Java wicket与复合授权策略
我不确定我是否对这一策略的有效性有一个好的想法。在我的应用程序中,我有两个独立的登录表单,一个用于普通用户,另一个仅用于管理员(不要问为什么,就是这样:)) 我试图实现的是正确的重定向。在我的WebApplication课程中,我有:Java wicket与复合授权策略,java,wicket,Java,Wicket,我不确定我是否对这一策略的有效性有一个好的想法。在我的应用程序中,我有两个独立的登录表单,一个用于普通用户,另一个仅用于管理员(不要问为什么,就是这样:)) 我试图实现的是正确的重定向。在我的WebApplication课程中,我有: init() { //...ommited some not related code CompoundAuthorizationStrategy compoundAuthorizationStrategy = new CompoundAuthorizat
init() {
//...ommited some not related code
CompoundAuthorizationStrategy compoundAuthorizationStrategy = new CompoundAuthorizationStrategy();
IAuthorizationStrategy membertPageAuthStrategy = new SimplePageAuthorizationStrategy( MemberTemplatePage.class,
HomePage.class )
{
@Override
protected boolean isAuthorized()
{
//here's my way to define if authorization is completed
}
};
IAuthorizationStrategy adminPageAuthStrategy = new SimplePageAuthorizationStrategy( AdminTemplatePage.class,
AdminLoginPage.class )
{
@Override
protected boolean isAuthorized()
{
//here's my way to define if authorization is completed
}
};
compoundAuthorizationStrategy.add( membertPageAuthStrategy );
compoundAuthorizationStrategy.add( adminPageAuthStrategy );
getSecuritySettings().setAuthorizationStrategy( compoundAuthorizationStrategy );
//...
}
MemberTemplatePage是登录用户页面的模板,而AdminTemplatePage是admin的模板。
现在我想,通过这种链接身份验证策略,当我进入MemberTemplatePage unauthorized时,我将被重定向到HomePage,当我进入unauthorized to AdminTemplatePage时,我将被重定向到AdminLoginPage,但我将继续被重定向到AdminTemplatePage。
不能在谷歌上搜索任何关于复合授权策略的东西,这似乎是我的最佳选择。知道我做错了什么吗?
我知道RoleAuth~但那不适合我。这是来自CompoundAuthorization的代码
public final boolean isInstantiationAuthorized(Class componentClass)
{
int size = strategies.size();
for (int i = 0; i < size; i++)
{
IAuthorizationStrategy strategy = strategies.get(i);
if (!strategy.isInstantiationAuthorized(componentClass))
{
return false;
}
}
return true;
}
公共最终布尔值IsInstallationAuthorized(类组件类)
{
int size=strategies.size();
对于(int i=0;i
如果所有检查都已授权,它将根据每个策略检查您试图实例化的类。因此,它可能在常规用户授权检查期间成功,然后尝试管理员授权,并被重定向到管理员登录页面。@roby您可能是对的,在wicket source中进行了一些搜索后,我在代码中做了以下更改:
init() {
//...ommited some not related code
CompoundAuthorizationStrategy compoundAuthorizationStrategy = new CompoundAuthorizationStrategy();
IAuthorizationStrategy membertPageAuthStrategy = new SimplePageAuthorizationStrategy( MemberTemplatePage.class,
HomePage.class )
{
@Override
protected boolean isAuthorized()
{
if ( /* user not authorized */ )
{
throw new RestartResponseAtInterceptPageException( HomePage.class );
}
return true;
}
};
IAuthorizationStrategy adminPageAuthStrategy = new SimplePageAuthorizationStrategy( AdminTemplatePage.class,
AdminLoginPage.class )
{
@Override
protected boolean isAuthorized()
{
if ( /* user not authorized */ )
{
throw new RestartResponseAtInterceptPageException( AdminLoginPage.class );
}
return true;
}
};
compoundAuthorizationStrategy.add( membertPageAuthStrategy );
compoundAuthorizationStrategy.add( adminPageAuthStrategy );
getSecuritySettings().setAuthorizationStrategy( compoundAuthorizationStrategy );
//...
}
它的工作原理和我想要的一样:)