Future of Pax Wicket, part 3.
OSGi UserAdmin talks about "Required Roles" and "Basic Roles" for the authorization process. It means "The User must have All Required Roles and any of the Basic Roles" defined in the action or whatever is being authorized. We kind of like this concept, and IIRC it exist in JAAS in a similar form as well. So, if the AbstractContentSource can be assigned those "authorization roles", the creation process of the content could be handled mostly hidden to the average developer, and the roles to be changed in runtime, unlike what we find in wicket's annotation based authorization model. Now, the question is how are these "authorization roles" being assigned? We could introduce the addBasicRole, removeBasicRole, addRequiredRole and removeRequiredRole to the interface or the AbstractContentSource, but it seems like they won't be used much nor easily. The authorization sounds like being either hardcoded into place, or being set by some type of management solution, in which case they could be provided via the Configuration Admin service. Feedback of ideas in this area is appreciated. Cheers Niclas _______________________________________________ general mailing list [email protected] http://lists.ops4j.org/mailman/listinfo/general
