Component level Authorization
This example demonstrates the powerful component level authorization available in Wicket.
Lets say you have tag interface AdminComponent. All your admin components implement this interface.
all you have to do is
public class MyAuthStrat implements IAuthorizationStrategy
{
boolean isInstantioantionAuthorizer()
{
return true;
}
boolean isActionAuthorized(Component c, Action action)
{
if (c instanceof AdminComponent)
{
if (action.equals(Component.RENDER)||action.equals(Component.ENABLE))
{
User user= Session.get().getUser();
return user != null && user.isadmin();
}
}
}
}
and in your application class:
myapplication.init()
{
getSecuritySettings().setAuthorizationStrategy(new myAuthAtrat());
}
What these few lines of code do is give you an application wide security. Any component that implements AdminComponent interface will now only be rendered and enabled for admin users.