/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.wicket.security.strategies;
import java.lang.reflect.Field;
import java.lang.reflect.Modifier;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.wicket.Component;
import org.apache.wicket.authorization.IAuthorizationStrategy;
import org.apache.wicket.security.actions.Access;
import org.apache.wicket.security.checks.ClassSecurityCheck;
import org.apache.wicket.security.checks.ISecurityCheck;
import org.apache.wicket.security.components.ISecureComponent;
import org.apache.wicket.security.components.ISecurePage;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* Authorization strategy to enforce security at the construction of components rather
* then at render time. Note that it always requires a valid login, failing this condition
* will cause a redirect to the login page as defined in the application rather then
* returning false which will cause wicket to go to the accessdenied page. This class
* operates by checking if the supplied class or any of its superclasses have static final
* fields of type ISecurityCheck. It then calls each of them with an Access action, if any
* one of them fails the class is not allowed to instantiate. Note that this strategy only
* checks (sub)classes of {@link ISecureComponent}.
*
* @author marrink
*/
public abstract class ClassAuthorizationStrategy extends WaspAuthorizationStrategy
{
/**
*
*/
private static final long serialVersionUID = 1L;
private static final Logger log = LoggerFactory.getLogger(ClassAuthorizationStrategy.class);
/**
* Default is to only check ISecureComponents
*/
private Class< ? extends ISecureComponent> secureClass = ISecurePage.class;
private Map<Class< ? >, ISecurityCheck[]> cache =
new HashMap<Class< ? >, ISecurityCheck[]>(100); // guess
/**
* Creates a strategy that checks all implementations of {@link ISecurePage} . All
* other classes are granted instantiation rights.
*/
public ClassAuthorizationStrategy()
{
super();
}
/**
* Creates a strategy that checks all implementations of the supplied class. All other
* classes are granted instantiation rights.
*
* @param secureClass
* an {@link ISecureComponent} (sub)class.
*/
public ClassAuthorizationStrategy(Class< ? extends ISecureComponent> secureClass)
{
super();
if (secureClass != null)
{
if (ISecureComponent.class.isAssignableFrom(secureClass))
this.secureClass = secureClass;
else
throw new IllegalArgumentException(
"securePageClass must be an ISecureComponent class.");
}
}
/**
* Checks if a class is allowed to be constructed. Only classes assignable to the
* specified Class are checked. Note that all the found {@link ISecurityCheck}s must
* return true for the authorization to succeed. If the class does not have any static
* {@link ISecurityCheck}s a {@link ClassSecurityCheck} is used to simulate a static
* securitycheck This way you only need to assign static checks if you want something
* special.
*
* @see IAuthorizationStrategy#isInstantiationAuthorized(java.lang.Class)
*/
public <T extends Component> boolean isInstantiationAuthorized(Class<T> c)
{
if (c != null && secureClass.isAssignableFrom(c))
{
ISecurityCheck[] checks = getClassChecks(c);
for (int i = 0; i < checks.length; i++)
{
if (!checks[i].isActionAuthorized(getActionFactory().getAction(Access.class)))
return false;
}
if (checks.length == 0)
return new ClassSecurityCheck(c).isActionAuthorized(getActionFactory().getAction(
Access.class));
return true;
}
return true;
}
/**
* Returns the static {@link ISecurityCheck}s of a class. Note that found checks are
* cached therefore all checks should be final.
*
* @param clazz
* @return an array containing all the {@link ISecurityCheck} of this class and all
* its super classes, or an array of length 0 if none is found.
*/
protected final ISecurityCheck[] getClassChecks(Class< ? extends Component> clazz)
{
ISecurityCheck[] checks = cache.get(clazz);
if (checks != null)
return checks;
List<ISecurityCheck> list = getClassChecks(clazz, new ArrayList<ISecurityCheck>());
if (list == null)
checks = new ISecurityCheck[0];
else
checks = list.toArray(new ISecurityCheck[list.size()]);
cache.put(clazz, checks);
return checks;
}
/**
* Appends all the {@link ISecurityCheck}s of a class and its superclasses to the
* list.
*
* @param clazz
* @param list
* @return the list
*/
protected List<ISecurityCheck> getClassChecks(Class< ? > clazz, List<ISecurityCheck> list)
{
while (clazz != null)
{
Field[] fields = clazz.getDeclaredFields();
for (int i = 0; i < fields.length; i++)
{
if (Modifier.isStatic(fields[i].getModifiers())
&& Modifier.isFinal(fields[i].getModifiers())
&& ISecurityCheck.class.isAssignableFrom(fields[i].getType()))
{
try
{
fields[i].setAccessible(true);
Object check = fields[i].get(null);
if (check != null)
list.add((ISecurityCheck) check);
}
catch (SecurityException e)
{
log.error(getExceptionMessage(fields[i]), e);
}
catch (IllegalArgumentException e)
{
log.error(getExceptionMessage(fields[i]), e);
}
catch (IllegalAccessException e)
{
log.error(getExceptionMessage(fields[i]), e);
}
}
}
Class< ? >[] interfaces = clazz.getInterfaces();
for (int i = 0; i < interfaces.length; i++)
getClassChecks(interfaces[i], list);
clazz = clazz.getSuperclass();
}
return list;
}
/**
* Produces a generic exception message including information about the field that
* caused the exception.
*
* @param field
* @return generic exception message
*/
protected String getExceptionMessage(Field field)
{
if (field == null)
return "unable to process unknown field";
return "Unable to process " + field.getDeclaringClass().getName() + "#" + field.getName();
}
/**
* Does some cleaning up. If you override this method you must call super.destroy();.
*
* @see org.apache.wicket.security.strategies.WaspAuthorizationStrategy#destroy()
*/
@Override
public void destroy()
{
cache.clear();
}
}