Thanks guys, now I'm getting full picture. James, did you apply AOP approach you mentioned, or you went Wicket-way ?
On Fri, Dec 24, 2010 at 11:39 AM, James Carman <[email protected]>wrote: > On Fri, Dec 24, 2010 at 11:40 AM, Brian Topping <[email protected]> > wrote: > > The key for using Wicket authorization annotations is to implement > IAuthorizationStrategy and IUnauthorizedComponentInstantiationListener. > When you get called in those methods, you can call out to Spring Security > to check how to proceed. Just implement the methods with stubs, set > breakpoints there, and look at what you are passed. All will be clear, it's > really easy to use. > > > > Yeah, mimicking what auth-roles does to check its own annotations > should be quite trivial. Brian has pretty much given you the recipe > here. > > > Doing it with intercept URLs might work for a few pages that you have > mounted in Wicket, but in the end, every new page is going to have to be set > up perfectly. It's not worth it go go that route. > > > > It will work fine for "mounted" bookmarkable pages, but it will get a > little crazy once you start getting into listeners and stuff. You > could use AspectJ to weave your classes so that they have the security > stuff baked in. Then, they'll throw the proper exceptions and if you > use the request cycle trick I showed you, it will forward to the login > page. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Best regards, Dmytro Seredenko
