Hi all;
I am using wicket and i need a security framework at that point Apache ki
seems ok to me.
First i am getting this error message :
No SecurityManager accessible to this method, either bound to the
org.apache.ki.util.ThreadContext or as a vm static singleton. See the
org.apache.ki.SecurityUtils.getSubject() method JavaDoc for an explanation
of expected environment configuration.
When i do this :
UsernamePasswordToken token = new UsernamePasswordToken(email , password);
token.setRememberMe(true);
Subject currentUser = SecurityUtils.getSubject();
try {
currentUser.login(token); // throws above exception
catch(....) {
.....
}
Here is my web.xml
<filter>
<filter-name>KiFilter</filter-name>
<filter-class>org.apache.ki.web.servlet.KiFilter</filter-class>
<init-param>
<param-name>config</param-name>
<param-value>
securityManager =
org.apache.ki.web.DefaultWebSecurityManager
securityManager.sessionMode = http
# The KiFilter configuration is very powerful and flexible,
while still remaining succinct.
# Please read the comprehensive example, with full comments
and explanations, in the JavaDoc:
#
#
http://ki.apache.org/api/org/apache/ki/web/servlet/KiFilter.html
[main]
myRealm = com.dodod.security.MyRealm
[filters]
ki.loginUrl = /login
authc.successUrl = /
[urls]
# The /login.jsp is not restricted to authenticated users
(otherwise no one could log in!), but
# the 'authc' filter must still be specified for it so it
can process that url's
# login submissions. It is 'smart' enough to allow those
requests through as specified by the
# ki.loginUrl above.
/login= authcBasic
</param-value>
</init-param>
</filter>
I wrote my own com.dodod.security.MyRealm class which
extends AuthorizingRealm and overrides doGetAuthenticationInfo
and doGetAuthorizationInfo methods.
What is wrong ?
Thanks.
--
Altuğ.
