I think you could do it by using a "base role" that all users receive,
then add additional roles to tighten it down. You would then need to fake
authentication of the "base" users by calling session.authenticate("user",
"pass") and assigning the "BASE" role, even though the user won't
explicitly log in. Users who do log in will receive the correct role such
as "ADMIN"
Some users secure (ADMIN), some users wide-open (BASE)
@AuthorizeInstantiation({"ADMIN", "BASE"})
All users secure
@AuthorizeInstantiation("ADMIN")
You might also consider subclassing the page and marking that with the
annotation, then handle the response to the secured or unsecured version
by checking if the user is signed in. I'm not sure where you are going
with this because I'm not sure why you have the requirement of being
secure for some users but not secure for others.
From: hrbaer <[email protected]>
To: [email protected]
Date: 03/29/2011 12:37 PM
Subject: flexible authentication
Hi all,
my web application is using the wicket authentication approach
(AuthenticatedWebSession) and all my "secure" java files are marked with
"@AuthorizeInstantiation("ADMIN")"
So once I added this annotation there is no chance to bypass the
authentication.
But what if there is the need to be flixible? What if for some users the
page A should be secure and for others don't?
Let's assume there is is page with e.g. contact informations and a user
can
decide for his own if the page should be accessible with or without
authentication. How can I achieve that without using the wicket approach?
At
the moment it don't think that the wicket approach is the right one?!
Thanks in advance.
--
View this message in context:
http://apache-wicket.1842946.n4.nabble.com/flexible-authentication-tp3415413p3415413.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Notice: This communication, including any attachments, is intended solely
for the use of the individual or entity to which it is addressed. This
communication may contain information that is protected from disclosure
under State and/or Federal law. Please notify the sender immediately if
you have received this communication in error and delete this email from
your system. If you are not the intended recipient, you are requested not
to disclose, copy, distribute or take any action in reliance on the
contents of this information.
