AuthDataApplication (Databinder parent 1.2.0 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

net.databinder.auth.hib
Class AuthDataApplication

java.lang.Object
  org.apache.wicket.Application
      org.apache.wicket.protocol.http.WebApplication
          net.databinder.DataApplicationBase
              net.databinder.hib.DataApplication
                  net.databinder.auth.hib.AuthDataApplication

All Implemented Interfaces:: AuthApplication, HibernateApplication, org.apache.wicket.authorization.IUnauthorizedComponentInstantiationListener, org.apache.wicket.authorization.strategies.role.IRoleCheckingStrategy

public abstract class AuthDataApplication
extends DataApplication
implements org.apache.wicket.authorization.IUnauthorizedComponentInstantiationListener, org.apache.wicket.authorization.strategies.role.IRoleCheckingStrategy, AuthApplication
extends DataApplication
implements org.apache.wicket.authorization.IUnauthorizedComponentInstantiationListener, org.apache.wicket.authorization.strategies.role.IRoleCheckingStrategy, AuthApplication

Adds basic authentication functionality to DataApplication. This class is a derivative of Wicket's AuthenticatedWebApplication, brought into the DataApplication hierarchy and including light user specifications in DataUser. You are encouraged to override getUserClass() to implement your own user entity, possibly by extending UserBase. It is also possible to use Databinder authentication without extending this base class by implementing IAuthSettings.

Text appearing in authentication components can be overriden for any language, using resource keys listed in their documentation. Except as otherwise noted, these resources can be housed in the application class's properties file, so that subclasses of the pages and panels are not necessarily required.

Author:: Nathan Hamblen
See Also:: AuthApplication, DataUser

Nested Class Summary

Nested classes/interfaces inherited from class net.databinder.hib.DataApplication
`DataApplication.BmarkDataBrowser`

Field Summary

Fields inherited from class org.apache.wicket.Application
`CONFIGURATION, CONTEXTPATH, DEPLOYMENT, DEVELOPMENT`

Constructor Summary
`AuthDataApplication()`

Method Summary
`protected void`	`authInit()` Sets Wicket's security strategy for role authorization and appoints this object as the unauthorized instatiation listener.
`protected void`	`configureHibernate(org.hibernate.cfg.AnnotationConfiguration config)` Adds to the configuration whatever DataUser class is defined.
`java.security.MessageDigest`	`getDigest()`
`java.lang.Class<? extends org.apache.wicket.markup.html.WebPage>`	`getSignInPageClass()` Override if you need to customize the sign-in page.
`java.lang.String`	`getToken(DataUser user)` Get the restricted token for a user, using IP addresses as location parameter.
`DataUser`	`getUser(java.lang.String username)` Return user object by matching against a "username" property.
`boolean`	`hasAnyRole(org.apache.wicket.authorization.strategies.role.Roles roles)` Passes query on to the DataUser object if signed in.
`protected void`	`internalInit()` Internal initialization.
`org.apache.wicket.Session`	`newSession(org.apache.wicket.Request request, org.apache.wicket.Response response)`
`void`	`onUnauthorizedInstantiation(org.apache.wicket.Component component)` Sends to sign in page if not signed in, otherwise throws UnauthorizedInstantiationException.

Methods inherited from class net.databinder.hib.DataApplication
`buildHibernateSessionFactory, buildHibernateSessionFactory, configureHibernate, configureHibernateEssentials, dataInit, getHibernateSessionFactory, isDataBrowserAllowed, mountDataBrowser, newRequestCycle, setHibernateSessionFactory`

Methods inherited from class net.databinder.DataApplicationBase
`isCookielessSupported, isDevelopment, newConverterLocator, newWebResponse, setCookielessSupported`

Methods inherited from class org.apache.wicket.protocol.http.WebApplication
getApplicationKey, getConfigurationType, getDefaultRequestCycleFactory, getInitParameter, getRequestCycleProcessor, getResourceFinder, getServletContext, getSessionAttributePrefix, getWicketFilter, init, internalDestroy, logEventTarget, logResponseTarget, mount, mount, mountBookmarkablePage, mountBookmarkablePage, mountSharedResource, newAjaxRequestTarget, newRequestCycleProcessor, newSession, newSession, newSessionStore, newWebRequest, outputDevelopmentModeWarning, sessionDestroyed, setApplicationKey, setWicketFilter, unmount

Methods inherited from class org.apache.wicket.protocol.http.WebApplication

getApplicationKey, getConfigurationType, getDefaultRequestCycleFactory, getInitParameter, getRequestCycleProcessor, getResourceFinder, getServletContext, getSessionAttributePrefix, getWicketFilter, init, internalDestroy, logEventTarget, logResponseTarget, mount, mount, mountBookmarkablePage, mountBookmarkablePage, mountSharedResource, newAjaxRequestTarget, newRequestCycleProcessor, newSession, newSession, newSessionStore, newWebRequest, outputDevelopmentModeWarning, sessionDestroyed, setApplicationKey, setWicketFilter, unmount

Methods inherited from class org.apache.wicket.Application
addComponentInstantiationListener, addComponentOnAfterRenderListener, addComponentOnBeforeRenderListener, addRenderHeadListener, configure, destroy, exists, get, get, getApplicationKeys, getApplicationSettings, getConverterLocator, getDebugSettings, getExceptionSettings, getFrameworkSettings, getHomePage, getMarkupCache, getMarkupSettings, getMetaData, getName, getPageSettings, getRequestCycleFactory, getRequestCycleSettings, getRequestLogger, getRequestLoggerSettings, getResourceSettings, getSecuritySettings, getSessionFactory, getSessionSettings, getSessionStore, getSharedResources, initializeComponents, newRequestCycle, newRequestLogger, notifyRenderHeadListener, onDestroy, removeComponentInstantiationListener, removeComponentOnAfterRenderListener, removeComponentOnBeforeRenderListener, removeRenderHeadListener, set, setMetaData, unset

Methods inherited from class org.apache.wicket.Application

addComponentInstantiationListener, addComponentOnAfterRenderListener, addComponentOnBeforeRenderListener, addRenderHeadListener, configure, destroy, exists, get, get, getApplicationKeys, getApplicationSettings, getConverterLocator, getDebugSettings, getExceptionSettings, getFrameworkSettings, getHomePage, getMarkupCache, getMarkupSettings, getMetaData, getName, getPageSettings, getRequestCycleFactory, getRequestCycleSettings, getRequestLogger, getRequestLoggerSettings, getResourceSettings, getSecuritySettings, getSessionFactory, getSessionSettings, getSessionStore, getSharedResources, initializeComponents, newRequestCycle, newRequestLogger, notifyRenderHeadListener, onDestroy, removeComponentInstantiationListener, removeComponentOnAfterRenderListener, removeComponentOnBeforeRenderListener, removeRenderHeadListener, set, setMetaData, unset

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Methods inherited from interface net.databinder.auth.AuthApplication
`getSalt, getUserClass`

Constructor Detail

AuthDataApplication

public AuthDataApplication()

Method Detail

internalInit

protected void internalInit()

Internal initialization. Client applications should not normally override or call this method.

Overrides:: internalInit in class DataApplicationBase

authInit

protected void authInit()

Sets Wicket's security strategy for role authorization and appoints this object as the unauthorized instatiation listener. Called automatically on start-up.

newSession

public org.apache.wicket.Session newSession(org.apache.wicket.Request request,
                                            org.apache.wicket.Response response)

Overrides:: newSession in class org.apache.wicket.protocol.http.WebApplication

Returns:: new AuthDataSession
See Also:: AuthDataSession

configureHibernate

protected void configureHibernate(org.hibernate.cfg.AnnotationConfiguration config)

Adds to the configuration whatever DataUser class is defined.

Overrides:: configureHibernate in class DataApplication

Parameters:: config - used to build Hibernate session factory

onUnauthorizedInstantiation

public void onUnauthorizedInstantiation(org.apache.wicket.Component component)

Sends to sign in page if not signed in, otherwise throws UnauthorizedInstantiationException.

Specified by:: onUnauthorizedInstantiation in interface org.apache.wicket.authorization.IUnauthorizedComponentInstantiationListener

hasAnyRole

public final boolean hasAnyRole(org.apache.wicket.authorization.strategies.role.Roles roles)

Passes query on to the DataUser object if signed in.

Specified by:: hasAnyRole in interface org.apache.wicket.authorization.strategies.role.IRoleCheckingStrategy

getUser

public DataUser getUser(java.lang.String username)

Return user object by matching against a "username" property. Override if you have a differently named property.

Specified by:: getUser in interface AuthApplication

Returns:: DataUser for the given username.

getSignInPageClass

public java.lang.Class<? extends org.apache.wicket.markup.html.WebPage> getSignInPageClass()

Override if you need to customize the sign-in page.

Specified by:: getSignInPageClass in interface AuthApplication

Returns:: page to sign in users

getDigest

public java.security.MessageDigest getDigest()

Specified by:: getDigest in interface AuthApplication

Returns:: app-salted MessageDigest.

getToken

public java.lang.String getToken(DataUser user)

Get the restricted token for a user, using IP addresses as location parameter. This implementation combines the "X-Forwarded-For" header with the remote address value so that unique values result with and without proxying. (The forwarded header is not trusted on its own because it can be most easily spoofed.)

Specified by:: getToken in interface AuthApplication

Parameters:: user - source of token
Returns:: restricted token