Hi!
We have the same situation in one of our web applications (profile pages
may be hidden for everyone except the profile owner). Since I wasn't
able to find a clean way to check such conditions from our page
authorization strategy, I added that to the checks I already had in the
page constructor method (other checks are to catch invalid indices
etc.). If the validation fails I redirect the user to a friendly-written
error page and call return to stop the method afterwards.
Maybe it's possible to get the page parameters by accessing the request
cycle directly from an authorization strategy?
However, if there are more situations like that I would expect the
authorization strategy to become big and cluttered very fast, so I don't
think such checks should go there but instead be performed by the page
class they are meant for. If the same checks are performed in different
classes, they could go into a (static) method, maybe in a super class.
If there's (yet) another good place to put such checks in, I would be
interested in it as well. :)
Bye,
Daniel
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
