Nope, you are correct. My mind must have been on vacation when i wrote that :)
Sorry for the confusion. Maurice On Thu, Feb 14, 2008 at 8:32 PM, Warren <[EMAIL PROTECTED]> wrote: > Maurice, > > When you say: > > > > Also don't forget to filter the principals from the hive with the > > principals contained in your subject. you are only interested in the > > principals not contained in your hive. > > Haven't we allready done that when we check if the permission has failed > when the super.hasPermission(...) returns false. And when we call > ((MySimpleCachingHive)getHive()).getPrincipals(p) we are going to get all > the Principals that have the Permission p in it from the hive that do not > belong to the Subject since that Permission has allready been checked to see > if it belongs to a Principal that belongs to the Subect in the > super.hasPermission(...). Or am I missing how this all works? > > > > -----Original Message----- > > From: Maurice Marrink [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, February 14, 2008 10:49 AM > > To: users@wicket.apache.org > > Subject: Re: wicket-security Custom Access Denied Page > > > > > > > > On Thu, Feb 14, 2008 at 7:13 PM, Warren > > <[EMAIL PROTECTED]> wrote: > > > Maurice, > > > > > > I have a couple more questions. In my MySwarmStrategy > > hasPermission(...) > > > method I only have to look up the principals that have the > > denied permission > > > in them, correct? > > > > Correct > > > > >Here is my overide hasPermission(...) method: > > > > > > > > > public boolean hasPermission(Permission p) > > > { > > > if (!super.hasPermission(p)) > > > { > > > if > > (getHive().getClass().isInstance(MySimpleCachingHive.class)) > > > { > > > Set<Principal> hivePrincipals = > > > ((MySimpleCachingHive)getHive()).getPrincipals(p); > > > // Place Set of Principals in > > the requestcycle or should I just place > > > the Principal names in // > > requestcycle ? > > > > This depends on how much information you want to use in your > > accessdenied page if the name is all you need then by all means just > > pass the names. > > Also don't forget to filter the principals from the hive with the > > principals contained in your subject. you are only interested in the > > principals not contained in your hive. > > > > > } > > > return false; > > > } > > > return true; > > > } > > > > > > I had to copy the whole PolicyFileHiveFactory I don't think I > > could get to > > > "private Set inputStreams" or "private Set inputReaders" correctly. > > > > There are getStreams and getReaders methods but they return a read > > only view and thus will not allow you to clear them, ok. > > > > >Here is > > > my createHive() method: > > > > > > public Hive createHive() > > > { > > > BasicHive hive; > > > if (isUsingHiveCache()) > > > hive = new MySimpleCachingHive(); > > > else > > > hive = new BasicHive(); > > > ... > > > } > > > > > > I only changed the one line above. In my app I am doing this: > > > > > > > > > MyPolicyFileHiveFactory factory = new MyPolicyFileHiveFactory(); > > > factory.useHiveCache(true); > > > > > > Will the line above make sure that my MySimpleCachingHive will > > be used or is > > > it possible for useHiveCache(false) to be used somewhere else? > > > > This will do fine, remember you are the only one in control of the > > policy factory. As soon as you pass it to HiveMind.registerHive the > > createHive method is called, after that it is discarded. > > BTW the default setting for useCache is true, but it does not hurt to > > explicitly set it. > > > > > > > > Last question. I am not quite sure what to do in > > MySimpleCachingHive. I know > > > this is an unrelated question, but I am not sure how to use your > > > ManyToManyMap. I also am not sure when the addPrincipal(...) and > > > addPermission(...) methods are called. Do one or the other get > > called per > > > Principal that is in the hive? And, will I Load up the > > ManyToManyMap within > > > these two methods ending up with this ManyToManyMap that will > > have all the > > > Pricipals of the hive with their associated Permissions in them? > > > > Either or both are called once or multiple times for each principal, > > depending on how your policy is set up. > > Anyway it does not matter how often each method is called since the > > ManyToManyMap will fold everything together for you. > > > > > > > > Here is my MySimpleCachingHive: > > > > > > public class MySimpleCachingHive extends SimpleCachingHive > > > { > > > ... > > > > > > private ManyToManyMap hivePrincipalsAndPermissions; > > > > > > public void addPrincipal(Principal principal, > > Collection permissions) > > > { > > > super.addPrincipal(principal, permissions); > > > // Load hivePrincipalsAndPermissions ? > > > > Iterator it = permissions.iterator(); > > Permission next = null; > > boolean debug = log.isDebugEnabled(); > > while (it.hasNext()) > > { > > next = (Permission)it.next(); > > hivePrincipalsAndPermissions.add(next, principal); > > } > > > > > } > > > > > > public void addPermission(Principal principal, > > Permission permission) > > > { > > > super.addPermission(principal, permission); > > > // Load hivePrincipalsAndPermissions ? > > > > hivePrincipalsAndPermissions > > .add(permission, principal); > > > > > } > > > > > > public Set<Principal> getPrincipals(Permission p) > > > { > > > // Return Set of Principals related to permission > > > > return hivePrincipalsAndPermissions.get(p) > > > } > > > > > > } > > > > Maurice > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
