Example 1 with UnauthorizedInstantiationException
use of org.apache.wicket.authorization.UnauthorizedInstantiationException in project wicket by apache.
the class SourcesPage method getPageTargetClass.
private Class<? extends Page> getPageTargetClass() {
if (page == null) {
String pageParam = getPageParameters().get(PAGE_CLASS).toOptionalString();
if (pageParam == null) {
log.error("key: {} is null.", PAGE_CLASS);
getRequestCycle().replaceAllRequestHandlers(new ErrorCodeRequestHandler(404, "Could not find sources for the page you requested"));
} else if (!pageParam.startsWith("org.apache.wicket.examples")) {
log.error("user is trying to access class: {} which is not in the scope of org.apache.wicket.examples", pageParam);
throw new UnauthorizedInstantiationException(getClass());
}
page = WicketObjects.resolveClass(pageParam);
if (page == null) {
getRequestCycle().replaceAllRequestHandlers(new ErrorCodeRequestHandler(404, "Could not find sources for the page you requested"));
}
}
return page;
}
Also used :
ErrorCodeRequestHandler(org.apache.wicket.request.http.handler.ErrorCodeRequestHandler)
UnauthorizedInstantiationException(org.apache.wicket.authorization.UnauthorizedInstantiationException)
Example 2 with UnauthorizedInstantiationException
use of org.apache.wicket.authorization.UnauthorizedInstantiationException in project wicket by apache.
the class AnnotationsRoleTest method testNotAuthorized.
/**
* @throws Exception
*/
@Test
public void testNotAuthorized() throws Exception {
WicketTester tester = new WicketTester();
tester.getApplication().getSecuritySettings().setAuthorizationStrategy(new RoleAuthorizationStrategy(new UserRolesAuthorizer("USER")));
final class Listener implements IUnauthorizedComponentInstantiationListener {
private boolean eventReceived = false;
@Override
public void onUnauthorizedInstantiation(Component component) {
eventReceived = true;
}
}
Listener listener = new Listener();
tester.getApplication().getSecuritySettings().setUnauthorizedComponentInstantiationListener(listener);
try {
tester.startPage(AdminPage.class);
assertTrue("an authorization exception event should have been received", listener.eventReceived);
} catch (Exception e) {
if (!(e.getCause() instanceof InvocationTargetException && ((InvocationTargetException) e.getCause()).getTargetException() instanceof UnauthorizedInstantiationException)) {
throw e;
}
}
}
Also used :
IUnauthorizedComponentInstantiationListener(org.apache.wicket.authorization.IUnauthorizedComponentInstantiationListener)
RoleAuthorizationStrategy(org.apache.wicket.authroles.authorization.strategies.role.RoleAuthorizationStrategy)
WicketTester(org.apache.wicket.util.tester.WicketTester)
IUnauthorizedComponentInstantiationListener(org.apache.wicket.authorization.IUnauthorizedComponentInstantiationListener)
Component(org.apache.wicket.Component)
UnauthorizedInstantiationException(org.apache.wicket.authorization.UnauthorizedInstantiationException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
UnauthorizedInstantiationException(org.apache.wicket.authorization.UnauthorizedInstantiationException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
Test(org.junit.Test)
Aggregations
UnauthorizedInstantiationException (org.apache.wicket.authorization.UnauthorizedInstantiationException)2
InvocationTargetException (java.lang.reflect.InvocationTargetException)1
Component (org.apache.wicket.Component)1
IUnauthorizedComponentInstantiationListener (org.apache.wicket.authorization.IUnauthorizedComponentInstantiationListener)1
RoleAuthorizationStrategy (org.apache.wicket.authroles.authorization.strategies.role.RoleAuthorizationStrategy)1
ErrorCodeRequestHandler (org.apache.wicket.request.http.handler.ErrorCodeRequestHandler)1
WicketTester (org.apache.wicket.util.tester.WicketTester)1
Test (org.junit.Test)1
