[Wicket-user] LDAP Authentication

[Michiel Trimpe]

Has anyone already tried to implement LDAP-authentication
with Wicket?



If so, do you have some examples??



If not, could someone give me quick step-by-step pointers of
what is needed to implement it?



Kind regards,



Michiel Trimpe



P.S. Are 20Kb Page objects (as reported by the
inspector-bug) normal for Spring-Hibernate apps with fairly complex forms? 





Michiel Trimpe|Java Developer| TomTom | [EMAIL PROTECTED] | +31
(0)6 41482341mobile







This e-mail message contains information which is confidential and may be privileged. It is intended for use by the addressee only. If you are not the intended addressee, we request that you notify the sender immediately and delete or destroy this e-mail message and any attachment(s), without copying, saving, forwarding, disclosing or using its contents in any other way. TomTom N.V., TomTom International BV or any other company belonging to the TomTom group of companies will not be liable for damage relating to the communication by e-mail of data, documents or any other information.

Re: [Wicket-user] LDAP Authentication

[Matej Knopp]

Michiel Trimpe wrote:

Has anyone already tried to implement LDAP-authentication with Wicket?


Wicket has nothing to do with authentication. You might consider using
Acegi or JAAS for this.
Altough Acegi seems little over-complicated.
Hmm.. thinking of it, it would be nice to have a wicket implementation 
JAAS callback handler. Is anyone here using JAAS?
 


If so, do you have some examples??

 

If not, could someone give me quick step-by-step pointers of what is 
needed to implement it?

You may try to use the LDAP template
http://today.java.net/pub/a/today/2006/04/18/ldaptemplate-java-ldap-made-simple.html


 


Kind regards,

 


Michiel Trimpe

 

P.S. Are 20Kb Page objects (as reported by the inspector-bug) normal for 
Spring-Hibernate apps with fairly complex forms?

Seems quite normal to me.

-Matej


 

 

**Michiel Trimpe**| Java Developer| TomTom | [EMAIL PROTECTED] 
mailto:[EMAIL PROTECTED] | +31 (0)6 41482341mobile


 



This e-mail message contains information which is confidential and may 
be privileged. It is intended for use by the addressee only. If you are 
not the intended addressee, we request that you notify the sender 
immediately and delete or destroy this e-mail message and any 
attachment(s), without copying, saving, forwarding, disclosing or using 
its contents in any other way. TomTom N.V., TomTom International BV or 
any other company belonging to the TomTom group of companies will not be 
liable for damage relating to the communication by e-mail of data, 
documents or any other information.






---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] LDAP Authentication

[Timothy Bennett]

On 5/18/06, Michiel Trimpe [EMAIL PROTECTED] wrote:















Has anyone already tried to implement LDAP-authentication
with Wicket?Yup, and in earnest. Check out what we are doing with Triplesec over at http://docs.safehaus.org/display/TRIPLESEC/Home
. Triplesec is a strong authentication identity management platform built on top of Apache Directory (http://directory.apache.org), and offers 2-factor authentication and authorization services using standards like LDAP, Kerberos, and HOTP.
We are using Wicket for the Triplesec server's web-based configuration wizard, admin application, account registration wizard, and demo apps, all of which require LDAP integration. In fact, if you are at JavaOne this week, you'll see the Triplesec-Wicket apps as part of the Triplesec presentation.
One of the cool things about Triplesec is that we also have some very nice API's for dealing with both authentication and authorization, and we've integrated these API's with Wicket. There is the Guardian API which is a read-only API for performing Kerberos (and LDAP) authentication and subsequent authorization by providing access to your application's security policy in the Triplesec LDAP store -- which gives you nice API's to access a user's security profile for your application accessing his roles, permissions, and denials. (
http://docs.safehaus.org/display/TRIPLESEC/Guardian+API+User%27s+Guide).There is also a read-write Admin API, which provides some nice APIs for managing users, password changes, application policies, security profiles, roles, and permissions.
Javadocs for the API's at http://triplesec.safehaus.org/maven/apidocs/index.html.At my day job... we are using Triplesec for Identity Management and my Wicket apps authenticate against Triplesec via Guardian. Integration with Wicket and Guardian's authorization API's provide my apps with role-based (and/or permission-based) access control at the deepest fine-grained component-level in Wicket.

If so, do you have some examples??Working on some docs at Safehaus now. When they are ready, I'll post here and update the Wicket wiki to point to them. I'm still putting the finishing touches on integration with Wicket's 
1.2 role-based authorization interfaces.
If not, could someone give me quick step-by-step pointers of
what is needed to implement it?Now that my shameless plug of Triplesec is over... if you can't use Triplesec for an Identity Management platform, or your application use case involves a vanilla LDAP integration, I might suggest you check out something like:
http://ldaptemplate.sourceforge.net/LdapTemplate is a project that seeks to provide a Spring Dao pattern for LDAP integration much like Spring's own JdbcTemplate and HibernateTemplate API's. It's on my TODO list, but I suspect you could take LdapTemplate and the Wicket-Spring integration extensions and have a nice Dao pattern for LDAP integration. But you'll have do all the work to set up your LDAP as a authN and authZ store
...which is what makes Triplesec and Guardian especially nice is that it is already setup as a specialized LDAP store for authN and authZ, including out-of-the-box support for optional one-time passwords generated by a midlet app you download to your cell phone instead of some keychain fob.
-- timothy

Re: [Wicket-user] LDAP Authentication

[Eelco Hillenius]

I think Topicus implemented that. Not sure... Martijn/ Johan?

Eelco


On 5/18/06, Matej Knopp [EMAIL PROTECTED] wrote:

Michiel Trimpe wrote:
 Has anyone already tried to implement LDAP-authentication with Wicket?

Wicket has nothing to do with authentication. You might consider using
Acegi or JAAS for this.
Altough Acegi seems little over-complicated.
Hmm.. thinking of it, it would be nice to have a wicket implementation
JAAS callback handler. Is anyone here using JAAS?


 If so, do you have some examples??



 If not, could someone give me quick step-by-step pointers of what is
 needed to implement it?
You may try to use the LDAP template
http://today.java.net/pub/a/today/2006/04/18/ldaptemplate-java-ldap-made-simple.html



 Kind regards,



 Michiel Trimpe



 P.S. Are 20Kb Page objects (as reported by the inspector-bug) normal for
 Spring-Hibernate apps with fairly complex forms?
Seems quite normal to me.

-Matej





 **Michiel Trimpe**| Java Developer| TomTom | [EMAIL PROTECTED]
 mailto:[EMAIL PROTECTED] | +31 (0)6 41482341mobile



 
 This e-mail message contains information which is confidential and may
 be privileged. It is intended for use by the addressee only. If you are
 not the intended addressee, we request that you notify the sender
 immediately and delete or destroy this e-mail message and any
 attachment(s), without copying, saving, forwarding, disclosing or using
 its contents in any other way. TomTom N.V., TomTom International BV or
 any other company belonging to the TomTom group of companies will not be
 liable for damage relating to the communication by e-mail of data,
 documents or any other information.




---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user




---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid0709bid3057dat1642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] LDAP Authentication

[Johan Compagner]

i was waiting for Mr JAAS to respond... MAURICE! where are you!johanOn 5/18/06, Eelco Hillenius 
[EMAIL PROTECTED] wrote:I think Topicus implemented that. Not sure... Martijn/ Johan?
EelcoOn 5/18/06, Matej Knopp [EMAIL PROTECTED] wrote: Michiel Trimpe wrote:  Has anyone already tried to implement LDAP-authentication with Wicket?
  Wicket has nothing to do with authentication. You might consider using Acegi or JAAS for this. Altough Acegi seems little over-complicated. Hmm.. thinking of it, it would be nice to have a wicket implementation
 JAAS callback handler. Is anyone here using JAAS?If so, do you have some examples?? If not, could someone give me quick step-by-step pointers of what is
  needed to implement it? You may try to use the LDAP template http://today.java.net/pub/a/today/2006/04/18/ldaptemplate-java-ldap-made-simple.html
 Kind regards, Michiel Trimpe P.S. Are 20Kb Page objects (as reported by the inspector-bug) normal for
  Spring-Hibernate apps with fairly complex forms? Seems quite normal to me. -Matej   **Michiel Trimpe**| Java Developer| TomTom | 
[EMAIL PROTECTED]  mailto:[EMAIL PROTECTED] | +31 (0)6 41482341mobile  
     This e-mail message contains information which is confidential and may  be privileged. It is intended for use by the addressee only. If you are
  not the intended addressee, we request that you notify the sender  immediately and delete or destroy this e-mail message and any  attachment(s), without copying, saving, forwarding, disclosing or using
  its contents in any other way. TomTom N.V., TomTom International BV or  any other company belonging to the TomTom group of companies will not be  liable for damage relating to the communication by e-mail of data,
  documents or any other information.  --- Using Tomcat but need to do more? Need to support web services, security?
 Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo 
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Wicket-user mailing list 
Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user---
Using Tomcat but need to do more? Need to support web services, security?Get stuff done quickly with pre-integrated technology to make your job easierDownload IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmdlnkkid0709bid3057dat1642___
Wicket-user mailing listWicket-user@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] LDAP Authentication

[Timothy Bennett]

On 5/18/06, Eelco Hillenius [EMAIL PROTECTED] wrote:
Timothy, you rock!Not me... These are the guys that rock... http://docs.safehaus.org/display/TRIPLESEC/TeamAnyway... While I'm not Mr. JAAS, I would like to point out that Guardian uses a subclass of the JAAS Krb5LoginModule to perform authentication and that it returns a SafehausPrincipal, which is a specialized subclass of the JAAS Principal. The SafehausPrincipal exposes the authenticated user's authorization Profile for the given application with which to apply RBAC.