[Wicket-user] Authorization-question
Hi, I've got a scenario where I would like to filter rendering of components based on a users role but the roles change depending on a page parameter, ie: - PageA has a page parameter teamId - if the teamId is 1 the User is admin (for that particular team) - if the teamId is 2 the User is an ordinary user Every page in the application works in the same way. In my other attempts with wicket and authorization I used an AuthenticatedWebSession and annotations to filter the components but I don't see how I can combine that with a page parameter? Any ideas? /Mats - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Authorization-question
here is some pseudo code:class BaseTeamPage extends Webpage { private final long teamid; public long getteamid() { return teamid; } public BaseTeamPage(long teamid) { this.teamid=teamid
; }}isactionallowed(Component c, Action act) { if (act==Component.VISIBLE) { if (c.getPage()!=nullc.getPage() instanceof BaseTeamPage) { final BaseTeamPage page=
c.getPage(); long teamid=page.getteamid(); from here on you have the team id so you can do whateverhope it gets you started-Igor
On 7/30/06, Mats Norén [EMAIL PROTECTED] wrote:
Hi,I've got a scenario where I would like to filter rendering ofcomponents based on a users role but the roles change depending on apage parameter, ie:- PageA has a page parameter teamId- if the teamId is 1 the User is admin (for that particular team)
- if the teamId is 2 the User is an ordinary userEvery page in the application works in the same way.In my other attempts with wicket and authorization I used anAuthenticatedWebSession and annotations to filter the components but I
don't see how I can combine that with a page parameter?Any ideas?/Mats-Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share youropinions on IT business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV___Wicket-user mailing listWicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Authorization-question
Ah, neat. OO to the rescue :)
On 7/31/06, Igor Vaynberg [EMAIL PROTECTED] wrote:
here is some pseudo code:
class BaseTeamPage extends Webpage {
private final long teamid;
public long getteamid() { return teamid; }
public BaseTeamPage(long teamid) {
this.teamid=teamid ;
}
}
Did you mean isActionAuthorized here?
From the IAuthorizationStrategy?
isactionallowed(Component c, Action act) {
if (act==Component.VISIBLE) {
if (c.getPage()!=nullc.getPage() instanceof BaseTeamPage) {
final BaseTeamPage page= c.getPage();
long teamid=page.getteamid(); from here on you have
the team id so you can do whatever
The problem is that I don't really see how I can get the different
roles associated with the User-object based on the teamId and get a
chance to compare them.
I'm guessing that the isActionAuthorized(Component comp, Action act)
gets called on every component render and I don't want to hit my db
(although I'm using Hibernate and it's cache) every time I render a
component.
Is it safe to get the User-object from the session via the page?
My current implementation of a user object is actually a Person-object:
Person
SetTeamPerson teamPersons;
TeamPerson
SetTeamPersonRole roles;
TeamPersonRole
id
name
Is there a way I can use to extend/use the annotation-approach? Or
mabye combine the two?
I'm guessing that there will eventually be a mixture of pages that
depend on a team and pages that are for every team so to speak.
Btw, thanks for the quick reply! :)
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Authorization-question
i wouldnt recommend doint this in session because user entity will become detached, i would instead do it in the requestcycle so the user is loaded once per request((MyRequestCycle)RequestCycle.get()).getUser();
MyRequestCycle { private transient User user; getuser() { if (user==null) { user=loaduser(session.get().getuserid()); } onendrequest() { user=null; }}-Igor
On 7/30/06, Mats Norén [EMAIL PROTECTED] wrote:
Ah, neat. OO to the rescue :)On 7/31/06, Igor Vaynberg [EMAIL PROTECTED] wrote: here is some pseudo code: class BaseTeamPage extends Webpage {
private final long teamid; public long getteamid() { return teamid; } public BaseTeamPage(long teamid) { this.teamid=teamid ;} }
Did you mean isActionAuthorized here?From the IAuthorizationStrategy? isactionallowed(Component c, Action act) { if (act==Component.VISIBLE) {if (
c.getPage()!=nullc.getPage() instanceof BaseTeamPage) {final BaseTeamPage page= c.getPage();long teamid=page.getteamid(); from here on you have the team id so you can do whatever
The problem is that I don't really see how I can get the differentroles associated with the User-object based on the teamId and get achance to compare them.I'm guessing that the isActionAuthorized(Component comp, Action act)
gets called on every component render and I don't want to hit my db(although I'm using Hibernate and it's cache) every time I render acomponent.Is it safe to get the User-object from the session via the page?
My current implementation of a user object is actually a Person-object:Person SetTeamPerson teamPersons;TeamPerson SetTeamPersonRole roles;TeamPersonRole id
nameIs there a way I can use to extend/use the annotation-approach? Ormabye combine the two?I'm guessing that there will eventually be a mixture of pages thatdepend on a team and pages that are for every team so to speak.
Btw, thanks for the quick reply! :)-Take Surveys. Earn Cash. Influence the Future of ITJoin SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT business topics through brief surveys -- and earn cashhttp://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___Wicket-user mailing listWicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
[Wicket-user] AJaxTabbedPanel and AjaxSelfUpdatingTimerBehavior
Hi, I noticed when I added a Behavior (i.e. AjaxSelfUpdatingTimerBehavior) to my components in a Panel that was then added as a tab to the AjaxTabbedPanel, that the javascript was not added to resulting markup, when the tab containing my Panel was selected. I understand why this is, since the entire page does not change when a tab change occurs, so there is no way to add the javascript to the onload attribute of the body tag. So I was wondering if you could recommend any other way to have the script be added to the page. Is my only option to extend the AjaxTabbedPanel, and override the onAjaxUpdate(AjaxRequestTarget) method, and then manually add the javascript to the request target myself? -- Also, I was testing your Frames example code, and experienced the Page Expired message. I've read documentation indicating that different Page Maps should be specified to prevent this. How do you do that in a situation like your Frames example where one of the frames to be displayed is dependent on the Link in another frame being clicked. I can reproduce the Page Expired error, on your Live wicket-examples site. 1) Goto http://www.wicket-library.com/wicket-examples/frames 2) 'Click' Source Code (Which opens a new browser window) 3) Go back to the original browser window, and 'Click' the Page 2, link.( A Page Expired ) message should appear. Thanks in advance for any details you can provide me about these things. -Lorin - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
