WaspWebApplication.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.wicket.security;

import org.apache.wicket.Application;
import org.apache.wicket.Page;
import org.apache.wicket.Request;
import org.apache.wicket.RequestCycle;
import org.apache.wicket.Response;
import org.apache.wicket.Session;
import org.apache.wicket.authorization.AuthorizationException;
import org.apache.wicket.protocol.http.WebApplication;
import org.apache.wicket.protocol.http.WebRequest;
import org.apache.wicket.protocol.http.WebRequestCycle;
import org.apache.wicket.protocol.http.WebResponse;
import org.apache.wicket.security.actions.ActionFactory;
import org.apache.wicket.security.strategies.StrategyFactory;

/**
 * Base class for WebAplications with a wasp security framework.
 * 
 * @author marrink
 * @author Olger Warnier
 */
public abstract class WaspWebApplication extends WebApplication implements WaspApplication
{

	/**
	 * 
	 */
	private static final long serialVersionUID = 1L;

	/**
	 * creates a new secure webapplication.
	 */
	public WaspWebApplication()
	{
		super();
	}

	/**
	 * Initializes the actionfactory and the strategyfactory. If you override this method
	 * you must either call super.init() or setup the actionfactory and the
	 * strategyfactory yourself. In that order.
	 * 
	 * @see WebApplication#init()
	 */
	@Override
	protected void init()
	{
		setupActionFactory();
		setupStrategyFactory();
	}

	/**
	 * Creates a new WaspSession. If you override this method make sure you return a
	 * subclass of {@link WaspSession}.
	 * 
	 * @see org.apache.wicket.protocol.http.WebApplication#newSession(org.apache.wicket.Request,
	 *      org.apache.wicket.Response)
	 */
	@Override
	public Session newSession(Request request, Response response)
	{
		return new WaspSession(this, request);
	}

	/**
	 * Called by the {@link WaspWebApplication#init()}. use this to create and initialize
	 * your factory. The factory created here should be returned when calling
	 * {@link WaspApplication#getStrategyFactory()}.
	 * 
	 * @see WaspApplication#getStrategyFactory()
	 */
	protected abstract void setupStrategyFactory();

	/**
	 * Called by the {@link WaspWebApplication#init()}. use this to create and initialize
	 * your factory. The factory created here should be returned when calling
	 * {@link WaspApplication#getActionFactory()}.
	 * 
	 * @see WaspApplication#getActionFactory()
	 */
	protected abstract void setupActionFactory();

	/**
	 * Destroys the strategy factory and the action factory. In that order. If you
	 * override this method you must call super.onDestroy().
	 * 
	 * @see Application#onDestroy()
	 */
	@Override
	protected void onDestroy()
	{
		StrategyFactory factory = getStrategyFactory();
		if (factory != null)
			factory.destroy();
		// because we destroy the actionfactory with the wicket app it is not
		// recommended to share actionfactories.
		ActionFactory factory2 = getActionFactory();
		if (factory2 != null)
			factory2.destroy();
	}

	/**
	 * Override the newRequestCycle to return an accessdenied page instead of the wicket
	 * default page that is returned for a InvalidUrlException. This override will return
	 * the override page in the AbstractRequestCycleProcessor
	 * 
	 * @inheritdoc
	 * 
	 * @see org.apache.wicket.request.AbstractRequestCycleProcessor
	 */
	@Override
	public RequestCycle newRequestCycle(final Request request, final Response response)
	{
		return new WebRequestCycle(this, (WebRequest) request, (WebResponse) response)
		{

			@Override
			public Page onRuntimeException(Page page, RuntimeException e)
			{
				try
				{
					if (e instanceof AuthorizationException)
					{

						return getApplicationSettings().getAccessDeniedPage().newInstance();

					}
					Throwable t = e.getCause();
					while (t != null)
					{
						if (t instanceof AuthorizationException)
						{
							try
							{
								return getApplicationSettings().getAccessDeniedPage().newInstance();
							}
							catch (InstantiationException e1)
							{
								super.onRuntimeException(page, new RuntimeException(
									"Exception while creating access denied page", e1));
							}
							catch (IllegalAccessException e1)
							{
								super.onRuntimeException(page, new RuntimeException(
									"Exception while creating access denied page", e1));
							}
						}
						t = t.getCause();
					}
				}
				catch (InstantiationException e1)
				{
					super.onRuntimeException(page, new RuntimeException(
						"Exception while creating access denied page", e1));
				}
				catch (IllegalAccessException e1)
				{
					super.onRuntimeException(page, new RuntimeException(
						"Exception while creating access denied page", e1));
				}
				return super.onRuntimeException(page, e);
			}
		};
	}
}