Maurice, When you say:
> Also don't forget to filter the principals from the hive with the > principals contained in your subject. you are only interested in the > principals not contained in your hive. Haven't we allready done that when we check if the permission has failed when the super.hasPermission(...) returns false. And when we call ((MySimpleCachingHive)getHive()).getPrincipals(p) we are going to get all the Principals that have the Permission p in it from the hive that do not belong to the Subject since that Permission has allready been checked to see if it belongs to a Principal that belongs to the Subect in the super.hasPermission(...). Or am I missing how this all works? > -----Original Message----- > From: Maurice Marrink [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 14, 2008 10:49 AM > To: users@wicket.apache.org > Subject: Re: wicket-security Custom Access Denied Page > > > On Thu, Feb 14, 2008 at 7:13 PM, Warren > <[EMAIL PROTECTED]> wrote: > > Maurice, > > > > I have a couple more questions. In my MySwarmStrategy > hasPermission(...) > > method I only have to look up the principals that have the > denied permission > > in them, correct? > > Correct > > >Here is my overide hasPermission(...) method: > > > > > > public boolean hasPermission(Permission p) > > { > > if (!super.hasPermission(p)) > > { > > if > (getHive().getClass().isInstance(MySimpleCachingHive.class)) > > { > > Set<Principal> hivePrincipals = > > ((MySimpleCachingHive)getHive()).getPrincipals(p); > > // Place Set of Principals in > the requestcycle or should I just place > > the Principal names in // > requestcycle ? > > This depends on how much information you want to use in your > accessdenied page if the name is all you need then by all means just > pass the names. > Also don't forget to filter the principals from the hive with the > principals contained in your subject. you are only interested in the > principals not contained in your hive. > > > } > > return false; > > } > > return true; > > } > > > > I had to copy the whole PolicyFileHiveFactory I don't think I > could get to > > "private Set inputStreams" or "private Set inputReaders" correctly. > > There are getStreams and getReaders methods but they return a read > only view and thus will not allow you to clear them, ok. > > >Here is > > my createHive() method: > > > > public Hive createHive() > > { > > BasicHive hive; > > if (isUsingHiveCache()) > > hive = new MySimpleCachingHive(); > > else > > hive = new BasicHive(); > > ... > > } > > > > I only changed the one line above. In my app I am doing this: > > > > > > MyPolicyFileHiveFactory factory = new MyPolicyFileHiveFactory(); > > factory.useHiveCache(true); > > > > Will the line above make sure that my MySimpleCachingHive will > be used or is > > it possible for useHiveCache(false) to be used somewhere else? > > This will do fine, remember you are the only one in control of the > policy factory. As soon as you pass it to HiveMind.registerHive the > createHive method is called, after that it is discarded. > BTW the default setting for useCache is true, but it does not hurt to > explicitly set it. > > > > > Last question. I am not quite sure what to do in > MySimpleCachingHive. I know > > this is an unrelated question, but I am not sure how to use your > > ManyToManyMap. I also am not sure when the addPrincipal(...) and > > addPermission(...) methods are called. Do one or the other get > called per > > Principal that is in the hive? And, will I Load up the > ManyToManyMap within > > these two methods ending up with this ManyToManyMap that will > have all the > > Pricipals of the hive with their associated Permissions in them? > > Either or both are called once or multiple times for each principal, > depending on how your policy is set up. > Anyway it does not matter how often each method is called since the > ManyToManyMap will fold everything together for you. > > > > > Here is my MySimpleCachingHive: > > > > public class MySimpleCachingHive extends SimpleCachingHive > > { > > ... > > > > private ManyToManyMap hivePrincipalsAndPermissions; > > > > public void addPrincipal(Principal principal, > Collection permissions) > > { > > super.addPrincipal(principal, permissions); > > // Load hivePrincipalsAndPermissions ? > > Iterator it = permissions.iterator(); > Permission next = null; > boolean debug = log.isDebugEnabled(); > while (it.hasNext()) > { > next = (Permission)it.next(); > hivePrincipalsAndPermissions.add(next, principal); > } > > > } > > > > public void addPermission(Principal principal, > Permission permission) > > { > > super.addPermission(principal, permission); > > // Load hivePrincipalsAndPermissions ? > > hivePrincipalsAndPermissions > .add(permission, principal); > > > } > > > > public Set<Principal> getPrincipals(Permission p) > > { > > // Return Set of Principals related to permission > > return hivePrincipalsAndPermissions.get(p) > > } > > > > } > > Maurice > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
