Hi all,
I am tech leading our first Wicket project, and I and my co-workers are
new to Wicket, but we have been having a good experience in the first
few weeks.
We have come across an challenge relating to security authorization that
I would appreciate some advice regarding. Here are the simple business
rules:
- Site Users can create Listings
- Users can View someone else's Listing
- Users can Edit their own listing.
So the authorization decision needs to examine some context (ie the
Listing), as well as the current user, to determine whether they have an
Edit or View role.
A look at wicket-auth-roles suggested that it did not cater for
context-sensitive roles of this kind? Ie
IRoleCheckingStrategy.hasAnyRole(Roles roles) doesn't allow for any
context parameters on which the strategy might make the decision.
What is the simplest way to address my challenge?
-Ben
--
*Ben Hutchison
Senior Developer
* Level 2 476 St Kilda Road Melbourne VIC 3004
T 613 8807 5252 | F 613 8807 5203 | M 0423 879 534 |
www.ibsglobalweb.com <http://www.ibsglobalweb.com/>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
