Examples of ShiroWicketPlugin

• fiftyfive.wicket.shiro.ShiroWicketPlugin
  Enhances Wicket to integrate closely with the Apache Shiro security framework. With the {@code ShiroWicketPlugin} installed in your Wicketapplication, you will gain the following features:

  • You can use all of Shiro's authorization annotations (like {@link org.apache.shiro.authz.annotation.RequiresAuthentication @RequiresAuthentication}and {@link org.apache.shiro.authz.annotation.RequiresPermissions @RequiresPermissions}) on Wicket Pages. The {@code ShiroWicketPlugin} will ensure that onlyauthorized users can access these pages, and will show an appropriate error page or login page otherwise. See {@link #isInstantiationAuthorized isInstantiationAuthorized()}.
  • You can also use the same Shiro annotations on individual components, like Links and Panels. The {@code ShiroWicketPlugin} will automaticallyhide these components from unauthorized users. See {@link #isActionAuthorized isActionAuthorized()}.
  • You can access Shiro directly at any time in your Wicket code by calling {@link org.apache.shiro.SecurityUtils#getSubject SecurityUtils.getSubject()}. This gives you access to the rich set of security operations on the Shiro {@link org.apache.shiro.subject.Subject Subject} that representsthe current user.
  • Any uncaught Shiro {@link AuthorizationException AuthorizationExceptions}will be handled gracefully by redirecting the user to the login page or an unauthorized page (by default, the home page). This allows you to implement comprehensive security rules using Shiro at any tier of your application and be confident that your UI will handle them appropriately. See {@link #onException onException()}.

  Installation

  Before you can use the {@code ShiroWicketPlugin}, you must have Shiro properly added to your application's {@code web.xml} file. Refer to thepackage summary of this Javadoc for a brief tutorial.

  {@code Application.init()}

  Once Shiro itself is installed, adding {@code ShiroWicketPlugin} can be assimple as adding one line to your Wicket application {@code init()}:

   public class MyApplication extends WebApplication { @Override protected void init() { super.init(); new ShiroWicketPlugin().install(this); } }

  Most developers will want to customize the login page. The more complex real-world installation is thus:

   public class MyApplication extends WebApplication { @Override protected void init() { super.init(); new ShiroWicketPlugin() .mountLoginPage("login", MyLoginPage.class) .install(this); } }

  @author Matt Brictson @since 3.0

Examples of fiftyfive.wicket.shiro.ShiroWicketPlugin

        // -- Configure error pages --
        getApplicationSettings().setPageExpiredErrorPage(getHomePage());
        getApplicationSettings().setInternalErrorPage(InternalServerErrorPage.class);

        // -- Shiro integration --
        new ShiroWicketPlugin().mountLoginPage("/login", LoginPage.class).install(this);

        // -- Configure custom request cycle handling --
        getRequestCycleListeners().add(new WicketRequestCycleListener());

        // -- Custom initialization goes here --

Examples of fiftyfive.wicket.shiro.ShiroWicketPlugin

            @Override
            protected void init()
            {
                super.init();
                getMarkupSettings().setStripWicketTags(true);
                new ShiroWicketPlugin().install(this);
            }
        });
    }