On Fri, Dec 24, 2010 at 11:40 AM, Brian Topping <[email protected]> wrote: > The key for using Wicket authorization annotations is to implement > IAuthorizationStrategy and IUnauthorizedComponentInstantiationListener. When > you get called in those methods, you can call out to Spring Security to check > how to proceed. Just implement the methods with stubs, set breakpoints > there, and look at what you are passed. All will be clear, it's really easy > to use. >
Yeah, mimicking what auth-roles does to check its own annotations should be quite trivial. Brian has pretty much given you the recipe here. > Doing it with intercept URLs might work for a few pages that you have mounted > in Wicket, but in the end, every new page is going to have to be set up > perfectly. It's not worth it go go that route. > It will work fine for "mounted" bookmarkable pages, but it will get a little crazy once you start getting into listeners and stuff. You could use AspectJ to weave your classes so that they have the security stuff baked in. Then, they'll throw the proper exceptions and if you use the request cycle trick I showed you, it will forward to the login page. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
