It actually is a bit more trickier then that. Swarm does not check for principals it checks for permissions. The same permission might be shared by multiple principals. To get that information you need to dig deep. You can't wait for the wicket UnAuthorizedActionException since all it will tell you is the component and what wicket action was not authorized (although if you have a really simple policy you might figure it out with this information). Swarm can tell you, but truthfull the api lacks in that area, i'll see if i can fix this for 1.3.1.
For now your best bet is probably to Subclass SwarmStrategy, override hasPermission(Permission). Most checks use this method but it is always possible for a custom ISecurityCheck to bypass this. public boolean hasPermission(Permission p) { if(!super.hasPermission(p) { //now we now the permission and we can find out which principals have it //since the hive api does not give that info we need to use a custom hive, more on that later //for now do something like getHive().getPrincipals(p); //then we need to get the subject and check if it has any of those principals, the one (or more) that are missing are the one(s) we are interested in //use getSubject().getPrincipals() //store those principals somewhere in the requestcycle return false; } return true; } In order to use this new Strategy you need to extend SwarmStrategyFactory and overide newStrategy to return your subclass. Then you need to override setupStrategyFactory in your application to do setStrategyFactory(new MySwarmStrategyFactory(getHiveKey())); Next we need to extend our hive so we can ask it which principals belong to which permission (offcourse the hive already has this information but you can not access it) If you are using 1.3.0 rc1 you are probably using the SimpleCachingHive, extend it and override 2 methods addPrincipal(Principal , Collection ) and addPermission(Principal , Permission ) to record which principal has which permissions you can use a ManyToManyMap for this, it is also used internally the information recorded can then be exposed in a method like public Set<Principal> getPrincipals(Permission) This will duplicate all recordings but your other option is to copy BasicHive and SimpleCachingHive entirely and create the getPrincipals method. Either way you will need to use this new hive and to do that we need to extend PolicyFileHiveFactory (or SwarmPolicyFileHiveFactory if you are using the latest 1.3-snapshots), override the createHive() method. You can pretty much copy everything from PolicyFileHiveFactory except for the first 5 lines you need to create your own hive there. Also while copying you will run into a few private variables but you should be able to replace those with there getters (although i might have missed some, if that is the case you have to copy the entire class). In your application's setupHive method you are already creating the hivefactory, simply replace it with this custom one. And that should do the trick. Sorry the api is not more accommodating to your needs i'll see if i can make some improvements anytime soon for the 1.3-snapshot (1.3.1), but i also have to release 1.3.0 final sometime soon. Maurice P.S. i did not cover the part about providing the application with your own requestcycle but just look for newRequestCycle in your application ;) On Feb 13, 2008 6:49 PM, Igor Vaynberg <[EMAIL PROTECTED]> wrote: > stick that name into requestcycle's metadata, and pull it out in yoru > implementation of access denied page > > -igor > > > > On Feb 13, 2008 8:31 AM, Warren <[EMAIL PROTECTED]> wrote: > > I understand that, but what I want to do is create a message on that page > > that reads "Users in group xxx do not have access to yyy" where yyy would be > > the name of the principal that triggered the access denied. I need to get > > the name of that principal. > > > > > > > -----Original Message----- > > > From: Maurice Marrink [mailto:[EMAIL PROTECTED] > > > Sent: Wednesday, February 13, 2008 12:12 AM > > > To: users@wicket.apache.org > > > Subject: Re: wicket-security Custom Access Denied Page > > > > > > > > > In the init of your webapp do > > > getApplicationSettings().setAccessDeniedPage(MyPage.class) > > > > > > This is a wicket setting and not related to the security framework. > > > > > > Maurice > > > > > > On Feb 12, 2008 7:50 PM, Warren <[EMAIL PROTECTED]> wrote: > > > > How do you set-up a custom "access denied page" that has a message on it > > > > like "Users in group xxx do not have access to yyy"? I also want to have > > > > this page return to the previous page the user was on. I am using > > > > wicket-security (wasp and swarm). > > > > > > > > Thanks, > > > > > > > > Warren Bell > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]