hi,
could u describe the proposed solution more deeply please. Idon't
know, what more i should do with my
iauthorizationstrategy , it has only 2 boolean methods and i don't see
anything, i could improve there. Btw i use RoleAuthorizationStrategy, which is
a CompoundAuthorizationStrategy.
thanks, Juraj
if you want to hide unauthorized components you should use
iauthorizationstrategy and veto component's RENDER action
-igor
On Wed, Jan 5, 2011 at 1:42 AM, Duro<develma...@yahoo.com> wrote:
Hi, i am trying to customize the behavior, when in a page a component is
found, that the current user is not authorized to while he is authorized to
the page. This by default throws an exception and i want to change it so,
that the component is simply not displayed. So i did this: in my web
application, that is subclass of AuthenticatedWebApplication i have this
init() method:
@Override
protected void init() {
super.init();
// we customize the default behavior, when there is an component in
page, that
// this user can't access. Default is an exception thrown, we just
set the
// component not visible
getSecuritySettings().setUnauthorizedComponentInstantiationListener(
new IUnauthorizedComponentInstantiationListener() {
@Override
public void onUnauthorizedInstantiation(Component
component) {
if (component instanceof Page) {
onUnauthorizedPage((Page) component);
} else {
component.detach();
}
}
});
}
as i can see, if the unauthorized object is a page, than i call
onUnauthorizedPage((Page) component) which redirects to login page, else i
destroy the component.
What comes out as result is that the user after accessing protected page is
redirected to login page, logs in and is authentificated but than somehow
the session is destroyed and new is created for some reason which results in
loosing the authentication and login page is displayed again. So the user
actually can't log in and always ends only in the login page.
thanks for help in advance, Juraj
__________________________________________________
Do You Yahoo!?
Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz
gegen Massenmails. http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
__________________________________________________
Do You Yahoo!?
Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails.
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
