Hi all,
We would like to hide a Panel marked with
@AuthorizeInstantiation("RoleNotAuthorizedTo");
The default behaviour is that wicket sends AccessDeniedPage.
We are using wicket 1.3.7.
I implemented the desired solution by duplicating the complete
org.apache.wicket.authentication.AuthenticatedWebApplication class in our
source tree, and changing the onUnauthorizedInstantiation method to:
public final void onUnauthorizedInstantiation(final Component component)
{
// If there is a sign in page class declared, and the unauthorized
// component is a page, but it's not the sign in page
if (component instanceof Page)
{
if (!AuthenticatedWebSession.get().isSignedIn())
{
// Redirect to intercept page to let the user sign in
throw new
RestartResponseAtInterceptPageException(getSignInPageClass());
}
else
{
onUnauthorizedPage((Page)component);
}
}
else
{
// Kees / IOO change: delegate to new onUnAuthorizedComponent
onUnautorizedComponent(component);
}
}
/**
* Kees / IOO change: created delegate method
* @param component
* a (non-page) component that user is not authorized to to
construct.
*/
protected void onUnautorizedComponent(final Component component) {
// The component was not a page, so throw an exception
throw new UnauthorizedInstantiationException(component.getClass());
}
Our WicketApplication subclass overrides the onUnautorizedComponent with:
protected void onUnautorizedComponent(final Component component) {
component.setVisible(false);
}
Is this the only way to achieve this? I'd like to not duplicate the complete
class, but some kind of hook where I can implement this in.
Is that possible?
Thanks in advance!
Best regards,
Kees van Dieren
--
Squins | IT, Honestly
Oranjestraat 23
2983 HL Ridderkerk
The Netherlands
Phone: +31 (0)180 414520
Mobile: +31 (0)6 30413841
www.squins.com
Chamber of commerce Rotterdam: 22048547
