I would like to implement IAuthorizationStrategy (to be exact: extend the
AnnotationsRoleAuthorizationStrategy from wicket-auth) that would evaluate
whether the PageLink that refers to the annotated Page should be rendered
(please observe that it is the Page class that is to be annotated with
@AuthorizeAction rather than the link itself, which would require creating
a class). The idea is to check component's own authorizations first, and if
it yields true and component's class is a descendant of a PageLink to
retrieve the class the PageLink is referring to and delegate to checking
the annotations on that page class.
It could roughly look as following:
public class LinkedPageAnnotationsRoleAuthorizationStrategy extends
AnnotationsRoleAuthorizationStrategy {
public boolean isActionAuthorized(Component component, Action action) {
if (super.isActionAuthorized(component, action)) {
if (PageLink.class.getClass().isAssignableFrom(component.getClass())) {
Class c = ((PageLink)component).getPageLink().getPageIdentity();
return super.isActionAuthorized(c, action);
}
return true;
}
return false;
}
}
But as you noticed there is no PageLink#getPageLink() method, neither any
means of accessing this field as it is declared private.
Also AnnotationsRoleAuthorizationStrategy would need to factor out
isActionAuthorized(Class, Action) (possibly as a protected or private
method) in order to check authorization on the Class rather than on the
Component (to avoid unnecessary page instantiation). I can provide the
patch if you find this reasonable.
regz,
Dominik Drzewiecki
