It actually is a bit more trickier then that.
Swarm does not check for principals it checks for permissions.
The same permission might be shared by multiple principals.
To get that information you need to dig deep.
You can't wait for the wicket UnAuthorizedActionException since all it
will tell you is the component and what wicket action was not
authorized (although if you have a really simple policy you might
figure it out with this information).
Swarm can tell you, but truthfull the api lacks in that area, i'll see
if i can fix this for 1.3.1.
For now your best bet is probably to Subclass SwarmStrategy, override
hasPermission(Permission). Most checks use this method but it is
always possible for a custom ISecurityCheck to bypass this.
public boolean hasPermission(Permission p)
{
if(!super.hasPermission(p)
{
//now we now the permission and we can find out which principals have it
//since the hive api does not give that info we need to use a custom
hive, more on that later
//for now do something like getHive().getPrincipals(p);
//then we need to get the subject and check if it has any of those
principals, the one (or more) that are missing are the one(s) we are
interested in
//use getSubject().getPrincipals()
//store those principals somewhere in the requestcycle
return false;
}
return true;
}
In order to use this new Strategy you need to extend
SwarmStrategyFactory and overide newStrategy to return your subclass.
Then you need to override setupStrategyFactory in your application to
do setStrategyFactory(new MySwarmStrategyFactory(getHiveKey()));
Next we need to extend our hive so we can ask it which principals
belong to which permission (offcourse the hive already has this
information but you can not access it)
If you are using 1.3.0 rc1 you are probably using the
SimpleCachingHive, extend it and override 2 methods
addPrincipal(Principal , Collection ) and addPermission(Principal ,
Permission )
to record which principal has which permissions you can use a
ManyToManyMap for this, it is also used internally the information
recorded can then be exposed in a method like public Set<Principal>
getPrincipals(Permission)
This will duplicate all recordings but your other option is to copy
BasicHive and SimpleCachingHive entirely and create the getPrincipals
method.
Either way you will need to use this new hive and to do that we need
to extend PolicyFileHiveFactory (or SwarmPolicyFileHiveFactory if you
are using the latest 1.3-snapshots), override the createHive() method.
You can pretty much copy everything from PolicyFileHiveFactory except
for the first 5 lines you need to create your own hive there. Also
while copying you will run into a few private variables but you should
be able to replace those with there getters (although i might have
missed some, if that is the case you have to copy the entire class).
In your application's setupHive method you are already creating the
hivefactory, simply replace it with this custom one.
And that should do the trick. Sorry the api is not more accommodating
to your needs i'll see if i can make some improvements anytime soon
for the 1.3-snapshot (1.3.1), but i also have to release 1.3.0 final
sometime soon.
Maurice
P.S. i did not cover the part about providing the application with
your own requestcycle but just look for newRequestCycle in your
application ;)
On Feb 13, 2008 6:49 PM, Igor Vaynberg <[EMAIL PROTECTED]> wrote:
> stick that name into requestcycle's metadata, and pull it out in yoru
> implementation of access denied page
>
> -igor
>
>
>
> On Feb 13, 2008 8:31 AM, Warren <[EMAIL PROTECTED]> wrote:
> > I understand that, but what I want to do is create a message on that page
> > that reads "Users in group xxx do not have access to yyy" where yyy would be
> > the name of the principal that triggered the access denied. I need to get
> > the name of that principal.
> >
> >
> > > -----Original Message-----
> > > From: Maurice Marrink [mailto:[EMAIL PROTECTED]
> > > Sent: Wednesday, February 13, 2008 12:12 AM
> > > To: users@wicket.apache.org
> > > Subject: Re: wicket-security Custom Access Denied Page
> > >
> > >
> > > In the init of your webapp do
> > > getApplicationSettings().setAccessDeniedPage(MyPage.class)
> > >
> > > This is a wicket setting and not related to the security framework.
> > >
> > > Maurice
> > >
> > > On Feb 12, 2008 7:50 PM, Warren <[EMAIL PROTECTED]> wrote:
> > > > How do you set-up a custom "access denied page" that has a message on it
> > > > like "Users in group xxx do not have access to yyy"? I also want to have
> > > > this page return to the previous page the user was on. I am using
> > > > wicket-security (wasp and swarm).
> > > >
> > > > Thanks,
> > > >
> > > > Warren Bell
> > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
