/*
* Copyright 2008 Stichting JoiningTracks, The Netherlands
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.wicket.security.examples.springsecurity.security;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.wicket.Application;
import org.apache.wicket.Session;
import org.apache.wicket.markup.html.WebPage;
import org.apache.wicket.markup.html.basic.Label;
import org.apache.wicket.markup.html.form.Form;
import org.apache.wicket.markup.html.form.StatelessForm;
import org.apache.wicket.markup.html.form.TextField;
import org.apache.wicket.model.Model;
import org.apache.wicket.security.WaspSession;
import org.apache.wicket.security.authentication.LoginException;
import org.apache.wicket.security.hive.authentication.LoginContext;
import org.apache.wicket.util.lang.Objects;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
/**
* MockLoginPage creates a Spring Security logincontext based on the
* TestingAuthenticationToken This context is used by the wicket security components to
* create the right session.
*
* When logged on with any name except 'admin' the user is logged on with ROLE_USER when
* logged on with the name 'admin' the user is logged on with ROLE_USER and ROLE_ADMIN.
*
* @author Olger Warnier
*/
public class MockLoginPage extends WebPage
{
/**
*
*/
private static final long serialVersionUID = 1L;
private static final Log log = LogFactory.getLog(MockLoginPage.class);
private Form<Void> form;
private TextField<String> textField;
/**
*
*/
public MockLoginPage()
{
super();
setStatelessHint(true);
add(new Label("label", "welcome please login"));
add(form = new StatelessForm<Void>("form")
{
/**
*
*/
private static final long serialVersionUID = 1L;
@Override
protected void onSubmit()
{
login(get("username").getDefaultModelObjectAsString());
}
});
form.add(textField = new TextField<String>("username", new Model<String>()));
}
/**
* @param username
* @return true if the login was successful, false otherwise
*/
public boolean login(String username)
{
try
{
LoginContext context;
context =
new SpringSecureLoginContext(new TestingAuthenticationToken(username, username,
getAuthorities(username, username)));
((WaspSession) Session.get()).login(context);
if (!continueToOriginalDestination())
setResponsePage(Application.get().getHomePage());
return true;
}
catch (LoginException e)
{
log.error(e.getMessage(), e);
}
return false;
}
/**
* @return the form
*/
public final Form<Void> getForm()
{
return form;
}
/**
* @return the username textfield
*/
public final TextField<String> getTextField()
{
return textField;
}
/**
* This Login Page uses the TestingAuthenticationToken therefore we need to provide
* the authorities up front. Other AuthenticationTokens will get this from a database
* or wherever they are designed to get it from.
* <p/>
* Thanks to Marrik and his ACEGI examples.
*
* @param username
* @param password
* @return
*/
private GrantedAuthority[] getAuthorities(String username, String password)
{
GrantedAuthority[] authorities = null;
if (username != null && Objects.equal(username, password))
{
if ("admin".equals(username))
{
authorities = new GrantedAuthority[2];
authorities[0] = new GrantedAuthorityImpl("ROLE_ADMIN");
authorities[1] = new GrantedAuthorityImpl("ROLE_USER");
}
else
{
authorities = new GrantedAuthority[1];
authorities[0] = new GrantedAuthorityImpl("ROLE_USER");
}
// the subject returned in AcegiLoginContext knows how to
// convert these names to principals
}
return authorities;
}
}