Juraj, ... public boolean isActionAuthorized(Component component, Action action) { return action != Component.RENDER || shouldRender(component); } private boolean shouldRender(Component component){ // your logic to check if the current "user" should see component } ...
This is a terse and basic implementation to make the technique clear; you should get the idea and be able to extend it to fulfil your specific requirements.. Regards - Cemal jWeekend Training, Consulting, Development http://jWeekend.com On 14 January 2011 10:04, Duro <develma...@yahoo.com> wrote: > hi, > could u describe the proposed solution more deeply please. Idon't know, > what more i should do with my > > iauthorizationstrategy , it has only 2 boolean methods and i don't see > anything, i could improve there. Btw i use RoleAuthorizationStrategy, which > is a CompoundAuthorizationStrategy. > > thanks, Juraj > >> if you want to hide unauthorized components you should use >> iauthorizationstrategy and veto component's RENDER action >> >> -igor >> >> On Wed, Jan 5, 2011 at 1:42 AM, Duro<develma...@yahoo.com> wrote: >>> >>> Hi, i am trying to customize the behavior, when in a page a component is >>> found, that the current user is not authorized to while he is authorized >>> to >>> the page. This by default throws an exception and i want to change it so, >>> that the component is simply not displayed. So i did this: in my web >>> application, that is subclass of AuthenticatedWebApplication i have this >>> init() method: >>> >>> @Override >>> protected void init() { >>> super.init(); >>> // we customize the default behavior, when there is an component >>> in >>> page, that >>> // this user can't access. Default is an exception thrown, we just >>> set the >>> // component not visible >>> >>> getSecuritySettings().setUnauthorizedComponentInstantiationListener( >>> new IUnauthorizedComponentInstantiationListener() { >>> @Override >>> public void onUnauthorizedInstantiation(Component >>> component) { >>> if (component instanceof Page) { >>> onUnauthorizedPage((Page) component); >>> } else { >>> component.detach(); >>> } >>> } >>> }); >>> } >>> >>> as i can see, if the unauthorized object is a page, than i call >>> onUnauthorizedPage((Page) component) which redirects to login page, else >>> i >>> destroy the component. >>> What comes out as result is that the user after accessing protected page >>> is >>> redirected to login page, logs in and is authentificated but than somehow >>> the session is destroyed and new is created for some reason which results >>> in >>> loosing the authentication and login page is displayed again. So the user >>> actually can't log in and always ends only in the login page. >>> thanks for help in advance, Juraj >>> >>> __________________________________________________ >>> Do You Yahoo!? >>> Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz >>> gegen Massenmails. http://mail.yahoo.com >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>> For additional commands, e-mail: users-h...@wicket.apache.org >>> >>> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> > > __________________________________________________ > Do You Yahoo!? > Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz > gegen Massenmails. http://mail.yahoo.com > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org