Hi, The real problem is that IAuthorizationStrategy uses IComponentInstantiationListener (note: *instantiation*). This works OK for Page in your case because you use it for the check.
When a non-Page component is being instantiated it still doesn't know about its immediate parent, nor the Page it is in. You logic seems to be broken since day 1. You can fix this by rolling out a authorization strategy that use IComponentInitializationListener (called on #onInitialize()). This way it will work. On Tue, Sep 4, 2012 at 4:27 AM, Arjun Dhar <dhar...@yahoo.com> wrote: > BTW this code is on Wicket 1.4 (just FYI) > > There seems to be a slight complication when protecting components in a > hierarchy. > > I have protected some pages/Web-Components by marking them as protected via > Annotation / Marker Interfaces. In the following code of an impl of > IAuthorizationStrategy, the code gets the list of Protected > components/classes getPageTypesProtected(). > > > > ..this works well for the components it is intended to protect. However it > interferes with the construction hierarchy of the components. Example: if > there is an AjaxLink somewhere in a Page that is Protected by the code > above, then there is some issue and it gets redirected to landing page > instead of login page. > Ideally what I would want is using "component.findParent(Page.class)"; get > the Page the Link is on. But in the event Auth failed on the page, this > comes null and the code has no way of knowing if the component is on which > page. > > Also unlike protecting pages by annotating them, I cant do this a at a link > Level; so I have to know where the link sits. Logically if the LINK is ON a > Protected COMPONENT then it itself inherits the PROTECTION --- Clean Magic > and Logic. But I cant seem to perfect this :( > > I tried to code the AjaxLink Auth in "public boolean > isActionAuthorized(Component component, Action action) " instead, but in > vain. Looks like Wicket component construction hierarchy prevents the page > from being constructed in the first place, so I have no way of knowing where > my AjaxLink sits if the page itself is un-authorized. > > However on processing the link, instead of invoking the page protection > mechanism it just dies. > > > > ----- > Software documentation is like sex: when it is good, it is very, very good; > and when it is bad, it is still better than nothing! > -- > View this message in context: > http://apache-wicket.1842946.n4.nabble.com/Wicket-Ajax-and-Session-expiry-tp4651715p4651724.html > Sent from the Users forum mailing list archive at Nabble.com. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
