> Attempting to play with the application or Session AuthorizationStrategy > doesn't seem to be a good idea because it I would need to somehow inject the > current page into the "Authorization Process".
I think you are trying too hard to fit the existing authorization strategies, which in fact are meant as just examples, in your situation. To use those, you as you mention have to push the 'meta data' before rendering starts. But that's a pretty awkward programming model. What you should do is introduce some interface - like IMyAuthCheck { boolean hasAccess() } - and develop a custom strategy that checks whether a component implements this interface, and when it does, perform the check. > So, I am back to adding the AuthorizationStrategy to the Page. Now, is > there a good reason why component.isActionAuthorized() is final > (1.2-SNAPSHOT)? Because when isActionAuthorized is final, it guarantees that authorization strategies are being used. We could remove final if people really want it, but I'd be afraid it would encourage not using authorization strategies at all. To accomplish the same is rather easy. Just introduce that extra interface and develop a custom auth strat that uses that. > To try an work out my solution, I will remove the final modifier from the > codebase, then have my Page class override it to include a check to a Page > level IAuthorizationStrategy as well as the Application check. If you still want that final removed after this email, please add a feature request on http://issues.apache.org/jira/browse/WICKET. We might have to vote about it too. > While I am on the topic is there any reason why > MetaDataRoleAuthorizationStrategy (or AbstractRoleAuthorizationStrategy) do > not implement Serializable? Yeah, the strategy is not meant to be kept as instance variables of components or sessions. You should let Wicket manage the auth strat, and just provide the one you want by doing getSecuritySettings().setAuthorizationStrategy(myStrat) in your application's init method. If you want to combine multiple, use the decorator: CompoundAuthorizationStrategy Eelco ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user