for a set of pages that require the user to be logged in use the class
hieararchy.
class mybasepage extends webpage
class mysecurepage extends mybasepage
now in your security strategy only allow access to derivatives of
mysecurepage when the user is logged in
-igor
On Wed, Aug 13, 2008 at 12:45 AM, Wayne Pope
<[EMAIL PROTECTED]> wrote:
> Hi Igor,
>
> thanks for the pointer.
>
> However if I understand this correctly I would still need to setmetadata for
> every component, as every page can only be accessed by users - ie they must
> be logged in. i.e link.setmetadata(mysecuritykey, roles.basicuser);
>
> Am I correct that iactionauthorized will be called for every new page for
> every new user? Is this not a super hot spot and needs to be very efficient?
>
> thanks
> Wayne
>
> On Tue, Aug 12, 2008 at 7:27 PM, Igor Vaynberg <[EMAIL PROTECTED]>wrote:
>
>> you only implement the one strategy instance and let it control all
>> your components
>>
>> eg you have a link that is only visible to "editors", you can do
>> something like this
>>
>> link link=new link("link") {...}
>> link.setmetadata(mysecuritykey, roles.editor);
>>
>> and in your security strategy
>>
>> iactionauthorized (component c, action action) {
>> if (action==component.render) {
>> role role=c.getmetadata(mysecuritykey);
>> if (role==null) { return true; } else { return user.hasrole(role); }
>> }
>>
>> and just like that you can have role-based visiblity of any component
>>
>> instead of metadata you can also have an interface components implement,
>> etc
>>
>> -igor
>>
>> On Tue, Aug 12, 2008 at 10:08 AM, Wayne Pope
>> <[EMAIL PROTECTED]> wrote:
>> > Hi everyone,
>> >
>> > hope we don't get a double posting, but for some reason the last email
>> > account I used couldn't seem to post. Anyhow !
>> >
>> > Ok so I'm very new around here so firstly I'd like to say hello! I'm
>> looking
>> > to create an online application, and I think I shall be using Wicket, so
>> I
>> > forgive the noob questions etc, but I hope to become good member of the
>> > community once I get to grip with it.
>> >
>> > Ok so first noob question - I need to implement authorization (and
>> > authentication) for my application that we're creating.
>> >
>> > I need to restict access to the application only users of the application
>> > and restrict access to certain pages/components within that depending on
>> > groups or roles.
>> > I'm aware of the IAuthorizationStrategy interface, but from what I can
>> > understand I would need to add listeners for every single component that
>> we
>> > create within the application.
>> > THis seems just crazy and I presume there is a much better way - I see
>> > things like SWARM , but I think I must be missing some basic theory
>> here..
>> >
>> > Any suggestions?
>> >
>> > thanks,
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
