Re: Remove IAuthenticationStrategy in 7

Fri, 26 Oct 2012 01:35:31 -0700 

>I don't want to promote wicket-auth-roles to be something more
> than example but moving IAuthenticationStrategy there will help for this. 


Ok, now I understand. Perhaps time to move wicket-auth-roles to 
wicket-examples then :P.



For me IAuthenticationStrategy is an example only, so it fits perfectly 
into wicket-auth-roles (and is used there only).


Sven


On 10/26/2012 10:28 AM, Martin Grigorov wrote:

On Fri, Oct 26, 2012 at 11:20 AM, Sven Meier <[email protected]> wrote:

Why not to improve it ?


Sure, we can improve it.

But for now it's just an ugly interface (see the #load() method) which is
used by SignInPanel in wicket-auth-roles.



-auth-roles which is actually an example


How does keeping IAuthenticationStrategy in core help wicket-auth-roles
being more than an example?

I don't want to promote wicket-auth-roles to be something more than
example but moving IAuthenticationStrategy there will help for this.




And the recent poll by Jeremy showed that many users use home backed
solutions.


For the others we have wicketstuff-shiro already.

Not quite :-)
It has been disabled (not migrated) until now.


Best regards
Sven



On 10/26/2012 09:55 AM, Martin Grigorov wrote:

Why not to improve it ?
Instead of using username/password we can improve it to use Token,
with UsernamePasswordToken as default impl for
DefaultAuthenticationStrategy
(UsernamePasswordAuthenticationStrategy).

Moving it to wicket-auth-roles will lead to explanations like: To be
able to do simple things like username/passwd authentication you need
to either use -auth-roles which is actually an example or roll your
own impl.
And the recent poll by Jeremy showed that many users use home backed
solutions.

On Fri, Oct 26, 2012 at 10:21 AM, Sven Meier <[email protected]> wrote:

I agree, it would be better placed in wicket-authroles.

Sven


On 10/25/2012 07:19 PM, Jesse Long wrote:

Hi all,

IAuthenticationStrategy is pretty much only used by wicket-authroles.
This
was enough cause to get Session#authenticate kicked out.

Also, the interface makes some assumptions about username and password
being the only possible authentication tokens.

Maybe it should be moved to wicket-authroles using a
Application.getMetaData() type implementation in 7?

Thoughts?

Thanks,
Jesse































					Reply via email to