[
https://issues.apache.org/jira/browse/WICKET-2089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dominik Drzewiecki updated WICKET-2089:
---------------------------------------
Attachment: annot-revised.patch
Aligned with the patch for WICKET-2101
> Perform authorization for links based on the page annotations they refer to.
> ----------------------------------------------------------------------------
>
> Key: WICKET-2089
> URL: https://issues.apache.org/jira/browse/WICKET-2089
> Project: Wicket
> Issue Type: New Feature
> Components: wicket, wicket-auth-roles
> Affects Versions: 1.4-RC2
> Reporter: Dominik Drzewiecki
> Priority: Minor
> Fix For: 1.4-RC3
>
> Attachments: annot-revised.patch, annot.patch
>
>
> It is a common case to hide links to the pages the user is not allowed to
> reach without a proper role. The proper annotations and strategies are
> already in place but one has to write her own component classes for them to
> be taken into account. While it is nothing unusual to write pages, panels or
> so (and providing authorization annotations on them) and let wicket decide
> whether to show or hide them, it is way less frequent to write Link
> implementations, but rather developers use already provided set of Link
> classes. Moreover, those custom Link implementations would provide no
> functionality over inherited classes, but merely act as a placeholder for the
> authorization annotations, which would be anyway duplicated from the pages
> they are referring to. I suggest extending
> AnnotationsRoleAuthorizationStrategy so that whenever the component to check
> authorization on is of PageLink, BookmarkablePageLink or their descendant
> type, the authorization should be performed first based on their own
> annotations and later on, on the authz annotations of the pages they are
> referring to. A patch following shortly.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
