I take it you configured wicket-auth-roles by doing getSecuritySettings().setAuthorizationStrategy(...) in your application's init?
If so, then the security check for that component is done by an IComponentInstantiationListener that is automatically initialized by the constructor of Application. In other words: the permissions are checked automatically. I believe the default behavior is to throw an UnauthorizedInstantiationException if component instantiation is not authorized, but you can tweak this by calling getSecuritySettings().setUnauthorizedComponentInstantiationListener(...). An example implementation for making components invisible if not authorized would be: getSecuritySettings().setUnauthorizedComponentInstantiationListener(new IUnauthorizedComponentInstantiationListener() { public void onUnauthorizedInstantiation(final Component component) { if (component instanceof Page) { // Redirect to index throw new RestartResponseAtInterceptPageException(YourLoginPage.class); // Or you can just throw the original UnauthorizedInstantiationException } else { component.setVisible(false); } } ); DISCLAIMER: This post was constructed after studying the relevant source for about 2 minutes and googling for about 1 minute to get some info about wicket-auth-roles. 2010/1/8 toberger <torben.ber...@gmx.de>: > > This is my problem. How do I get the information, if the user has not the > permission to see the panel? > > I create a tab list like this: > > List<ITab> tabs = new ArrayList<ITab>(); > tabs.add(new AbstractTab(new Model<String>("panel")) { > > public Panel getPanel(String panelId) { > return new FooPanel(panelId); > } > ... > }); > > And I'm securing the panel through annotation: > > @AuthorizeInstantiation("ADMIN") > public class FooPanel extends Panel { > ... > } > > So the tab will be added before I get the information about its auths. > > > > James Carman-3 wrote: >> >> Can't you just not add the tab if the user doesn't have the >> role/permission required? >> > > -- > View this message in context: > http://old.nabble.com/TabbedPanel-%2B-authorization-strategy-tp13949910p27073005.html > Sent from the Wicket - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > -- Jeroen Steenbeeke www.fortuityframework.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org