Buy me a coffee :)

Wicket - jQuery UI

jQuery UI integration in Wicket 6.x, Wicket 7.x , Wicket 8.x & Wicket 9.x

Secured Button



Components / Samples

Description

SecuredButton allows you to prevent a button from being clicked if the logged user does not have required permissions.

This class implements IJQuerySecurityProvider for code reading facility in this sample.

It is usually better to let the session implementing IJQuerySecurityProvider so it is not needed to pass the IJQuerySecurityProvider argument to the button's constructor.

Key point


The WebSession could be like this implementation.
Note that in this implementation, #hasRole() it only checks that the logged user as at least one role.
public class SampleSession extends AuthenticatedWebSession implements IJQuerySecurityProvider
{
	/* ... */
	
	/**
	 * @see IJQuerySecurityProvider#hasRole(String...)
	 */
	@Override
	public final boolean hasRole(String... roles)
	{
		for (String role : roles)
		{
			if (this.hasRole(role))
			{
				return true;
			}
		}

		return false;
	}
	
	protected final boolean hasRole(String role)
	{
		//Assuming the session is extending AbstractAuthenticatedWebSession
		return this.getRoles().hasRole(role); 
	}
}

Know limitations:

  • SecuredButton may not be applied on a <input type="submit" /> ; The lock icon is not displayed

Sources

package com.googlecode.wicket.jquery.ui.samples.jqueryui.button;

import org.apache.wicket.Component;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.markup.html.form.Form;

import com.googlecode.wicket.jquery.core.IJQuerySecurityProvider;
import com.googlecode.wicket.jquery.ui.form.button.SecuredAjaxButton;
import com.googlecode.wicket.jquery.ui.form.button.SecuredButton;
import com.googlecode.wicket.jquery.ui.panel.JQueryFeedbackPanel;
import com.googlecode.wicket.jquery.ui.samples.SampleRoles;
import com.googlecode.wicket.jquery.ui.samples.SampleSession;
import com.googlecode.wicket.jquery.ui.samples.panel.LoginPanel;

public class SecuredButtonPage extends AbstractButtonPage implements IJQuerySecurityProvider
{
	private static final long serialVersionUID = 1L;

	public SecuredButtonPage()
	{
		this.add(new LoginPanel("login"));

		final Form<Void> form = new Form<Void>("form");
		this.add(form);

		/* FeedbackPanel */
		form.add(new JQueryFeedbackPanel("feedback"));

		/* Button 1: The Session extends IJQuerySecurityProvider, no need to provide the IJQuerySecurityProvider parameter */
		form.add(new SecuredButton("submit", SampleRoles.DEMO_ROLE) {

			private static final long serialVersionUID = 1L;

			@Override
			public void onSubmit()
			{
				SecuredButtonPage.this.info(this);
			}
		});

		/* Button 2: The Page (this) extends IJQuerySecurityProvider, we pass it to the constructor */
		form.add(new SecuredAjaxButton("button", this, SampleRoles.DEMO_ROLE) {

			private static final long serialVersionUID = 1L;

			@Override
			protected void onSubmit(AjaxRequestTarget target)
			{
				SecuredButtonPage.this.info(this);
				target.add(form);
			}
		});
	}

	/**
	 * @see IJQuerySecurityProvider#hasRole(String...)
	 */
	@Override
	public boolean hasRole(String... roles)
	{
		return SampleSession.get().hasRole(roles);
	}

	private void info(Component component)
	{
		this.info(component.getMarkupId() + " has been clicked");
	}
}
<!DOCTYPE html>
<html xmlns:wicket="http://wicket.apache.org">
<head>
<wicket:head>
	<title>Wicket jQuery UI: secured button</title>
</wicket:head>
</head>
<body>
<wicket:extend>
	<div id="demo-panel">
		<div wicket:id="login" style="float: right;"></div>
		<form wicket:id="form">
			<button wicket:id="submit">Submit</button>
			<button wicket:id="button">Ajax Button</button>
			<br/><br/>
			<div wicket:id="feedback" style="width: 360px;"></div>
		</form>
	</div>
</wicket:extend>
</body>
</html>