Juraj,
...
public boolean isActionAuthorized(Component component, Action action) {
return action != Component.RENDER || shouldRender(component);
}
private boolean shouldRender(Component component){
// your logic to check if the current "user" should see component
}
...
This is a terse and basic implementation to make the technique clear;
you should get the idea and be able to extend it to fulfil your
specific requirements..
Regards - Cemal
jWeekend
Training, Consulting, Development
http://jWeekend.com
On 14 January 2011 10:04, Duro <develma...@yahoo.com> wrote:
> hi,
> could u describe the proposed solution more deeply please. Idon't know,
> what more i should do with my
>
> iauthorizationstrategy , it has only 2 boolean methods and i don't see
> anything, i could improve there. Btw i use RoleAuthorizationStrategy, which
> is a CompoundAuthorizationStrategy.
>
> thanks, Juraj
>
>> if you want to hide unauthorized components you should use
>> iauthorizationstrategy and veto component's RENDER action
>>
>> -igor
>>
>> On Wed, Jan 5, 2011 at 1:42 AM, Duro<develma...@yahoo.com> wrote:
>>>
>>> Hi, i am trying to customize the behavior, when in a page a component is
>>> found, that the current user is not authorized to while he is authorized
>>> to
>>> the page. This by default throws an exception and i want to change it so,
>>> that the component is simply not displayed. So i did this: in my web
>>> application, that is subclass of AuthenticatedWebApplication i have this
>>> init() method:
>>>
>>> @Override
>>> protected void init() {
>>> super.init();
>>> // we customize the default behavior, when there is an component
>>> in
>>> page, that
>>> // this user can't access. Default is an exception thrown, we just
>>> set the
>>> // component not visible
>>>
>>> getSecuritySettings().setUnauthorizedComponentInstantiationListener(
>>> new IUnauthorizedComponentInstantiationListener() {
>>> @Override
>>> public void onUnauthorizedInstantiation(Component
>>> component) {
>>> if (component instanceof Page) {
>>> onUnauthorizedPage((Page) component);
>>> } else {
>>> component.detach();
>>> }
>>> }
>>> });
>>> }
>>>
>>> as i can see, if the unauthorized object is a page, than i call
>>> onUnauthorizedPage((Page) component) which redirects to login page, else
>>> i
>>> destroy the component.
>>> What comes out as result is that the user after accessing protected page
>>> is
>>> redirected to login page, logs in and is authentificated but than somehow
>>> the session is destroyed and new is created for some reason which results
>>> in
>>> loosing the authentication and login page is displayed again. So the user
>>> actually can't log in and always ends only in the login page.
>>> thanks for help in advance, Juraj
>>>
>>> __________________________________________________
>>> Do You Yahoo!?
>>> Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz
>>> gegen Massenmails. http://mail.yahoo.com
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>>> For additional commands, e-mail: users-h...@wicket.apache.org
>>>
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>> For additional commands, e-mail: users-h...@wicket.apache.org
>>
>
> __________________________________________________
> Do You Yahoo!?
> Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz
> gegen Massenmails. http://mail.yahoo.com
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
