You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Wilhelmsen Tor Iver <To...@arrive.no> on 2010/02/12 09:07:51 UTC
Authorization and
We have an app with three "user types" and two "user levels" (read or read-write in effect). We want to use these in authorization, and thought about an approach using annotations. However, at the point of the Wicket auth. interface methods, only class-targeted annotations are visible, and that will lead to excessive subclassing (especially since Java does not let you annotate anonymous inner classes).
Would it be a better approach to use "behaviorless Behavior" objects that we add to the relevant components and look for in isActionAuthorized()?
Med vennlig hilsen
TOR IVER WILHELMSEN
Senior systemutvikler
Arrive AS
T (+47) 48 16 06 18
E-post: toriverw@arrive.no
http://www.arrive.no
http://servicedesk.arrive.no
Re: Authorization and
Posted by Riyad Kalla <rk...@gmail.com>.
Daniele,
I think you're exactly right to use the
get/setMetaData<http://wicket.apache.org/docs/1.4/org/apache/wicket/Component.html#setMetaData(org.apache.wicket.MetaDataKey,
M)> methods, per the Javadoc on
MetaDataKey<http://wicket.apache.org/docs/1.4/org/apache/wicket/MetaDataKey.html>(example
code uses ROLE) it seems that was one of the intents.
On Fri, Feb 12, 2010 at 3:39 AM, Daniele Dellafiore <il...@gmail.com>
wrote:
> I am facing authorization problems this days, as you see in onother
message.
>
>
> when I started to deal with this problem I were also uncomfortable at the
> idea to use annotation on components or even specific class (like
> SecureComponent). Too much noise in the code and too much interference of
> authorization stuff in the operational code.
>
> I wanted to move everything in the AuthorizationStrategy to keep the
> panels/page code almost authorizazion unaware.
>
> Actually I think that that target could be achieved only for some simple
> situation. My advice is to try using the wicket component.setMetaData. You
> can put there you access authorization key and check for it in
> AuthorizationStrategy.
>
> This is easy to understand and keep the code clean.
>
>
> On Fri, Feb 12, 2010 at 9:07 AM, Wilhelmsen Tor Iver <TorIverW@arrive.no
>wrote:
>
>> We have an app with three "user types" and two "user levels" (read or
>> read-write in effect). We want to use these in authorization, and thought
>> about an approach using annotations. However, at the point of the Wicket
>> auth. interface methods, only class-targeted annotations are visible, and
>> that will lead to excessive subclassing (especially since Java does not
let
>> you annotate anonymous inner classes).
>>
>> Would it be a better approach to use "behaviorless Behavior" objects that
>> we add to the relevant components and look for in isActionAuthorized()?
>>
>> Med vennlig hilsen
>>
>> TOR IVER WILHELMSEN
>> Senior systemutvikler
>> Arrive AS
>> T (+47) 48 16 06 18
>> E-post: toriverw@arrive.no
>> http://www.arrive.no
>> http://servicedesk.arrive.no
>>
>>
>>
>>
>
>
> --
> Daniele Dellafiore
> http://danieledellafiore.net
>
Re: Authorization and
Posted by Daniele Dellafiore <il...@gmail.com>.
I am facing authorization problems this days, as you see in onother message.
when I started to deal with this problem I were also uncomfortable at the
idea to use annotation on components or even specific class (like
SecureComponent). Too much noise in the code and too much interference of
authorization stuff in the operational code.
I wanted to move everything in the AuthorizationStrategy to keep the
panels/page code almost authorizazion unaware.
Actually I think that that target could be achieved only for some simple
situation. My advice is to try using the wicket component.setMetaData. You
can put there you access authorization key and check for it in
AuthorizationStrategy.
This is easy to understand and keep the code clean.
On Fri, Feb 12, 2010 at 9:07 AM, Wilhelmsen Tor Iver <To...@arrive.no>wrote:
> We have an app with three "user types" and two "user levels" (read or
> read-write in effect). We want to use these in authorization, and thought
> about an approach using annotations. However, at the point of the Wicket
> auth. interface methods, only class-targeted annotations are visible, and
> that will lead to excessive subclassing (especially since Java does not let
> you annotate anonymous inner classes).
>
> Would it be a better approach to use "behaviorless Behavior" objects that
> we add to the relevant components and look for in isActionAuthorized()?
>
> Med vennlig hilsen
>
> TOR IVER WILHELMSEN
> Senior systemutvikler
> Arrive AS
> T (+47) 48 16 06 18
> E-post: toriverw@arrive.no
> http://www.arrive.no
> http://servicedesk.arrive.no
>
>
>
>
--
Daniele Dellafiore
http://danieledellafiore.net