Im currently validating 3 times. Example delete link is only allowed to super upers. So Im validating 3 times.
1-In the constructor (Redirect)
2-In the wicket link contruction (Set Link to False)
In the Onclick (Return)
I feel like an idiot validating 3 times. It should be something I can use to implement security in my wicket application.
You can enable components depending on the role a certain user has. For this you have to
implement your own authorization strategy and
annotate your component according which role is allowed which action.
A sample for this approach can be found here.
Use Wicket-Auth-Roles.
You need to implement your own AuthenticatedWebSession and add annotations to your components.
The following tutorial contains links to examples and how to integrate it:
https://www.google.de/search?sourceid=chrome&ie=UTF-8&q=wicket-security
Related
We are using acceptable usage policy feature to implement a requirement where the user has to accept some licence agreement before using our registered services.
We have implemented our custom AcceptableUsagePolicyRepository as proposed in the docs and the user is successfully redirected to acceptance policy view based on a condition.
At this point we need to customize this view, so we have added the generated casAcceptableUsagePolicyView.html in the overlay. Our goal is to present different terms text based on the user status(admin,typical user etc). Terms text and user status should be fetched from the database.
In a typical MVC application, a controller would be used to generate the java objects that would be finally rendered in the view.
Question: What is the recommended way of customizing the aforementioned view to dynamically render our content?
Question: What is the recommended way of customizing the aforementioned view to dynamically render our content?
The easiest way, for the time being, would be to supply your own AcceptableUsagePolicyVerifyAction bean in a #Configuration class:
#Bean
public Action acceptableUsagePolicyVerifyAction() {
return new MyAcceptableUsagePolicyVerifyAction(...);
}
In your own MyAcceptableUsagePolicyVerifyAction, you'd then fetch the user status/text you need and stuff it into the RequestContext's relevant scope. In the casAcceptableUsagePolicyView, you can next write a bit of conditional logic to determine the relevant text based on the status found in the webflow scope.
To learn about how #Configuration classes work in general, you can:
Review this post
or This post
or consult the documentation for Spring and/or Spring Boot.
This post makes it easy to set up a custom validation tag using Play 2.1(or 2).x "How to create a custom validator in Play Framework 2.0?". My use case, however, is a little different and I am hoping for a UI Play Framework Jedi Master that can provide some sort of direction. We have the normal MVC pattern to create reports, and for most scenarios, having validation in the play model using custom tags works fine. One of our use cases, however, is for custom "dynamic" validation. If we use the "Required" case, as an example, its easy to say that when form ABC loads, then fields X, Y and Z are required - But what if you dont know the list of required fields until just before the form is rendered and the list of required fields is provided to you in a json file from a db read in the controller. How, then, would you cater for this with the Play framework?
I may have a solution but without annotation. Create a validate method on your form (see http://www.playframework.com/documentation/2.2.x/JavaForms)
You'll be able to do all the checks you want there.
In play framework 2, the zentasks sample shows how to do basic authentication. They subclassed Security.Authenticator and added additional methods for authorization. I find it a bit messy, since each method needs to be wrapped with an if-statement.
How can I convert the methods isOwnerOf and isMemberOf into Actions? This would allow me to simply annotate the methods. Currently, I am struggling in create an annotation that would accept the param of the method. Even if I annotate the parameter, then I do not know how to fetch it when the Action is called.
If there's a better way, I would be glad to hear so.
Take a ready to use full stack for authentication/authorization - Play Authenticate
it includes Deadbolt
it offers common providers like Facebook, Twitter, Goolge, etc
it offers common password + own providers
it supports multilanguage (also in informational mails)
it includes ready-to-use Java sample
Consider the page below. As in the image I have attached.
Now my problem is that I have multiple clients accessing the same page as given below. Now consider that each client has their own requirement such as:-
Name is mandatory for some clients not for others.
Age is mandatory for some clients but not for others along with some specific validations like age<20 or age>30 etc.
Search is also optional depending upon the clients.
Now I am searching for any such tools or technologies or methods that could help me to sort out the issue of dynamically validating the fields as well as hiding and showing the fields depending upon my clients. Please let me know any tools or technologies that can help in order to solve the above problem. I also heard about rule engine and templating .... Is it possible to work together with it to achieve the same. Please suggest.
I have no idea why hibernate-validator would not work here. You implement the validation as you want, by implementing an interface and creating your own validation annotations if needed. This is a server-side validation btw.
Showing or not some content in case of JSP is done with conditional :
c:when/c:choose
for example, assuming it's JSP you are using.
I'm using JAAS and have applied security on some folders for different roles. I want to hide some navigation for different users because, although the pages are not accessible, the user can still see the links that he has no rights on? What's the simple way to achieve this in JSF? Do I need to call a method to check the role in the "rendered" property of each navigation link? Any sample code? Please help!
Use rendered for view, take
rendered="#{userBean.role =='ADMIN'}"
also configure filter or use Spring security's filter to restrict them to access the URL
The corrent answer is here, may be helpful for someone else: Is "isUserInRole" method related to JAAS?