On Thu, May 29, 2008 at 12:57 AM, Monica D'Arcy <[EMAIL PROTECTED]> wrote: > Hello, > I am currently trying to implement some authorization/authentication using > SWARM and am running into some problems. After Logging on with a class that > extends the UsernamePasswordContext class, I attempt to redirect to a secure > page (a page that extends SecureWebPage). At login, I create a > DefaultSubject, and add a SimplePrincipal with "admin" permissions (if > appropriate) to the DefaultSubject. I get the Access Denied page regardless > of whether I am the correct user ("admin") and should therefore be > authorized to view the page or am not an authorized user. I had also tried > something similar with the SecurePageLink. The link is never rendered > regardless of whether all users are granted permission to view the link, the > correct user is logged on, or an unauthorized user is logged on. > > My very basic understanding of logging in to view a secureWebPage via SWARM > is as follows: > 1) application must extend SwarmWebApplication (following instructions > listed @ > http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm) > 2) create a class that extends UsernamePasswordContext which is created when > attempting to logon
Or extend LoginContext and implement your own authentication. > 3) there is a hive file that delineates which permissions are associated > with which principals??? Each principal that can be assigned to a user/subject should be specified in a hive file (aka policy file) Each principal holds one or more permissions for pages/components/data/ whatever you can think of. > 4) when logging on, a Subject is created and a principal is given to that > subject One or more. > 5) pages that are to be secure extend SecureWebPage Or implement ISecurePage, SecureWebPage is just a default implementation. > > > Is there something very basic I am missing here? I apologize if this is an > ignorant question... I am very new to the wicket & Swarm scene. > Any help would be greatly appreciated. > > Below is what appears in my hive file > > grant principal > org.apache.wicket.security.hive.authorization.SimplePrincipal "admin" > { > permission > org.apache.wicket.security.hive.authorization.permissions.ComponentPermission > ${cnv}.MyCNV, "inherit, render"; > permission > org.apache.wicket.security.hive.authorization.permissions.ComponentPermission > ${cnv}.MyCNV, "enable"; > }; Like Gabriel said, ${cnv}.MyCNV should be quoted like this "${cnv}.MyCNV" Also you can shorten the line a bit by using ${ComponentPermission} instead of org.apache.wicket.security.hive.authorization.permissions.ComponentPermission So optimally your file looks like this: grant principal org.apache.wicket.security.hive.authorization.SimplePrincipal "admin" { permission ${ComponentPermission} "${cnv}.MyCNV", "inherit, render"; permission ${ComponentPermission} "${cnv}.MyCNV", "enable"; }; The enable permission is used by your SecurePageLink, the render permission for rendering the page. Maurice > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]