Home/ Questions/Q 5980117
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T21:45:21+00:00

I am using wicket 1.4.9 and implemented spring + wicket auth-role and using @AuthorizeInstantiation

  • 0

I am using wicket 1.4.9 and implemented spring + wicket auth-role and using @AuthorizeInstantiation based on roles on pages. I have multiple custom roles.

I have followed this link to implement the basics:
https://cwiki.apache.org/WICKET/spring-security-and-wicket-auth-roles.html

After that I have implemented my own UserDetailsService to have my own roles/users from database.

Now, How can I impose controls on roles with components eg, Links,Buttons ? like
link A can be accessed only by SUPER_USER, DR_MANAGER. (roles comes from database).

I have done like this and it seems to work, but is that the good way to do this? OrbitWebSession is of type AuthenticatedWebSession.

        @Override
        public boolean isVisible() {
            if(OrbitWebSession.get().getRoles().hasRole("SUPER_USER")){
                return true;
            }
            return false;
        }

thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Overriding isVisible all the time is a major pain. Take a look at MetaDataRoleAuthorizationStrategy instead. You call authorize(Component component, Action action, String roles) with Action RENDER, and the roles you want to allow. This way the component, whatever it is, is automatically hidden for other roles provided that the authorization strategy is registered in your webapplication. Basically it does the same thing as Holms answer, except you don’t have to subclass anything.

    • 0