Hello. First let me congratulate this forum - I have always gotten wonderful responses.
In my application I have a bookmarkable picture viewing page. That page should only be viewed by users who have permission. The permissions are stored in the DB. When a user that doesn't have permission tries to access the page, I want him to be redirected to the "picture browsing" page, with an error message explaining that he has no permissions to view the picture he was trying to access. I have read the RoleAuthorizationStrategy and PageAuthorizationStrategy classes and examples, and haven't found a way to make them work for me. That is because, in order ot determind the permission, I need the currentUserID, and the pictureID. The currentUserID is easy anough to obtain through the session, but the pictureID is passed as a parameter to the constructor of the PicturePage. public PicturePage(long pictureID) { ... build the picture page } This parameter isn't available (As far as I know) to the isPageAuthorized(Class pageClass) method of PageAuthorizationStrategy. Thus, I have resolved to perform the authorization check at the constructor of the PicturePage. Is this the correct way of implementing this kind of authorization? In addition, I don't know if it is good practice to throw a RedirectException from the isPageAuthorized() method? thanks, Benny. -- View this message in context: http://www.nabble.com/Page-specific-authorization-tp18676911p18676911.html Sent from the Wicket - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]