Ok, i just finished a SecureContainerLink that should do what your SecurePanelLink does, but it is a bit less complex. I haven't checked it in yet or tested it for that matter but hope to hear from you if this is what you meant. If so i will make it a part of wasp.
Maurice /* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.wicket.security.components.markup.html.links; import org.apache.wicket.Component; import org.apache.wicket.MarkupContainer; import org.apache.wicket.WicketRuntimeException; import org.apache.wicket.markup.html.link.Link; import org.apache.wicket.model.IModel; import org.apache.wicket.security.actions.AbstractWaspAction; import org.apache.wicket.security.checks.ISecurityCheck; import org.apache.wicket.security.checks.LinkSecurityCheck; import org.apache.wicket.security.components.ISecureComponent; import org.apache.wicket.security.components.SecureComponentHelper; /** * A secure link to handle panel replacements or any other type of * [EMAIL PROTECTED] MarkupContainer}s. It is also usable as a link to switch between 2 or * more panels. Security is enforced on the replacing class. * * @author marrink */ public abstract class SecureContainerLink extends Link implements ISecureComponent { /** * */ private static final long serialVersionUID = 1L; private Class replacementClass; private MarkupContainer containerParent; private String containerId; /** * Constructs a new replacement link. * * @param id * id of the link * @param replacementPanel * the class of the container replacing the component on the * supplied parent * @param parentOfReplaceablePanel * the parent component where the replacement needs to take place * @param panelId * the id of the component to be replaced */ public SecureContainerLink(String id, Class replacementPanel, MarkupContainer parentOfReplaceablePanel, String panelId) { this(id, null, replacementPanel, parentOfReplaceablePanel, panelId); } /** * Constructs a new replacement link. * * @param id * id of the link * @param object * model of the link * @param replacementPanel * the class of the container replacing the component on the * supplied parent * @param parentOfReplaceablePanel * the parent component where the replacement needs to take place * @param panelId * the id of the component to be replaced */ public SecureContainerLink(String id, IModel object, Class replacementPanel, MarkupContainer parentOfReplaceablePanel, String panelId) { super(id, object); setReplacementClass(replacementPanel); if (parentOfReplaceablePanel == null) throw new WicketRuntimeException("Parent required for replacing components."); containerParent = parentOfReplaceablePanel; if (panelId == null) throw new WicketRuntimeException("Id required from component to be replaced."); containerId = panelId; } /** * Performs the replacement, only if an actual replacement was constructed. * * @see org.apache.wicket.markup.html.link.Link#onClick() * @see #getReplacementFor(Component, String, Class) * @throws WicketRuntimeException * if a problem occurs in replacing the container. */ public final void onClick() { Component replaceMe = containerParent.get(containerId); if (replaceMe == null) throw new WicketRuntimeException("unable to find child with id: " + containerId + " on parent: " + containerParent); Class myReplacementClass = getReplacementClass(); MarkupContainer replacement = getReplacementFor(replaceMe, containerId, myReplacementClass); if (replacement == null) return; // do nothing if (!containerId.equals(replacement.getId())) throw new WicketRuntimeException("The replacement does not have the specified id: " + containerId + ", but id: " + replacement.getId()); if (myReplacementClass.isAssignableFrom(replacement.getClass())) containerParent.replace(replacement); else throw new WicketRuntimeException("The replacement for " + containerId + " on " + containerParent + " is not assignable from " + myReplacementClass); } /** * Creates a replacement for a component. although the component to be * replaced does not need to be a [EMAIL PROTECTED] MarkupContainer} it typically is. * The replacement however does need to be a MarkupContainer, more * specifically a (sub)class of replacementClass. Implementation may choose * at this point to do the next replacement with a different class by using * [EMAIL PROTECTED] #setReplacementClass(Class)} in order to create a switch like * behavior. * * @param current * the component to be replaced * @param id * the id of the new container * @param replacementClass * the class of the replacement * @return a new replacement or null if the original component is not to be * replaced * @see #setReplacementClass(Class) */ protected abstract MarkupContainer getReplacementFor(Component current, String id, Class replacementClass); /** * Generates the securitycheck for this link. by default this is a * [EMAIL PROTECTED] LinkSecurityCheck} but implementations may choose to override * this. Note that the returned LinkSecurityCheck should not be placed in * alternative rendering mode as this will completely change the intended * behavior. * * @return the securitycheck for this link or null if no security is to be * enforced */ protected ISecurityCheck generateSecurityCheck() { return new LinkSecurityCheck(this, getReplacementClass()); } /** * @see org.apache.wicket.security.components.ISecureComponent#getSecurityCheck() */ public ISecurityCheck getSecurityCheck() { return SecureComponentHelper.getSecurityCheck(this); } /** * @see org.apache.wicket.security.components.ISecureComponent#isActionAuthorized(java.lang.String) */ public boolean isActionAuthorized(String waspAction) { return SecureComponentHelper.isActionAuthorized(this, waspAction); } /** * @see org.apache.wicket.security.components.ISecureComponent#isActionAuthorized(org.apache.wicket.security.actions.AbstractWaspAction) */ public boolean isActionAuthorized(AbstractWaspAction action) { return SecureComponentHelper.isActionAuthorized(this, action); } /** * @see org.apache.wicket.security.components.ISecureComponent#isAuthenticated() */ public boolean isAuthenticated() { return SecureComponentHelper.isAuthenticated(this); } /** * @see org.apache.wicket.security.components.ISecureComponent#setSecurityCheck(org.apache.wicket.security.checks.ISecurityCheck) */ public void setSecurityCheck(ISecurityCheck check) { SecureComponentHelper.setSecurityCheck(this, check); } /** * Gets replacementClass. * * @return replacementClass */ protected final Class getReplacementClass() { return replacementClass; } /** * Sets replacementClass. Note by changing the replacement class a new * securitycheck is automatically created. * * @param replacementClass * replacementClass * @see #generateSecurityCheck() * @throws WicketRuntimeException * if the class is null or not a [EMAIL PROTECTED] MarkupContainer} */ protected final void setReplacementClass(Class replacementClass) { if (replacementClass == null || !MarkupContainer.class.isAssignableFrom(replacementClass)) throw new WicketRuntimeException("This link requires a " + MarkupContainer.class + ", not a " + replacementClass); this.replacementClass = replacementClass; setSecurityCheck(generateSecurityCheck()); } } On 9/11/07, Martijn Dashorst <[EMAIL PROTECTED]> wrote: > Create your custom request cycle, and add a getter that uses the > session's username/id to retrieve the user from the database, and > cache it locally. > > Martijn > > On 9/11/07, Anthony Schexnaildre <[EMAIL PROTECTED]> wrote: > > This makes sense. Where would you stick the user on the requestcycle? > > It's not obvious from the javadocs. Is there a "wicket way"? > > > > -Anthony > > > > On Sep 11, 2007, at 10:05 AM, Maurice Marrink wrote: > > > > > Martijn, you are absolutely right, i forgot we moved the user from the > > > session to the requestcycle. Just keep the id for your user in the > > > session and keep the actual user for this request in the requestcycle. > > > This way each thread will have its own instance of the user. > > > > > > Maurice > > > > > > On 9/11/07, Martijn Dashorst <[EMAIL PROTECTED]> wrote: > > >> Just a quick note: storing objects that are not thread safe in your > > >> session is asking for trouble. While Wicket does limit page > > >> processing > > >> to one request at a time, other requests like resources can run in > > >> parallel. What does this mean? > > >> > > >> One thing that comes to mind is that when two requests for the same > > >> session are being processed, and one is done before the other it will > > >> detach the user model. What are the semantics now for the other > > >> thread? > > >> > > >> For instance if you have a detachable model storing a User object in > > >> your session and use Hibernate you are in a world of hurt, or rather > > >> Hibernate will sometimes bork because your Session tries to attach > > >> the > > >> single User instance to multiple Hibernate Session objects. > > >> Exceptions > > >> will be having a party. > > >> > > >> Now this is not meant as a Hibernate bashing reply, it just happens > > >> that Hibernate correctly detects multiple threads modifying the same > > >> object's state and stops tampering with it. > > >> > > >> Martijn > > >> > > >> -- > > >> Buy Wicket in Action: http://manning.com/dashorst > > >> Apache Wicket 1.3.0-beta3 is released > > >> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.0-beta3/ > > >> > > >> --------------------------------------------------------------------- > > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > > >> For additional commands, e-mail: [EMAIL PROTECTED] > > >> > > >> > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > -- > Buy Wicket in Action: http://manning.com/dashorst > Apache Wicket 1.3.0-beta3 is released > Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.0-beta3/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]