I am using the RoleAuthorizationStrategy (which uses MetaDataRoleAuthorizationStrategyinternally) in my app and it works fine. I have a user object that has a list of valid roles in the application.
What I want to do now is make my pages role-based. For example, if you are an originator, you would have access to more fields (some enabled, some visible). In this case, the role depends not only on the User, but also the specific data being viewed. It looks like I could use the MetaDataRoleAuthorizationStrategy (MDRAS) with a different IRoleCheckingStrategy (maybe implemented by the page) to accomplish this. If anyone has implmeneted a finer-grained, data-based role system as opposed to a coarser-grained, application role system, would you mind sharing your strategy? As far as what I am going to look into... I can see the way to register the MDRAS with the Application (add() method on CompoundAuthorizationStrategy). I'm pretty sure that I would want to unregister the instance when the page is done so that the authorization checking didn't get slowed down by unneeded Authorization Strategies (AS) (maybe make a new version of CompoundAuthorizationStrategy that has a remove() method). But when would I unregister the AS for the page? When the request is done? What about AJAX calls? Any suggestions? -- View this message in context: http://www.nabble.com/Role-authorization-per-page-tf2453766.html#a6838829 Sent from the Wicket - User mailing list archive at Nabble.com. ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Wicket-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/wicket-user
