Re: Wicket-auth annotations to hide a link problem

[Ivana <iv...@gmail.com>]

I just found this works - but has other problems:

I have a page with a menu made of links. The links replace the main panel
the user is looking at. Depending on user role, some panels are not
available and the corresponding links are not shown.

I have implemented this like this:
@AuthorizeAction(action = Action.RENDER, roles = { Roles.internal })
class InternalAjaxReplacementLink extends AjaxFallbackLink{
	... replace panel, change/append css styles
}

@AuthorizeAction(action = Action.RENDER, roles = {Roles.public,
Roles.internal })
class PublicAjaxReplacementLink extends AjaxFallbackLink{
	... replace panel, change/append css styles
}On my page i add the links, according to which users should have access to
which resources - and this works.
A user that has only the 'public' role sees only the links leading to public
resources, internal users see more resources. 


Except: the welcome panel is accesible to both 'internal' and 'public'
user-roles. When 'internal' users click an InternalAjaxReplacementLink, the
container asks them to authenticate again before they can continue. Nothing
happens with this new login: i have tried loggin in as a different
authorized user and the original credentials are not overwritten.  What is
going on?

I'm using tomcat form based security while developing. I intend to replace
this in the near future with spring security.
-- 
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Wicket-auth-annotations-to-hide-a-link-problem-tp2542360p3025671.html
Sent from the Users forum mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org