Re: Best way to do authentication in external system
I think the 4-th option will be the best way to do it. As an external solution you can consider Spring Security or Apache Shiro 2014/1/16 Martin Grigorov mgrigo...@apache.org Hi, 4) Add a Servlet Filter *before* WicketFilter in web.xml The new filter will check whether there is an authenticated user or not and do whatever is needed Martin Grigorov Wicket Training and Consulting On Thu, Jan 16, 2014 at 9:29 AM, Илья Нарыжный phan...@ydn.ru wrote: Guys, Please advice me. What's the best way to implement authentication in external system(support of Single Sign On)? I know 3 variants, but all of them have different pros and cons. 1) Implement your own IRequestCycleListener. You are intercepting all requests, finding out those that should be authenticated externally and proceeed with proper operations (commonly redirect to external system). 2) Implement of IREquestMapper. HttpsMapper can be taken as some kind of example. 3) Override restartResponseAtSignInPage() and redirect to external system if required. So, what is the best one? May be you know more variants? Thanks, Ilia
Re: Best way to do authentication in external system
But there is one big disadvantage of variant 4 (actually variant 1 partially has this one too): Authentication should performed only when user steps to some secured page. And it's not a way to separate secured and unsecured pages by url, because it might be dynamic. Filter can't be aware of what's secured in Wicket and what is not. Assuming this: what would be your suggetions? P.S. I have implemented that with the aid of variant 3. And it works good. Thanks, Ilia 2014/1/16 Dmitriy Neretin dmitriy.nere...@googlemail.com I think the 4-th option will be the best way to do it. As an external solution you can consider Spring Security or Apache Shiro 2014/1/16 Martin Grigorov mgrigo...@apache.org Hi, 4) Add a Servlet Filter *before* WicketFilter in web.xml The new filter will check whether there is an authenticated user or not and do whatever is needed Martin Grigorov Wicket Training and Consulting On Thu, Jan 16, 2014 at 9:29 AM, Илья Нарыжный phan...@ydn.ru wrote: Guys, Please advice me. What's the best way to implement authentication in external system(support of Single Sign On)? I know 3 variants, but all of them have different pros and cons. 1) Implement your own IRequestCycleListener. You are intercepting all requests, finding out those that should be authenticated externally and proceeed with proper operations (commonly redirect to external system). 2) Implement of IREquestMapper. HttpsMapper can be taken as some kind of example. 3) Override restartResponseAtSignInPage() and redirect to external system if required. So, what is the best one? May be you know more variants? Thanks, Ilia
Re: Best way to do authentication in external system
Hi Ilia, Option #6 is to have your own JAAS Login Module performing the authentication to the external system. The JAAS module is referenced in your AS config and its named policy is called through JNDI in the #authenticate method, with the user/pwd the user will supply. In addition your can attach the roles to the Subject using Principal(s) so there are available for #getRoles() That way, the only thing you have to do is to secure your page using the @authorizeinstantiation Hope this helps, Sebastien. On Fri, Jan 17, 2014 at 12:23 AM, Илья Нарыжный phan...@ydn.ru wrote: But there is one big disadvantage of variant 4 (actually variant 1 partially has this one too): Authentication should performed only when user steps to some secured page. And it's not a way to separate secured and unsecured pages by url, because it might be dynamic. Filter can't be aware of what's secured in Wicket and what is not. Assuming this: what would be your suggetions? P.S. I have implemented that with the aid of variant 3. And it works good. Thanks, Ilia 2014/1/16 Dmitriy Neretin dmitriy.nere...@googlemail.com I think the 4-th option will be the best way to do it. As an external solution you can consider Spring Security or Apache Shiro 2014/1/16 Martin Grigorov mgrigo...@apache.org Hi, 4) Add a Servlet Filter *before* WicketFilter in web.xml The new filter will check whether there is an authenticated user or not and do whatever is needed Martin Grigorov Wicket Training and Consulting On Thu, Jan 16, 2014 at 9:29 AM, Илья Нарыжный phan...@ydn.ru wrote: Guys, Please advice me. What's the best way to implement authentication in external system(support of Single Sign On)? I know 3 variants, but all of them have different pros and cons. 1) Implement your own IRequestCycleListener. You are intercepting all requests, finding out those that should be authenticated externally and proceeed with proper operations (commonly redirect to external system). 2) Implement of IREquestMapper. HttpsMapper can be taken as some kind of example. 3) Override restartResponseAtSignInPage() and redirect to external system if required. So, what is the best one? May be you know more variants? Thanks, Ilia
Best way to do authentication in external system
Guys, Please advice me. What's the best way to implement authentication in external system(support of Single Sign On)? I know 3 variants, but all of them have different pros and cons. 1) Implement your own IRequestCycleListener. You are intercepting all requests, finding out those that should be authenticated externally and proceeed with proper operations (commonly redirect to external system). 2) Implement of IREquestMapper. HttpsMapper can be taken as some kind of example. 3) Override restartResponseAtSignInPage() and redirect to external system if required. So, what is the best one? May be you know more variants? Thanks, Ilia
Re: Best way to do authentication in external system
Hi, 4) Add a Servlet Filter *before* WicketFilter in web.xml The new filter will check whether there is an authenticated user or not and do whatever is needed Martin Grigorov Wicket Training and Consulting On Thu, Jan 16, 2014 at 9:29 AM, Илья Нарыжный phan...@ydn.ru wrote: Guys, Please advice me. What's the best way to implement authentication in external system(support of Single Sign On)? I know 3 variants, but all of them have different pros and cons. 1) Implement your own IRequestCycleListener. You are intercepting all requests, finding out those that should be authenticated externally and proceeed with proper operations (commonly redirect to external system). 2) Implement of IREquestMapper. HttpsMapper can be taken as some kind of example. 3) Override restartResponseAtSignInPage() and redirect to external system if required. So, what is the best one? May be you know more variants? Thanks, Ilia