Re: Wicket authorization strategy

Fri, 15 Nov 2024 19:21:25 -0800 

Thanks, we used to adopt implementation as you mentioned.

As my new project, it has a page to let administrators dynamically create a new 
Role and pickup necessary page permissions. But wicket’s built in 
AnnotationsRoleAuthorizationStrategy supports static role annotations, for 
example:

@AuthorizeInstantiation("SIGNED_IN")
@AuthorizeAction(action = "ENABLE", roles = {"ADMIN”}) <- this ADMIN is 
built-in or predefined in project
public class MyPage extends WebPage {
   //Page class code...
}

My question is when I  load custom Roles which created by administrators from 
database, how to authorization users to restrict  their access.

Thanks

Shengche

From: Jeff Schneller <jeffrey.schnel...@envisa.com>
Date: Friday, November 15, 2024 at 11:21 PM
To: users@wicket.apache.org <users@wicket.apache.org>
Subject: RE: Wicket authorization strategy

We store our roles for the logged in user in our db.  When a user logs in we 
store the logged in user with their roles in the session.

Then using UserRolesAuthorizer we check to make sure the user has the correct 
roles.  Also there we check to make sure the user doesn't have any flags on 
their account that would override their roles (something like a past due 
balance for example).
Not sure if that is what you were asking or not.



-----Original Message-----
From: Shengche Hsiao <shengchehs...@gmail.com>
Sent: Friday, November 15, 2024 6:11 AM
To: Wicket User Mailinglist <users@wicket.apache.org>
Subject: Wicket authorization strategy

Dear All

Wicket auth-role library allow us to define the static roles, and allow logined 
users to access restricted pages or components. But, I need to implement the 
dynamic authorization to constrain page/component  permissions, and 
role-permission relationships are persistent in database. By now, I can 
dynamically add constraints on db.
But how do I apply the constrains on page or components?



Shengche


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Reply via email to