Re: [Wicket-user] Security / Page Access / Page Construction / IAuthorizationStrategy

[Igor Vaynberg]

if you are only working with bookmarkable pages, then yes, a pagefactory can handle the security. If, however, you want to extend this to non-bookmarkable pages you have two options: use the HEAD version and implement the IAuthorizationPolicy, or if you need a more stable code base to work off, do what the policy impl does and create a base page with the default constructor that checks the security and throws an error.

-Igor

On 11/13/05, Robert McClay <[EMAIL PROTECTED]> wrote:

I would like to enable page level security in my application. I don't
want my page to be constructed unless a certain security requirement is
met as at present I do a lot of data loading / etc in page constructors
(as featured in the wicket examples).

It seems a new security policy is in the works to handle this --
IAuthorizationStrategy. In the meantime, what would be a good way to
prevent a bookmarkable page from being constructed? Should I provide a
new IPageFactory implementation that checks the session for
authorization prior to returning a new page, and perhaps swap the page
to a "denied access" or login page if access isn't available? Or should
I check out the latest CVS sources and try IAuthorization strategy if
it is implemented? Thanks.




-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user