I have several successful Wicket projects going, and in all have used my own authorization strategy based on annotations. I'm just trying wicket-auth-roles for my next project, but seem confused by the apparent String-only roles. I already have a domain model where a User has a Role or Role(s), where Role is a class. This promotes type-safety, etc, etc.
But, I can't go: @AuthorizeInstantiation({ Role.ADMIN, Role.SUPER_USER, Role.MEMBER_SERVICE_REP, Role.MEMBER }) I also can't do: @AuthorizeInstantiation({ Role.ADMIN.name(), Role.SUPER_USER.name (), Role.MEMBER_SERVICE_REP.name(), Role.MEMBER.name() }) So, do I *have* to use Strings? Or is there another way? If I have to use Strings, then I either have to redefine all my roles and change how the DB stores them, or just use the names of my own roles (i.e . "SUPER_USER" which later my UserAuthorizer does a Role.valueOf(String) on), and risk typoes messing me up, or have Role.SUPER_USER and Role.SUPER_USER_NAME as a public static final String. It's been a long week - I could be missing something. Thanks in advance. Jeremy