Hi all, We would like to hide a Panel marked with @AuthorizeInstantiation("RoleNotAuthorizedTo");
The default behaviour is that wicket sends AccessDeniedPage. We are using wicket 1.3.7. I implemented the desired solution by duplicating the complete org.apache.wicket.authentication.AuthenticatedWebApplication class in our source tree, and changing the onUnauthorizedInstantiation method to: public final void onUnauthorizedInstantiation(final Component component) { // If there is a sign in page class declared, and the unauthorized // component is a page, but it's not the sign in page if (component instanceof Page) { if (!AuthenticatedWebSession.get().isSignedIn()) { // Redirect to intercept page to let the user sign in throw new RestartResponseAtInterceptPageException(getSignInPageClass()); } else { onUnauthorizedPage((Page)component); } } else { // Kees / IOO change: delegate to new onUnAuthorizedComponent onUnautorizedComponent(component); } } /** * Kees / IOO change: created delegate method * @param component * a (non-page) component that user is not authorized to to construct. */ protected void onUnautorizedComponent(final Component component) { // The component was not a page, so throw an exception throw new UnauthorizedInstantiationException(component.getClass()); } Our WicketApplication subclass overrides the onUnautorizedComponent with: protected void onUnautorizedComponent(final Component component) { component.setVisible(false); } Is this the only way to achieve this? I'd like to not duplicate the complete class, but some kind of hook where I can implement this in. Is that possible? Thanks in advance! Best regards, Kees van Dieren -- Squins | IT, Honestly Oranjestraat 23 2983 HL Ridderkerk The Netherlands Phone: +31 (0)180 414520 Mobile: +31 (0)6 30413841 www.squins.com Chamber of commerce Rotterdam: 22048547