Wicket Security Presentation
•Download as PPT, PDF•
4 likes•2,320 views
- Wicket Security Wasp & Swarm is a framework for adding authentication and authorization to Wicket applications. It provides flexible security models and permission checking. - Swarm builds on Wasp and provides standard authentication and role-based access control. It uses a HiveMind-based policy system for defining permissions. - The document provides examples of setting up a basic secure Wicket application using Swarm, defining principals and policies, and implementing authentication and authorization checks.
![Introduction ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
More Related Content
What's hot
What's hot (18)
Similar to Wicket Security Presentation
Similar to Wicket Security Presentation (20)
Recently uploaded
Recently uploaded (20)
Wicket Security Presentation
- 1. Wicket Security Wasp & Swarm
- 4. History
- 6. WASP
- 8. 1 Permission for instantiation or authorization? 2a Authorization permission? 3a Authenticated and or authorized? 3b Custom security checks. 3c Check model. 2b Authorization permission? 4a Authenticated and or authorized? 4b Custom security checks. 3c Wicket Wasp strategy ISecurity Check ISecureModel Security implemen-tation Custom security check 1 2a 2b 3a 3b 4a 4b
- 10. SWARM
- 12. grant principal nl.example.Principal "basic" { permission ${ComponentPermission} "${myPackage}.SomePage", "inherit, render"; };
- 15. public class App extends SwarmWebApplication { public Class<HomePage> getHomePage(){ return HomePage.class; } public Class<LoginPage> getLoginPage(){ return LoginPage.class; } protected Object getHiveKey(){ return getServletContext().getContextPath(); } …
- 16. protected void setUpHive(){ PolicyFileHiveFactory factory = new PolicyFileHiveFactory(); factory.setAlias("package", "nl.example"); try{ factory.addPolicyFile(getServletContext() .getResource("/WEB-INF/beheer.hive")); } ... HiveMind. registerHive(getHiveKey(), factory); }
- 17. public class MyPrincipal implements Principal{ private String name; public MyPrincipal(String name){ this.name = name; } public String getName(){ return name; } public boolean implies(Subject subject){ return false; } … }
- 21. grant principal ${package}.MyPrincipal "instelling.deelnemers" { permission ${ComponentPermission} "${package}.SearchPage", "inherit, render"; permission ${ComponentPermission} "${package}.SearchPage", "enable"; permission ${ComponentPermission} "${package}.detailPage", "inherit, render"; permission ${ComponentPermission} "${package}.detailPage", "enable"; };
- 23. Wicket Security Example: Simple setup
- 24. public boolean signIn(String username, String password, Domain domain){ LoginContext ctx = new MyLoginContext(username, password, domain); try{ ((WaspSession)Session.get()).login(ctx); return true; } catch (LoginException e){ error(e.getMessage()); } return false; }
- 25. public Subject login() throws LoginException{ Account accnt = authenticate(username, password, domain); if (accnt != null){ clearFields(); return new MySubject(accnt); } clearFields(); throw new LoginException(“...”); }
- 26. public class MySubject extends DefaultSubject{ public MySubject(Account account){ for (Role role : account.getRoles()){ for (MyPrincipal principal: role.getPrincipals()) addPrincipal(principal); } setReadOnly(); } }
- 29. 1 Component and render or enable action 2a Same 3a Custom actions? Wicket Wasp strategy ISecurity Check Security implemen-tation 1 2a 3a
- 32. register(Teacher.class, “teacher"); register(Counselor.class, “counselor"); register(Location.class, new SomeAction( “ location“, Teacher.class, Counselor.class)); register(School.class, new SomeAction( “ school“, Location.class)); public interface School extends WaspAction { // no explicit implementation required }
- 33. public boolean isActionAuthorized(WaspAction action){ WaspAction combined = null, additional; ActionFactory factory = getActionFactory(); for (Class< ? extends WaspAction> actionClass : actions){ additional = factory.getAction(actionClass); combined = action.add(additional); if (wrapped.isActionAuthorized(combined)) return verify(additional); } return false; } protected abstract boolean verify(WaspAction action);
- 34. protected boolean verify(WaspAction action){ if (action.implies(getAction(School.class))) return student.getSchool() .equals(getUser().getSchool()); if (action.implies(getAction(Location.class))) return student.takesClassesAt(getUser() .getLocations()); if(…….) ……… . return false; }
- 38. public interface ISecureModel extends IModel { public boolean isAuthorized(Component c, WaspAction a); public boolean isAuthenticated(Component c); } public interface SwarmModel extends ISecureModel { public String getSecurityId(Component c); }
- 40. public final String getSecurityId(Component component){ return “foo”; } public boolean isAuthenticated(Component component){ return getStrategy().isModelAuthenticated(this, component); } public boolean isAuthorized(Component component, WaspAction action){ return getStrategy().isModelAuthorized(this, component, action); } protected List<Location> load(){ if (isAuthorized(null, getAction(Instelling.class))){ … } else if (isAuthorized(null, getAction(OrganisatieEenheid.class))){ … } }
- 41. grant principal ${package}.MyPrincipal “something" { permission ${DataPermission} “foo”, "render, school"; };