Hi Tom,
I do not see any reason preventing you from delivering a custom
IAuthorizationStrategy that does what you want.
On Fri, Mar 28, 2014 at 8:37 PM, Tom Norton <
tomwnorton.mailing.li...@gmail.com> wrote:
> Let's say I have a page called: /order-details/${orderId}.
>
> Let's also say I want to ensure that some customer named Bob can only see
> the order-details pages for the orders he placed, but not any of the
> order-details pages for orders that John placed.
>
> I already know wicket has role-based security. Does wicket also have some
> form of parameter-based security? Am I barking up the wrong tree? Should
> this security check be inside a hibernate on-load event listener instead?
>
> Thanks,
> Tom
>
--
Regards - Ernesto Reinaldo Barreiro
