I’m trying to use wicket-auth-roles (in Wicket 1.5.9) to make a component that
is enabled only for logged-in users. In my case if you’re not logged in, you
have only a role called GUEST. If you are logged in you have a role called
STUDENT (and also GUEST, since everything guests can do, students can do too).
I tried this annotation at the top of the class:
@AuthorizeActions(actions = { @AuthorizeAction(action="ENABLE", deny={“GUEST"},
roles={"STUDENT"})})
However, everyone is denied (since everyone has the GUEST role).
Then I tried:
@AuthorizeActions(actions = { @AuthorizeAction(action="ENABLE", deny={},
roles={"STUDENT"})})
but for some reason AbstractRoleAuthorizationStrategy.hasAny(roles) returns
true for the empty list of roles, so everyone is denied again. If I leave out
the deny list entirely:
@AuthorizeActions(actions = { @AuthorizeAction(action="ENABLE",
roles={"STUDENT"})})
it is a null pointer exception.
I know I can write my own strategy or define my own annotation, but it seems
like my case is exactly what the roles annotations are supposed to do. So
either this a bug in wicket-auth-roles, or else I am doing something wrong.
Thoughts?
Boris
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
