I have started implementing your sugestions and I have a question. When I
overide the method createHive() in PolicyFileHiveFactory do I need to set
useHiveCache(true) if I am extending SimpleCachingHive.
public Hive createHive()
{
// Do I need to do this
super.useHiveCache(true);
BasicHive hive = new MySimpleCachingHive();
...
}
Or should I set this method in my app after I create the factory.
MyPolicyFileHiveFactory factory = new MyPolicyFileHiveFactory();
factory.useHiveCache(true);
Or should I even worry about this?
> -----Original Message-----
> From: Warren [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, February 13, 2008 4:30 PM
> To: users@wicket.apache.org
> Subject: RE: wicket-security Custom Access Denied Page
>
>
> I think I am following your example correctly. What I will end up with is
> the names of one or more principals that have the permission that was
> denied. Those one or more principals will not belong to the
> current subject.
> Then I can use the names of those principals to construct a message. You
> could end up with a permission that does not belong to any
> principal. Strike
> that, that would mean that no one would be able to access that
> component. I
> will give this a try. I am sure I will have more questions.
>
> Thanks,
>
> > -----Original Message-----
> > From: Maurice Marrink [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, February 13, 2008 2:56 PM
> > To: users@wicket.apache.org
> > Subject: Re: wicket-security Custom Access Denied Page
> >
> >
> > It actually is a bit more trickier then that.
> > Swarm does not check for principals it checks for permissions.
> > The same permission might be shared by multiple principals.
> > To get that information you need to dig deep.
> > You can't wait for the wicket UnAuthorizedActionException since all it
> > will tell you is the component and what wicket action was not
> > authorized (although if you have a really simple policy you might
> > figure it out with this information).
> > Swarm can tell you, but truthfull the api lacks in that area, i'll see
> > if i can fix this for 1.3.1.
> >
> > For now your best bet is probably to Subclass SwarmStrategy, override
> > hasPermission(Permission). Most checks use this method but it is
> > always possible for a custom ISecurityCheck to bypass this.
> > public boolean hasPermission(Permission p)
> > {
> > if(!super.hasPermission(p)
> > {
> > //now we now the permission and we can find out which
> principals have it
> > //since the hive api does not give that info we need to use a custom
> > hive, more on that later
> > //for now do something like getHive().getPrincipals(p);
> > //then we need to get the subject and check if it has any of those
> > principals, the one (or more) that are missing are the one(s) we are
> > interested in
> > //use getSubject().getPrincipals()
> > //store those principals somewhere in the requestcycle
> > return false;
> > }
> > return true;
> > }
> > In order to use this new Strategy you need to extend
> > SwarmStrategyFactory and overide newStrategy to return your subclass.
> > Then you need to override setupStrategyFactory in your application to
> > do setStrategyFactory(new MySwarmStrategyFactory(getHiveKey()));
> >
> > Next we need to extend our hive so we can ask it which principals
> > belong to which permission (offcourse the hive already has this
> > information but you can not access it)
> > If you are using 1.3.0 rc1 you are probably using the
> > SimpleCachingHive, extend it and override 2 methods
> > addPrincipal(Principal , Collection ) and addPermission(Principal ,
> > Permission )
> > to record which principal has which permissions you can use a
> > ManyToManyMap for this, it is also used internally the information
> > recorded can then be exposed in a method like public Set<Principal>
> > getPrincipals(Permission)
> > This will duplicate all recordings but your other option is to copy
> > BasicHive and SimpleCachingHive entirely and create the getPrincipals
> > method.
> >
> > Either way you will need to use this new hive and to do that we need
> > to extend PolicyFileHiveFactory (or SwarmPolicyFileHiveFactory if you
> > are using the latest 1.3-snapshots), override the createHive() method.
> > You can pretty much copy everything from PolicyFileHiveFactory except
> > for the first 5 lines you need to create your own hive there. Also
> > while copying you will run into a few private variables but you should
> > be able to replace those with there getters (although i might have
> > missed some, if that is the case you have to copy the entire class).
> > In your application's setupHive method you are already creating the
> > hivefactory, simply replace it with this custom one.
> >
> > And that should do the trick. Sorry the api is not more accommodating
> > to your needs i'll see if i can make some improvements anytime soon
> > for the 1.3-snapshot (1.3.1), but i also have to release 1.3.0 final
> > sometime soon.
> >
> > Maurice
> >
> > P.S. i did not cover the part about providing the application with
> > your own requestcycle but just look for newRequestCycle in your
> > application ;)
> >
> >
> > On Feb 13, 2008 6:49 PM, Igor Vaynberg <[EMAIL PROTECTED]> wrote:
> > > stick that name into requestcycle's metadata, and pull it out in yoru
> > > implementation of access denied page
> > >
> > > -igor
> > >
> > >
> > >
> > > On Feb 13, 2008 8:31 AM, Warren <[EMAIL PROTECTED]> wrote:
> > > > I understand that, but what I want to do is create a message
> > on that page
> > > > that reads "Users in group xxx do not have access to yyy"
> > where yyy would be
> > > > the name of the principal that triggered the access denied. I
> > need to get
> > > > the name of that principal.
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: Maurice Marrink [mailto:[EMAIL PROTECTED]
> > > > > Sent: Wednesday, February 13, 2008 12:12 AM
> > > > > To: users@wicket.apache.org
> > > > > Subject: Re: wicket-security Custom Access Denied Page
> > > > >
> > > > >
> > > > > In the init of your webapp do
> > > > > getApplicationSettings().setAccessDeniedPage(MyPage.class)
> > > > >
> > > > > This is a wicket setting and not related to the security
> framework.
> > > > >
> > > > > Maurice
> > > > >
> > > > > On Feb 12, 2008 7:50 PM, Warren
> <[EMAIL PROTECTED]> wrote:
> > > > > > How do you set-up a custom "access denied page" that has
> > a message on it
> > > > > > like "Users in group xxx do not have access to yyy"? I
> > also want to have
> > > > > > this page return to the previous page the user was on.
> I am using
> > > > > > wicket-security (wasp and swarm).
> > > > > >
> > > > > > Thanks,
> > > > > >
> > > > > > Warren Bell
> > > > > >
> > > > > >
> > > > > >
> > ---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > > >
> > > > > >
> > > > >
> > > > >
> > ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > >
> > > >
> > > >
> > > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
