Build it, try it, fix it, make it fast.
Assumptions are the root of all evil.
Martijn
On Wed, Aug 13, 2008 at 9:45 AM, Wayne Pope
<[EMAIL PROTECTED]> wrote:
> Hi Igor,
>
> thanks for the pointer.
>
> However if I understand this correctly I would still need to setmetadata for
> every component, as every page can only be accessed by users - ie they must
> be logged in. i.e link.setmetadata(mysecuritykey, roles.basicuser);
>
> Am I correct that iactionauthorized will be called for every new page for
> every new user? Is this not a super hot spot and needs to be very efficient?
>
> thanks
> Wayne
>
> On Tue, Aug 12, 2008 at 7:27 PM, Igor Vaynberg <[EMAIL PROTECTED]>wrote:
>
>> you only implement the one strategy instance and let it control all
>> your components
>>
>> eg you have a link that is only visible to "editors", you can do
>> something like this
>>
>> link link=new link("link") {...}
>> link.setmetadata(mysecuritykey, roles.editor);
>>
>> and in your security strategy
>>
>> iactionauthorized (component c, action action) {
>> if (action==component.render) {
>> role role=c.getmetadata(mysecuritykey);
>> if (role==null) { return true; } else { return user.hasrole(role); }
>> }
>>
>> and just like that you can have role-based visiblity of any component
>>
>> instead of metadata you can also have an interface components implement,
>> etc
>>
>> -igor
>>
>> On Tue, Aug 12, 2008 at 10:08 AM, Wayne Pope
>> <[EMAIL PROTECTED]> wrote:
>> > Hi everyone,
>> >
>> > hope we don't get a double posting, but for some reason the last email
>> > account I used couldn't seem to post. Anyhow !
>> >
>> > Ok so I'm very new around here so firstly I'd like to say hello! I'm
>> looking
>> > to create an online application, and I think I shall be using Wicket, so
>> I
>> > forgive the noob questions etc, but I hope to become good member of the
>> > community once I get to grip with it.
>> >
>> > Ok so first noob question - I need to implement authorization (and
>> > authentication) for my application that we're creating.
>> >
>> > I need to restict access to the application only users of the application
>> > and restrict access to certain pages/components within that depending on
>> > groups or roles.
>> > I'm aware of the IAuthorizationStrategy interface, but from what I can
>> > understand I would need to add listeners for every single component that
>> we
>> > create within the application.
>> > THis seems just crazy and I presume there is a much better way - I see
>> > things like SWARM , but I think I must be missing some basic theory
>> here..
>> >
>> > Any suggestions?
>> >
>> > thanks,
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
--
Become a Wicket expert, learn from the best: http://wicketinaction.com
Apache Wicket 1.3.4 is released
Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
