Search in sources :

Example 1 with SecurePackageResourceGuard

use of org.apache.wicket.markup.html.SecurePackageResourceGuard in project wicket by apache.

the class VideosApplication method init.

@Override
protected void init() {
    IPackageResourceGuard packageResourceGuard = getResourceSettings().getPackageResourceGuard();
    if (packageResourceGuard instanceof SecurePackageResourceGuard) {
        SecurePackageResourceGuard guard = (SecurePackageResourceGuard) packageResourceGuard;
        guard.addPattern("+*.mp4");
    }
}
Also used : IPackageResourceGuard(org.apache.wicket.markup.html.IPackageResourceGuard) SecurePackageResourceGuard(org.apache.wicket.markup.html.SecurePackageResourceGuard)

Example 2 with SecurePackageResourceGuard

use of org.apache.wicket.markup.html.SecurePackageResourceGuard in project ocvn by devgateway.

the class FormsWebApplication method init.

/**
 * <ul>
 * <li>making the wicket components injectable by activating the
 * SpringComponentInjector</li>
 * <li>mounting the test page</li>
 * <li>logging spring service method output to showcase working integration
 * </li>
 * </ul>
 */
@Override
protected void init() {
    super.init();
    // add allowed woff2 extension
    IPackageResourceGuard packageResourceGuard = getResourceSettings().getPackageResourceGuard();
    if (packageResourceGuard instanceof SecurePackageResourceGuard) {
        SecurePackageResourceGuard guard = (SecurePackageResourceGuard) packageResourceGuard;
        guard.addPattern("+*.woff2");
        guard.addPattern("+*.xlsx");
    }
    // this ensures that spring DI works for wicket components and pages
    // see @SpringBean annotation
    getComponentInstantiationListeners().add(new SpringComponentInjector(this, applicationContext));
    // this will scan packages for pages with @MountPath annotations and automatically create URLs for them
    new AnnotatedMountScanner().scanPackage(BASE_PACKAGE_FOR_PAGES).mount(this);
    getApplicationSettings().setUploadProgressUpdatesEnabled(true);
    getApplicationSettings().setAccessDeniedPage(Homepage.class);
    // deactivate ajax debug mode
    // getDebugSettings().setAjaxDebugModeEnabled(false);
    configureBootstrap();
    configureSummernote();
    optimizeForWebPerformance();
    // http://.../wicket/internal/debug/diskDataStore
    if (usesDevelopmentConfig()) {
        DebugDiskDataStore.register(this);
    }
    SessionFinderHolder.setSessionFinder(sessionFinderService);
}
Also used : IPackageResourceGuard(org.apache.wicket.markup.html.IPackageResourceGuard) SecurePackageResourceGuard(org.apache.wicket.markup.html.SecurePackageResourceGuard) AnnotatedMountScanner(org.wicketstuff.annotation.scan.AnnotatedMountScanner) SpringComponentInjector(org.apache.wicket.spring.injection.annot.SpringComponentInjector)

Example 3 with SecurePackageResourceGuard

use of org.apache.wicket.markup.html.SecurePackageResourceGuard in project hale by halestudio.

the class BaseWebApplication method init.

@Override
public void init() {
    super.init();
    BootstrapSettings settings = new BootstrapSettings();
    final ThemeProvider themeProvider = new BootswatchThemeProvider() {

        {
            add(new MetroTheme());
            add(new GoogleTheme());
            add(new WicketTheme());
            add(new Bootstrap3Theme());
            defaultTheme("bootstrap-responsive");
        // defaultTheme("bootstrap");
        }
    };
    settings.setThemeProvider(themeProvider);
    Bootstrap.install(this, settings);
    BootstrapLess.install(this);
    configureResourceBundles();
    IPackageResourceGuard packageResourceGuard = getResourceSettings().getPackageResourceGuard();
    if (packageResourceGuard instanceof SecurePackageResourceGuard) {
        SecurePackageResourceGuard guard = (SecurePackageResourceGuard) packageResourceGuard;
        guard.addPattern("+org/apache/wicket/resource/jquery/*.map");
    }
    // enforce mounts so security interceptors based on URLs can't be fooled
    getSecuritySettings().setEnforceMounts(true);
    getSecuritySettings().setAuthorizationStrategy(new SimplePageAuthorizationStrategy(SecuredPage.class, getLoginPageClass()) {

        @Override
        protected boolean isAuthorized() {
            SecurityContext securityContext = SecurityContextHolder.getContext();
            if (securityContext != null) {
                Authentication authentication = securityContext.getAuthentication();
                if (authentication != null && authentication.isAuthenticated()) {
                    for (GrantedAuthority authority : authentication.getAuthorities()) {
                        if (authority.getAuthority().equals(UserConstants.ROLE_USER) || authority.getAuthority().equals(UserConstants.ROLE_ADMIN)) {
                            // allow access only for users/admins
                            return true;
                        }
                    }
                }
            }
            return false;
        }
    });
    getComponentInstantiationListeners().add(new SpringComponentInjector(this));
    getRequestCycleListeners().add(new AbstractRequestCycleListener() {

        @Override
        public IRequestHandler onException(RequestCycle cycle, Exception ex) {
            return new RenderPageRequestHandler(new PageProvider(new ExceptionPage(ex)));
        }
    });
    // add login page to every application based on this one (if enabled)
    Class<? extends BasePage> loginClass = getLoginPageClass();
    if (loginClass != null) {
        // login page
        mountPage("/login", loginClass);
        // user settings
        mountPage("/settings", UserSettingsPage.class);
        // about
        mountPage("/about", AboutPage.class);
        // contact
        mountPage("/contact", ContactPage.class);
        if (OpenIdLoginPage.class.equals(loginClass)) {
            // for OpenID auth also add page for new users
            mountPage("/new", NewUserPage.class);
        }
    }
}
Also used : WicketTheme(de.agilecoders.wicket.themes.markup.html.wicket.WicketTheme) IRequestHandler(org.apache.wicket.request.IRequestHandler) RenderPageRequestHandler(org.apache.wicket.core.request.handler.RenderPageRequestHandler) GoogleTheme(de.agilecoders.wicket.themes.markup.html.google.GoogleTheme) RequestCycle(org.apache.wicket.request.cycle.RequestCycle) GrantedAuthority(org.springframework.security.core.GrantedAuthority) SimplePageAuthorizationStrategy(org.apache.wicket.authorization.strategies.page.SimplePageAuthorizationStrategy) MetroTheme(de.agilecoders.wicket.themes.markup.html.metro.MetroTheme) Bootstrap3Theme(de.agilecoders.wicket.themes.markup.html.bootstrap3.Bootstrap3Theme) BootstrapSettings(de.agilecoders.wicket.core.settings.BootstrapSettings) IPackageResourceGuard(org.apache.wicket.markup.html.IPackageResourceGuard) SecurePackageResourceGuard(org.apache.wicket.markup.html.SecurePackageResourceGuard) Authentication(org.springframework.security.core.Authentication) PageProvider(org.apache.wicket.core.request.handler.PageProvider) AbstractRequestCycleListener(org.apache.wicket.request.cycle.AbstractRequestCycleListener) SecurityContext(org.springframework.security.core.context.SecurityContext) ExceptionPage(eu.esdihumboldt.hale.server.webapp.pages.ExceptionPage) SecuredPage(eu.esdihumboldt.hale.server.webapp.pages.SecuredPage) BootswatchThemeProvider(de.agilecoders.wicket.themes.settings.BootswatchThemeProvider) SpringComponentInjector(org.apache.wicket.spring.injection.annot.SpringComponentInjector) BootswatchThemeProvider(de.agilecoders.wicket.themes.settings.BootswatchThemeProvider) ThemeProvider(de.agilecoders.wicket.core.settings.ThemeProvider)

Example 4 with SecurePackageResourceGuard

use of org.apache.wicket.markup.html.SecurePackageResourceGuard in project wicket by apache.

the class MediaComponentsApplication method init.

@Override
protected void init() {
    super.init();
    getResourceSettings().setCachingStrategy(NoOpResourceCachingStrategy.INSTANCE);
    IPackageResourceGuard packageResourceGuard = org.apache.wicket.Application.get().getResourceSettings().getPackageResourceGuard();
    if (packageResourceGuard instanceof SecurePackageResourceGuard) {
        SecurePackageResourceGuard securePackageResourceGuard = (SecurePackageResourceGuard) packageResourceGuard;
        securePackageResourceGuard.addPattern("+*.vtt");
        securePackageResourceGuard.addPattern("+*.srt");
        securePackageResourceGuard.addPattern("+*.mp3");
        securePackageResourceGuard.addPattern("+*.m4a");
    }
}
Also used : IPackageResourceGuard(org.apache.wicket.markup.html.IPackageResourceGuard) SecurePackageResourceGuard(org.apache.wicket.markup.html.SecurePackageResourceGuard)

Example 5 with SecurePackageResourceGuard

use of org.apache.wicket.markup.html.SecurePackageResourceGuard in project wicket by apache.

the class LessResourceReferenceTest method newApplication.

@Override
protected WebApplication newApplication() {
    return new MockApplication() {

        @Override
        protected void init() {
            super.init();
            SecurePackageResourceGuard guard = (SecurePackageResourceGuard) getResourceSettings().getPackageResourceGuard();
            guard.addPattern("+*.less");
        }

        /**
         * Register custom ResourceReferenceRegistry that creates LessResourceReference
         * for requests with .less extension
         */
        @Override
        protected ResourceReferenceRegistry newResourceReferenceRegistry() {
            return new ResourceReferenceRegistry(new LessResourceReferenceFactory());
        }
    };
}
Also used : SecurePackageResourceGuard(org.apache.wicket.markup.html.SecurePackageResourceGuard) MockApplication(org.apache.wicket.mock.MockApplication)

Aggregations

SecurePackageResourceGuard (org.apache.wicket.markup.html.SecurePackageResourceGuard)8 IPackageResourceGuard (org.apache.wicket.markup.html.IPackageResourceGuard)6 SpringComponentInjector (org.apache.wicket.spring.injection.annot.SpringComponentInjector)4 MidPointApplicationConfiguration (com.evolveum.midpoint.gui.api.util.MidPointApplicationConfiguration)1 PolyString (com.evolveum.midpoint.prism.polystring.PolyString)1 PageMounter (com.evolveum.midpoint.web.application.PageMounter)1 MidPointResourceStreamLocator (com.evolveum.midpoint.web.util.MidPointResourceStreamLocator)1 MidPointStringResourceLoader (com.evolveum.midpoint.web.util.MidPointStringResourceLoader)1 SystemConfigurationType (com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType)1 BootstrapSettings (de.agilecoders.wicket.core.settings.BootstrapSettings)1 ThemeProvider (de.agilecoders.wicket.core.settings.ThemeProvider)1 Bootstrap3Theme (de.agilecoders.wicket.themes.markup.html.bootstrap3.Bootstrap3Theme)1 GoogleTheme (de.agilecoders.wicket.themes.markup.html.google.GoogleTheme)1 MetroTheme (de.agilecoders.wicket.themes.markup.html.metro.MetroTheme)1 WicketTheme (de.agilecoders.wicket.themes.markup.html.wicket.WicketTheme)1 BootswatchThemeProvider (de.agilecoders.wicket.themes.settings.BootswatchThemeProvider)1 ExceptionPage (eu.esdihumboldt.hale.server.webapp.pages.ExceptionPage)1 SecuredPage (eu.esdihumboldt.hale.server.webapp.pages.SecuredPage)1 ServletContext (javax.servlet.ServletContext)1 WicketRuntimeException (org.apache.wicket.WicketRuntimeException)1