Hi,
for every item in a table there's a "delete" link, which should be only visible for certain users. ProductAreaListPage.html: --------------------------------- <tr wicket:id="productAreaTable" class="list"> <td><span wicket:id="id">[id]</span></td> <td><span wicket:id="name">[name]</span></td> <td><span wicket:id="description">[description]</span></td> <td><a wicket:id="editProductArea">Edit…</a></td> <td><a wicket:id="adminProducts">Products…</a></td> <td><a wicket:id="deleteProductArea">Delete…</a></td> </tr> I created a class for the secure link: --------------------------------------------------- public abstract class SecureLink extends Link implements ISecureComponent { private static final long serialVersionUID = 1L; public SecureLink(String id, Class c) { super(id); setSecurityCheck(new LinkSecurityCheck(this, c)); } public ISecurityCheck getSecurityCheck() { return SecureComponentHelper.getSecurityCheck(this); } public boolean isActionAuthorized(String waspAction) { return SecureComponentHelper.isActionAuthorized(this, waspAction); } public boolean isActionAuthorized(WaspAction action) { return SecureComponentHelper.isActionAuthorized(this, action); } public boolean isAuthenticated() { return SecureComponentHelper.isAuthenticated(this); } public void setSecurityCheck(ISecurityCheck check) { SecureComponentHelper.setSecurityCheck(this, check); } } First I tried to use the ComponentSecurityCheck, because I have no real click target ( I used ProductAreaListPage.class as parameter in the constructor as dummy). Because the LinkSecurityCheck behaves as ClassSecurityCheck per default, I called setUseAlternativeRenderCheck to change to ComponentSecurityCheck. ProductAreaListPage.java: --------------------------------- private class ProductAreaVisibleDataView extends ProductAreaDataView { public ProductAreaVisibleDataView(String id, IDataProvider dataProvider) { super(id, dataProvider); } protected void populateItem(final Item item) { super.populateItem(item); final ProductArea productArea = (ProductArea) item.getModelObject(); SecureLink deleteLink = new SecureLink("deleteProductArea", ProductAreaListPage.class) { private static final long serialVersionUID = 1L; public void onClick() { if (productArea.getDeleted()) return; productArea.setDeleted(true); productAreaService.save(productArea); invalidateDataProviders(); } }; ((LinkSecurityCheck)deleteLink.getSecurityCheck()).setUseAlternativeRenderCheck(true); item.add(deleteLink); } } Because the wicket id deleteProductArea exists for each item in the list, my policy file would need such permission for each item. This is no real solution, because I don't know, how many items the list will contain (But it worked in the example for the first 4 items). Appl.hive: ------------ // Product area list page - Delete link permission ${ComponentPermission} "${front}.ProductAreaListPage:resultPanel:productAreaTable:1:deleteProductArea", "inherit, render"; permission ${ComponentPermission} "${front}.ProductAreaListPage:resultPanel:productAreaTable:2:deleteProductArea", "inherit, render"; permission ${ComponentPermission} "${front}.ProductAreaListPage:resultPanel:productAreaTable:3:deleteProductArea", "inherit, render"; permission ${ComponentPermission} "${front}.ProductAreaListPage:resultPanel:productAreaTable:4:deleteProductArea", "inherit, render"; So I tried to change to use the ClassSecurityCheck. There the user must have rights for the target class. I created a dummy class: ClickTargetDummy.java: ------------------------------* *package xxx.yyy.zzz.front.security; public class ClickTargetDummy { } ProductAreaListPage.java: --------------------------------- SecureLink deleteLink = new SecureLink("deleteProductArea", ClickTargetDummy.class) { private static final long serialVersionUID = 1L; public void onClick() { if (productArea.getDeleted()) return; productArea.setDeleted(true); productAreaService.save(productArea); invalidateDataProviders(); } }; Appl.hive: --------- permission ${ComponentPermission} "${front}.security.ClickTargetDummy", "inherit, render, enable"; This solution works, but I have to create the dummy class. Perhaps other solutions are possible ??? Thanks in advance Andrea Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! *http://smartsurfer.web.de/?mc=100071&distributionid=000000000066* [http://smartsurfer.web.de/?mc=100071&distributionid=000000000066]