I have a question about rendering of links to secure pages when the user has not been authenticated.
Based on this line from the tutorial: "In addition we granted links to our homepage the right to be clicked (enable)." I expected the link to either be non-visible or non-clickable - since I did not grant the enable permission for this page until login. The link is enabled (though the user is redirected to the login page when clicked). I've made my way through the getting-started guide (http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm) and have a simple example working in my prototype. I have 3 pages: - HomePage (non-secure) - LoginPage (non-secure...obviously) - Page2 (secure) My authorization file looks like this: grant principal org.apache.wicket.security.hive.authorization.SimplePrincipal "basic" { permission org.apache.wicket.security.hive.authorization.permissions.ComponentPermission "com.webperformance.portal.web.Page2", "inherit, render"; permission org.apache.wicket.security.hive.authorization.permissions.ComponentPermission "com.webperformance.portal.web.Page2", "enable"; }; When the user logs in, they get the "basic" principal via a UsernamePasswordContext. I have a link from the HomePage to Page2 (secure page). When the HomePage renders and the user had not logged in, the link is enabled. Clicking the link does not take the user to the page - it takes them to the login page. I was expecting the link to be disabled - so you don't even get the clickable cursor for it. Am I simply mistaken in my understanding of what "right to be clicked" means? Or have I missed some crucial bit somewhere to allow it to function as I expected? If user is not authorized for an action, we will either want links to be disabled (i.e. non- clickable) or be not rendered at all...depending on the context. Is this something that should be done via wasp/swarm or should I be doing this manually during page construction? TIA! Chris -- ------------------------------------------------------------------------ - Chris Merrill | Web Performance, Inc. [email protected] | http://webperformance.com 919-433-1762 | 919-845-7601 Website Load Testing and Stress Testing Software & Services ------------------------------------------------------------------------ - --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
