You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Pills <pi...@hmcrecord.ch> on 2007/12/31 01:05:04 UTC
@AuthorizeInstanciation and several roles
Hello,
I'm using the wicket-auth-roles package to allow or restrict access to some
pages. I need to autorize the instanciation of some pages to several roles.
Is it possible to write something like:
@AuthorizeInstanciation("poweruser,admin,sysadmin")
class Mypage extends WebPage {...}
and something like this in my authenticated session:
public Roles getRoles() {
return new Roles(new String[] {"poweruser","admin","sysadmin"});
}
If it's possible, what is the right syntax?
PS: I've read a bit about wasp/swarm, but it looks too much complicated for
my needs (I just need to prevent some components to be instantiated for some
kinds of users). Hiding/showing links and such fonctionnality is not needed
Thank you ;)
--
View this message in context: http://www.nabble.com/%40AuthorizeInstanciation-and-several-roles-tp14552711p14552711.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: @AuthorizeInstanciation and several roles
Posted by Maurice Marrink <ma...@gmail.com>.
Thanks for responding, we always try to improve.
On Jan 2, 2008 11:20 AM, Sébastien Piller <pi...@hmcrecord.ch> wrote:
>
> Well, with swarm I do need to define the policy files, which isn't trivial
> for me (I never saw this kind of syntax before).
True, policy file is not a trivial task especially for a big app the
policy can grow to several thousands of lines.
As for the syntax, it is the same as for a Jaas policy file, but if
you never worked with jaas that is not going to help you much.
On the other hand swarm is flexible enough for you to swap in you own
"policy file" implementation, whether it is stored in a database or in
a policy file with a completely different syntax. If you use java 1.5
you might even put something together that gets the information from
annotations on your wicket pages.
> And there is a lot of new classes/interfaces in this api (SwarmWebApp,
> Principal, SwarmActionFactory, LoginContext, ...) with no much
> documentation.
Sure there are new classes every framework extension has them, they
are here to help you with the grunt work, they are not your enemies.
What documentation are you missing? every class has javadoc, there are
several wiki pages with information, including how to get started
http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security,
There is an examples project (which could benefit from imprvements, no
arguments there).
> It's not easy to transform an AuthenticatedWebApp in a
> SwarmWebApp.
Well that is because they both have a very different approach on how
to do things. Personally i have not worked much with wicket-auth-roles
but perhaps a step by step conversion would be helpful to some people.
>
> I think wicket-auth-roles is more clear and easy to use (just to put an
> annotation and implement getRoles in the session). It's trivial and looks
> pretty. When I need to, I manually enable/disable the links. It's easy to
> implement with my layout.
That is your opinion, i have however seen loads of questions about
wicket-auth-roles on the mailing list as well, and thats ok there will
always be questions about frameworks, and some users will get along
better with product A and some with product B. Personally i feel
wicket-auth-roles is to simple to get the job done for the type of
applications we build, but if it suits your needs then by all means go
for it.
>
> I think some clear and simple examples using swarm with users extracted
> from a db will be a very good improvement. (with login page, normal pages,
> securized pages and several security levels)
There are already several simple examples, but apparently you would
like to see a full blown app, we'll see if we can build one.
http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security+Examples
>
> If so, I might upgrade my app to use swarm. But for now it looks too
> complicated for just autorizing instantiation.
>
> And last but not least, swarm/wasp are both in version 0.1 beta, I'd prefer
> to wait for a stable release or at least a rc. (my app will be in production
> soon)
version 0.2 beta should be out soon, and for what its worth so is our
app and we still use it. Don't let the 0.1 fool you i don't believe in
starting version numbers from 1.0.
Besides you did know that wicket-auth-roles is a demo project? ;)
Anyway, thanks for this insight. I'll try to do something with it.
Maurice
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: @AuthorizeInstanciation and several roles
Posted by Maurice Marrink <ma...@gmail.com>.
Hi,
I'm wondering what exactly about swarm you find difficult or too complex.
Perhaps we can make some improvements.
preventing pages in swarm to be constructed is as complex as extending
SecureWebPage.
Off course you need to create a policy for those 3 types of users,
containing you're secure pages.
About hiding links to pages people are not supposed to come, it will
spare your users from hitting the access denied page.
It tends to annoy people: if the app knows i'm not allowed to go there
then why can i click on that link anyway, etc.
Maurice
On Dec 31, 2007 1:05 AM, Pills <pi...@hmcrecord.ch> wrote:
>
> Hello,
>
> I'm using the wicket-auth-roles package to allow or restrict access to some
> pages. I need to autorize the instanciation of some pages to several roles.
> Is it possible to write something like:
>
> @AuthorizeInstanciation("poweruser,admin,sysadmin")
> class Mypage extends WebPage {...}
>
> and something like this in my authenticated session:
>
> public Roles getRoles() {
> return new Roles(new String[] {"poweruser","admin","sysadmin"});
> }
>
> If it's possible, what is the right syntax?
>
> PS: I've read a bit about wasp/swarm, but it looks too much complicated for
> my needs (I just need to prevent some components to be instantiated for some
> kinds of users). Hiding/showing links and such fonctionnality is not needed
>
> Thank you ;)
> --
> View this message in context: http://www.nabble.com/%40AuthorizeInstanciation-and-several-roles-tp14552711p14552711.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: @AuthorizeInstanciation and several roles
Posted by nasrin mansour <na...@gmail.com>.
sorry this :
@AuthorizeInstanciation({"poweruser ", "admin", "sysadmin"})
On Dec 31, 2007 2:04 PM, nasrin mansour <na...@gmail.com> wrote:
> hi
> i don't have enough experience in this topic like you but i think if you
> look at wicket-role-auth-example it's usuful and
> i think you must wite this :
> @AuthorizeInstanciation("poweruser,admin,sysadmin")
> in this way:
> @AuthorizeInstanciation("poweruser ", "admin", "sysadmin")
>
>
> On Dec 31, 2007 3:35 AM, Pills <pills@hmcrecord.ch > wrote:
>
> >
> > Hello,
> >
> > I'm using the wicket-auth-roles package to allow or restrict access to
> > some
> > pages. I need to autorize the instanciation of some pages to several
> > roles.
> > Is it possible to write something like:
> >
> > @AuthorizeInstanciation("poweruser,admin,sysadmin")
> > class Mypage extends WebPage {...}
> >
> > and something like this in my authenticated session:
> >
> > public Roles getRoles() {
> > return new Roles(new String[] {"poweruser","admin","sysadmin"});
> > }
> >
> > If it's possible, what is the right syntax?
> >
> > PS: I've read a bit about wasp/swarm, but it looks too much complicated
> > for
> > my needs (I just need to prevent some components to be instantiated for
> > some
> > kinds of users). Hiding/showing links and such fonctionnality is not
> > needed
> >
> > Thank you ;)
> > --
> > View this message in context: http://www.nabble.com/%40AuthorizeInstanciation-and-several-roles-tp14552711p14552711.html
> >
> > Sent from the Wicket - User mailing list archive at Nabble.com.
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> > For additional commands, e-mail: users-help@wicket.apache.org
> >
> >
>
Re: @AuthorizeInstanciation and several roles
Posted by nasrin mansour <na...@gmail.com>.
yes i said this before , has my syntax any different with your's?
On Dec 31, 2007 2:07 PM, Sébastien Piller <pi...@hmcrecord.ch> wrote:
> Yes, I tried it too, but it doesn't work.
>
> The right syntax seems to be @AutorizeInstanciation( *{* "poweruser",
> "admin", "sysadmin" *}* )
>
> Thanks
>
> nasrin mansour a écrit :
>
> hi
> i don't have enough experience in this topic like you but i think if you
> look at wicket-role-auth-example it's usuful and
> i think you must wite this :
> @AuthorizeInstanciation("poweruser,admin,sysadmin")
> in this way:
> @AuthorizeInstanciation("poweruser ", "admin", "sysadmin")
>
> On Dec 31, 2007 3:35 AM, Pills <pi...@hmcrecord.ch> <pi...@hmcrecord.ch> wrote:
>
>
>
> Hello,
>
> I'm using the wicket-auth-roles package to allow or restrict access to
> some
> pages. I need to autorize the instanciation of some pages to several
> roles.
> Is it possible to write something like:
>
> @AuthorizeInstanciation("poweruser,admin,sysadmin")
> class Mypage extends WebPage {...}
>
> and something like this in my authenticated session:
>
> public Roles getRoles() {
> return new Roles(new String[] {"poweruser","admin","sysadmin"});
> }
>
> If it's possible, what is the right syntax?
>
> PS: I've read a bit about wasp/swarm, but it looks too much complicated
> for
> my needs (I just need to prevent some components to be instantiated for
> some
> kinds of users). Hiding/showing links and such fonctionnality is not
> needed
>
> Thank you ;)
> --
> View this message in context:http://www.nabble.com/%40AuthorizeInstanciation-and-several-roles-tp14552711p14552711.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
> --------------------------------------------------------------------- To
> unsubscribe, e-mail: users-unsubscribe@wicket.apache.org For additional
> commands, e-mail: users-help@wicket.apache.org
Re: @AuthorizeInstanciation and several roles
Posted by nasrin mansour <na...@gmail.com>.
hi
i don't have enough experience in this topic like you but i think if you
look at wicket-role-auth-example it's usuful and
i think you must wite this :
@AuthorizeInstanciation("poweruser,admin,sysadmin")
in this way:
@AuthorizeInstanciation("poweruser ", "admin", "sysadmin")
On Dec 31, 2007 3:35 AM, Pills <pi...@hmcrecord.ch> wrote:
>
> Hello,
>
> I'm using the wicket-auth-roles package to allow or restrict access to
> some
> pages. I need to autorize the instanciation of some pages to several
> roles.
> Is it possible to write something like:
>
> @AuthorizeInstanciation("poweruser,admin,sysadmin")
> class Mypage extends WebPage {...}
>
> and something like this in my authenticated session:
>
> public Roles getRoles() {
> return new Roles(new String[] {"poweruser","admin","sysadmin"});
> }
>
> If it's possible, what is the right syntax?
>
> PS: I've read a bit about wasp/swarm, but it looks too much complicated
> for
> my needs (I just need to prevent some components to be instantiated for
> some
> kinds of users). Hiding/showing links and such fonctionnality is not
> needed
>
> Thank you ;)
> --
> View this message in context:
> http://www.nabble.com/%40AuthorizeInstanciation-and-several-roles-tp14552711p14552711.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>