In my opinion there is nothing 'wrong' with auth-roles. but they are limited in scope. Fortunately the code base is really small so it wouldn't take that much effort to roll your own based on that code.
That said, I think that a lot of applications can live with the 3 levels of authorization: none, user and admin provided by auth-roles. Martijn (who likes using auth-roles) On 1/14/08, Dan Kaplan <[EMAIL PROTECTED]> wrote: > I guess I'll have to read about swarm/wasp to read about what fancy features > I'm missing out on. But, ATM, I'm content to stay with it because > auth-roles are simple and allow me to move on to the actual content of my > webapp. Am I going to be kicking myself later for that choice? > > -----Original Message----- > From: Igor Vaynberg [mailto:[EMAIL PROTECTED] > Sent: Monday, January 14, 2008 1:55 PM > To: users@wicket.apache.org > Subject: Re: Type safe roles for AUTH-ROLES? > > heh. it is a functional example of a fully implemented authorization > strategy. but it doesnt have any fancy features, nor will they be > added to it in the future. it is meant to serve as an example, so > users can see how to implement their own authorization strategies. > > what more do you want me to say exactly? > > -igor > > > On Jan 14, 2008 1:51 PM, Dan Kaplan <[EMAIL PROTECTED]> wrote: > > What? Really? Fuck. Can you please elaborate? Did I waste every second > > of the time I spent looking at the examples on wicketstuff? I applied > these > > examples to my webapp. Did I implement some type of "pretend" > authorization > > strategy? > > > > > > -----Original Message----- > > From: Igor Vaynberg [mailto:[EMAIL PROTECTED] > > Sent: Saturday, January 12, 2008 10:31 AM > > To: users@wicket.apache.org; [EMAIL PROTECTED] > > Subject: Re: Type safe roles for AUTH-ROLES? > > > > wicket-auth-roles is just an example. its not really meant to be > > something you drop into your application, for that there is > > wicketstuff-wasp and wicketstuff-swarm > > > > -igor > > > > > > On Jan 12, 2008 9:14 AM, Jeremy Thomerson <[EMAIL PROTECTED]> > > wrote: > > > I have several successful Wicket projects going, and in all have used my > > own > > > authorization strategy based on annotations. I'm just trying > > > wicket-auth-roles for my next project, but seem confused by the apparent > > > String-only roles. I already have a domain model where a User has a > Role > > or > > > Role(s), where Role is a class. This promotes type-safety, etc, etc. > > > > > > But, I can't go: > > > > > > @AuthorizeInstantiation({ Role.ADMIN, Role.SUPER_USER, > > > Role.MEMBER_SERVICE_REP, Role.MEMBER }) > > > > > > I also can't do: > > > > > > @AuthorizeInstantiation({ Role.ADMIN.name(), Role.SUPER_USER.name (), > > > Role.MEMBER_SERVICE_REP.name(), Role.MEMBER.name() }) > > > > > > So, do I *have* to use Strings? Or is there another way? If I have to > > use > > > Strings, then I either have to redefine all my roles and change how the > DB > > > stores them, or just use the names of my own roles (i.e . "SUPER_USER" > > which > > > later my UserAuthorizer does a Role.valueOf(String) on), and risk typoes > > > messing me up, or have Role.SUPER_USER and Role.SUPER_USER_NAME as a > > public > > > static final String. > > > > > > It's been a long week - I could be missing something. > > > > > > Thanks in advance. > > > > > > Jeremy > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Buy Wicket in Action: http://manning.com/dashorst Apache Wicket 1.3.0 is released Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.0 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
