> Attempting to play with the application or Session AuthorizationStrategy
> doesn't seem to be a good idea because it I would need to somehow inject the
> current page into the "Authorization Process".
I think you are trying too hard to fit the existing authorization
strategies, which in fact are meant as just examples, in your
situation. To use those, you as you mention have to push the 'meta
data' before rendering starts. But that's a pretty awkward programming
model. What you should do is introduce some interface - like
IMyAuthCheck { boolean hasAccess() } - and develop a custom strategy
that checks whether a component implements this interface, and when it
does, perform the check.
> So, I am back to adding the AuthorizationStrategy to the Page. Now, is
> there a good reason why component.isActionAuthorized() is final
> (1.2-SNAPSHOT)?
Because when isActionAuthorized is final, it guarantees that
authorization strategies are being used. We could remove final if
people really want it, but I'd be afraid it would encourage not using
authorization strategies at all. To accomplish the same is rather
easy. Just introduce that extra interface and develop a custom auth
strat that uses that.
> To try an work out my solution, I will remove the final modifier from the
> codebase, then have my Page class override it to include a check to a Page
> level IAuthorizationStrategy as well as the Application check.
If you still want that final removed after this email, please add a
feature request on http://issues.apache.org/jira/browse/WICKET. We
might have to vote about it too.
> While I am on the topic is there any reason why
> MetaDataRoleAuthorizationStrategy (or AbstractRoleAuthorizationStrategy) do
> not implement Serializable?
Yeah, the strategy is not meant to be kept as instance variables of
components or sessions. You should let Wicket manage the auth strat,
and just provide the one you want by doing
getSecuritySettings().setAuthorizationStrategy(myStrat) in your
application's init method. If you want to combine multiple, use the
decorator: CompoundAuthorizationStrategy
Eelco
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
