I’m trying to use wicket-auth-roles (in Wicket 1.5.9) to make a component that
is enabled only for logged-in users. In my case if you’re not logged in, you
have only a role called GUEST. If you are logged in you have a role called
STUDENT (and also GUEST, since everything guests can do,
AnnotationsRoleAuthorizationStrategy#check() looks good to me.
Can you debug what's happening there in your case?
Sven
On 12/20/2013 01:53 PM, Boris Goldowsky wrote:
I’m trying to use wicket-auth-roles (in Wicket 1.5.9) to make a component that
is enabled only for logged-in users. In my
One oddity with AnnotationsRoleAuthorizationStrategy#check() is that specifying
deny = {} actually denies everyone (since
AbstractRoleAuthorizationStrategy.hasAny(roles) returns true for the empty list
of roles). But people might be depending on that behavior, so it would be hard
to recommend
I should have checked JIRA first. It looks like this was fixed, but only for
wicket 6, under this issue:
https://issues.apache.org/jira/browse/WICKET-3974
Boris
On Dec 20, 2013, at 8:17 AM, Sven Meier s...@meiers.net wrote:
AnnotationsRoleAuthorizationStrategy#check() looks good to me.