I take it you configured wicket-auth-roles by doing
getSecuritySettings().setAuthorizationStrategy(...) in your
application's init?
If so, then the security check for that component is done by an
IComponentInstantiationListener that is automatically initialized by
the constructor of Application.
In other words: the permissions are checked automatically. I believe
the default behavior is to throw an UnauthorizedInstantiationException
if component instantiation is not authorized, but you can tweak this
by calling
getSecuritySettings().setUnauthorizedComponentInstantiationListener(...).
An example implementation for making components invisible if not
authorized would be:
getSecuritySettings().setUnauthorizedComponentInstantiationListener(new
IUnauthorizedComponentInstantiationListener() {
public void onUnauthorizedInstantiation(final Component component)
{
if (component instanceof Page) {
// Redirect to index
throw new RestartResponseAtInterceptPageException(YourLoginPage.class);
// Or you can just throw the original UnauthorizedInstantiationException
} else {
component.setVisible(false);
}
}
);
DISCLAIMER: This post was constructed after studying the relevant
source for about 2 minutes and googling for about 1 minute to get some
info about wicket-auth-roles.
2010/1/8 toberger <torben.ber...@gmx.de>:
>
> This is my problem. How do I get the information, if the user has not the
> permission to see the panel?
>
> I create a tab list like this:
>
> List<ITab> tabs = new ArrayList<ITab>();
> tabs.add(new AbstractTab(new Model<String>("panel")) {
>
> public Panel getPanel(String panelId) {
> return new FooPanel(panelId);
> }
> ...
> });
>
> And I'm securing the panel through annotation:
>
> @AuthorizeInstantiation("ADMIN")
> public class FooPanel extends Panel {
> ...
> }
>
> So the tab will be added before I get the information about its auths.
>
>
>
> James Carman-3 wrote:
>>
>> Can't you just not add the tab if the user doesn't have the
>> role/permission required?
>>
>
> --
> View this message in context:
> http://old.nabble.com/TabbedPanel-%2B-authorization-strategy-tp13949910p27073005.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>
--
Jeroen Steenbeeke
www.fortuityframework.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
