I would definitly not like it when IAuthStrategy is removed. Most companies where we use Wicket have strange/homebrewn/or plain oldfashioned strange authentication systems. Having IAuthStrategy available makes it so much easier to abstract it away.
Ron Smits I Haven't Lost My Mind - It's Backed Up On Disk Somewhere On Fri, Oct 26, 2012 at 9:55 AM, Martin Grigorov <[email protected]>wrote: > Why not to improve it ? > Instead of using username/password we can improve it to use Token, > with UsernamePasswordToken as default impl for > DefaultAuthenticationStrategy > (UsernamePasswordAuthenticationStrategy). > > Moving it to wicket-auth-roles will lead to explanations like: To be > able to do simple things like username/passwd authentication you need > to either use -auth-roles which is actually an example or roll your > own impl. > And the recent poll by Jeremy showed that many users use home backed > solutions. > > On Fri, Oct 26, 2012 at 10:21 AM, Sven Meier <[email protected]> wrote: > > I agree, it would be better placed in wicket-authroles. > > > > Sven > > > > > > On 10/25/2012 07:19 PM, Jesse Long wrote: > >> > >> Hi all, > >> > >> IAuthenticationStrategy is pretty much only used by wicket-authroles. > This > >> was enough cause to get Session#authenticate kicked out. > >> > >> Also, the interface makes some assumptions about username and password > >> being the only possible authentication tokens. > >> > >> Maybe it should be moved to wicket-authroles using a > >> Application.getMetaData() type implementation in 7? > >> > >> Thoughts? > >> > >> Thanks, > >> Jesse > > > > > > > > -- > Martin Grigorov > jWeekend > Training, Consulting, Development > http://jWeekend.com >
