I have several successful Wicket projects going, and in all have used my own
authorization strategy based on annotations. I'm just trying
wicket-auth-roles for my next project, but seem confused by the apparent
String-only roles. I already have a domain model where a User has a Role or
Role(s), where Role is a class. This promotes type-safety, etc, etc.
But, I can't go:
@AuthorizeInstantiation({ Role.ADMIN, Role.SUPER_USER,
Role.MEMBER_SERVICE_REP, Role.MEMBER })
I also can't do:
@AuthorizeInstantiation({ Role.ADMIN.name(), Role.SUPER_USER.name (),
Role.MEMBER_SERVICE_REP.name(), Role.MEMBER.name() })
So, do I *have* to use Strings? Or is there another way? If I have to use
Strings, then I either have to redefine all my roles and change how the DB
stores them, or just use the names of my own roles (i.e . "SUPER_USER" which
later my UserAuthorizer does a Role.valueOf(String) on), and risk typoes
messing me up, or have Role.SUPER_USER and Role.SUPER_USER_NAME as a public
static final String.
It's been a long week - I could be missing something.
Thanks in advance.
Jeremy
