> > All you have to do is to annotate the desired page with > "@Secured(Role.ADMIN)"
I'm also using a custom dispatcher. The thing I don't like about most of the current examples/solutions I've seen so far is that access is allowed by default if the developer forgets to add a specific annotation. I'd like the page to be protected unless the developers makes it publicly accessible. Therefore I setup our dispatcher to always check if the requested page implements either a PublicPage interface or a ProtectedPage interface. If none of these interfaces is implemented access is denied. It's a step back because the pages are now expected to implement specific interfaces again, but I think it's a better fit if you prefer defensive programming. - Onno
