Try securing the link on your HomePage and do not secure the HomePage
itself. The link has to implement ISecureComponent.
Add the permission for the link to your "basic" principal.
org.apache.wicket.security.hive.authorization.SimplePrincipal "basic"
{
//Permission for link on HomePage
permission
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"com.webperformance.portal.web.HomePage:securelinktopage2", "inherit, render",
"enable";
permission
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"com.webperformance.portal.web.Page2", "inherit, render";
permission
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"com.webperformance.portal.web.Page2", "enable";
};
Warren
Luca Provenzani wrote:
i don't think it is possible to do... because HomePage isn't a secure page
and then it's not under swarm control when it's rendered.
i'm afraid that you have to do by your hand...
but i'm not an expert! ;-)
Luca
2009/6/9 Christopher L Merrill <ch...@webperformance.com>
I have a question about rendering of links to secure pages when the user
has not
been authenticated.
Based on this line from the tutorial:
"In addition we granted links to our homepage the right to be clicked
(enable)."
I expected the link to either be non-visible or non-clickable - since I did
not grant the
enable permission for this page until login. The link is enabled (though
the user is
redirected to the login page when clicked).
I've made my way through the getting-started guide
(
http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm
)
and have a simple example working in my prototype. I have 3 pages:
- HomePage (non-secure)
- LoginPage (non-secure...obviously)
- Page2 (secure)
My authorization file looks like this:
grant principal
org.apache.wicket.security.hive.authorization.SimplePrincipal "basic"
{
permission
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"com.webperformance.portal.web.Page2", "inherit, render";
permission
org.apache.wicket.security.hive.authorization.permissions.ComponentPermission
"com.webperformance.portal.web.Page2", "enable";
};
When the user logs in, they get the "basic" principal via a
UsernamePasswordContext.
I have a link from the HomePage to Page2 (secure page). When the HomePage
renders and the
user had not logged in, the link is enabled. Clicking the link does not
take the user to
the page - it takes them to the login page. I was expecting the link to be
disabled - so
you don't even get the clickable cursor for it. Am I simply mistaken in my
understanding
of what "right to be clicked" means? Or have I missed some crucial bit
somewhere to allow
it to function as I expected?
If user is not authorized for an action, we will either want links to be
disabled (i.e. non-
clickable) or be not rendered at all...depending on the context. Is this
something that
should be done via wasp/swarm or should I be doing this manually during
page construction?
TIA!
Chris
--
------------------------------------------------------------------------ -
Chris Merrill | Web Performance, Inc.
ch...@webperformance.com | http://webperformance.com
919-433-1762 | 919-845-7601
Website Load Testing and Stress Testing Software & Services
------------------------------------------------------------------------ -
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
