Hello.
First let me congratulate this forum - I have always gotten wonderful
responses.
In my application I have a bookmarkable picture viewing page. That page
should only be viewed by users who have permission. The permissions are
stored in the DB.
When a user that doesn't have permission tries to access the page, I want
him to be redirected to the "picture browsing" page, with an error message
explaining that he has no permissions to view the picture he was trying to
access.
I have read the RoleAuthorizationStrategy and PageAuthorizationStrategy
classes and examples, and haven't found a way to make them work for me. That
is because, in order ot determind the permission, I need the currentUserID,
and the pictureID. The currentUserID is easy anough to obtain through the
session, but the pictureID is passed as a parameter to the constructor of
the PicturePage.
public PicturePage(long pictureID) {
... build the picture page
}
This parameter isn't available (As far as I know) to the
isPageAuthorized(Class pageClass) method of PageAuthorizationStrategy.
Thus, I have resolved to perform the authorization check at the constructor
of the PicturePage. Is this the correct way of implementing this kind of
authorization?
In addition, I don't know if it is good practice to throw a
RedirectException from the isPageAuthorized() method?
thanks,
Benny.
--
View this message in context:
http://www.nabble.com/Page-specific-authorization-tp18676911p18676911.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
