Yes, I meant the RestartResponseException.
So indeed, if there is no way to access page parameters from the context of
the method isInstantiationAuthorized or isActionAuthorized (ANY INPUT ON
THIS MATTER will be appreciated :-), I will do the authorization check in
the constructor.
thanks!
Benny.
Mr Mean wrote:
>
> On Sun, Jul 27, 2008 at 4:30 PM, Benny Weingarten <[EMAIL PROTECTED]>
> wrote:
>>
>> Hello.
>>
>> First let me congratulate this forum - I have always gotten wonderful
>> responses.
>>
>> In my application I have a bookmarkable picture viewing page. That page
>> should only be viewed by users who have permission. The permissions are
>> stored in the DB.
>>
>> When a user that doesn't have permission tries to access the page, I want
>> him to be redirected to the "picture browsing" page, with an error
>> message
>> explaining that he has no permissions to view the picture he was trying
>> to
>> access.
>>
>> I have read the RoleAuthorizationStrategy and PageAuthorizationStrategy
>> classes and examples, and haven't found a way to make them work for me.
>> That
>> is because, in order ot determind the permission, I need the
>> currentUserID,
>> and the pictureID. The currentUserID is easy anough to obtain through the
>> session, but the pictureID is passed as a parameter to the constructor of
>> the PicturePage.
>>
>> public PicturePage(long pictureID) {
>> ... build the picture page
>> }
>>
>> This parameter isn't available (As far as I know) to the
>> isPageAuthorized(Class pageClass) method of PageAuthorizationStrategy.
>>
>> Thus, I have resolved to perform the authorization check at the
>> constructor
>> of the PicturePage. Is this the correct way of implementing this kind of
>> authorization?
>
> Yes this is a good place to perform any check where you need more then
> just the class info. The drawback is that your page is constructed for
> the most part which could mean that valuable time/resources have been
> wasted should you decline the request at this point.
>
>>
>> In addition, I don't know if it is good practice to throw a
>> RedirectException from the isPageAuthorized() method?
>
> Considering that isInstantiationAuthorized (which calls that method
> will trigger an exception if you return false, it is allright to throw
> an exception, however i hope you mean you throw a
> RestartResponseException? If not you should use that.
>
> Maurice
>
>>
>> thanks,
>> Benny.
>> --
>> View this message in context:
>> http://www.nabble.com/Page-specific-authorization-tp18676911p18676911.html
>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
View this message in context:
http://www.nabble.com/Page-specific-authorization-tp18676911p18684771.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
