abstract class securecomponentcontainer extends webmarkupcontainer { protected component abstract newsecurecomponent(string id); protected component boolean isauthrorized();
protected void onbeforerender() { if (isauthorized()) { replacewith(newsecurecomponent(getid()); } } } have you tried something like this? -igor On Fri, Nov 13, 2009 at 11:48 AM, Early Morning <goodmorning...@gmail.com> wrote: > Hi All, > > There are cases wherein a user is authorized to view a page, but not a > component within that page. Currently we set the authorizations needed for a > component using a custom annotation, and handle the Render and Enable > actions in a custom AuthorizationStrategy. However, we also have to handle > authorizations for component instantiation such that the actual code of the > component should not be run if it is not authorized. This is needed since > there are many components which retrieve data from a DB or otherwise do > unnecessary processing which ideally shoudn't be done if the component is > not authorized for instantiation in the first place. > > Is there a way that we can automatically replace that component with a dummy > component or just not execute the code within the component (say, in the > onUnauthorizedInstantiation method) in our AuthorizationStrategy? Of course, > we could manually check within the component whether the processing should > be done depending on the authorization, but we'd like to avoid that since > that would mean manually checking authorizations for every component (thus > rendering the AuthorizationStrategy somewhat redundant). Is there a way for > us to do this automatically for components where we've set > isInstantiationAuthorized = false? Thanks! > > > ---Ces > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org