Hi James,
thats no flaming - thats just human :) - I mean, when I first saw it I
thought "WTF!?! - this is a big mess..." but after spending some time on
it, it turned out that its really a cool thing.
IMHO the biggest mess Maurice made was the naming of its parts... I mean
WASP, SWARM, HIVE, Principal & co: Man! This sounds like some sort of a
B-class-horror-movie... but soon after you understand the meanings in
the context you see how neat and cool this is.
I mean, security is usually never beloved nor easy - I know of some SAP
system having more than 1000 defined roles (!) in over 10 Levels of
usage each - but its just necessary. If you look at the current one we
have with wicket, its just best described as : easy - and somehow
useless in bigger contexts. Just imagine if every user may do everything
if he's logged in - we authenticate but not really authorize, nor can we
easily secure information or parts of it.
I mean, with swarm you got some really cool things like SecureModels or
the possibility to overtake security from other places/ apps. This of
course is not so easy anymore but is powerful and necessary in many
applications.
If you want to get a good grip on it and what it can do just look this
presentation:
http://www.slideshare.net/mrmean/wicket-security-presentation/
and grab the examples:
http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security+Examples
(to see them in action: http://wicketstuff.org/wicketsecurity/ )
Best,
Korbinian
James Carman schrieb:
On Mon, Jul 7, 2008 at 11:38 AM, Maurice Marrink <[EMAIL PROTECTED]> wrote:
No particular reason other then that we are trying to make the
migration from wicket 1.3 to wicket 1.4 as small as possible.
There has not been an official vote on this yet but the plan is to
integrate it in wicket 1.5 which we will begin working on shortly
after 1.4 has been released.
I'm not trying to flame here or anything, but from what I've read of
Swarm/Wasp, it's quite complicated and that would go against the
spirit of Wicket, IMHO. Also, it uses external files for
configuration. Again, this goes against the spirit of Wicket.
Perhaps if there were a programmatic way of configuring everything?
Again, I've never used it, but I've seen responses on the lists about
how to do things and it just scared me away from it. That's just my
$0.02. To be fair, maybe I should play with it a bit to see it for
myself, but I haven't had the cycles. Sorry.
