in Wicket 6. AbstractAjaxTimerBehavior is not > >> restartable. Each time you call #stop() on it it will remove the timer > >> (clearTimeout) at the client side too. > >> Next time you (re-)start it it will schedule a completely new timer. > >> > >> On Thu, Oct 4, 2012 at 10:27 AM, Vignesh Palanisamy > >> wrote: > >> > Hi every one > >> > > >> > AbstractAjaxRestartableTimerBehavior - "patched up" version of > >> > AbstractAjaxTimerBehavior to provide "restart" functionality. > >> > > >> > we are using the AbstractAjaxRestartableTimerBehaviour it works fine > in > >> the > >> > previous version right now we are upgrading wicket to 1.5.8 in that > while > >> > stopping the Auto Refresh timerBehavior shows the Access denied page > >> > > >> > i had attach an quick start program with it.. in that i set the > duration > >> as > >> > 2 seconds. every 2 seconds it will update the feedback panel... click > >> stop > >> > link that error will appears.. > >> > > >> > > >> > is there any other solution for it.. > >> > > >> > > >> > thanks in advance > >> > Vignesh Palanisamy > >> > > >> > > >> > - > >> > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > >> > For additional commands, e-mail: users-h...@wicket.apache.org > >> > >> > >> > >> -- > >> Martin Grigorov > >> jWeekend > >> Training, Consulting, Development > >> http://jWeekend.com > >> > >> - > >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > >> For additional commands, e-mail: users-h...@wicket.apache.org > >> > >> > > > > -- > Martin Grigorov > jWeekend > Training, Consulting, Development > http://jWeekend.com > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > >
Re: AbstractAjaxRestartableTimerBehavior while stop the behavior Access denied page is appeared in wicket 1.5.8
See the impl in 6.x and merge the improvements in your custom behavior. On Thu, Oct 4, 2012 at 10:55 AM, Vignesh Palanisamy wrote: > thanks martin for the quick reply.. > > is there any other way to solve the problem in wicket 1.5.8. because right > now only we are upgraded to 1.5.8 > > > > > On Thu, Oct 4, 2012 at 3:34 PM, Martin Grigorov wrote: > >> Hi, >> >> I haven't looked at your app but I think I know what is the problem. >> AccessDeniedPage will be shown if you try to use a disabled Behavior. >> I.e. your custom behavior schedules JavaScript timer (setTimeout) that >> will trigger after 2 secs, then you stop it, then the timer fires and >> at the server side Wicket realizes that the behavior is not enabled >> (stopped). >> >> This problem is solved in Wicket 6. AbstractAjaxTimerBehavior is not >> restartable. Each time you call #stop() on it it will remove the timer >> (clearTimeout) at the client side too. >> Next time you (re-)start it it will schedule a completely new timer. >> >> On Thu, Oct 4, 2012 at 10:27 AM, Vignesh Palanisamy >> wrote: >> > Hi every one >> > >> > AbstractAjaxRestartableTimerBehavior - "patched up" version of >> > AbstractAjaxTimerBehavior to provide "restart" functionality. >> > >> > we are using the AbstractAjaxRestartableTimerBehaviour it works fine in >> the >> > previous version right now we are upgrading wicket to 1.5.8 in that while >> > stopping the Auto Refresh timerBehavior shows the Access denied page >> > >> > i had attach an quick start program with it.. in that i set the duration >> as >> > 2 seconds. every 2 seconds it will update the feedback panel... click >> stop >> > link that error will appears.. >> > >> > >> > is there any other solution for it.. >> > >> > >> > thanks in advance >> > Vignesh Palanisamy >> > >> > >> > - >> > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> > For additional commands, e-mail: users-h...@wicket.apache.org >> >> >> >> -- >> Martin Grigorov >> jWeekend >> Training, Consulting, Development >> http://jWeekend.com >> >> - >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: AbstractAjaxRestartableTimerBehavior while stop the behavior Access denied page is appeared in wicket 1.5.8
thanks martin for the quick reply.. is there any other way to solve the problem in wicket 1.5.8. because right now only we are upgraded to 1.5.8 On Thu, Oct 4, 2012 at 3:34 PM, Martin Grigorov wrote: > Hi, > > I haven't looked at your app but I think I know what is the problem. > AccessDeniedPage will be shown if you try to use a disabled Behavior. > I.e. your custom behavior schedules JavaScript timer (setTimeout) that > will trigger after 2 secs, then you stop it, then the timer fires and > at the server side Wicket realizes that the behavior is not enabled > (stopped). > > This problem is solved in Wicket 6. AbstractAjaxTimerBehavior is not > restartable. Each time you call #stop() on it it will remove the timer > (clearTimeout) at the client side too. > Next time you (re-)start it it will schedule a completely new timer. > > On Thu, Oct 4, 2012 at 10:27 AM, Vignesh Palanisamy > wrote: > > Hi every one > > > > AbstractAjaxRestartableTimerBehavior - "patched up" version of > > AbstractAjaxTimerBehavior to provide "restart" functionality. > > > > we are using the AbstractAjaxRestartableTimerBehaviour it works fine in > the > > previous version right now we are upgrading wicket to 1.5.8 in that while > > stopping the Auto Refresh timerBehavior shows the Access denied page > > > > i had attach an quick start program with it.. in that i set the duration > as > > 2 seconds. every 2 seconds it will update the feedback panel... click > stop > > link that error will appears.. > > > > > > is there any other solution for it.. > > > > > > thanks in advance > > Vignesh Palanisamy > > > > > > - > > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > > For additional commands, e-mail: users-h...@wicket.apache.org > > > > -- > Martin Grigorov > jWeekend > Training, Consulting, Development > http://jWeekend.com > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > >
Re: AbstractAjaxRestartableTimerBehavior while stop the behavior Access denied page is appeared in wicket 1.5.8
Hi, I haven't looked at your app but I think I know what is the problem. AccessDeniedPage will be shown if you try to use a disabled Behavior. I.e. your custom behavior schedules JavaScript timer (setTimeout) that will trigger after 2 secs, then you stop it, then the timer fires and at the server side Wicket realizes that the behavior is not enabled (stopped). This problem is solved in Wicket 6. AbstractAjaxTimerBehavior is not restartable. Each time you call #stop() on it it will remove the timer (clearTimeout) at the client side too. Next time you (re-)start it it will schedule a completely new timer. On Thu, Oct 4, 2012 at 10:27 AM, Vignesh Palanisamy wrote: > Hi every one > > AbstractAjaxRestartableTimerBehavior - "patched up" version of > AbstractAjaxTimerBehavior to provide "restart" functionality. > > we are using the AbstractAjaxRestartableTimerBehaviour it works fine in the > previous version right now we are upgrading wicket to 1.5.8 in that while > stopping the Auto Refresh timerBehavior shows the Access denied page > > i had attach an quick start program with it.. in that i set the duration as > 2 seconds. every 2 seconds it will update the feedback panel... click stop > link that error will appears.. > > > is there any other solution for it.. > > > thanks in advance > Vignesh Palanisamy > > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Access Denied Page
Hi, Yeah, the INFO logging is ON so that's not the case. I've resolved the problem... but I don't know what was causing it. Two reasons: 1. Multipart set to true on form 2. Nested form But the problem is that it was only occuring on external hosting. Locally it was working like a charm. Regards, Satrix -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Access-Denied-Page-tp4555096p4560780.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Access Denied Page
Hi, AccessDeniedPage is being shown only when either org.apache.wicket.authorization.AuthorizationException or org.apache.wicket.request.handler.ListenerInvocationNotAllowedException is thrown. I think the latter is cause in your case. But I have no idea why there is nothing in the log files. Make sure you have enabled INFO level logging for org.apache.wicket.RequestListenerInterface On Fri, Apr 13, 2012 at 6:02 PM, Satrix wrote: > Hello, > > I'm facing really strange behaviour and I can't find out what's causing > this. Let me describe this scenario: > > 1. We have an external hosting and the wicket app is running out there. > 2. There is a form to upload a file to FTP. > 3. When I try to upload a file I get Access Denied Page. However I dont use > any authorize strategies etc. My logs are clear and there are no exceptions > in the logs. > > The interesting thing is that on my local machine it's working like a charm > but on the external hosting sometimes it's working and sometimes it's not. > > So any idea what can cause such a problem ? > > Regards, Satrix > > -- > View this message in context: > http://apache-wicket.1842946.n4.nabble.com/Access-Denied-Page-tp4555096p4555096.html > Sent from the Users forum mailing list archive at Nabble.com. > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Access Denied Page
Hello, I'm facing really strange behaviour and I can't find out what's causing this. Let me describe this scenario: 1. We have an external hosting and the wicket app is running out there. 2. There is a form to upload a file to FTP. 3. When I try to upload a file I get Access Denied Page. However I dont use any authorize strategies etc. My logs are clear and there are no exceptions in the logs. The interesting thing is that on my local machine it's working like a charm but on the external hosting sometimes it's working and sometimes it's not. So any idea what can cause such a problem ? Regards, Satrix -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Access-Denied-Page-tp4555096p4555096.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Access denied page shows
Hi, Im not familiar with the wicket. I don't undestand why my project's SecureWebPage work occasionally. It throws access denied page. All should be ok. Is it in my development enviroment? I working with m2eclipse. t. jussi
Re: More than one access denied page
I implemented the interface you mention on my own xxxAuthorizationStrategy, but It doesnt work. I think this is because the user isnt authenticated and he is trying to access a protected page. On Tue, Jan 5, 2010 at 7:50 AM, Wilhelmsen Tor Iver wrote: > > I would like to have two access denied pages according to some > > parameters. > > Is this possible? > > In your implementation of IUnauthorizedComponentInstantiationListener check > for the parameters (e.g. placed into the request or the like) and set a > different responsepage or redirect to a different page based on this. > > - Tor Iver > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > -- Fernando Wermus. www.linkedin.com/in/fernandowermus
SV: More than one access denied page
> I would like to have two access denied pages according to some > parameters. > Is this possible? In your implementation of IUnauthorizedComponentInstantiationListener check for the parameters (e.g. placed into the request or the like) and set a different responsepage or redirect to a different page based on this. - Tor Iver - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: More than one access denied page
what causes the page to be displayed? -igor On Mon, Jan 4, 2010 at 1:43 PM, Fernando Wermus wrote: > I would like to have two access denied pages according to some parameters. > Is this possible? > > > > > -- > Fernando Wermus. > > www.linkedin.com/in/fernandowermus > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
More than one access denied page
I would like to have two access denied pages according to some parameters. Is this possible? -- Fernando Wermus. www.linkedin.com/in/fernandowermus
Re: wicket-security Custom Access Denied Page
> > Maurice,
> >
> > Can you show me your code? I would rather do it your way than mine. My
> > policy file will be much more complicated than the one I am testing with.
> >
> > > -Original Message-
> > > From: Maurice Marrink [mailto:[EMAIL PROTECTED]
> > > Sent: Sunday, February 17, 2008 6:27 AM
> > > To: users@wicket.apache.org
> > > Subject: Re: wicket-security Custom Access Denied Page
> > >
> > >
> >
> > > Just finished testing your classes using my 1.3.1 development code and
> > > both your way and my way work, as it should.
> > > I don't get why using the permission instead of the permission name
> > > does not work for you.
> > >
> > > I did however just think of 1 caveat in using the permission name
> > > instead of the permission.
> > > This might not be relevant for you (since you have a very small policy
> > > file), but if anybody else is following this thread it might be
> > > relevant to them.
> > > If your policy file contains a principal "foo" with action "render"
> > > for principal "p1" and a permission "foo" with action "enable" for
> > > principal "p2"
> > > your hive will return both principals p1 and p2 eventhough you did
> > > hive.getPrincipals(new ...Permission("foo","enable").
> > > In this scenario it should only return p2 and not p1.
> > >
> > > Maurice
> > >
> > > On Feb 16, 2008 1:53 PM, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> > > > On Feb 15, 2008 6:38 PM, Warren <[EMAIL PROTECTED]> wrote:
> > > > > Maurice,
> > > > >
> > > > > Here is my SimpleCachingHive and my Principal. I did not
> > > extend Permissin, I
> > > > > didn't think I had to. I pretty much based my implementation
> > > on you tabs
> > > > > example minus the tabs. Should I extend Permission and
> > > override hashCode()
> > > > > and equals(Object obj). And if I do, how do I force my hive to use my
> > > > > extended Permission?
> > > >
> > > > No you don't have to extend permission, it is optional. You could for
> > > > example create a ResourcePermission to check for permissions on file
> > > > uploads or downloads. For example:
> > > > permission org.ResourcePermission "/*.*", "read, write"; //enables
> > > > write permission on the root and every subdir
> > > > Your hive would not have to have explicit knowledge of this new
> > > > permission, it is sufficient if you declare it in your policy file and
> > > > in an ISecurityCheck do something like SwarmStrategy.hasPermission(new
> > > > ResourcePermission("/somefile.file"));
> > > >
> > > > Anyway moving away from this theoretical exercise and to your problem.
> > > > Your principal looks fine, if i have some time I'll try and run
> > > it myself.
> > > > One small difference i noticed (which should have no impact at all) is
> > > > you also use the class to generate the hash and in my simpleprincipal
> > > > i don't. But like i said this should not matter at all.
> > > >
> > > > Maurice
> > > >
> > >
> >
> > > -
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> >
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: wicket-security Custom Access Denied Page
The code is on wicketstuff svn
https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security/swarm-parent/hive/src/test/java/org/apache/wicket/security/hive/HiveExtensionTest.java
Perhaps if you can show me in a similar test setup how your code is
failing we might figure out why.
Note that above class is not standalone it requires some classes only
found in svn trunk but it should give you a starting point.
trunk is located at
https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security/
and contains a maven multiproject.
Maurice
On Feb 18, 2008 5:23 AM, Warren <[EMAIL PROTECTED]> wrote:
> Maurice,
>
> Can you show me your code? I would rather do it your way than mine. My
> policy file will be much more complicated than the one I am testing with.
>
> > -Original Message-
> > From: Maurice Marrink [mailto:[EMAIL PROTECTED]
> > Sent: Sunday, February 17, 2008 6:27 AM
> > To: users@wicket.apache.org
> > Subject: Re: wicket-security Custom Access Denied Page
> >
> >
>
> > Just finished testing your classes using my 1.3.1 development code and
> > both your way and my way work, as it should.
> > I don't get why using the permission instead of the permission name
> > does not work for you.
> >
> > I did however just think of 1 caveat in using the permission name
> > instead of the permission.
> > This might not be relevant for you (since you have a very small policy
> > file), but if anybody else is following this thread it might be
> > relevant to them.
> > If your policy file contains a principal "foo" with action "render"
> > for principal "p1" and a permission "foo" with action "enable" for
> > principal "p2"
> > your hive will return both principals p1 and p2 eventhough you did
> > hive.getPrincipals(new ...Permission("foo","enable").
> > In this scenario it should only return p2 and not p1.
> >
> > Maurice
> >
> > On Feb 16, 2008 1:53 PM, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> > > On Feb 15, 2008 6:38 PM, Warren <[EMAIL PROTECTED]> wrote:
> > > > Maurice,
> > > >
> > > > Here is my SimpleCachingHive and my Principal. I did not
> > extend Permissin, I
> > > > didn't think I had to. I pretty much based my implementation
> > on you tabs
> > > > example minus the tabs. Should I extend Permission and
> > override hashCode()
> > > > and equals(Object obj). And if I do, how do I force my hive to use my
> > > > extended Permission?
> > >
> > > No you don't have to extend permission, it is optional. You could for
> > > example create a ResourcePermission to check for permissions on file
> > > uploads or downloads. For example:
> > > permission org.ResourcePermission "/*.*", "read, write"; //enables
> > > write permission on the root and every subdir
> > > Your hive would not have to have explicit knowledge of this new
> > > permission, it is sufficient if you declare it in your policy file and
> > > in an ISecurityCheck do something like SwarmStrategy.hasPermission(new
> > > ResourcePermission("/somefile.file"));
> > >
> > > Anyway moving away from this theoretical exercise and to your problem.
> > > Your principal looks fine, if i have some time I'll try and run
> > it myself.
> > > One small difference i noticed (which should have no impact at all) is
> > > you also use the class to generate the hash and in my simpleprincipal
> > > i don't. But like i said this should not matter at all.
> > >
> > > Maurice
> > >
> >
>
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: wicket-security Custom Access Denied Page
Maurice,
Can you show me your code? I would rather do it your way than mine. My
policy file will be much more complicated than the one I am testing with.
> -Original Message-
> From: Maurice Marrink [mailto:[EMAIL PROTECTED]
> Sent: Sunday, February 17, 2008 6:27 AM
> To: users@wicket.apache.org
> Subject: Re: wicket-security Custom Access Denied Page
>
>
> Just finished testing your classes using my 1.3.1 development code and
> both your way and my way work, as it should.
> I don't get why using the permission instead of the permission name
> does not work for you.
>
> I did however just think of 1 caveat in using the permission name
> instead of the permission.
> This might not be relevant for you (since you have a very small policy
> file), but if anybody else is following this thread it might be
> relevant to them.
> If your policy file contains a principal "foo" with action "render"
> for principal "p1" and a permission "foo" with action "enable" for
> principal "p2"
> your hive will return both principals p1 and p2 eventhough you did
> hive.getPrincipals(new ...Permission("foo","enable").
> In this scenario it should only return p2 and not p1.
>
> Maurice
>
> On Feb 16, 2008 1:53 PM, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> > On Feb 15, 2008 6:38 PM, Warren <[EMAIL PROTECTED]> wrote:
> > > Maurice,
> > >
> > > Here is my SimpleCachingHive and my Principal. I did not
> extend Permissin, I
> > > didn't think I had to. I pretty much based my implementation
> on you tabs
> > > example minus the tabs. Should I extend Permission and
> override hashCode()
> > > and equals(Object obj). And if I do, how do I force my hive to use my
> > > extended Permission?
> >
> > No you don't have to extend permission, it is optional. You could for
> > example create a ResourcePermission to check for permissions on file
> > uploads or downloads. For example:
> > permission org.ResourcePermission "/*.*", "read, write"; //enables
> > write permission on the root and every subdir
> > Your hive would not have to have explicit knowledge of this new
> > permission, it is sufficient if you declare it in your policy file and
> > in an ISecurityCheck do something like SwarmStrategy.hasPermission(new
> > ResourcePermission("/somefile.file"));
> >
> > Anyway moving away from this theoretical exercise and to your problem.
> > Your principal looks fine, if i have some time I'll try and run
> it myself.
> > One small difference i noticed (which should have no impact at all) is
> > you also use the class to generate the hash and in my simpleprincipal
> > i don't. But like i said this should not matter at all.
> >
> > Maurice
> >
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: wicket-security Custom Access Denied Page
Just finished testing your classes using my 1.3.1 development code and
both your way and my way work, as it should.
I don't get why using the permission instead of the permission name
does not work for you.
I did however just think of 1 caveat in using the permission name
instead of the permission.
This might not be relevant for you (since you have a very small policy
file), but if anybody else is following this thread it might be
relevant to them.
If your policy file contains a principal "foo" with action "render"
for principal "p1" and a permission "foo" with action "enable" for
principal "p2"
your hive will return both principals p1 and p2 eventhough you did
hive.getPrincipals(new ...Permission("foo","enable").
In this scenario it should only return p2 and not p1.
Maurice
On Feb 16, 2008 1:53 PM, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> On Feb 15, 2008 6:38 PM, Warren <[EMAIL PROTECTED]> wrote:
> > Maurice,
> >
> > Here is my SimpleCachingHive and my Principal. I did not extend Permissin, I
> > didn't think I had to. I pretty much based my implementation on you tabs
> > example minus the tabs. Should I extend Permission and override hashCode()
> > and equals(Object obj). And if I do, how do I force my hive to use my
> > extended Permission?
>
> No you don't have to extend permission, it is optional. You could for
> example create a ResourcePermission to check for permissions on file
> uploads or downloads. For example:
> permission org.ResourcePermission "/*.*", "read, write"; //enables
> write permission on the root and every subdir
> Your hive would not have to have explicit knowledge of this new
> permission, it is sufficient if you declare it in your policy file and
> in an ISecurityCheck do something like SwarmStrategy.hasPermission(new
> ResourcePermission("/somefile.file"));
>
> Anyway moving away from this theoretical exercise and to your problem.
> Your principal looks fine, if i have some time I'll try and run it myself.
> One small difference i noticed (which should have no impact at all) is
> you also use the class to generate the hash and in my simpleprincipal
> i don't. But like i said this should not matter at all.
>
> Maurice
>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: wicket-security Custom Access Denied Page
On Feb 15, 2008 6:38 PM, Warren <[EMAIL PROTECTED]> wrote:
> Maurice,
>
> Here is my SimpleCachingHive and my Principal. I did not extend Permissin, I
> didn't think I had to. I pretty much based my implementation on you tabs
> example minus the tabs. Should I extend Permission and override hashCode()
> and equals(Object obj). And if I do, how do I force my hive to use my
> extended Permission?
No you don't have to extend permission, it is optional. You could for
example create a ResourcePermission to check for permissions on file
uploads or downloads. For example:
permission org.ResourcePermission "/*.*", "read, write"; //enables
write permission on the root and every subdir
Your hive would not have to have explicit knowledge of this new
permission, it is sufficient if you declare it in your policy file and
in an ISecurityCheck do something like SwarmStrategy.hasPermission(new
ResourcePermission("/somefile.file"));
Anyway moving away from this theoretical exercise and to your problem.
Your principal looks fine, if i have some time I'll try and run it myself.
One small difference i noticed (which should have no impact at all) is
you also use the class to generate the hash and in my simpleprincipal
i don't. But like i said this should not matter at all.
Maurice
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: wicket-security Custom Access Denied Page
9 AM
> To: users@wicket.apache.org
> Subject: Re: wicket-security Custom Access Denied Page
>
>
> That is very strange, it should work doing it your way but my way
> should work too since that is exactly what the hive itself is doing.
> It might be caused by the equal or hashcode of your permission /
> principal but then the authorization by the hive should fail too.
> Would you mind pasting your principal and permission class here?
> The hive file should not matter but could you paste it too.
>
> Thanks,
>
> Maurice
>
>
> On Fri, Feb 15, 2008 at 4:14 AM, Warren
> <[EMAIL PROTECTED]> wrote:
> > Maurice,
> >
> > I had to make some changes in order for it to work. I added
> the Permission
> > names to the ManyToManyMap instead of the Permission itself
> and then query
> > the map by the Permission name. It would not return any Principals the
> > original way. The hive file I am testing with only has three
> Principals with
> > one Permission each. Will there be a problem doing it this
> way? Other than
> > that it seems to be working ok.
> >
> > I am doing this:
> >
> >
> > public void addPrincipal(Principal principal,
> Collection permissions)
> > {
> > super.addPrincipal(principal, permissions);
> > boolean debug = log.isDebugEnabled();
> > Iterator iterator = permissions.iterator();
> > Permission permission = null;
> > while (iterator.hasNext())
> > {
> > permission = (Permission)iterator.next();
> >
> hivePrincipalsAndPermissions.add(permission.getName(), principal);
> >
> > }
> > }
> >
> > public void addPermission(Principal principal,
> Permission permission)
> > {
> > super.addPermission(principal, permission);
> >
> hivePrincipalsAndPermissions.add(permission.getName(), principal);
> >
> > }
> >
> > public Set getPrincipals(Permission p)
> > {
> > return hivePrincipalsAndPermissions.get(p.getName());
> > }
> >
> > Instead of this:
> >
> >
> > public void addPrincipal(Principal principal,
> Collection permissions)
> > {
> > super.addPrincipal(principal, permissions);
> > boolean debug = log.isDebugEnabled();
> > Iterator iterator = permissions.iterator();
> > Permission permission = null;
> > while (iterator.hasNext())
> > {
> > permission = (Permission)iterator.next();
> >
> hivePrincipalsAndPermissions.add(permission, principal);
> > }
> > }
> >
> >
> > public void addPermission(Principal principal,
> Permission permission)
> > {
> > super.addPermission(principal, permission);
> >
> > hivePrincipalsAndPermissions.add(permission, principal);
> > }
> >
> > public Set getPrincipals(Permission p)
> > {
> > return hivePrincipalsAndPermissions.get(p);
> > }
> >
> > Thanks,
> >
> >
> > > -Original Message-
> > > From: Maurice Marrink [mailto:[EMAIL PROTECTED]
> >
> >
> > > Sent: Thursday, February 14, 2008 11:37 AM
> > > To: users@wicket.apache.org
> > > Subject: Re: wicket-security Custom Access Denied Page
> > >
> > >
> > > Nope, you are correct.
> > > My mind must have been on vacation when i wrote that :)
> > >
> > > Sorry for the confusion.
> > >
> > > Maurice
> > >
> > > On Thu, Feb 14, 2008 at 8:32 PM, Warren
> > > <[EMAIL PROTECTED]> wrote:
> > > > Maurice,
> > > >
> > > > When you say:
> > > >
> > > >
> > > > > Also don't forget to filter the principals from the
> hive with the
> > > > > principals contained in your subject. you are only
> interested in the
> > > > > principals not contained in your hive.
> > > >
> > > > Haven't we allready done that when we check if the permission
> > > has failed
> > > > when the super.hasPermission(...) returns false. And when we call
> > > > ((MySimpleCachingHive)getHive())
Re: wicket-security Custom Access Denied Page
That is very strange, it should work doing it your way but my way
should work too since that is exactly what the hive itself is doing.
It might be caused by the equal or hashcode of your permission /
principal but then the authorization by the hive should fail too.
Would you mind pasting your principal and permission class here?
The hive file should not matter but could you paste it too.
Thanks,
Maurice
On Fri, Feb 15, 2008 at 4:14 AM, Warren <[EMAIL PROTECTED]> wrote:
> Maurice,
>
> I had to make some changes in order for it to work. I added the Permission
> names to the ManyToManyMap instead of the Permission itself and then query
> the map by the Permission name. It would not return any Principals the
> original way. The hive file I am testing with only has three Principals with
> one Permission each. Will there be a problem doing it this way? Other than
> that it seems to be working ok.
>
> I am doing this:
>
>
> public void addPrincipal(Principal principal, Collection permissions)
> {
> super.addPrincipal(principal, permissions);
> boolean debug = log.isDebugEnabled();
> Iterator iterator = permissions.iterator();
> Permission permission = null;
> while (iterator.hasNext())
> {
> permission = (Permission)iterator.next();
>
> hivePrincipalsAndPermissions.add(permission.getName(), principal);
>
> }
> }
>
> public void addPermission(Principal principal, Permission permission)
> {
> super.addPermission(principal, permission);
> hivePrincipalsAndPermissions.add(permission.getName(),
> principal);
>
> }
>
> public Set getPrincipals(Permission p)
> {
> return hivePrincipalsAndPermissions.get(p.getName());
> }
>
> Instead of this:
>
>
> public void addPrincipal(Principal principal, Collection permissions)
> {
> super.addPrincipal(principal, permissions);
> boolean debug = log.isDebugEnabled();
> Iterator iterator = permissions.iterator();
> Permission permission = null;
> while (iterator.hasNext())
> {
> permission = (Permission)iterator.next();
> hivePrincipalsAndPermissions.add(permission,
> principal);
> }
> }
>
>
> public void addPermission(Principal principal, Permission permission)
> {
> super.addPermission(principal, permission);
>
> hivePrincipalsAndPermissions.add(permission, principal);
> }
>
> public Set getPrincipals(Permission p)
> {
> return hivePrincipalsAndPermissions.get(p);
> }
>
> Thanks,
>
>
> > -Original Message-
> > From: Maurice Marrink [mailto:[EMAIL PROTECTED]
>
>
> > Sent: Thursday, February 14, 2008 11:37 AM
> > To: users@wicket.apache.org
> > Subject: Re: wicket-security Custom Access Denied Page
> >
> >
> > Nope, you are correct.
> > My mind must have been on vacation when i wrote that :)
> >
> > Sorry for the confusion.
> >
> > Maurice
> >
> > On Thu, Feb 14, 2008 at 8:32 PM, Warren
> > <[EMAIL PROTECTED]> wrote:
> > > Maurice,
> > >
> > > When you say:
> > >
> > >
> > > > Also don't forget to filter the principals from the hive with the
> > > > principals contained in your subject. you are only interested in the
> > > > principals not contained in your hive.
> > >
> > > Haven't we allready done that when we check if the permission
> > has failed
> > > when the super.hasPermission(...) returns false. And when we call
> > > ((MySimpleCachingHive)getHive()).getPrincipals(p) we are going
> > to get all
> > > the Principals that have the Permission p in it from the hive
> > that do not
> > > belong to the Subject since that Permission has allready been
> > checked to see
> > > if it belongs to a Principal that belongs to the Subect in the
> > > super.hasPermission(...). Or am I missing how this all works?
> > >
> > >
> > > > -Original Message-
> > > > From: Maurice Marrink [mailto:[EMAIL PROTECTED]
> > >
> > > > Sent: Thursday, February 14, 2008 10
RE: wicket-security Custom Access Denied Page
Maurice,
I had to make some changes in order for it to work. I added the Permission
names to the ManyToManyMap instead of the Permission itself and then query
the map by the Permission name. It would not return any Principals the
original way. The hive file I am testing with only has three Principals with
one Permission each. Will there be a problem doing it this way? Other than
that it seems to be working ok.
I am doing this:
public void addPrincipal(Principal principal, Collection permissions)
{
super.addPrincipal(principal, permissions);
boolean debug = log.isDebugEnabled();
Iterator iterator = permissions.iterator();
Permission permission = null;
while (iterator.hasNext())
{
permission = (Permission)iterator.next();
hivePrincipalsAndPermissions.add(permission.getName(),
principal);
}
}
public void addPermission(Principal principal, Permission permission)
{
super.addPermission(principal, permission);
hivePrincipalsAndPermissions.add(permission.getName(),
principal);
}
public Set getPrincipals(Permission p)
{
return hivePrincipalsAndPermissions.get(p.getName());
}
Instead of this:
public void addPrincipal(Principal principal, Collection permissions)
{
super.addPrincipal(principal, permissions);
boolean debug = log.isDebugEnabled();
Iterator iterator = permissions.iterator();
Permission permission = null;
while (iterator.hasNext())
{
permission = (Permission)iterator.next();
hivePrincipalsAndPermissions.add(permission, principal);
}
}
public void addPermission(Principal principal, Permission permission)
{
super.addPermission(principal, permission);
hivePrincipalsAndPermissions.add(permission, principal);
}
public Set getPrincipals(Permission p)
{
return hivePrincipalsAndPermissions.get(p);
}
Thanks,
> -Original Message-
> From: Maurice Marrink [mailto:[EMAIL PROTECTED]
> Sent: Thursday, February 14, 2008 11:37 AM
> To: users@wicket.apache.org
> Subject: Re: wicket-security Custom Access Denied Page
>
>
> Nope, you are correct.
> My mind must have been on vacation when i wrote that :)
>
> Sorry for the confusion.
>
> Maurice
>
> On Thu, Feb 14, 2008 at 8:32 PM, Warren
> <[EMAIL PROTECTED]> wrote:
> > Maurice,
> >
> > When you say:
> >
> >
> > > Also don't forget to filter the principals from the hive with the
> > > principals contained in your subject. you are only interested in the
> > > principals not contained in your hive.
> >
> > Haven't we allready done that when we check if the permission
> has failed
> > when the super.hasPermission(...) returns false. And when we call
> > ((MySimpleCachingHive)getHive()).getPrincipals(p) we are going
> to get all
> > the Principals that have the Permission p in it from the hive
> that do not
> > belong to the Subject since that Permission has allready been
> checked to see
> > if it belongs to a Principal that belongs to the Subect in the
> > super.hasPermission(...). Or am I missing how this all works?
> >
> >
> > > -Original Message-----
> > > From: Maurice Marrink [mailto:[EMAIL PROTECTED]
> >
> > > Sent: Thursday, February 14, 2008 10:49 AM
> > > To: users@wicket.apache.org
> > > Subject: Re: wicket-security Custom Access Denied Page
> > >
> > >
> >
> >
> > > On Thu, Feb 14, 2008 at 7:13 PM, Warren
> > > <[EMAIL PROTECTED]> wrote:
> > > > Maurice,
> > > >
> > > > I have a couple more questions. In my MySwarmStrategy
> > > hasPermission(...)
> > > > method I only have to look up the principals that have the
> > > denied permission
> > > > in them, correct?
> > >
> > > Correct
> > >
> > > >Here is my overide hasPermission(...) method:
> > > >
> > > >
> > > > public boolean hasPermission(Permission p)
> > > > {
> > > > if (!super.hasPermission(p))
> > > > {
> > > > if
> > > (getHive().getClass().isInstance(MySimpleCachingHive.class))
> > > >
Re: wicket-security Custom Access Denied Page
Nope, you are correct.
My mind must have been on vacation when i wrote that :)
Sorry for the confusion.
Maurice
On Thu, Feb 14, 2008 at 8:32 PM, Warren <[EMAIL PROTECTED]> wrote:
> Maurice,
>
> When you say:
>
>
> > Also don't forget to filter the principals from the hive with the
> > principals contained in your subject. you are only interested in the
> > principals not contained in your hive.
>
> Haven't we allready done that when we check if the permission has failed
> when the super.hasPermission(...) returns false. And when we call
> ((MySimpleCachingHive)getHive()).getPrincipals(p) we are going to get all
> the Principals that have the Permission p in it from the hive that do not
> belong to the Subject since that Permission has allready been checked to see
> if it belongs to a Principal that belongs to the Subect in the
> super.hasPermission(...). Or am I missing how this all works?
>
>
> > -Original Message-
> > From: Maurice Marrink [mailto:[EMAIL PROTECTED]
>
> > Sent: Thursday, February 14, 2008 10:49 AM
> > To: users@wicket.apache.org
> > Subject: Re: wicket-security Custom Access Denied Page
> >
> >
>
>
> > On Thu, Feb 14, 2008 at 7:13 PM, Warren
> > <[EMAIL PROTECTED]> wrote:
> > > Maurice,
> > >
> > > I have a couple more questions. In my MySwarmStrategy
> > hasPermission(...)
> > > method I only have to look up the principals that have the
> > denied permission
> > > in them, correct?
> >
> > Correct
> >
> > >Here is my overide hasPermission(...) method:
> > >
> > >
> > > public boolean hasPermission(Permission p)
> > > {
> > > if (!super.hasPermission(p))
> > > {
> > > if
> > (getHive().getClass().isInstance(MySimpleCachingHive.class))
> > > {
> > > Set hivePrincipals =
> > > ((MySimpleCachingHive)getHive()).getPrincipals(p);
> > > // Place Set of Principals in
> > the requestcycle or should I just place
> > > the Principal names in //
> > requestcycle ?
> >
> > This depends on how much information you want to use in your
> > accessdenied page if the name is all you need then by all means just
> > pass the names.
> > Also don't forget to filter the principals from the hive with the
> > principals contained in your subject. you are only interested in the
> > principals not contained in your hive.
> >
> > > }
> > > return false;
> > > }
> > > return true;
> > > }
> > >
> > > I had to copy the whole PolicyFileHiveFactory I don't think I
> > could get to
> > > "private Set inputStreams" or "private Set inputReaders" correctly.
> >
> > There are getStreams and getReaders methods but they return a read
> > only view and thus will not allow you to clear them, ok.
> >
> > >Here is
> > > my createHive() method:
> > >
> > > public Hive createHive()
> > > {
> > > BasicHive hive;
> > > if (isUsingHiveCache())
> > > hive = new MySimpleCachingHive();
> > > else
> > > hive = new BasicHive();
> > > ...
> > > }
> > >
> > > I only changed the one line above. In my app I am doing this:
> > >
> > >
> > > MyPolicyFileHiveFactory factory = new MyPolicyFileHiveFactory();
> > > factory.useHiveCache(true);
> > >
> > > Will the line above make sure that my MySimpleCachingHive will
> > be used or is
> > > it possible for useHiveCache(false) to be used somewhere else?
> >
> > This will do fine, remember you are the only one in control of the
> > policy factory. As soon as you pass it to HiveMind.registerHive the
> > createHive method is called, after that it is discarded.
> > BTW the default setting for useCache is true, but it does not hurt to
> > explicitly set it.
> >
> > >
> > > Last question. I am not quite sure what to do in
> > MySimpleCachingHive. I know
> > > t
RE: wicket-security Custom Access Denied Page
Maurice,
When you say:
> Also don't forget to filter the principals from the hive with the
> principals contained in your subject. you are only interested in the
> principals not contained in your hive.
Haven't we allready done that when we check if the permission has failed
when the super.hasPermission(...) returns false. And when we call
((MySimpleCachingHive)getHive()).getPrincipals(p) we are going to get all
the Principals that have the Permission p in it from the hive that do not
belong to the Subject since that Permission has allready been checked to see
if it belongs to a Principal that belongs to the Subect in the
super.hasPermission(...). Or am I missing how this all works?
> -Original Message-
> From: Maurice Marrink [mailto:[EMAIL PROTECTED]
> Sent: Thursday, February 14, 2008 10:49 AM
> To: users@wicket.apache.org
> Subject: Re: wicket-security Custom Access Denied Page
>
>
> On Thu, Feb 14, 2008 at 7:13 PM, Warren
> <[EMAIL PROTECTED]> wrote:
> > Maurice,
> >
> > I have a couple more questions. In my MySwarmStrategy
> hasPermission(...)
> > method I only have to look up the principals that have the
> denied permission
> > in them, correct?
>
> Correct
>
> >Here is my overide hasPermission(...) method:
> >
> >
> > public boolean hasPermission(Permission p)
> > {
> > if (!super.hasPermission(p))
> > {
> > if
> (getHive().getClass().isInstance(MySimpleCachingHive.class))
> > {
> > Set hivePrincipals =
> > ((MySimpleCachingHive)getHive()).getPrincipals(p);
> > // Place Set of Principals in
> the requestcycle or should I just place
> > the Principal names in //
> requestcycle ?
>
> This depends on how much information you want to use in your
> accessdenied page if the name is all you need then by all means just
> pass the names.
> Also don't forget to filter the principals from the hive with the
> principals contained in your subject. you are only interested in the
> principals not contained in your hive.
>
> > }
> > return false;
> > }
> > return true;
> > }
> >
> > I had to copy the whole PolicyFileHiveFactory I don't think I
> could get to
> > "private Set inputStreams" or "private Set inputReaders" correctly.
>
> There are getStreams and getReaders methods but they return a read
> only view and thus will not allow you to clear them, ok.
>
> >Here is
> > my createHive() method:
> >
> > public Hive createHive()
> > {
> > BasicHive hive;
> > if (isUsingHiveCache())
> > hive = new MySimpleCachingHive();
> > else
> > hive = new BasicHive();
> > ...
> > }
> >
> > I only changed the one line above. In my app I am doing this:
> >
> >
> > MyPolicyFileHiveFactory factory = new MyPolicyFileHiveFactory();
> > factory.useHiveCache(true);
> >
> > Will the line above make sure that my MySimpleCachingHive will
> be used or is
> > it possible for useHiveCache(false) to be used somewhere else?
>
> This will do fine, remember you are the only one in control of the
> policy factory. As soon as you pass it to HiveMind.registerHive the
> createHive method is called, after that it is discarded.
> BTW the default setting for useCache is true, but it does not hurt to
> explicitly set it.
>
> >
> > Last question. I am not quite sure what to do in
> MySimpleCachingHive. I know
> > this is an unrelated question, but I am not sure how to use your
> > ManyToManyMap. I also am not sure when the addPrincipal(...) and
> > addPermission(...) methods are called. Do one or the other get
> called per
> > Principal that is in the hive? And, will I Load up the
> ManyToManyMap within
> > these two methods ending up with this ManyToManyMap that will
> have all the
> > Pricipals of the hive with their associated Permissions in them?
>
> Either or both are called once or multiple times for each principal,
> depending on how your policy is set up.
> Anyway it does not matter how often each method is called since the
> ManyToManyMap will fold everything together for you.
>
> >
> > Here is my MySimpleCachingHive:
> >
> > publi
Re: wicket-security Custom Access Denied Page
On Thu, Feb 14, 2008 at 7:13 PM, Warren <[EMAIL PROTECTED]> wrote:
> Maurice,
>
> I have a couple more questions. In my MySwarmStrategy hasPermission(...)
> method I only have to look up the principals that have the denied permission
> in them, correct?
Correct
>Here is my overide hasPermission(...) method:
>
>
> public boolean hasPermission(Permission p)
> {
> if (!super.hasPermission(p))
> {
> if
> (getHive().getClass().isInstance(MySimpleCachingHive.class))
> {
> Set hivePrincipals =
> ((MySimpleCachingHive)getHive()).getPrincipals(p);
> // Place Set of Principals in the
> requestcycle or should I just place
> the Principal names in // requestcycle ?
This depends on how much information you want to use in your
accessdenied page if the name is all you need then by all means just
pass the names.
Also don't forget to filter the principals from the hive with the
principals contained in your subject. you are only interested in the
principals not contained in your hive.
> }
> return false;
> }
> return true;
> }
>
> I had to copy the whole PolicyFileHiveFactory I don't think I could get to
> "private Set inputStreams" or "private Set inputReaders" correctly.
There are getStreams and getReaders methods but they return a read
only view and thus will not allow you to clear them, ok.
>Here is
> my createHive() method:
>
> public Hive createHive()
> {
> BasicHive hive;
> if (isUsingHiveCache())
> hive = new MySimpleCachingHive();
> else
> hive = new BasicHive();
> ...
> }
>
> I only changed the one line above. In my app I am doing this:
>
>
> MyPolicyFileHiveFactory factory = new MyPolicyFileHiveFactory();
> factory.useHiveCache(true);
>
> Will the line above make sure that my MySimpleCachingHive will be used or is
> it possible for useHiveCache(false) to be used somewhere else?
This will do fine, remember you are the only one in control of the
policy factory. As soon as you pass it to HiveMind.registerHive the
createHive method is called, after that it is discarded.
BTW the default setting for useCache is true, but it does not hurt to
explicitly set it.
>
> Last question. I am not quite sure what to do in MySimpleCachingHive. I know
> this is an unrelated question, but I am not sure how to use your
> ManyToManyMap. I also am not sure when the addPrincipal(...) and
> addPermission(...) methods are called. Do one or the other get called per
> Principal that is in the hive? And, will I Load up the ManyToManyMap within
> these two methods ending up with this ManyToManyMap that will have all the
> Pricipals of the hive with their associated Permissions in them?
Either or both are called once or multiple times for each principal,
depending on how your policy is set up.
Anyway it does not matter how often each method is called since the
ManyToManyMap will fold everything together for you.
>
> Here is my MySimpleCachingHive:
>
> public class MySimpleCachingHive extends SimpleCachingHive
> {
> ...
>
> private ManyToManyMap hivePrincipalsAndPermissions;
>
> public void addPrincipal(Principal principal, Collection permissions)
> {
> super.addPrincipal(principal, permissions);
> // Load hivePrincipalsAndPermissions ?
Iterator it = permissions.iterator();
Permission next = null;
boolean debug = log.isDebugEnabled();
while (it.hasNext())
{
next = (Permission)it.next();
hivePrincipalsAndPermissions.add(next, principal);
}
> }
>
> public void addPermission(Principal principal, Permission permission)
> {
> super.addPermission(principal, permission);
> // Load hivePrincipalsAndPermissions ?
hivePrincipalsAndPermissions .add(permission,
principal);
> }
>
> public Set getPrincipals(Permission p)
> {
> // Return Set of Principals related to permission
return hivePrincipalsAndPermissions.get(p)
> }
>
> }
Maurice
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: wicket-security Custom Access Denied Page
Maurice,
I have a couple more questions. In my MySwarmStrategy hasPermission(...)
method I only have to look up the principals that have the denied permission
in them, correct? Here is my overide hasPermission(...) method:
public boolean hasPermission(Permission p)
{
if (!super.hasPermission(p))
{
if
(getHive().getClass().isInstance(MySimpleCachingHive.class))
{
Set hivePrincipals =
((MySimpleCachingHive)getHive()).getPrincipals(p);
// Place Set of Principals in the requestcycle
or should I just place
the Principal names in // requestcycle ?
}
return false;
}
return true;
}
I had to copy the whole PolicyFileHiveFactory I don't think I could get to
"private Set inputStreams" or "private Set inputReaders" correctly. Here is
my createHive() method:
public Hive createHive()
{
BasicHive hive;
if (isUsingHiveCache())
hive = new MySimpleCachingHive();
else
hive = new BasicHive();
...
}
I only changed the one line above. In my app I am doing this:
MyPolicyFileHiveFactory factory = new MyPolicyFileHiveFactory();
factory.useHiveCache(true);
Will the line above make sure that my MySimpleCachingHive will be used or is
it possible for useHiveCache(false) to be used somewhere else?
Last question. I am not quite sure what to do in MySimpleCachingHive. I know
this is an unrelated question, but I am not sure how to use your
ManyToManyMap. I also am not sure when the addPrincipal(...) and
addPermission(...) methods are called. Do one or the other get called per
Principal that is in the hive? And, will I Load up the ManyToManyMap within
these two methods ending up with this ManyToManyMap that will have all the
Pricipals of the hive with their associated Permissions in them?
Here is my MySimpleCachingHive:
public class MySimpleCachingHive extends SimpleCachingHive
{
...
private ManyToManyMap hivePrincipalsAndPermissions;
public void addPrincipal(Principal principal, Collection permissions)
{
super.addPrincipal(principal, permissions);
// Load hivePrincipalsAndPermissions ?
}
public void addPermission(Principal principal, Permission permission)
{
super.addPermission(principal, permission);
// Load hivePrincipalsAndPermissions ?
}
public Set getPrincipals(Permission p)
{
// Return Set of Principals related to permission
}
}
Thank you for your time, you have been a great help.
Warren,
> -Original Message-
> From: Maurice Marrink [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, February 13, 2008 11:57 PM
> To: users@wicket.apache.org
> Subject: Re: wicket-security Custom Access Denied Page
>
>
> Use cache is default true (i think by the constructor but i don't have
> the code with me right now)
>
> So you don't have to worry about that.
>
> Maurice
> thod
> On Thu, Feb 14, 2008 at 4:04 AM, Warren
> <[EMAIL PROTECTED]> wrote:
> > I have started implementing your sugestions and I have a
> question. When I
> > overide the method createHive() in PolicyFileHiveFactory do I
> need to set
> > useHiveCache(true) if I am extending SimpleCachingHive.
> >
> > public Hive createHive()
> > {
> > // Do I need to do this
> > super.useHiveCache(true);
> > BasicHive hive = new MySimpleCachingHive();
> > ...
> > }
> >
> > Or should I set this method in my app after I create the factory.
> >
> > MyPolicyFileHiveFactory factory = new MyPolicyFileHiveFactory();
> > factory.useHiveCache(true);
> >
> > Or should I even worry about this?
> >
> >
> >
> > > -Original Message-
> > > From: Warren [mailto:[EMAIL PROTECTED]
> > > Sent: Wednesday, February 13, 2008 4:30 PM
> > > To: users@wicket.apache.org
> >
> >
> > > Subject: RE: wicket-security Custom Access Denied Page
> > >
> > >
> > > I think I am following your example correctly. What I will
> end up with is
> > > the names of one or more principals that have the permission that was
> > > denied. Those one or more principals will not belong to the
> > > current subject.
> > > Then I can use the names of those principals to construct
Re: wicket-security Custom Access Denied Page
Use cache is default true (i think by the constructor but i don't have
the code with me right now)
So you don't have to worry about that.
Maurice
On Thu, Feb 14, 2008 at 4:04 AM, Warren <[EMAIL PROTECTED]> wrote:
> I have started implementing your sugestions and I have a question. When I
> overide the method createHive() in PolicyFileHiveFactory do I need to set
> useHiveCache(true) if I am extending SimpleCachingHive.
>
> public Hive createHive()
> {
> // Do I need to do this
> super.useHiveCache(true);
> BasicHive hive = new MySimpleCachingHive();
> ...
> }
>
> Or should I set this method in my app after I create the factory.
>
> MyPolicyFileHiveFactory factory = new MyPolicyFileHiveFactory();
> factory.useHiveCache(true);
>
> Or should I even worry about this?
>
>
>
> > -Original Message-
> > From: Warren [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, February 13, 2008 4:30 PM
> > To: users@wicket.apache.org
>
>
> > Subject: RE: wicket-security Custom Access Denied Page
> >
> >
> > I think I am following your example correctly. What I will end up with is
> > the names of one or more principals that have the permission that was
> > denied. Those one or more principals will not belong to the
> > current subject.
> > Then I can use the names of those principals to construct a message. You
> > could end up with a permission that does not belong to any
> > principal. Strike
> > that, that would mean that no one would be able to access that
> > component. I
> > will give this a try. I am sure I will have more questions.
> >
> > Thanks,
> >
> > > -----Original Message-
> > > From: Maurice Marrink [mailto:[EMAIL PROTECTED]
> > > Sent: Wednesday, February 13, 2008 2:56 PM
> > > To: users@wicket.apache.org
> > > Subject: Re: wicket-security Custom Access Denied Page
> > >
> > >
> > > It actually is a bit more trickier then that.
> > > Swarm does not check for principals it checks for permissions.
> > > The same permission might be shared by multiple principals.
> > > To get that information you need to dig deep.
> > > You can't wait for the wicket UnAuthorizedActionException since all it
> > > will tell you is the component and what wicket action was not
> > > authorized (although if you have a really simple policy you might
> > > figure it out with this information).
> > > Swarm can tell you, but truthfull the api lacks in that area, i'll see
> > > if i can fix this for 1.3.1.
> > >
> > > For now your best bet is probably to Subclass SwarmStrategy, override
> > > hasPermission(Permission). Most checks use this method but it is
> > > always possible for a custom ISecurityCheck to bypass this.
> > > public boolean hasPermission(Permission p)
> > > {
> > > if(!super.hasPermission(p)
> > > {
> > > //now we now the permission and we can find out which
> > principals have it
> > > //since the hive api does not give that info we need to use a custom
> > > hive, more on that later
> > > //for now do something like getHive().getPrincipals(p);
> > > //then we need to get the subject and check if it has any of those
> > > principals, the one (or more) that are missing are the one(s) we are
> > > interested in
> > > //use getSubject().getPrincipals()
> > > //store those principals somewhere in the requestcycle
> > > return false;
> > > }
> > > return true;
> > > }
> > > In order to use this new Strategy you need to extend
> > > SwarmStrategyFactory and overide newStrategy to return your subclass.
> > > Then you need to override setupStrategyFactory in your application to
> > > do setStrategyFactory(new MySwarmStrategyFactory(getHiveKey()));
> > >
> > > Next we need to extend our hive so we can ask it which principals
> > > belong to which permission (offcourse the hive already has this
> > > information but you can not access it)
> > > If you are using 1.3.0 rc1 you are probably using the
> > > SimpleCachingHive, extend it and override 2 methods
> > > addPrincipal(Principal , Collection ) and addPermission(Principal ,
> > > Permission )
> > > to record which principal has which permissions you can use a
> > > ManyToManyMap for this, it is also used int
RE: wicket-security Custom Access Denied Page
I have started implementing your sugestions and I have a question. When I
overide the method createHive() in PolicyFileHiveFactory do I need to set
useHiveCache(true) if I am extending SimpleCachingHive.
public Hive createHive()
{
// Do I need to do this
super.useHiveCache(true);
BasicHive hive = new MySimpleCachingHive();
...
}
Or should I set this method in my app after I create the factory.
MyPolicyFileHiveFactory factory = new MyPolicyFileHiveFactory();
factory.useHiveCache(true);
Or should I even worry about this?
> -Original Message-
> From: Warren [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, February 13, 2008 4:30 PM
> To: users@wicket.apache.org
> Subject: RE: wicket-security Custom Access Denied Page
>
>
> I think I am following your example correctly. What I will end up with is
> the names of one or more principals that have the permission that was
> denied. Those one or more principals will not belong to the
> current subject.
> Then I can use the names of those principals to construct a message. You
> could end up with a permission that does not belong to any
> principal. Strike
> that, that would mean that no one would be able to access that
> component. I
> will give this a try. I am sure I will have more questions.
>
> Thanks,
>
> > -Original Message-
> > From: Maurice Marrink [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, February 13, 2008 2:56 PM
> > To: users@wicket.apache.org
> > Subject: Re: wicket-security Custom Access Denied Page
> >
> >
> > It actually is a bit more trickier then that.
> > Swarm does not check for principals it checks for permissions.
> > The same permission might be shared by multiple principals.
> > To get that information you need to dig deep.
> > You can't wait for the wicket UnAuthorizedActionException since all it
> > will tell you is the component and what wicket action was not
> > authorized (although if you have a really simple policy you might
> > figure it out with this information).
> > Swarm can tell you, but truthfull the api lacks in that area, i'll see
> > if i can fix this for 1.3.1.
> >
> > For now your best bet is probably to Subclass SwarmStrategy, override
> > hasPermission(Permission). Most checks use this method but it is
> > always possible for a custom ISecurityCheck to bypass this.
> > public boolean hasPermission(Permission p)
> > {
> > if(!super.hasPermission(p)
> > {
> > //now we now the permission and we can find out which
> principals have it
> > //since the hive api does not give that info we need to use a custom
> > hive, more on that later
> > //for now do something like getHive().getPrincipals(p);
> > //then we need to get the subject and check if it has any of those
> > principals, the one (or more) that are missing are the one(s) we are
> > interested in
> > //use getSubject().getPrincipals()
> > //store those principals somewhere in the requestcycle
> > return false;
> > }
> > return true;
> > }
> > In order to use this new Strategy you need to extend
> > SwarmStrategyFactory and overide newStrategy to return your subclass.
> > Then you need to override setupStrategyFactory in your application to
> > do setStrategyFactory(new MySwarmStrategyFactory(getHiveKey()));
> >
> > Next we need to extend our hive so we can ask it which principals
> > belong to which permission (offcourse the hive already has this
> > information but you can not access it)
> > If you are using 1.3.0 rc1 you are probably using the
> > SimpleCachingHive, extend it and override 2 methods
> > addPrincipal(Principal , Collection ) and addPermission(Principal ,
> > Permission )
> > to record which principal has which permissions you can use a
> > ManyToManyMap for this, it is also used internally the information
> > recorded can then be exposed in a method like public Set
> > getPrincipals(Permission)
> > This will duplicate all recordings but your other option is to copy
> > BasicHive and SimpleCachingHive entirely and create the getPrincipals
> > method.
> >
> > Either way you will need to use this new hive and to do that we need
> > to extend PolicyFileHiveFactory (or SwarmPolicyFileHiveFactory if you
> > are using the latest 1.3-snapshots), override the createHive() method.
> > You can pretty much copy everything from PolicyFileHiveFactory except
> > for the first 5 lines you need to create your own hive there. Also
> > while copying you will run into a few private variables but y
RE: wicket-security Custom Access Denied Page
I think I am following your example correctly. What I will end up with is
the names of one or more principals that have the permission that was
denied. Those one or more principals will not belong to the current subject.
Then I can use the names of those principals to construct a message. You
could end up with a permission that does not belong to any principal. Strike
that, that would mean that no one would be able to access that component. I
will give this a try. I am sure I will have more questions.
Thanks,
> -Original Message-
> From: Maurice Marrink [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, February 13, 2008 2:56 PM
> To: users@wicket.apache.org
> Subject: Re: wicket-security Custom Access Denied Page
>
>
> It actually is a bit more trickier then that.
> Swarm does not check for principals it checks for permissions.
> The same permission might be shared by multiple principals.
> To get that information you need to dig deep.
> You can't wait for the wicket UnAuthorizedActionException since all it
> will tell you is the component and what wicket action was not
> authorized (although if you have a really simple policy you might
> figure it out with this information).
> Swarm can tell you, but truthfull the api lacks in that area, i'll see
> if i can fix this for 1.3.1.
>
> For now your best bet is probably to Subclass SwarmStrategy, override
> hasPermission(Permission). Most checks use this method but it is
> always possible for a custom ISecurityCheck to bypass this.
> public boolean hasPermission(Permission p)
> {
> if(!super.hasPermission(p)
> {
> //now we now the permission and we can find out which principals have it
> //since the hive api does not give that info we need to use a custom
> hive, more on that later
> //for now do something like getHive().getPrincipals(p);
> //then we need to get the subject and check if it has any of those
> principals, the one (or more) that are missing are the one(s) we are
> interested in
> //use getSubject().getPrincipals()
> //store those principals somewhere in the requestcycle
> return false;
> }
> return true;
> }
> In order to use this new Strategy you need to extend
> SwarmStrategyFactory and overide newStrategy to return your subclass.
> Then you need to override setupStrategyFactory in your application to
> do setStrategyFactory(new MySwarmStrategyFactory(getHiveKey()));
>
> Next we need to extend our hive so we can ask it which principals
> belong to which permission (offcourse the hive already has this
> information but you can not access it)
> If you are using 1.3.0 rc1 you are probably using the
> SimpleCachingHive, extend it and override 2 methods
> addPrincipal(Principal , Collection ) and addPermission(Principal ,
> Permission )
> to record which principal has which permissions you can use a
> ManyToManyMap for this, it is also used internally the information
> recorded can then be exposed in a method like public Set
> getPrincipals(Permission)
> This will duplicate all recordings but your other option is to copy
> BasicHive and SimpleCachingHive entirely and create the getPrincipals
> method.
>
> Either way you will need to use this new hive and to do that we need
> to extend PolicyFileHiveFactory (or SwarmPolicyFileHiveFactory if you
> are using the latest 1.3-snapshots), override the createHive() method.
> You can pretty much copy everything from PolicyFileHiveFactory except
> for the first 5 lines you need to create your own hive there. Also
> while copying you will run into a few private variables but you should
> be able to replace those with there getters (although i might have
> missed some, if that is the case you have to copy the entire class).
> In your application's setupHive method you are already creating the
> hivefactory, simply replace it with this custom one.
>
> And that should do the trick. Sorry the api is not more accommodating
> to your needs i'll see if i can make some improvements anytime soon
> for the 1.3-snapshot (1.3.1), but i also have to release 1.3.0 final
> sometime soon.
>
> Maurice
>
> P.S. i did not cover the part about providing the application with
> your own requestcycle but just look for newRequestCycle in your
> application ;)
>
>
> On Feb 13, 2008 6:49 PM, Igor Vaynberg <[EMAIL PROTECTED]> wrote:
> > stick that name into requestcycle's metadata, and pull it out in yoru
> > implementation of access denied page
> >
> > -igor
> >
> >
> >
> > On Feb 13, 2008 8:31 AM, Warren <[EMAIL PROTECTED]> wrote:
> > > I understand that, but what I want to do is create a message
> on that page
> > > that reads "Users in group xxx do not have a
Re: wicket-security Custom Access Denied Page
It actually is a bit more trickier then that.
Swarm does not check for principals it checks for permissions.
The same permission might be shared by multiple principals.
To get that information you need to dig deep.
You can't wait for the wicket UnAuthorizedActionException since all it
will tell you is the component and what wicket action was not
authorized (although if you have a really simple policy you might
figure it out with this information).
Swarm can tell you, but truthfull the api lacks in that area, i'll see
if i can fix this for 1.3.1.
For now your best bet is probably to Subclass SwarmStrategy, override
hasPermission(Permission). Most checks use this method but it is
always possible for a custom ISecurityCheck to bypass this.
public boolean hasPermission(Permission p)
{
if(!super.hasPermission(p)
{
//now we now the permission and we can find out which principals have it
//since the hive api does not give that info we need to use a custom
hive, more on that later
//for now do something like getHive().getPrincipals(p);
//then we need to get the subject and check if it has any of those
principals, the one (or more) that are missing are the one(s) we are
interested in
//use getSubject().getPrincipals()
//store those principals somewhere in the requestcycle
return false;
}
return true;
}
In order to use this new Strategy you need to extend
SwarmStrategyFactory and overide newStrategy to return your subclass.
Then you need to override setupStrategyFactory in your application to
do setStrategyFactory(new MySwarmStrategyFactory(getHiveKey()));
Next we need to extend our hive so we can ask it which principals
belong to which permission (offcourse the hive already has this
information but you can not access it)
If you are using 1.3.0 rc1 you are probably using the
SimpleCachingHive, extend it and override 2 methods
addPrincipal(Principal , Collection ) and addPermission(Principal ,
Permission )
to record which principal has which permissions you can use a
ManyToManyMap for this, it is also used internally the information
recorded can then be exposed in a method like public Set
getPrincipals(Permission)
This will duplicate all recordings but your other option is to copy
BasicHive and SimpleCachingHive entirely and create the getPrincipals
method.
Either way you will need to use this new hive and to do that we need
to extend PolicyFileHiveFactory (or SwarmPolicyFileHiveFactory if you
are using the latest 1.3-snapshots), override the createHive() method.
You can pretty much copy everything from PolicyFileHiveFactory except
for the first 5 lines you need to create your own hive there. Also
while copying you will run into a few private variables but you should
be able to replace those with there getters (although i might have
missed some, if that is the case you have to copy the entire class).
In your application's setupHive method you are already creating the
hivefactory, simply replace it with this custom one.
And that should do the trick. Sorry the api is not more accommodating
to your needs i'll see if i can make some improvements anytime soon
for the 1.3-snapshot (1.3.1), but i also have to release 1.3.0 final
sometime soon.
Maurice
P.S. i did not cover the part about providing the application with
your own requestcycle but just look for newRequestCycle in your
application ;)
On Feb 13, 2008 6:49 PM, Igor Vaynberg <[EMAIL PROTECTED]> wrote:
> stick that name into requestcycle's metadata, and pull it out in yoru
> implementation of access denied page
>
> -igor
>
>
>
> On Feb 13, 2008 8:31 AM, Warren <[EMAIL PROTECTED]> wrote:
> > I understand that, but what I want to do is create a message on that page
> > that reads "Users in group xxx do not have access to yyy" where yyy would be
> > the name of the principal that triggered the access denied. I need to get
> > the name of that principal.
> >
> >
> > > -Original Message-
> > > From: Maurice Marrink [mailto:[EMAIL PROTECTED]
> > > Sent: Wednesday, February 13, 2008 12:12 AM
> > > To: users@wicket.apache.org
> > > Subject: Re: wicket-security Custom Access Denied Page
> > >
> > >
> > > In the init of your webapp do
> > > getApplicationSettings().setAccessDeniedPage(MyPage.class)
> > >
> > > This is a wicket setting and not related to the security framework.
> > >
> > > Maurice
> > >
> > > On Feb 12, 2008 7:50 PM, Warren <[EMAIL PROTECTED]> wrote:
> > > > How do you set-up a custom "access denied page" that has a message on it
> > > > like "Users in group xxx do not have access to yyy"? I also want to have
> > > > this page return to the previous page the user was on. I
Re: wicket-security Custom Access Denied Page
stick that name into requestcycle's metadata, and pull it out in yoru implementation of access denied page -igor On Feb 13, 2008 8:31 AM, Warren <[EMAIL PROTECTED]> wrote: > I understand that, but what I want to do is create a message on that page > that reads "Users in group xxx do not have access to yyy" where yyy would be > the name of the principal that triggered the access denied. I need to get > the name of that principal. > > > > -Original Message- > > From: Maurice Marrink [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, February 13, 2008 12:12 AM > > To: users@wicket.apache.org > > Subject: Re: wicket-security Custom Access Denied Page > > > > > > In the init of your webapp do > > getApplicationSettings().setAccessDeniedPage(MyPage.class) > > > > This is a wicket setting and not related to the security framework. > > > > Maurice > > > > On Feb 12, 2008 7:50 PM, Warren <[EMAIL PROTECTED]> wrote: > > > How do you set-up a custom "access denied page" that has a message on it > > > like "Users in group xxx do not have access to yyy"? I also want to have > > > this page return to the previous page the user was on. I am using > > > wicket-security (wasp and swarm). > > > > > > Thanks, > > > > > > Warren Bell > > > > > > > > > - > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: wicket-security Custom Access Denied Page
I understand that, but what I want to do is create a message on that page that reads "Users in group xxx do not have access to yyy" where yyy would be the name of the principal that triggered the access denied. I need to get the name of that principal. > -Original Message- > From: Maurice Marrink [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 13, 2008 12:12 AM > To: users@wicket.apache.org > Subject: Re: wicket-security Custom Access Denied Page > > > In the init of your webapp do > getApplicationSettings().setAccessDeniedPage(MyPage.class) > > This is a wicket setting and not related to the security framework. > > Maurice > > On Feb 12, 2008 7:50 PM, Warren <[EMAIL PROTECTED]> wrote: > > How do you set-up a custom "access denied page" that has a message on it > > like "Users in group xxx do not have access to yyy"? I also want to have > > this page return to the previous page the user was on. I am using > > wicket-security (wasp and swarm). > > > > Thanks, > > > > Warren Bell > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: wicket-security Custom Access Denied Page
In the init of your webapp do getApplicationSettings().setAccessDeniedPage(MyPage.class) This is a wicket setting and not related to the security framework. Maurice On Feb 12, 2008 7:50 PM, Warren <[EMAIL PROTECTED]> wrote: > How do you set-up a custom "access denied page" that has a message on it > like "Users in group xxx do not have access to yyy"? I also want to have > this page return to the previous page the user was on. I am using > wicket-security (wasp and swarm). > > Thanks, > > Warren Bell > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
wicket-security Custom Access Denied Page
How do you set-up a custom "access denied page" that has a message on it like "Users in group xxx do not have access to yyy"? I also want to have this page return to the previous page the user was on. I am using wicket-security (wasp and swarm). Thanks, Warren Bell - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
