Maurice, Session.error() is how I ended up solving my problem. But, I formatted the message in my session and then ended up calling error(...), that way SwarmStrategy was just returning the denied Principals. I did not get as far as placing the message in a Properties file. I was not sure how to accommodate multiple denied Principals. As far as the multiple principals in my app, I simply formatted my message like this:
Users in User Group XXX do not have Access to "Access Denied Principal 1" and "Access Denied Principal 2" ... I know that this can get a little verbose, but I am trying to set up my policy file so that any one permission does not end up in too many different Principals. This will probably be an issue when using the "inherit" action though. > -----Original Message----- > From: Maurice Marrink [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 19, 2008 1:27 PM > To: [email protected] > Subject: Re: Wicket-security wish list > > > Thanks, > > Glad i could help. > > I like the idea of custom error messages but i doubt i will make them > configurable in the policy file, mainly because i would like to follow > the jaas policy format as close as possible and because a permission > can be part of multiple principals: what would we do then display the > message from each principal? > I am thinking more in the lines of using Session.error() to display > localized messages in the properties files currently used by wicket. > But I will have to think about this. Thanks for the suggestion. > I have created a jira issue so i won't forget it :) > http://wicketstuff.org/jira/browse/WSSWARM-6 > > Maurice > > On Feb 19, 2008 8:47 PM, Warren <[EMAIL PROTECTED]> wrote: > > Maurice, > > > > I was thinking about this "Access Denied" message problem I have been > > working on and thought up some features that might be useful in future > > releases. It would be nice to be able to configure "Access > Denied" messages > > directly into the hive like this: > > > > grant principal > com.scanman.security.authorization.ScanManPrincipal "ScanMan > > Receiving" "Principal Access Denied Message Here" > > { > > permission ${ComponentPermission} "${RecvMenu}", > "inherit, render, enable", > > "Permission Access Denied Message Here"; > > }; > > grant principal > com.scanman.security.authorization.ScanManPrincipal "ScanMan > > Ordering" "Principal Access Denied Message Here" > > { > > permission ${ComponentPermission} "${OrderMenu}", > "inherit, render, > > enable", "Permission Access Denied Message Here"; > > }; > > > > I believe you are following some kind of standard for how the hive is > > set-up, so I am not sure this would work. But anyway, you could > then set-up > > the configuration of how these messages were used in the > > SwarmWebApplication. For Example, put them into the error queue, or take > > advantage of message resources, message keys and localization > and so on. I > > ended up putting these messages into the error queue from > MySwarmStrategy > > and it works great. > > > > I can't imagine that a feature like this would not be of some > value to other > > users. My app has a lot of different levels of security and > permissions that > > the Administrative user can configure within a separate "Point > of Sale" app. > > Messages of this sort are valuable to a user so that security levels and > > permissions can be tweaked to best suit a companies policies. A simple > > "Access Denied" message gives little clue as to why access was denied. > > > > That's my two cents. Thanks for all the help you have given me. > Your project > > surely deserves a lot of credit. > > > > Thanks, > > > > Warren Bell > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
