I am facing authorization problems this days, as you see in onother message.
when I started to deal with this problem I were also uncomfortable at the idea to use annotation on components or even specific class (like SecureComponent). Too much noise in the code and too much interference of authorization stuff in the operational code. I wanted to move everything in the AuthorizationStrategy to keep the panels/page code almost authorizazion unaware. Actually I think that that target could be achieved only for some simple situation. My advice is to try using the wicket component.setMetaData. You can put there you access authorization key and check for it in AuthorizationStrategy. This is easy to understand and keep the code clean. On Fri, Feb 12, 2010 at 9:07 AM, Wilhelmsen Tor Iver <toriv...@arrive.no>wrote: > We have an app with three "user types" and two "user levels" (read or > read-write in effect). We want to use these in authorization, and thought > about an approach using annotations. However, at the point of the Wicket > auth. interface methods, only class-targeted annotations are visible, and > that will lead to excessive subclassing (especially since Java does not let > you annotate anonymous inner classes). > > Would it be a better approach to use "behaviorless Behavior" objects that > we add to the relevant components and look for in isActionAuthorized()? > > Med vennlig hilsen > > TOR IVER WILHELMSEN > Senior systemutvikler > Arrive AS > T (+47) 48 16 06 18 > E-post: toriv...@arrive.no > http://www.arrive.no > http://servicedesk.arrive.no > > > > -- Daniele Dellafiore http://danieledellafiore.net
