you only implement the one strategy instance and let it control all
your components
eg you have a link that is only visible to "editors", you can do
something like this
link link=new link("link") {...}
link.setmetadata(mysecuritykey, roles.editor);
and in your security strategy
iactionauthorized (component c, action action) {
if (action==component.render) {
role role=c.getmetadata(mysecuritykey);
if (role==null) { return true; } else { return user.hasrole(role); }
}
and just like that you can have role-based visiblity of any component
instead of metadata you can also have an interface components implement, etc
-igor
On Tue, Aug 12, 2008 at 10:08 AM, Wayne Pope
<[EMAIL PROTECTED]> wrote:
> Hi everyone,
>
> hope we don't get a double posting, but for some reason the last email
> account I used couldn't seem to post. Anyhow !
>
> Ok so I'm very new around here so firstly I'd like to say hello! I'm looking
> to create an online application, and I think I shall be using Wicket, so I
> forgive the noob questions etc, but I hope to become good member of the
> community once I get to grip with it.
>
> Ok so first noob question - I need to implement authorization (and
> authentication) for my application that we're creating.
>
> I need to restict access to the application only users of the application
> and restrict access to certain pages/components within that depending on
> groups or roles.
> I'm aware of the IAuthorizationStrategy interface, but from what I can
> understand I would need to add listeners for every single component that we
> create within the application.
> THis seems just crazy and I presume there is a much better way - I see
> things like SWARM , but I think I must be missing some basic theory here..
>
> Any suggestions?
>
> thanks,
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
