views:

127

answers:

1

Hi everybody.

I use an IAuthorizationStrategy in wicket to limit access to certain pages. However, I also use html menus like this one:

<div class="siteMenu">
<wicket:link>
    <a href="Page1.html" class="siteMenuLink">
        <wicket:message key="pages.page1.title" />
    </a>
    <a
        href="Page2.html" class="siteMenuLink">
        <wicket:message key="pages.page2.title" />
    </a>
    <a
        href="Page3.html" class="siteMenuLink">
        <wicket:message key="pages.page3.title" />
    </a>
</wicket:link>
</div>

, that are automatically picked up and expanded using the wicket:link mechanism (like here: http://wicket.apache.org/examplenavomatic.html ). However, the IAuthorizationStrategy may not allow one or more of these target pages, so I may end up either with lots of links that lead to "permission denied" pages or lots of deactivated links (i.e. em tags or the like), neither of which is pretty.

I could of course write an IComponentInstantiationListener that checks all BookmarkableLinks to see whether their target is accessible through the IAuthorizationStrategy and renders them invisible otherwise, but I wonder if there is an out-of-the-box solution to this problem. For clarification: I only use the isInstantiationAuthorized() method of IAuthorizationStrategy.

+2  A: 

Actually, I was blind. The answer is obvious. Extend the authorization strategy to check the links to the pages and then use an IUnauthorizedComponentInstantiationListener to render them invisible

seanizer
You can accept your own answer :)
Dolph
yes, in two days :-)
seanizer
Any chance you can post some samples of what you did? Would help others like me get a head start, as I think you are attempting exactly what I am after.
stevemac
Sire, I'll do it from the office tomorrow.
seanizer
OK, I created a project at http://code.google.com/p/wicket-component-auth/ you can either just grab the code or sign up and help me make it better
seanizer
I will, heading over there now to check it out.
stevemac