Thanks, we used to adopt implementation as you mentioned.
As my new project, it has a page to let administrators dynamically create a new
Role and pickup necessary page permissions. But wicket’s built in
AnnotationsRoleAuthorizationStrategy supports static role annotations, for
example:
@AuthorizeInstantiation("SIGNED_IN")
@AuthorizeAction(action = "ENABLE", roles = {"ADMIN”}) <- this ADMIN is
built-in or predefined in project
public class MyPage extends WebPage {
//Page class code...
}
My question is when I load custom Roles which created by administrators from
database, how to authorization users to restrict their access.
Thanks
Shengche
From: Jeff Schneller <[email protected]>
Date: Friday, November 15, 2024 at 11:21 PM
To: [email protected] <[email protected]>
Subject: RE: Wicket authorization strategy
We store our roles for the logged in user in our db. When a user logs in we
store the logged in user with their roles in the session.
Then using UserRolesAuthorizer we check to make sure the user has the correct
roles. Also there we check to make sure the user doesn't have any flags on
their account that would override their roles (something like a past due
balance for example).
Not sure if that is what you were asking or not.
-----Original Message-----
From: Shengche Hsiao <[email protected]>
Sent: Friday, November 15, 2024 6:11 AM
To: Wicket User Mailinglist <[email protected]>
Subject: Wicket authorization strategy
Dear All
Wicket auth-role library allow us to define the static roles, and allow logined
users to access restricted pages or components. But, I need to implement the
dynamic authorization to constrain page/component permissions, and
role-permission relationships are persistent in database. By now, I can
dynamically add constraints on db.
But how do I apply the constrains on page or components?
Shengche
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
