Re: @AuthorizeInstanciation and several roles

[Sébastien Piller]

Well, with swarm I do need to define the policy files, which isn't trivial for me (I never saw this kind of syntax before).  And there is a lot of new classes/interfaces in this api (SwarmWebApp, Principal, SwarmActionFactory, LoginContext, ...) with no much documentation. It's not easy to transform an AuthenticatedWebApp in a SwarmWebApp. I think wicket-auth-roles is more clear and easy to use (just to put an annotation and implement getRoles in the session). It's trivial and looks pretty. When I need to, I manually enable/disable the links. It's easy to implement with my layout. I think some clear and simple examples using swarm with users extracted from a db will be a very good improvement. (with login page, normal pages, securized pages and several security levels) If so, I might upgrade my app to use swarm. But for now it looks too complicated for just autorizing instantiation. And last but not least, swarm/wasp are both in version 0.1 beta, I'd prefer to wait for a stable release or at least a rc. (my app will be in production soon) Thanks Maurice Marrink a écrit : Hi, I'm wondering what exactly about swarm you find difficult or too complex. Perhaps we can make some improvements. preventing pages in swarm to be constructed is as complex as extending SecureWebPage. Off course you need to create a policy for those 3 types of users, containing you're secure pages. About hiding links to pages people are not supposed to come, it will spare your users from hitting the access denied page. It tends to annoy people: if the app knows i'm not allowed to go there then why can i click on that link anyway, etc. Maurice On Dec 31, 2007 1:05 AM, Pills <[EMAIL PROTECTED]> wrote: Hello, I'm using the wicket-auth-roles package to allow or restrict access to some pages. I need to autorize the instanciation of some pages to several roles. Is it possible to write something like: @AuthorizeInstanciation("poweruser,admin,sysadmin") class Mypage extends WebPage {...} and something like this in my authenticated session: public Roles getRoles() { return new Roles(new String[] {"poweruser","admin","sysadmin"}); } If it's possible, what is the right syntax? PS: I've read a bit about wasp/swarm, but it looks too much complicated for my needs (I just need to prevent some components to be instantiated for some kinds of users). Hiding/showing links and such fonctionnality is not needed Thank you ;) -- View this message in context: http://www.nabble.com/%40AuthorizeInstanciation-and-several-roles-tp14552711p14552711.html Sent from the Wicket - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]