Re: Wicket authorization strategy

Mon, 18 Nov 2024 23:26:31 -0800 

Hi,

wicket-auth-roles
uses 
org.apache.wicket.authroles.authorization.strategies.role.annotations.AnnotationsRoleAuthorizationStrategy
by default, but you can roll your own implementation that is more dynamic
and loads the information from DB or another source.

On Sat, Nov 16, 2024 at 5:21 AM Shengche Hsiao <shengchehs...@gmail.com>
wrote:

> Thanks, we used to adopt implementation as you mentioned.
>
> As my new project, it has a page to let administrators dynamically create
> a new Role and pickup necessary page permissions. But wicket’s built in
> AnnotationsRoleAuthorizationStrategy supports static role annotations, for
> example:
>
> @AuthorizeInstantiation("SIGNED_IN")
> @AuthorizeAction(action = "ENABLE", roles = {"ADMIN”}) <- this ADMIN is
> built-in or predefined in project
> public class MyPage extends WebPage {
>    //Page class code...
> }
>
> My question is when I  load custom Roles which created by administrators
> from database, how to authorization users to restrict  their access.
>
> Thanks
>
> Shengche
>
> From: Jeff Schneller <jeffrey.schnel...@envisa.com>
> Date: Friday, November 15, 2024 at 11:21 PM
> To: users@wicket.apache.org <users@wicket.apache.org>
> Subject: RE: Wicket authorization strategy
>
> We store our roles for the logged in user in our db.  When a user logs in
> we store the logged in user with their roles in the session.
>
> Then using UserRolesAuthorizer we check to make sure the user has the
> correct roles.  Also there we check to make sure the user doesn't have any
> flags on their account that would override their roles (something like a
> past due balance for example).
> Not sure if that is what you were asking or not.
>
>
>
> -----Original Message-----
> From: Shengche Hsiao <shengchehs...@gmail.com>
> Sent: Friday, November 15, 2024 6:11 AM
> To: Wicket User Mailinglist <users@wicket.apache.org>
> Subject: Wicket authorization strategy
>
> Dear All
>
> Wicket auth-role library allow us to define the static roles, and allow
> logined users to access restricted pages or components. But, I need to
> implement the dynamic authorization to constrain page/component
> permissions, and role-permission relationships are persistent in database.
> By now, I can dynamically add constraints on db.
> But how do I apply the constrains on page or components?
>
>
>
> Shengche
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>

Reply via email to