Hi Igor, thanks for the pointer.
However if I understand this correctly I would still need to setmetadata for every component, as every page can only be accessed by users - ie they must be logged in. i.e link.setmetadata(mysecuritykey, roles.basicuser); Am I correct that iactionauthorized will be called for every new page for every new user? Is this not a super hot spot and needs to be very efficient? thanks Wayne On Tue, Aug 12, 2008 at 7:27 PM, Igor Vaynberg <[EMAIL PROTECTED]>wrote: > you only implement the one strategy instance and let it control all > your components > > eg you have a link that is only visible to "editors", you can do > something like this > > link link=new link("link") {...} > link.setmetadata(mysecuritykey, roles.editor); > > and in your security strategy > > iactionauthorized (component c, action action) { > if (action==component.render) { > role role=c.getmetadata(mysecuritykey); > if (role==null) { return true; } else { return user.hasrole(role); } > } > > and just like that you can have role-based visiblity of any component > > instead of metadata you can also have an interface components implement, > etc > > -igor > > On Tue, Aug 12, 2008 at 10:08 AM, Wayne Pope > <[EMAIL PROTECTED]> wrote: > > Hi everyone, > > > > hope we don't get a double posting, but for some reason the last email > > account I used couldn't seem to post. Anyhow ! > > > > Ok so I'm very new around here so firstly I'd like to say hello! I'm > looking > > to create an online application, and I think I shall be using Wicket, so > I > > forgive the noob questions etc, but I hope to become good member of the > > community once I get to grip with it. > > > > Ok so first noob question - I need to implement authorization (and > > authentication) for my application that we're creating. > > > > I need to restict access to the application only users of the application > > and restrict access to certain pages/components within that depending on > > groups or roles. > > I'm aware of the IAuthorizationStrategy interface, but from what I can > > understand I would need to add listeners for every single component that > we > > create within the application. > > THis seems just crazy and I presume there is a much better way - I see > > things like SWARM , but I think I must be missing some basic theory > here.. > > > > Any suggestions? > > > > thanks, > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >