01: /*
02: * $Id: IAuthorizationStrategy.java 462324 2006-09-21 04:55:50Z ehillenius $
03: * $Revision: 462324 $ $Date: 2006-09-21 06:55:50 +0200 (Thu, 21 Sep 2006) $
04: *
05: * ==============================================================================
06: * Licensed under the Apache License, Version 2.0 (the "License"); you may not
07: * use this file except in compliance with the License. You may obtain a copy of
08: * the License at
09: *
10: * http://www.apache.org/licenses/LICENSE-2.0
11: *
12: * Unless required by applicable law or agreed to in writing, software
13: * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
14: * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
15: * License for the specific language governing permissions and limitations under
16: * the License.
17: */
18: package wicket.authorization;
19:
20: import wicket.Component;
21: import wicket.settings.ISecuritySettings;
22:
23: /**
24: * Authorization strategies specify aspect-like constraints on significant
25: * actions taken by the framework in a given application. These constraints are
26: * guaranteed by the framework to be applied consistently throughout. Violations
27: * will result in a security action directed by the strategy, such as the
28: * throwing of an AuthorizationException or the filtering out of
29: * security-sensitive information.
30: *
31: * @author Eelco Hillenius
32: * @author Jonathan Locke
33: * @since Wicket 1.2
34: */
35: public interface IAuthorizationStrategy {
36: /**
37: * Implementation of {@link IAuthorizationStrategy} that allows everything.
38: */
39: public static final IAuthorizationStrategy ALLOW_ALL = new IAuthorizationStrategy() {
40: /**
41: * @see wicket.authorization.IAuthorizationStrategy#isInstantiationAuthorized(java.lang.Class)
42: */
43: public boolean isInstantiationAuthorized(final Class c) {
44: return true;
45: }
46:
47: /**
48: * @see wicket.authorization.IAuthorizationStrategy#isActionAuthorized(wicket.Component,
49: * wicket.authorization.Action)
50: */
51: public boolean isActionAuthorized(Component c, Action action) {
52: return true;
53: }
54: };
55:
56: /**
57: * Checks whether an instance of the given component class may be created.
58: * If this method returns false, the
59: * {@link IUnauthorizedComponentInstantiationListener} that is configured in
60: * the {@link ISecuritySettings security settings} will be called. The
61: * default implementation of that listener throws a
62: * {@link UnauthorizedInstantiationException}.
63: * <p>
64: * If you wish to implement a strategy that authenticates users which cannot
65: * access a given Page (or other Component), you can simply throw a
66: * {@link wicket.RestartResponseAtInterceptPageException} in your
67: * implementation of this method.
68: *
69: * @param componentClass
70: * The component class to check
71: * @return Whether the given component may be created
72: */
73: boolean isInstantiationAuthorized(Class componentClass);
74:
75: /**
76: * Gets whether the given action is permitted. If it is, this method should
77: * return true. If it isn't, this method should either return false or - in
78: * case of a serious breach - throw a security exception. Returning is
79: * generally preferable over throwing an exception as that doesn't break the
80: * normal flow.
81: *
82: * @param component
83: * The component to be acted upon
84: * @param action
85: * The action to authorize on the component
86: * @return Whether the given action may be taken on the given component
87: * @throws AuthorizationException
88: * Can be thrown by implementation if action is unauthorized
89: * @see Component#ENABLE
90: * @see Component#RENDER
91: */
92: boolean isActionAuthorized(Component component, Action action);
93: }
|