On the book "Wicket in Action" there is a chapter (12) that cover the Authentication and the Authorization. It will be very useful to you, and is very easy to understand and implement.
This book is very good and i advise you to have, so you can consult as you need. Marco Santos Ben Hutchison-2 wrote: > > Hi all, > > I am tech leading our first Wicket project, and I and my co-workers are > new to Wicket, but we have been having a good experience in the first > few weeks. > > We have come across an challenge relating to security authorization that > I would appreciate some advice regarding. Here are the simple business > rules: > > - Site Users can create Listings > - Users can View someone else's Listing > - Users can Edit their own listing. > > So the authorization decision needs to examine some context (ie the > Listing), as well as the current user, to determine whether they have an > Edit or View role. > > A look at wicket-auth-roles suggested that it did not cater for > context-sensitive roles of this kind? Ie > IRoleCheckingStrategy.hasAnyRole(Roles roles) doesn't allow for any > context parameters on which the strategy might make the decision. > > What is the simplest way to address my challenge? > > -Ben > -- > > > > *Ben Hutchison > Senior Developer > * Level 2 476 St Kilda Road Melbourne VIC 3004 > T 613 8807 5252 | F 613 8807 5203 | M 0423 879 534 | > www.ibsglobalweb.com <http://www.ibsglobalweb.com/> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > -- View this message in context: http://www.nabble.com/What%27s-the-simplest-way-to-do-Context-sensitive-Authorization-in-Wicket--tp23733965p23734099.html Sent from the Wicket - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
