why don't:
public class ArticleManager extends WebPage {
public ArticleManager(String id){
AjaxLink editButton = new AjaxLink(editButton) {
@Override
public void onClick(AjaxRequestTarget target) {
Hi
I wrote an AuthorizationManager which checks if a user is authorized to
access a given resource.
An an example, I have an EditPage to edit articles. Only users with
the write privilege should be able to access this page.
I call therefor the AuthorizationManager.authorize(); Method to check
the
i was being facetious :)
-igor
On Tue, May 26, 2009 at 10:39 PM, Jeremy Thomerson
jer...@wickettraining.com wrote:
I didn't mean than yours - Igor - I meant more than the original
request. He simply requested basically exactly what you gave him. In
mine, each permission can be granted
My code was bigger but I didn't want to brag :-)
On Tue, 26 May 2009 23:11:06 -0700, Igor Vaynberg wrote:
i was being facetious :)
-igor
On Tue, May 26, 2009 at 10:39 PM, Jeremy Thomerson
jer...@wickettraining.com wrote:
I didn't mean than yours - Igor - I meant more than the original
Hi all,
I am tech leading our first Wicket project, and I and my co-workers are
new to Wicket, but we have been having a good experience in the first
few weeks.
We have come across an challenge relating to security authorization that
I would appreciate some advice regarding. Here are the
/
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
--
View this message in context:
http://www.nabble.com/What%27s-the-simplest-way-to-do-Context-sensitive-Authorization-in-Wicket--tp23733965p23734099.html
Sent
Marco Santos wrote:
On the book Wicket in Action there is a chapter (12) that cover the
Authentication and the Authorization. It will be very useful to you, and is
very easy to understand and implement.
Well no.. actually.
As I made clear in my question, I need to do _context-sensitive_
class EditListingLink extends LinkListing {
protected void isEnabled() {
Listing listing=getModelObject();
return MySession.get().getUser().equals(listing.getAuthor());
}
}
-igor
On Tue, May 26, 2009 at 6:12 PM, Ben Hutchison b...@ibsglobalweb.com wrote:
Marco Santos wrote:
On
Igor,
Your suggestion seems to be based on security through obscurity, ie
hiding the Edit link rather than securing the Edit page? Thus, if an
unauthorized user knows or discovers the URL of the edit page (eg from
browser history), what stops them from editing another user's listing?
-Ben
if the edit page is not bookmarkable - and edit pages are not unless
you make them so for whatever reason - then there is no way for the
user to build the url unless wicket builds it. so this is hardly
security by obscurity.
security pages is trivial
class mystrategy implements
I have built an auth strategy similar to the one below, but more
generic that could be applied through my whole application. i.e.:
I have an interface IUserOwnedEntity
I have an interface IEntity
Then, it is basically as follows (mine is actually much more complex
and dynamic than yours, but
On Tue, May 26, 2009 at 9:57 PM, Jeremy Thomerson
jer...@wickettraining.com wrote:
(mine is actually much more complex
and dynamic than yours, but this is the basic idea that you could
apply to yours and build with your domain)
i hope so - seeing how mine was written in about ten seconds :)
12 matches
Mail list logo