abstract class securecomponentcontainer extends webmarkupcontainer {
protected component abstract newsecurecomponent(string id);
protected component boolean isauthrorized();
protected void onbeforerender() {
if (isauthorized()) {
replacewith(newsecurecomponent(getid());
}
}
}
have you tried something like this?
-igor
On Fri, Nov 13, 2009 at 11:48 AM, Early Morning
wrote:
> Hi All,
>
> There are cases wherein a user is authorized to view a page, but not a
> component within that page. Currently we set the authorizations needed for a
> component using a custom annotation, and handle the Render and Enable
> actions in a custom AuthorizationStrategy. However, we also have to handle
> authorizations for component instantiation such that the actual code of the
> component should not be run if it is not authorized. This is needed since
> there are many components which retrieve data from a DB or otherwise do
> unnecessary processing which ideally shoudn't be done if the component is
> not authorized for instantiation in the first place.
>
> Is there a way that we can automatically replace that component with a dummy
> component or just not execute the code within the component (say, in the
> onUnauthorizedInstantiation method) in our AuthorizationStrategy? Of course,
> we could manually check within the component whether the processing should
> be done depending on the authorization, but we'd like to avoid that since
> that would mean manually checking authorizations for every component (thus
> rendering the AuthorizationStrategy somewhat redundant). Is there a way for
> us to do this automatically for components where we've set
> isInstantiationAuthorized = false? Thanks!
>
>
> ---Ces
>
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
