Actually I am not going to use anything from wicket staff here. I have just one role - a user which is logged in :) And so I am just going to use the RENDER action defined by wicket to avoid an explicit call of setVisible () and to use authorization mechanism instead to hide components from guests (who is not logged in). I guess the isActionAuthorized () method of the IAuthorizationStrategy class is a rigth place to do the check. The only thing is missing for me is how to add an auth info to a particular component. This info can be extracted later by isActionAuthorized () to decide weither rendering allowed or not.
On Sat, Mar 29, 2008 at 6:54 PM, Maurice Marrink <[EMAIL PROTECTED]> wrote: > Using either wicket-auth-roles or swarm you typically only declare > which action you want to check and don't do the actual check yourself > unless you plan on doing something special. > How you declare which action is required depends on the security > framework you are using. > In wicket-auth-roles you add an AuthorizeActions annotation. > In swarm you declare permissions in a policy file, which are or are > not granted to the user. > > Maurice > > > > On Fri, Mar 28, 2008 at 4:42 PM, Vitaly Tsaplin > <[EMAIL PROTECTED]> wrote: > > Hi people, > > > > My question is simple... :) How to use an action level > > authorization. I cannot find any info or example. > > As I can guess I have to associate a role using setMetaData () with > > a component and then in IAuthorizationStrategy.isActionAuthorized () I > > do an actual check by taking the associated role from the given > > component by key and comparing it with a role of a current user. Is it > > correct guess? > > > > Vitaly > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
