Use cache is default true (i think by the constructor but i don't have the code with me right now)
So you don't have to worry about that. Maurice On Thu, Feb 14, 2008 at 4:04 AM, Warren <[EMAIL PROTECTED]> wrote: > I have started implementing your sugestions and I have a question. When I > overide the method createHive() in PolicyFileHiveFactory do I need to set > useHiveCache(true) if I am extending SimpleCachingHive. > > public Hive createHive() > { > // Do I need to do this > super.useHiveCache(true); > BasicHive hive = new MySimpleCachingHive(); > ... > } > > Or should I set this method in my app after I create the factory. > > MyPolicyFileHiveFactory factory = new MyPolicyFileHiveFactory(); > factory.useHiveCache(true); > > Or should I even worry about this? > > > > > -----Original Message----- > > From: Warren [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, February 13, 2008 4:30 PM > > To: users@wicket.apache.org > > > > Subject: RE: wicket-security Custom Access Denied Page > > > > > > I think I am following your example correctly. What I will end up with is > > the names of one or more principals that have the permission that was > > denied. Those one or more principals will not belong to the > > current subject. > > Then I can use the names of those principals to construct a message. You > > could end up with a permission that does not belong to any > > principal. Strike > > that, that would mean that no one would be able to access that > > component. I > > will give this a try. I am sure I will have more questions. > > > > Thanks, > > > > > -----Original Message----- > > > From: Maurice Marrink [mailto:[EMAIL PROTECTED] > > > Sent: Wednesday, February 13, 2008 2:56 PM > > > To: users@wicket.apache.org > > > Subject: Re: wicket-security Custom Access Denied Page > > > > > > > > > It actually is a bit more trickier then that. > > > Swarm does not check for principals it checks for permissions. > > > The same permission might be shared by multiple principals. > > > To get that information you need to dig deep. > > > You can't wait for the wicket UnAuthorizedActionException since all it > > > will tell you is the component and what wicket action was not > > > authorized (although if you have a really simple policy you might > > > figure it out with this information). > > > Swarm can tell you, but truthfull the api lacks in that area, i'll see > > > if i can fix this for 1.3.1. > > > > > > For now your best bet is probably to Subclass SwarmStrategy, override > > > hasPermission(Permission). Most checks use this method but it is > > > always possible for a custom ISecurityCheck to bypass this. > > > public boolean hasPermission(Permission p) > > > { > > > if(!super.hasPermission(p) > > > { > > > //now we now the permission and we can find out which > > principals have it > > > //since the hive api does not give that info we need to use a custom > > > hive, more on that later > > > //for now do something like getHive().getPrincipals(p); > > > //then we need to get the subject and check if it has any of those > > > principals, the one (or more) that are missing are the one(s) we are > > > interested in > > > //use getSubject().getPrincipals() > > > //store those principals somewhere in the requestcycle > > > return false; > > > } > > > return true; > > > } > > > In order to use this new Strategy you need to extend > > > SwarmStrategyFactory and overide newStrategy to return your subclass. > > > Then you need to override setupStrategyFactory in your application to > > > do setStrategyFactory(new MySwarmStrategyFactory(getHiveKey())); > > > > > > Next we need to extend our hive so we can ask it which principals > > > belong to which permission (offcourse the hive already has this > > > information but you can not access it) > > > If you are using 1.3.0 rc1 you are probably using the > > > SimpleCachingHive, extend it and override 2 methods > > > addPrincipal(Principal , Collection ) and addPermission(Principal , > > > Permission ) > > > to record which principal has which permissions you can use a > > > ManyToManyMap for this, it is also used internally the information > > > recorded can then be exposed in a method like public Set<Principal> > > > getPrincipals(Permission) > > > This will duplicate all recordings but your other option is to copy > > > BasicHive and SimpleCachingHive entirely and create the getPrincipals > > > method. > > > > > > Either way you will need to use this new hive and to do that we need > > > to extend PolicyFileHiveFactory (or SwarmPolicyFileHiveFactory if you > > > are using the latest 1.3-snapshots), override the createHive() method. > > > You can pretty much copy everything from PolicyFileHiveFactory except > > > for the first 5 lines you need to create your own hive there. Also > > > while copying you will run into a few private variables but you should > > > be able to replace those with there getters (although i might have > > > missed some, if that is the case you have to copy the entire class). > > > In your application's setupHive method you are already creating the > > > hivefactory, simply replace it with this custom one. > > > > > > And that should do the trick. Sorry the api is not more accommodating > > > to your needs i'll see if i can make some improvements anytime soon > > > for the 1.3-snapshot (1.3.1), but i also have to release 1.3.0 final > > > sometime soon. > > > > > > Maurice > > > > > > P.S. i did not cover the part about providing the application with > > > your own requestcycle but just look for newRequestCycle in your > > > application ;) > > > > > > > > > On Feb 13, 2008 6:49 PM, Igor Vaynberg <[EMAIL PROTECTED]> wrote: > > > > stick that name into requestcycle's metadata, and pull it out in yoru > > > > implementation of access denied page > > > > > > > > -igor > > > > > > > > > > > > > > > > On Feb 13, 2008 8:31 AM, Warren <[EMAIL PROTECTED]> wrote: > > > > > I understand that, but what I want to do is create a message > > > on that page > > > > > that reads "Users in group xxx do not have access to yyy" > > > where yyy would be > > > > > the name of the principal that triggered the access denied. I > > > need to get > > > > > the name of that principal. > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: Maurice Marrink [mailto:[EMAIL PROTECTED] > > > > > > Sent: Wednesday, February 13, 2008 12:12 AM > > > > > > To: users@wicket.apache.org > > > > > > Subject: Re: wicket-security Custom Access Denied Page > > > > > > > > > > > > > > > > > > In the init of your webapp do > > > > > > getApplicationSettings().setAccessDeniedPage(MyPage.class) > > > > > > > > > > > > This is a wicket setting and not related to the security > > framework. > > > > > > > > > > > > Maurice > > > > > > > > > > > > On Feb 12, 2008 7:50 PM, Warren > > <[EMAIL PROTECTED]> wrote: > > > > > > > How do you set-up a custom "access denied page" that has > > > a message on it > > > > > > > like "Users in group xxx do not have access to yyy"? I > > > also want to have > > > > > > > this page return to the previous page the user was on. > > I am using > > > > > > > wicket-security (wasp and swarm). > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > > > Warren Bell > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]