X-Git-Url: http://wamblee.org/gitweb/?a=blobdiff_plain;f=src%2Fmain%2Fjava%2Forg%2Fwamblee%2Fphotos%2Fwicket%2FBasePage.java;h=c7f8e1f0013b1a702621b8406c5d3c6b22645bde;hb=dd3886dec356fe854a8498b070ca21bdfb0d56d2;hp=d4bdc115b3c0a57264c773f0b94c6009ce7f7d16;hpb=8845e7fe6141ccc98fd070ee4e653941f6e60508;p=photos

diff --git a/src/main/java/org/wamblee/photos/wicket/BasePage.java b/src/main/java/org/wamblee/photos/wicket/BasePage.java
index d4bdc11..c7f8e1f 100644
--- a/src/main/java/org/wamblee/photos/wicket/BasePage.java
+++ b/src/main/java/org/wamblee/photos/wicket/BasePage.java
@@ -15,12 +15,19 @@
  */
 package org.wamblee.photos.wicket;
 
+import java.security.Principal;
+import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.wicket.RedirectToUrlException;
 import org.apache.wicket.markup.html.CSSPackageResource;
+import org.apache.wicket.markup.html.WebMarkupContainer;
 import org.apache.wicket.markup.html.WebPage;
 import org.apache.wicket.markup.html.basic.Label;
 import org.apache.wicket.markup.html.link.Link;
 import org.apache.wicket.markup.html.panel.FeedbackPanel;
 import org.apache.wicket.model.IModel;
+import org.wamblee.security.authentication.UserAdministration;
 import org.wamblee.wicket.behavior.TitleAttributeTooltipBehavior;
 import org.wamblee.wicket.css.ResetCssBehavior;
 import org.wamblee.wicket.page.ExpireBehavior;
@@ -28,6 +35,12 @@ import org.wamblee.wicket.page.WebApplicationBasePage;
 
 public class BasePage extends WebApplicationBasePage {
 
+    @Inject
+    private HttpServletRequest request;
+
+    @Inject
+    private transient UserAdministration userAdmin;
+
     private boolean isExpired = false;
 
     public BasePage() {
@@ -36,10 +49,20 @@ public class BasePage extends WebApplicationBasePage {
 
     public BasePage(IModel aModel) {
         super(aModel);
+
+        Principal userPrincipal = request.getUserPrincipal();
+        if (userPrincipal == null) {
+            throw redirectToLoginPage();
+        }
+        String username = userPrincipal.getName();
+        if (isAdminPage() && !isAdministrator(username)) {
+            error("Unauthorized URL accessed");
+            throw redirectToLoginPage();
+        }
+
         add(new ResetCssBehavior());
         add(new TitleAttributeTooltipBehavior());
-        add(CSSPackageResource.getHeaderContribution(BasePage.class,
-            "photos.css"));
+        add(CSSPackageResource.getHeaderContribution(BasePage.class, "photos.css"));
         disableCaching();
 
         add(new FeedbackPanel("feedback"));
@@ -56,8 +79,27 @@ public class BasePage extends WebApplicationBasePage {
             @Override
             public void onClick() {
                 getRequestCycle().getSession().invalidate();
+                throw redirectToLoginPage();
             }
         });
+
+        WebMarkupContainer adminAccess = new WebMarkupContainer("adminAccess");
+        if (!isAdministrator(username)) {
+            adminAccess.setVisible(false);
+        }
+        add(adminAccess);
+    }
+
+    protected boolean isAdminPage() {
+        return false;
+    }
+
+    protected boolean isAdministrator(String aUsername) {
+        return userAdmin.isInGroup(aUsername, "administrators");
+    }
+
+    private RedirectToUrlException redirectToLoginPage() {
+        return new RedirectToUrlException("login.jsp");
     }
 
     public void setExpired(boolean aExpired) {