We store our roles for the logged in user in our db. When a user logs in we store the logged in user with their roles in the session.
Then using UserRolesAuthorizer we check to make sure the user has the correct roles. Also there we check to make sure the user doesn't have any flags on their account that would override their roles (something like a past due balance for example). Not sure if that is what you were asking or not. -----Original Message----- From: Shengche Hsiao <shengchehs...@gmail.com> Sent: Friday, November 15, 2024 6:11 AM To: Wicket User Mailinglist <users@wicket.apache.org> Subject: Wicket authorization strategy Dear All Wicket auth-role library allow us to define the static roles, and allow logined users to access restricted pages or components. But, I need to implement the dynamic authorization to constrain page/component permissions, and role-permission relationships are persistent in database. By now, I can dynamically add constraints on db. But how do I apply the constrains on page or components? Shengche --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
