subject:"Security framework in Wicket \(was\:Re\: \[Wicket\-user\] Wicket 1.2 \?\)"

Security framework in Wicket (was:Re: [Wicket-user] Wicket 1.2 ?)

2006-02-11 Thread Timo Stamm


Johan Compagner schrieb:

We have now a Security framework (better said security interfaces) inside
wicket.



I was wondering whether this is really a good idea. Isn't authorization 
a responsibility of the model in a MVC application?




Timo


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: Security framework in Wicket (was:Re: [Wicket-user] Wicket 1.2 ?)

2006-02-11 Thread Igor Vaynberg

wicket is not MVC so the design of your application will be different. what we provide are hooks for you to build on, if you dont want to use them you dont have to. that is the beauty of the design: they are there for you if you need them, and invisible if you dont.
-IgorOn 2/11/06, Timo Stamm [EMAIL PROTECTED] wrote:
Johan Compagner schrieb: We have now a Security framework (better said security interfaces) inside wicket.I was wondering whether this is really a good idea. Isn't authorizationa responsibility of the model in a MVC application?
Timo---This SF.net email is sponsored by: Splunk Inc. Do you grep through log filesfor problems?Stop!Download the new AJAX search engine that makes
searching your log files as easy as surfing theweb.DOWNLOAD SPLUNK!http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___Wicket-user mailing listWicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: Security framework in Wicket (was:Re: [Wicket-user] Wicket 1.2 ?)

2006-02-11 Thread Eelco Hillenius

I would like to put it a bit differently. Actually I think wicket is
more MVC than frameworks like struts are because we have the MVC at
the level of components instead of requests.

But to answer your question: yes it is a good idea to have such a
framework, even if you want to make authorization part of the model
layer. The mechanism we built in gives you a guaranteed mechanism to
plug in your authorization (in your case, like at Component.ENABLE),
and gives you the possibility to handle authorization exceptions at
the UI layer (because besides denying actions, you generally want to
communicate the denial in some way). So that works even in your case.
Furthermore I don't agree with the statement that it should be done in
the model. We are building a generic framework, so as much as we can,
we should enable users to decide on this themselves. And I think a lot
of times, authorization actually is more related to end-user
functionality that has a 1-1 relationship with the UI than it is with
the model layer. But... opinions differ and that's why we just try to
provide a generic framework.

Eelco

On 2/11/06, Igor Vaynberg [EMAIL PROTECTED] wrote:
 wicket is not MVC so the design of your application will be different. what
 we provide are hooks for you to build on, if you dont want to use them you
 dont have to. that is the beauty of the design: they are there for you if
 you need them, and invisible if you dont.


 -Igor



 On 2/11/06, Timo Stamm [EMAIL PROTECTED] wrote:
  Johan Compagner schrieb:
   We have now a Security framework (better said security interfaces)
 inside
   wicket.
 
 
  I was wondering whether this is really a good idea. Isn't authorization
  a responsibility of the model in a MVC application?
 
 
 
  Timo
 
 
  ---
  This SF.net email is sponsored by: Splunk Inc. Do you grep through log
 files
  for problems?  Stop!  Download the new AJAX search engine that makes
  searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
 
 http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 




---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid3432bid#0486dat1642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Security framework in Wicket (was:Re: [Wicket-user] Wicket 1.2 ?)

Re: Security framework in Wicket (was:Re: [Wicket-user] Wicket 1.2 ?)

Re: Security framework in Wicket (was:Re: [Wicket-user] Wicket 1.2 ?)

3 matches

Site Navigation

Mail list logo

Footer information