001/* 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017package org.apache.wicket.settings; 018 019import jakarta.servlet.http.HttpServletResponse; 020 021import org.apache.wicket.authorization.IUnauthorizedResourceRequestListener; 022import org.apache.wicket.request.IRequestHandler; 023import org.apache.wicket.request.cycle.RequestCycle; 024import org.apache.wicket.request.http.handler.ErrorCodeRequestHandler; 025import org.apache.wicket.request.mapper.parameter.PageParameters; 026import org.apache.wicket.request.resource.IResource; 027 028/** 029 * An IUnauthorizedResourceRequestListener that schedules a response with status code 403 (Forbidden) 030 */ 031public class DefaultUnauthorizedResourceRequestListener implements IUnauthorizedResourceRequestListener 032{ 033 @Override 034 public void onUnauthorizedRequest(IResource resource, PageParameters parameters) 035 { 036 RequestCycle cycle = RequestCycle.get(); 037 if (cycle != null) 038 { 039 IRequestHandler handler = new ErrorCodeRequestHandler(HttpServletResponse.SC_FORBIDDEN, createErrorMessage(resource, parameters)); 040 cycle.replaceAllRequestHandlers(handler); 041 } 042 } 043 044 protected String createErrorMessage(IResource resource, PageParameters parameters) 045 { 046 return new StringBuilder() 047 .append("The request to resource '") 048 .append(resource) 049 .append("' with parameters '") 050 .append(parameters) 051 .append("' cannot be authorized.") 052 .toString(); 053 } 054 055}