On Thu, May 29, 2008 at 12:57 AM, Monica D'Arcy <[EMAIL PROTECTED]> wrote:
> Hello,
> I am currently trying to implement some authorization/authentication using
> SWARM and am running into some problems. After Logging on with a class that
> extends the UsernamePasswordContext class, I attempt to redirect to a secure
> page (a page that extends SecureWebPage). At login, I create a
> DefaultSubject, and add a SimplePrincipal with "admin" permissions (if
> appropriate) to the DefaultSubject. I get the Access Denied page regardless
> of whether I am the correct user ("admin") and should therefore be
> authorized to view the page or am not an authorized user. I had also tried
> something similar with the SecurePageLink. The link is never rendered
> regardless of whether all users are granted permission to view the link, the
> correct user is logged on, or an unauthorized user is logged on.
>
> My very basic understanding of logging in to view a secureWebPage via SWARM
> is as follows:
> 1) application must extend SwarmWebApplication (following instructions
> listed @
> http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm)
> 2) create a class that extends UsernamePasswordContext which is created when
> attempting to logon
Or extend LoginContext and implement your own authentication.
> 3) there is a hive file that delineates which permissions are associated
> with which principals???
Each principal that can be assigned to a user/subject should be
specified in a hive file (aka policy file)
Each principal holds one or more permissions for
pages/components/data/ whatever you can think of.
> 4) when logging on, a Subject is created and a principal is given to that
> subject
One or more.
> 5) pages that are to be secure extend SecureWebPage
Or implement ISecurePage, SecureWebPage is just a default implementation.
>
>
> Is there something very basic I am missing here? I apologize if this is an
> ignorant question... I am very new to the wicket & Swarm scene.
> Any help would be greatly appreciated.
>
> Below is what appears in my hive file
>
> grant principal
> org.apache.wicket.security.hive.authorization.SimplePrincipal "admin"
> {
> permission
> org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
> ${cnv}.MyCNV, "inherit, render";
> permission
> org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
> ${cnv}.MyCNV, "enable";
> };
Like Gabriel said, ${cnv}.MyCNV should be quoted like this "${cnv}.MyCNV"
Also you can shorten the line a bit by using ${ComponentPermission}
instead of
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
So optimally your file looks like this:
grant principal
org.apache.wicket.security.hive.authorization.SimplePrincipal "admin"
{
permission ${ComponentPermission} "${cnv}.MyCNV", "inherit, render";
permission ${ComponentPermission} "${cnv}.MyCNV", "enable";
};
The enable permission is used by your SecurePageLink, the render
permission for rendering the page.
Maurice
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
