List of usage examples for org.apache.wicket.authorization UnauthorizedActionException UnauthorizedActionException
public UnauthorizedActionException(Component component, Action action)
From source file:org.artifactory.common.wicket.component.form.SecureForm.java
License:Open Source License
@Override protected void onValidate() { // Check the random id in the hidden field. This guards against CSRF attacks. StringValue requestToken = getRequest().getPostParameters().getParameterValue(TOKEN_NAME); if (!requestToken.equals(StringValue.valueOf(getToken()))) { String message = "Attempted unauthorized form submission"; log.warn(message);/*from w w w . j a v a2 s . co m*/ AccessLogger.unauthorizedFormSubmit(message); throw new UnauthorizedActionException(this, new Action("submit without CSRF token")); } super.onValidate(); }
From source file:org.jabylon.rest.ui.security.PermissionBasedAuthorizationStrategy.java
License:Open Source License
@Override public boolean isActionAuthorized(Component component, Action action) { if (component instanceof RestrictedComponent) { RestrictedComponent restricted = (RestrictedComponent) component; String permission = restricted.getRequiredPermission(); if (permission == null) return true; CDOAuthenticatedSession session = (CDOAuthenticatedSession) CDOAuthenticatedSession.get(); if (session.getUser() == null) { User anonymousUser = session.getAnonymousUser(); if (anonymousUser == null) return false; boolean allowed = anonymousUser.hasPermission(permission); if (allowed) return true; throw new RestartResponseAtInterceptPageException(LoginPage.class); }/*from w w w .j av a 2s .co m*/ boolean allowed = session.getUser().hasPermission(permission); if (allowed) return true; if (CommonPermissions.isEditRequest(permission)) throw new UnauthorizedActionException(component, action); return false; } return true; }