I should have checked JIRA first. It looks like this was fixed, but only for wicket 6, under this issue:
https://issues.apache.org/jira/browse/WICKET-3974 Boris On Dec 20, 2013, at 8:17 AM, Sven Meier <[email protected]> wrote: > AnnotationsRoleAuthorizationStrategy#check() looks good to me. > > Can you debug what's happening there in your case? > > Sven > > On 12/20/2013 01:53 PM, Boris Goldowsky wrote: >> I’m trying to use wicket-auth-roles (in Wicket 1.5.9) to make a component >> that is enabled only for logged-in users. In my case if you’re not logged >> in, you have only a role called GUEST. If you are logged in you have a >> role called STUDENT (and also GUEST, since everything guests can do, >> students can do too). >> >> I tried this annotation at the top of the class: >> >> @AuthorizeActions(actions = { @AuthorizeAction(action="ENABLE", >> deny={“GUEST"}, roles={"STUDENT"})}) >> >> However, everyone is denied (since everyone has the GUEST role). >> >> Then I tried: >> >> @AuthorizeActions(actions = { @AuthorizeAction(action="ENABLE", deny={}, >> roles={"STUDENT"})}) >> >> but for some reason AbstractRoleAuthorizationStrategy.hasAny(roles) returns >> true for the empty list of roles, so everyone is denied again. If I leave >> out the deny list entirely: >> >> @AuthorizeActions(actions = { @AuthorizeAction(action="ENABLE", >> roles={"STUDENT"})}) >> >> it is a null pointer exception. >> >> >> I know I can write my own strategy or define my own annotation, but it seems >> like my case is exactly what the roles annotations are supposed to do. So >> either this a bug in wicket-auth-roles, or else I am doing something wrong. >> Thoughts? >> >> Boris >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
