Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

net.databinder.auth.ao
Class AuthDataApplication

java.lang.Object
  extended by org.apache.wicket.Application
      extended by org.apache.wicket.protocol.http.WebApplication
          extended by net.databinder.DataApplicationBase
              extended by net.databinder.ao.DataApplication
                  extended by net.databinder.auth.ao.AuthDataApplication
All Implemented Interfaces:
ActiveObjectsApplication, AuthApplication, org.apache.wicket.authorization.IUnauthorizedComponentInstantiationListener, org.apache.wicket.authorization.strategies.role.IRoleCheckingStrategy
public abstract class AuthDataApplication
extends DataApplication
implements org.apache.wicket.authorization.IUnauthorizedComponentInstantiationListener, org.apache.wicket.authorization.strategies.role.IRoleCheckingStrategy, AuthApplication

Optional base class for ActiveObjects applications using Databinder authentication.

Field Summary
 
Fields inherited from class org.apache.wicket.Application
CONFIGURATION, CONTEXTPATH, DEPLOYMENT, DEVELOPMENT
 
Constructor Summary
AuthDataApplication()
           
 
Method Summary
protected  void authInit()
          Sets Wicket's security strategy for role authorization and appoints this object as the unauthorized instatiation listener.
 java.security.MessageDigest getDigest()
           
 java.lang.Class<? extends org.apache.wicket.markup.html.WebPage> getSignInPageClass()
          Override if you need to customize the sign-in page.
 java.lang.String getToken(DataUser user)
          Get the restricted token for a user, using IP addresses as location parameter.
 DataUser getUser(java.lang.String username)
          Return user object by matching against a "username" property.
abstract  java.lang.Class<? extends DataUser> getUserClass()
           
 boolean hasAnyRole(org.apache.wicket.authorization.strategies.role.Roles roles)
          Passes query on to the DataUser object if signed in.
protected  void internalInit()
          Internal initialization.
 org.apache.wicket.Session newSession(org.apache.wicket.Request request, org.apache.wicket.Response response)
           
 void onUnauthorizedInstantiation(org.apache.wicket.Component component)
          Sends to sign in page if not signed in, otherwise throws UnauthorizedInstantiationException.
 
Methods inherited from class net.databinder.ao.DataApplication
buildDatabaseProvider, buildEntityManager, dataInit, generateSchema, getEntityManager, initEntityManager, setEntityManager
 
Methods inherited from class net.databinder.DataApplicationBase
isCookielessSupported, isDevelopment, newConverterLocator, newRequestCycle, newWebResponse, setCookielessSupported
 
Methods inherited from class org.apache.wicket.protocol.http.WebApplication
getApplicationKey, getConfigurationType, getDefaultRequestCycleFactory, getInitParameter, getRequestCycleProcessor, getResourceFinder, getServletContext, getSessionAttributePrefix, getWicketFilter, init, internalDestroy, logEventTarget, logResponseTarget, mount, mount, mountBookmarkablePage, mountBookmarkablePage, mountSharedResource, newAjaxRequestTarget, newRequestCycleProcessor, newSession, newSession, newSessionStore, newWebRequest, outputDevelopmentModeWarning, sessionDestroyed, setApplicationKey, setWicketFilter, unmount
 
Methods inherited from class org.apache.wicket.Application
addComponentInstantiationListener, addComponentOnAfterRenderListener, addComponentOnBeforeRenderListener, addRenderHeadListener, configure, destroy, exists, get, get, getApplicationKeys, getApplicationSettings, getConverterLocator, getDebugSettings, getExceptionSettings, getFrameworkSettings, getHomePage, getMarkupCache, getMarkupSettings, getMetaData, getName, getPageSettings, getRequestCycleFactory, getRequestCycleSettings, getRequestLogger, getRequestLoggerSettings, getResourceSettings, getSecuritySettings, getSessionFactory, getSessionSettings, getSessionStore, getSharedResources, initializeComponents, newRequestCycle, newRequestLogger, notifyRenderHeadListener, onDestroy, removeComponentInstantiationListener, removeComponentOnAfterRenderListener, removeComponentOnBeforeRenderListener, removeRenderHeadListener, set, setMetaData, unset
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface net.databinder.auth.AuthApplication
getSalt
 

Constructor Detail

AuthDataApplication

public AuthDataApplication()
Method Detail

internalInit

protected void internalInit()
Internal initialization. Client applications should not normally override or call this method.

Overrides:
internalInit in class DataApplicationBase

authInit

protected void authInit()
Sets Wicket's security strategy for role authorization and appoints this object as the unauthorized instatiation listener. Called automatically on start-up.

newSession

public org.apache.wicket.Session newSession(org.apache.wicket.Request request,
                                            org.apache.wicket.Response response)
Overrides:
newSession in class org.apache.wicket.protocol.http.WebApplication
Returns:
new AuthDataSession
See Also:
AuthDataSession

onUnauthorizedInstantiation

public void onUnauthorizedInstantiation(org.apache.wicket.Component component)
Sends to sign in page if not signed in, otherwise throws UnauthorizedInstantiationException.

Specified by:
onUnauthorizedInstantiation in interface org.apache.wicket.authorization.IUnauthorizedComponentInstantiationListener

hasAnyRole

public final boolean hasAnyRole(org.apache.wicket.authorization.strategies.role.Roles roles)
Passes query on to the DataUser object if signed in.

Specified by:
hasAnyRole in interface org.apache.wicket.authorization.strategies.role.IRoleCheckingStrategy

getUserClass

public abstract java.lang.Class<? extends DataUser> getUserClass()
Specified by:
getUserClass in interface AuthApplication
Returns:
DataUser implementation used by this application.

getUser

public DataUser getUser(java.lang.String username)
Return user object by matching against a "username" property. Override if you have a differently named property.

Specified by:
getUser in interface AuthApplication
Returns:
DataUser for the given username.

getSignInPageClass

public java.lang.Class<? extends org.apache.wicket.markup.html.WebPage> getSignInPageClass()
Override if you need to customize the sign-in page.

Specified by:
getSignInPageClass in interface AuthApplication
Returns:
page to sign in users

getDigest

public java.security.MessageDigest getDigest()
Specified by:
getDigest in interface AuthApplication
Returns:
app-salted MessageDigest.

getToken

public java.lang.String getToken(DataUser user)
Get the restricted token for a user, using IP addresses as location parameter. This implementation combines the "X-Forwarded-For" header with the remote address value so that unique values result with and without proxying. (The forwarded header is not trusted on its own because it can be most easily spoofed.)

Specified by:
getToken in interface AuthApplication
Parameters:
user - source of token
Returns:
restricted token
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2005-2008 Nathan Hamblen. All Rights Reserved.