- java.lang.Object
-
- org.apache.wicket.settings.SecuritySettings
-
public class SecuritySettings extends Object
Class for security related settings- Author:
- Jonathan Locke, Chris Turner, Eelco Hillenius, Juergen Donnerstag, Johan Compagner, Igor Vaynberg (ivaynberg), Martijn Dashorst, James Carman
-
-
Field Summary
Fields Modifier and Type Field Description static String
DEFAULT_ENCRYPTION_KEY
encryption key used by default crypt factory
-
Constructor Summary
Constructors Constructor Description SecuritySettings()
-
Method Summary
-
-
-
Field Detail
-
DEFAULT_ENCRYPTION_KEY
public static final String DEFAULT_ENCRYPTION_KEY
encryption key used by default crypt factory- See Also:
- Constant Field Values
-
-
Method Detail
-
getAuthorizationStrategy
public IAuthorizationStrategy getAuthorizationStrategy()
Gets the authorization strategy.- Returns:
- Returns the authorizationStrategy.
-
getCryptFactory
public org.apache.wicket.util.crypt.ICryptFactory getCryptFactory()
Note: Prints a warning to stderr if no factory was set andDEFAULT_ENCRYPTION_KEY
is used instead.- Returns:
- crypt factory used to generate crypt objects
-
getRandomSupplier
public ISecureRandomSupplier getRandomSupplier()
Returns theISecureRandomSupplier
to use for secure random data. If no custom supplier is set, aDefaultSecureRandomSupplier
is used.- Returns:
- The
ISecureRandomSupplier
to use for secure random data.
-
getEnforceMounts
public boolean getEnforceMounts()
Gets whether page mounts should be enforced. Iftrue
, requests for a page will be allowed only if the page has been explicitly mounted inMyApplication#init()
. This setting basically disablesBookmarkableMapper
- Returns:
- Whether mounts should be enforced
-
getUnauthorizedComponentInstantiationListener
public IUnauthorizedComponentInstantiationListener getUnauthorizedComponentInstantiationListener()
- Returns:
- The listener
- See Also:
IUnauthorizedComponentInstantiationListener
-
setAuthorizationStrategy
public SecuritySettings setAuthorizationStrategy(IAuthorizationStrategy strategy)
Sets the authorization strategy.- Parameters:
strategy
- new authorization strategy- Returns:
this
object for chaining
-
setCryptFactory
public SecuritySettings setCryptFactory(org.apache.wicket.util.crypt.ICryptFactory cryptFactory)
Sets the factory that will be used to create crypt objects. The crypt object returned from the first call is cached.- Parameters:
cryptFactory
-- Returns:
this
object for chaining
-
setRandomSupplier
public SecuritySettings setRandomSupplier(ISecureRandomSupplier randomSupplier)
Sets the supplier of secure random data for Wicket. The implementation must use a strong source of random data and be able to generate a lot of random data without running out of entropy.- Parameters:
randomSupplier
- The new supplier, must not be null.- Returns:
this
object for chaining
-
setEnforceMounts
public SecuritySettings setEnforceMounts(boolean enforce)
Sets whether mounts should be enforced. If true, requests for mounted targets have to done through the mounted paths. If, for instance, a bookmarkable page is mounted to a path, a request to that same page via the bookmarkablePage parameter will be denied.- Parameters:
enforce
- Whether mounts should be enforced- Returns:
this
object for chaining
-
setUnauthorizedComponentInstantiationListener
public SecuritySettings setUnauthorizedComponentInstantiationListener(IUnauthorizedComponentInstantiationListener listener)
- Parameters:
listener
- The listener to set- Returns:
this
object for chaining- See Also:
IUnauthorizedComponentInstantiationListener
-
getUnauthorizedResourceRequestListener
public IUnauthorizedResourceRequestListener getUnauthorizedResourceRequestListener()
- Returns:
- The listener that will be used when a request to an IResource is not allowed for some reason
-
setUnauthorizedResourceRequestListener
public SecuritySettings setUnauthorizedResourceRequestListener(IUnauthorizedResourceRequestListener listener)
Sets a listener that will be used when a request to an IResource is not allowed for some reason- Parameters:
listener
- The listener- Returns:
this
object for chaining
-
getAuthenticationStrategy
public IAuthenticationStrategy getAuthenticationStrategy()
Gets the authentication strategy.- Returns:
- Returns the authentication strategy.
-
setAuthenticationStrategy
public SecuritySettings setAuthenticationStrategy(IAuthenticationStrategy strategy)
Sets the authentication strategy.- Parameters:
strategy
- new authentication strategy- Returns:
this
object for chaining
-
-