org.wicketstuff.security.components.markup.html.form.SecureForm.java Source code

Java tutorial

  1. HOME
  2. Java
  3. org.wicketstuff.security.components.markup.html.form.SecureForm.java

Introduction

Here is the source code for org.wicketstuff.security.components.markup.html.form.SecureForm.java

Source

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.wicketstuff.security.components.markup.html.form;

import org.apache.wicket.Component;
import org.apache.wicket.markup.ComponentTag;
import org.apache.wicket.markup.html.form.Form;
import org.apache.wicket.model.IModel;
import org.apache.wicket.util.visit.IVisit;
import org.apache.wicket.util.visit.IVisitor;
import org.wicketstuff.security.actions.WaspAction;
import org.wicketstuff.security.checks.ComponentSecurityCheck;
import org.wicketstuff.security.checks.ISecurityCheck;
import org.wicketstuff.security.components.ISecureComponent;
import org.wicketstuff.security.components.SecureComponentHelper;

/**
 * A secure Form. if the form does not have sufficient enable rights it replaces the tag with a div
 * to prevent clientside form submits Also it automaticly disables all children. Other than that it
 * behaves exactly like a regular {@link Form} with a {@link ComponentSecurityCheck} attached.
 * 
 * @author marrink
 */
public class SecureForm<T> extends Form<T> implements ISecureComponent {
    private static final long serialVersionUID = 1L;

    /**
     * Construct.
     * 
     * @param id
     */
    public SecureForm(String id) {
        super(id);
        setSecurityCheck(new ComponentSecurityCheck(this));
    }

    /**
     * Construct.
     * 
     * @param id
     * @param model
     */
    public SecureForm(String id, IModel<T> model) {
        super(id, model);
        setSecurityCheck(new ComponentSecurityCheck(this));
    }

    /**
     * @see org.wicketstuff.security.components.ISecureComponent#getSecurityCheck()
     */
    public ISecurityCheck getSecurityCheck() {
        return SecureComponentHelper.getSecurityCheck(this);
    }

    /**
     * @see org.wicketstuff.security.components.ISecureComponent#isActionAuthorized(java.lang.String)
     */
    public boolean isActionAuthorized(String waspAction) {
        return SecureComponentHelper.isActionAuthorized(this, waspAction);
    }

    /**
     * @see org.wicketstuff.security.components.ISecureComponent#isActionAuthorized(WaspAction)
     */
    public boolean isActionAuthorized(WaspAction action) {
        return SecureComponentHelper.isActionAuthorized(this, action);
    }

    /**
     * @see org.wicketstuff.security.components.ISecureComponent#isAuthenticated()
     */
    public boolean isAuthenticated() {
        return SecureComponentHelper.isAuthenticated(this);
    }

    /**
     * @see org.wicketstuff.security.components.ISecureComponent#setSecurityCheck(org.wicketstuff.security.checks.ISecurityCheck)
     */
    public void setSecurityCheck(ISecurityCheck check) {
        SecureComponentHelper.setSecurityCheck(this, check);
    }

    /**
     * Override to make sure the form can not be submitted clientside. Offcourse this does not
     * prevent fake urls send to the server.
     * 
     * @see org.apache.wicket.markup.html.form.Form#onComponentTag(org.apache.wicket.markup.ComponentTag)
     */
    @Override
    protected void onComponentTag(ComponentTag tag) {
        super.onComponentTag(tag);
        // prevent client from submitting this form
        if (!isEnableAllowed()) {
            tag.setName("div");
            tag.remove("method");
            tag.remove("action");
            tag.remove("enctype");

            // auto disable all children
            // visitChildren(new IVisitor()
            // {
            // public Object component(Component component)
            // {
            // component.setEnabled(false);
            // return IVisitor.CONTINUE_TRAVERSAL;
            // }
            // });
        }
    }

    /**
     * 
     * @see org.apache.wicket.Component#onBeforeRender()
     */
    @Override
    protected void onBeforeRender() {
        super.onBeforeRender();
        // prevent client from submitting this form
        if (!isEnableAllowed()) {
            // auto disable all children
            visitChildren(new IVisitor<Component, Void>() {
                public void component(Component object, IVisit<Void> visit) {
                    object.setEnabled(false);
                }
            });
            // TODO test if this works with listviews etc
        }

    }
}