RE: [wicket-security] LDAP integration?
The only issue I have with proposed solution 1 is that there is duplication of code, but I cannot see a simple way around it. Is it plausible to adopt the same strategy that we mount pages? I was thinking that doing something like: mountSecurePage(MySecureWebPage.class) ...may be a nice alternative to actually extending SecureWebPage. I will defiantly contribute any ldap integration code once I am able to get it working properly ;o) -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Saturday, January 05, 2008 12:16 PM To: users@wicket.apache.org Subject: Re: [wicket-security] LDAP integration? You could do LoginPage extends AbstractBasePage MySecurePage extends AbstractBasePage implements ISecurePage OtherPage extends MySecurePage Or alternatively MyInterface extends ISecurePage AbstractBasePage extends SecureWebPage LoginPage extends AbstractBasePage OtherPage extends AbstractBasePage implements MyInterface The important part here is the MyInterface By default Swarm only does an instantiation check on components with the ISecurePage interface (which is implemented by SecureWebPage). But you can change this to any interface you like as long as the interface extends ISecureComponent. To do this you need to overwrite the setupStrategyFactory method of SwarmWebApplication to do setStrategyFactory(new SwarmStrategyFactory(MyInterface.class,getHiveKey())); Personally i would go for option 1 as you can simply copy the implementation for ISecurePage from SecureWebPage BTW once you have the ldap part up and running and if it is setup in a generic way i would be interested in including it with swarm or a subproject if thats alright with you. Maurice On Jan 4, 2008 8:39 PM, William Hoover [EMAIL PROTECTED] wrote: I do have another question... According to the documentation one should not extend SecureWebPage for the login page (makes sense), but if you have a decorator that is used on all of your pages (including the login page) how can you accomplish this? For example: Example 1: AbstractBasePage extends SecureWebPage (wrapper) LoginPage extends AbstractBasePage (will not work) OtherPage1 extends AbstractBasePage OtherPage2 extends AbstractBasePage ... Example 2: AbstractBasePage extends WebPage (wrapper) LoginPage extends AbstractBasePage OtherPage1 extends ? (cannot extend both AbstractBasePage and SecureWebPage) OtherPage2 extends ? (cannot extend both AbstractBasePage and SecureWebPage) ... -Original Message- From: William Hoover [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 1:24 PM To: users@wicket.apache.org Subject: RE: [wicket-security] LDAP integration? Never mind... I wasn't calling super.init() when I was overriding init() in SwarmWebApplication impl -Original Message- From: William Hoover [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 1:14 PM To: users@wicket.apache.org Subject: RE: [wicket-security] LDAP integration? I'm with you... it doesn't seem to be too difficult to get the mapping between ldap/swarm working. I am attempting to try it out in a simple application. However, I am receiving a NullPointerException in WaspSession because the StrategyFactory is not instantiated. Is there something else that needs to be down in the SwarmWebApplication (following the instructions from http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm)? public WaspSession(WaspApplication application, Request request) { super(request); securityStrategy = application.getStrategyFactory().newStrategy(); // throws npe } -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 11:16 AM To: users@wicket.apache.org Subject: Re: [wicket-security] LDAP integration? I think there will be one more beta before we do the final. I recently made some changes to boost performance and a public beta for that will be better. Even though we are already using it in our apps without problems through the snapshot release. With any luck the 2nd beta will be released this weekend and the final will probably follow soon after. Well the slightly more complex route is connecting to ldap yourself (option number 1 in my previous mail). Personally i think the mapping between ldap and swarm will be a breeze. because a swarm principal is basically just a name. Maurice On Jan 4, 2008 3:43 PM, William Hoover [EMAIL PROTECTED] wrote: Thanks for the info. We are not using Spring (opted for Plexus) so I'm not sure how plausible it will be to implement the easiest solution in our case. The application in question is still in the preliminary evaluation stage so we may have to look for another route. Do you have a roadmap/timeline on a release date for wicket-security? -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED
RE: [wicket-security] LDAP integration?
oops!!! *definitely* -Original Message- From: William Hoover Sent: Monday, January 07, 2008 9:23 AM To: 'users@wicket.apache.org' Subject: RE: [wicket-security] LDAP integration? The only issue I have with proposed solution 1 is that there is duplication of code, but I cannot see a simple way around it. Is it plausible to adopt the same strategy that we mount pages? I was thinking that doing something like: mountSecurePage(MySecureWebPage.class) ...may be a nice alternative to actually extending SecureWebPage. I will defiantly contribute any ldap integration code once I am able to get it working properly ;o) -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Saturday, January 05, 2008 12:16 PM To: users@wicket.apache.org Subject: Re: [wicket-security] LDAP integration? You could do LoginPage extends AbstractBasePage MySecurePage extends AbstractBasePage implements ISecurePage OtherPage extends MySecurePage Or alternatively MyInterface extends ISecurePage AbstractBasePage extends SecureWebPage LoginPage extends AbstractBasePage OtherPage extends AbstractBasePage implements MyInterface The important part here is the MyInterface By default Swarm only does an instantiation check on components with the ISecurePage interface (which is implemented by SecureWebPage). But you can change this to any interface you like as long as the interface extends ISecureComponent. To do this you need to overwrite the setupStrategyFactory method of SwarmWebApplication to do setStrategyFactory(new SwarmStrategyFactory(MyInterface.class,getHiveKey())); Personally i would go for option 1 as you can simply copy the implementation for ISecurePage from SecureWebPage BTW once you have the ldap part up and running and if it is setup in a generic way i would be interested in including it with swarm or a subproject if thats alright with you. Maurice On Jan 4, 2008 8:39 PM, William Hoover [EMAIL PROTECTED] wrote: I do have another question... According to the documentation one should not extend SecureWebPage for the login page (makes sense), but if you have a decorator that is used on all of your pages (including the login page) how can you accomplish this? For example: Example 1: AbstractBasePage extends SecureWebPage (wrapper) LoginPage extends AbstractBasePage (will not work) OtherPage1 extends AbstractBasePage OtherPage2 extends AbstractBasePage ... Example 2: AbstractBasePage extends WebPage (wrapper) LoginPage extends AbstractBasePage OtherPage1 extends ? (cannot extend both AbstractBasePage and SecureWebPage) OtherPage2 extends ? (cannot extend both AbstractBasePage and SecureWebPage) ... -Original Message- From: William Hoover [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 1:24 PM To: users@wicket.apache.org Subject: RE: [wicket-security] LDAP integration? Never mind... I wasn't calling super.init() when I was overriding init() in SwarmWebApplication impl -Original Message- From: William Hoover [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 1:14 PM To: users@wicket.apache.org Subject: RE: [wicket-security] LDAP integration? I'm with you... it doesn't seem to be too difficult to get the mapping between ldap/swarm working. I am attempting to try it out in a simple application. However, I am receiving a NullPointerException in WaspSession because the StrategyFactory is not instantiated. Is there something else that needs to be down in the SwarmWebApplication (following the instructions from http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm)? public WaspSession(WaspApplication application, Request request) { super(request); securityStrategy = application.getStrategyFactory().newStrategy(); // throws npe } -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 11:16 AM To: users@wicket.apache.org Subject: Re: [wicket-security] LDAP integration? I think there will be one more beta before we do the final. I recently made some changes to boost performance and a public beta for that will be better. Even though we are already using it in our apps without problems through the snapshot release. With any luck the 2nd beta will be released this weekend and the final will probably follow soon after. Well the slightly more complex route is connecting to ldap yourself (option number 1 in my previous mail). Personally i think the mapping between ldap and swarm will be a breeze. because a swarm principal is basically just a name. Maurice On Jan 4, 2008 3:43 PM, William Hoover [EMAIL PROTECTED] wrote: Thanks for the info. We are not using Spring (opted for Plexus) so I'm not sure how plausible it will be to implement the easiest solution in our case. The application in question is still in the preliminary evaluation stage so we
Re: [wicket-security] LDAP integration?
Do you mean that little bit of insignificant code in the Secure(Web)Page ? All that does is redirect to the SecureComponentHelper so i would not call that code duplication. Even more all SecureComponents i create use the same oneliners to redirect to SecureComponentHelper. Regarding the mount, i am not sure if you can get the mount path if all you have is a page class (you probably can somehow but i don't know how) In that case you can extend SwarmStrategy and use the mount path to check for instantiation permission. But i would not recommend that just to avoid code duplication, if it really bothers you you can go ahead with option 2 and use a custom interface for instantiation checking. Or you could try and ignore the fact that the login page should not be a SecurePage and try it anyway, i am not a 100% sure it will work but i did make some exceptions that bypass the instantiation check if the page class in question is the login page, so give it a try. The reason the documentation says you should not have your login page extend SecurePage is because it just doesn't feel right to do so. Maurice On Jan 7, 2008 3:24 PM, William Hoover [EMAIL PROTECTED] wrote: oops!!! *definitely* -Original Message- From: William Hoover Sent: Monday, January 07, 2008 9:23 AM To: 'users@wicket.apache.org' Subject: RE: [wicket-security] LDAP integration? The only issue I have with proposed solution 1 is that there is duplication of code, but I cannot see a simple way around it. Is it plausible to adopt the same strategy that we mount pages? I was thinking that doing something like: mountSecurePage(MySecureWebPage.class) ...may be a nice alternative to actually extending SecureWebPage. I will defiantly contribute any ldap integration code once I am able to get it working properly ;o) -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Saturday, January 05, 2008 12:16 PM To: users@wicket.apache.org Subject: Re: [wicket-security] LDAP integration? You could do LoginPage extends AbstractBasePage MySecurePage extends AbstractBasePage implements ISecurePage OtherPage extends MySecurePage Or alternatively MyInterface extends ISecurePage AbstractBasePage extends SecureWebPage LoginPage extends AbstractBasePage OtherPage extends AbstractBasePage implements MyInterface The important part here is the MyInterface By default Swarm only does an instantiation check on components with the ISecurePage interface (which is implemented by SecureWebPage). But you can change this to any interface you like as long as the interface extends ISecureComponent. To do this you need to overwrite the setupStrategyFactory method of SwarmWebApplication to do setStrategyFactory(new SwarmStrategyFactory(MyInterface.class,getHiveKey())); Personally i would go for option 1 as you can simply copy the implementation for ISecurePage from SecureWebPage BTW once you have the ldap part up and running and if it is setup in a generic way i would be interested in including it with swarm or a subproject if thats alright with you. Maurice On Jan 4, 2008 8:39 PM, William Hoover [EMAIL PROTECTED] wrote: I do have another question... According to the documentation one should not extend SecureWebPage for the login page (makes sense), but if you have a decorator that is used on all of your pages (including the login page) how can you accomplish this? For example: Example 1: AbstractBasePage extends SecureWebPage (wrapper) LoginPage extends AbstractBasePage (will not work) OtherPage1 extends AbstractBasePage OtherPage2 extends AbstractBasePage ... Example 2: AbstractBasePage extends WebPage (wrapper) LoginPage extends AbstractBasePage OtherPage1 extends ? (cannot extend both AbstractBasePage and SecureWebPage) OtherPage2 extends ? (cannot extend both AbstractBasePage and SecureWebPage) ... -Original Message- From: William Hoover [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 1:24 PM To: users@wicket.apache.org Subject: RE: [wicket-security] LDAP integration? Never mind... I wasn't calling super.init() when I was overriding init() in SwarmWebApplication impl -Original Message- From: William Hoover [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 1:14 PM To: users@wicket.apache.org Subject: RE: [wicket-security] LDAP integration? I'm with you... it doesn't seem to be too difficult to get the mapping between ldap/swarm working. I am attempting to try it out in a simple application. However, I am receiving a NullPointerException in WaspSession because the StrategyFactory is not instantiated. Is there something else that needs to be down in the SwarmWebApplication (following the instructions from http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm)? public WaspSession(WaspApplication application, Request
RE: [wicket-security] LDAP integration?
My only worry about copying the onliners from Secure(Web)Page into MySecurePage is if they change. Every new wicket-security release we would have to check to make sure that nothing changed in Secure(Web)Page to prevent possible issues. I understand that the code is trivial and probably will not change significantly in the future, but the only true guarantee is only what is defined in the interface contract. I think a mount solution is worth further investigation. When I have time I will look into how to implement it (if possible). For now, I will live with the copy and paste and use your proposed solution. Thanks for your help! I will let you know how thinks turn out with ldap :o) -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Monday, January 07, 2008 11:06 AM To: users@wicket.apache.org Subject: Re: [wicket-security] LDAP integration? Do you mean that little bit of insignificant code in the Secure(Web)Page ? All that does is redirect to the SecureComponentHelper so i would not call that code duplication. Even more all SecureComponents i create use the same oneliners to redirect to SecureComponentHelper. Regarding the mount, i am not sure if you can get the mount path if all you have is a page class (you probably can somehow but i don't know how) In that case you can extend SwarmStrategy and use the mount path to check for instantiation permission. But i would not recommend that just to avoid code duplication, if it really bothers you you can go ahead with option 2 and use a custom interface for instantiation checking. Or you could try and ignore the fact that the login page should not be a SecurePage and try it anyway, i am not a 100% sure it will work but i did make some exceptions that bypass the instantiation check if the page class in question is the login page, so give it a try. The reason the documentation says you should not have your login page extend SecurePage is because it just doesn't feel right to do so. Maurice On Jan 7, 2008 3:24 PM, William Hoover [EMAIL PROTECTED] wrote: oops!!! *definitely* -Original Message- From: William Hoover Sent: Monday, January 07, 2008 9:23 AM To: 'users@wicket.apache.org' Subject: RE: [wicket-security] LDAP integration? The only issue I have with proposed solution 1 is that there is duplication of code, but I cannot see a simple way around it. Is it plausible to adopt the same strategy that we mount pages? I was thinking that doing something like: mountSecurePage(MySecureWebPage.class) ...may be a nice alternative to actually extending SecureWebPage. I will defiantly contribute any ldap integration code once I am able to get it working properly ;o) -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Saturday, January 05, 2008 12:16 PM To: users@wicket.apache.org Subject: Re: [wicket-security] LDAP integration? You could do LoginPage extends AbstractBasePage MySecurePage extends AbstractBasePage implements ISecurePage OtherPage extends MySecurePage Or alternatively MyInterface extends ISecurePage AbstractBasePage extends SecureWebPage LoginPage extends AbstractBasePage OtherPage extends AbstractBasePage implements MyInterface The important part here is the MyInterface By default Swarm only does an instantiation check on components with the ISecurePage interface (which is implemented by SecureWebPage). But you can change this to any interface you like as long as the interface extends ISecureComponent. To do this you need to overwrite the setupStrategyFactory method of SwarmWebApplication to do setStrategyFactory(new SwarmStrategyFactory(MyInterface.class,getHiveKey())); Personally i would go for option 1 as you can simply copy the implementation for ISecurePage from SecureWebPage BTW once you have the ldap part up and running and if it is setup in a generic way i would be interested in including it with swarm or a subproject if thats alright with you. Maurice On Jan 4, 2008 8:39 PM, William Hoover [EMAIL PROTECTED] wrote: I do have another question... According to the documentation one should not extend SecureWebPage for the login page (makes sense), but if you have a decorator that is used on all of your pages (including the login page) how can you accomplish this? For example: Example 1: AbstractBasePage extends SecureWebPage (wrapper) LoginPage extends AbstractBasePage (will not work) OtherPage1 extends AbstractBasePage OtherPage2 extends AbstractBasePage ... Example 2: AbstractBasePage extends WebPage (wrapper) LoginPage extends AbstractBasePage OtherPage1 extends ? (cannot extend both AbstractBasePage and SecureWebPage) OtherPage2 extends ? (cannot extend both AbstractBasePage and SecureWebPage) ... -Original Message- From: William Hoover [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 1:24 PM To: users@wicket.apache.org Subject: RE
RE: [wicket-security] LDAP integration?
One other question... Is it necessary to increase visibility of all the WebPage constructors (protected - public) for SecureWebPage impls? -Original Message- From: William Hoover [mailto:[EMAIL PROTECTED] Sent: Monday, January 07, 2008 2:24 PM To: users@wicket.apache.org Subject: RE: [wicket-security] LDAP integration? My only worry about copying the onliners from Secure(Web)Page into MySecurePage is if they change. Every new wicket-security release we would have to check to make sure that nothing changed in Secure(Web)Page to prevent possible issues. I understand that the code is trivial and probably will not change significantly in the future, but the only true guarantee is only what is defined in the interface contract. I think a mount solution is worth further investigation. When I have time I will look into how to implement it (if possible). For now, I will live with the copy and paste and use your proposed solution. Thanks for your help! I will let you know how thinks turn out with ldap :o) -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Monday, January 07, 2008 11:06 AM To: users@wicket.apache.org Subject: Re: [wicket-security] LDAP integration? Do you mean that little bit of insignificant code in the Secure(Web)Page ? All that does is redirect to the SecureComponentHelper so i would not call that code duplication. Even more all SecureComponents i create use the same oneliners to redirect to SecureComponentHelper. Regarding the mount, i am not sure if you can get the mount path if all you have is a page class (you probably can somehow but i don't know how) In that case you can extend SwarmStrategy and use the mount path to check for instantiation permission. But i would not recommend that just to avoid code duplication, if it really bothers you you can go ahead with option 2 and use a custom interface for instantiation checking. Or you could try and ignore the fact that the login page should not be a SecurePage and try it anyway, i am not a 100% sure it will work but i did make some exceptions that bypass the instantiation check if the page class in question is the login page, so give it a try. The reason the documentation says you should not have your login page extend SecurePage is because it just doesn't feel right to do so. Maurice On Jan 7, 2008 3:24 PM, William Hoover [EMAIL PROTECTED] wrote: oops!!! *definitely* -Original Message- From: William Hoover Sent: Monday, January 07, 2008 9:23 AM To: 'users@wicket.apache.org' Subject: RE: [wicket-security] LDAP integration? The only issue I have with proposed solution 1 is that there is duplication of code, but I cannot see a simple way around it. Is it plausible to adopt the same strategy that we mount pages? I was thinking that doing something like: mountSecurePage(MySecureWebPage.class) ...may be a nice alternative to actually extending SecureWebPage. I will defiantly contribute any ldap integration code once I am able to get it working properly ;o) -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Saturday, January 05, 2008 12:16 PM To: users@wicket.apache.org Subject: Re: [wicket-security] LDAP integration? You could do LoginPage extends AbstractBasePage MySecurePage extends AbstractBasePage implements ISecurePage OtherPage extends MySecurePage Or alternatively MyInterface extends ISecurePage AbstractBasePage extends SecureWebPage LoginPage extends AbstractBasePage OtherPage extends AbstractBasePage implements MyInterface The important part here is the MyInterface By default Swarm only does an instantiation check on components with the ISecurePage interface (which is implemented by SecureWebPage). But you can change this to any interface you like as long as the interface extends ISecureComponent. To do this you need to overwrite the setupStrategyFactory method of SwarmWebApplication to do setStrategyFactory(new SwarmStrategyFactory(MyInterface.class,getHiveKey())); Personally i would go for option 1 as you can simply copy the implementation for ISecurePage from SecureWebPage BTW once you have the ldap part up and running and if it is setup in a generic way i would be interested in including it with swarm or a subproject if thats alright with you. Maurice On Jan 4, 2008 8:39 PM, William Hoover [EMAIL PROTECTED] wrote: I do have another question... According to the documentation one should not extend SecureWebPage for the login page (makes sense), but if you have a decorator that is used on all of your pages (including the login page) how can you accomplish this? For example: Example 1: AbstractBasePage extends SecureWebPage (wrapper) LoginPage extends AbstractBasePage (will not work) OtherPage1 extends AbstractBasePage OtherPage2 extends AbstractBasePage ... Example 2: AbstractBasePage extends WebPage (wrapper) LoginPage extends AbstractBasePage
Re: [wicket-security] LDAP integration?
No, only those you need. Secure(web)Page is supposed to be a general purpose base class so it has to provide all constructors, your class does not. Maurice On Jan 7, 2008 8:46 PM, William Hoover [EMAIL PROTECTED] wrote: One other question... Is it necessary to increase visibility of all the WebPage constructors (protected - public) for SecureWebPage impls? -Original Message- From: William Hoover [mailto:[EMAIL PROTECTED] Sent: Monday, January 07, 2008 2:24 PM To: users@wicket.apache.org Subject: RE: [wicket-security] LDAP integration? My only worry about copying the onliners from Secure(Web)Page into MySecurePage is if they change. Every new wicket-security release we would have to check to make sure that nothing changed in Secure(Web)Page to prevent possible issues. I understand that the code is trivial and probably will not change significantly in the future, but the only true guarantee is only what is defined in the interface contract. I think a mount solution is worth further investigation. When I have time I will look into how to implement it (if possible). For now, I will live with the copy and paste and use your proposed solution. Thanks for your help! I will let you know how thinks turn out with ldap :o) -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Monday, January 07, 2008 11:06 AM To: users@wicket.apache.org Subject: Re: [wicket-security] LDAP integration? Do you mean that little bit of insignificant code in the Secure(Web)Page ? All that does is redirect to the SecureComponentHelper so i would not call that code duplication. Even more all SecureComponents i create use the same oneliners to redirect to SecureComponentHelper. Regarding the mount, i am not sure if you can get the mount path if all you have is a page class (you probably can somehow but i don't know how) In that case you can extend SwarmStrategy and use the mount path to check for instantiation permission. But i would not recommend that just to avoid code duplication, if it really bothers you you can go ahead with option 2 and use a custom interface for instantiation checking. Or you could try and ignore the fact that the login page should not be a SecurePage and try it anyway, i am not a 100% sure it will work but i did make some exceptions that bypass the instantiation check if the page class in question is the login page, so give it a try. The reason the documentation says you should not have your login page extend SecurePage is because it just doesn't feel right to do so. Maurice On Jan 7, 2008 3:24 PM, William Hoover [EMAIL PROTECTED] wrote: oops!!! *definitely* -Original Message- From: William Hoover Sent: Monday, January 07, 2008 9:23 AM To: 'users@wicket.apache.org' Subject: RE: [wicket-security] LDAP integration? The only issue I have with proposed solution 1 is that there is duplication of code, but I cannot see a simple way around it. Is it plausible to adopt the same strategy that we mount pages? I was thinking that doing something like: mountSecurePage(MySecureWebPage.class) ...may be a nice alternative to actually extending SecureWebPage. I will defiantly contribute any ldap integration code once I am able to get it working properly ;o) -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Saturday, January 05, 2008 12:16 PM To: users@wicket.apache.org Subject: Re: [wicket-security] LDAP integration? You could do LoginPage extends AbstractBasePage MySecurePage extends AbstractBasePage implements ISecurePage OtherPage extends MySecurePage Or alternatively MyInterface extends ISecurePage AbstractBasePage extends SecureWebPage LoginPage extends AbstractBasePage OtherPage extends AbstractBasePage implements MyInterface The important part here is the MyInterface By default Swarm only does an instantiation check on components with the ISecurePage interface (which is implemented by SecureWebPage). But you can change this to any interface you like as long as the interface extends ISecureComponent. To do this you need to overwrite the setupStrategyFactory method of SwarmWebApplication to do setStrategyFactory(new SwarmStrategyFactory(MyInterface.class,getHiveKey())); Personally i would go for option 1 as you can simply copy the implementation for ISecurePage from SecureWebPage BTW once you have the ldap part up and running and if it is setup in a generic way i would be interested in including it with swarm or a subproject if thats alright with you. Maurice On Jan 4, 2008 8:39 PM, William Hoover [EMAIL PROTECTED] wrote: I do have another question... According to the documentation one should not extend SecureWebPage for the login page (makes sense), but if you have a decorator that is used on all of your pages (including the login page) how can you
Re: [wicket-security] LDAP integration?
You could do LoginPage extends AbstractBasePage MySecurePage extends AbstractBasePage implements ISecurePage OtherPage extends MySecurePage Or alternatively MyInterface extends ISecurePage AbstractBasePage extends SecureWebPage LoginPage extends AbstractBasePage OtherPage extends AbstractBasePage implements MyInterface The important part here is the MyInterface By default Swarm only does an instantiation check on components with the ISecurePage interface (which is implemented by SecureWebPage). But you can change this to any interface you like as long as the interface extends ISecureComponent. To do this you need to overwrite the setupStrategyFactory method of SwarmWebApplication to do setStrategyFactory(new SwarmStrategyFactory(MyInterface.class,getHiveKey())); Personally i would go for option 1 as you can simply copy the implementation for ISecurePage from SecureWebPage BTW once you have the ldap part up and running and if it is setup in a generic way i would be interested in including it with swarm or a subproject if thats alright with you. Maurice On Jan 4, 2008 8:39 PM, William Hoover [EMAIL PROTECTED] wrote: I do have another question... According to the documentation one should not extend SecureWebPage for the login page (makes sense), but if you have a decorator that is used on all of your pages (including the login page) how can you accomplish this? For example: Example 1: AbstractBasePage extends SecureWebPage (wrapper) LoginPage extends AbstractBasePage (will not work) OtherPage1 extends AbstractBasePage OtherPage2 extends AbstractBasePage ... Example 2: AbstractBasePage extends WebPage (wrapper) LoginPage extends AbstractBasePage OtherPage1 extends ? (cannot extend both AbstractBasePage and SecureWebPage) OtherPage2 extends ? (cannot extend both AbstractBasePage and SecureWebPage) ... -Original Message- From: William Hoover [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 1:24 PM To: users@wicket.apache.org Subject: RE: [wicket-security] LDAP integration? Never mind... I wasn't calling super.init() when I was overriding init() in SwarmWebApplication impl -Original Message- From: William Hoover [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 1:14 PM To: users@wicket.apache.org Subject: RE: [wicket-security] LDAP integration? I'm with you... it doesn't seem to be too difficult to get the mapping between ldap/swarm working. I am attempting to try it out in a simple application. However, I am receiving a NullPointerException in WaspSession because the StrategyFactory is not instantiated. Is there something else that needs to be down in the SwarmWebApplication (following the instructions from http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm)? public WaspSession(WaspApplication application, Request request) { super(request); securityStrategy = application.getStrategyFactory().newStrategy(); // throws npe } -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 11:16 AM To: users@wicket.apache.org Subject: Re: [wicket-security] LDAP integration? I think there will be one more beta before we do the final. I recently made some changes to boost performance and a public beta for that will be better. Even though we are already using it in our apps without problems through the snapshot release. With any luck the 2nd beta will be released this weekend and the final will probably follow soon after. Well the slightly more complex route is connecting to ldap yourself (option number 1 in my previous mail). Personally i think the mapping between ldap and swarm will be a breeze. because a swarm principal is basically just a name. Maurice On Jan 4, 2008 3:43 PM, William Hoover [EMAIL PROTECTED] wrote: Thanks for the info. We are not using Spring (opted for Plexus) so I'm not sure how plausible it will be to implement the easiest solution in our case. The application in question is still in the preliminary evaluation stage so we may have to look for another route. Do you have a roadmap/timeline on a release date for wicket-security? -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 8:36 AM To: users@wicket.apache.org Subject: Re: [wicket-security] LDAP integration? Yes and not exactly. wicket-security is build with plugability in mind, meaning if it does not yet exist you can build it yourself quite easily. Regarding LDAP, i myself have never worked with it but there are a couple of options you can try -use swarm and map ldap permissions to swarm principals -use swarm with acegi and let acegi handle the ldap part, you still need to map acegi permissions to swarm principals though but it saves you from having to do all the ldap connection stuff
Re: [wicket-security] LDAP integration?
Yes and not exactly. wicket-security is build with plugability in mind, meaning if it does not yet exist you can build it yourself quite easily. Regarding LDAP, i myself have never worked with it but there are a couple of options you can try -use swarm and map ldap permissions to swarm principals -use swarm with acegi and let acegi handle the ldap part, you still need to map acegi permissions to swarm principals though but it saves you from having to do all the ldap connection stuff yourself -use wasp and build your own ldap implementation, more work but also more control As for the ldap example part, i am afraid you are somewhat on your own. There is however an example showing how to integrate swarm with acegi http://wicketstuff.org/confluence/display/STUFFWIKI/Swarm+and+Acegi+HowTo and there is an other example showing wicket-auth-roles acegi and ldap http://cwiki.apache.org/WICKET/acegi-and-wicket-auth-roles.html So if you rip the ldap config from the last example and use it in the first example instead of the TestingAuthenticationProvider you should be ready to go The example also has some suggestion on how you could do your own ldap permission mapping if you choose to go that way. If you decide to go all out and build directly on wasp you should take a look at swarm itself a a reference, just ignore all the stuff about permissions, principals, subjects and stuff. Maurice On Jan 4, 2008 2:15 PM, William Hoover [EMAIL PROTECTED] wrote: Can wicket-security be used with LDAP? If so, are there any examples available demonstrating its use? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [wicket-security] LDAP integration?
Thanks for the info. We are not using Spring (opted for Plexus) so I'm not sure how plausible it will be to implement the easiest solution in our case. The application in question is still in the preliminary evaluation stage so we may have to look for another route. Do you have a roadmap/timeline on a release date for wicket-security? -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 8:36 AM To: users@wicket.apache.org Subject: Re: [wicket-security] LDAP integration? Yes and not exactly. wicket-security is build with plugability in mind, meaning if it does not yet exist you can build it yourself quite easily. Regarding LDAP, i myself have never worked with it but there are a couple of options you can try -use swarm and map ldap permissions to swarm principals -use swarm with acegi and let acegi handle the ldap part, you still need to map acegi permissions to swarm principals though but it saves you from having to do all the ldap connection stuff yourself -use wasp and build your own ldap implementation, more work but also more control As for the ldap example part, i am afraid you are somewhat on your own. There is however an example showing how to integrate swarm with acegi http://wicketstuff.org/confluence/display/STUFFWIKI/Swarm+and+Acegi+HowTo and there is an other example showing wicket-auth-roles acegi and ldap http://cwiki.apache.org/WICKET/acegi-and-wicket-auth-roles.html So if you rip the ldap config from the last example and use it in the first example instead of the TestingAuthenticationProvider you should be ready to go The example also has some suggestion on how you could do your own ldap permission mapping if you choose to go that way. If you decide to go all out and build directly on wasp you should take a look at swarm itself a a reference, just ignore all the stuff about permissions, principals, subjects and stuff. Maurice On Jan 4, 2008 2:15 PM, William Hoover [EMAIL PROTECTED] wrote: Can wicket-security be used with LDAP? If so, are there any examples available demonstrating its use? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [wicket-security] LDAP integration?
I think there will be one more beta before we do the final. I recently made some changes to boost performance and a public beta for that will be better. Even though we are already using it in our apps without problems through the snapshot release. With any luck the 2nd beta will be released this weekend and the final will probably follow soon after. Well the slightly more complex route is connecting to ldap yourself (option number 1 in my previous mail). Personally i think the mapping between ldap and swarm will be a breeze. because a swarm principal is basically just a name. Maurice On Jan 4, 2008 3:43 PM, William Hoover [EMAIL PROTECTED] wrote: Thanks for the info. We are not using Spring (opted for Plexus) so I'm not sure how plausible it will be to implement the easiest solution in our case. The application in question is still in the preliminary evaluation stage so we may have to look for another route. Do you have a roadmap/timeline on a release date for wicket-security? -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 8:36 AM To: users@wicket.apache.org Subject: Re: [wicket-security] LDAP integration? Yes and not exactly. wicket-security is build with plugability in mind, meaning if it does not yet exist you can build it yourself quite easily. Regarding LDAP, i myself have never worked with it but there are a couple of options you can try -use swarm and map ldap permissions to swarm principals -use swarm with acegi and let acegi handle the ldap part, you still need to map acegi permissions to swarm principals though but it saves you from having to do all the ldap connection stuff yourself -use wasp and build your own ldap implementation, more work but also more control As for the ldap example part, i am afraid you are somewhat on your own. There is however an example showing how to integrate swarm with acegi http://wicketstuff.org/confluence/display/STUFFWIKI/Swarm+and+Acegi+HowTo and there is an other example showing wicket-auth-roles acegi and ldap http://cwiki.apache.org/WICKET/acegi-and-wicket-auth-roles.html So if you rip the ldap config from the last example and use it in the first example instead of the TestingAuthenticationProvider you should be ready to go The example also has some suggestion on how you could do your own ldap permission mapping if you choose to go that way. If you decide to go all out and build directly on wasp you should take a look at swarm itself a a reference, just ignore all the stuff about permissions, principals, subjects and stuff. Maurice On Jan 4, 2008 2:15 PM, William Hoover [EMAIL PROTECTED] wrote: Can wicket-security be used with LDAP? If so, are there any examples available demonstrating its use? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [wicket-security] LDAP integration?
I'm with you... it doesn't seem to be too difficult to get the mapping between ldap/swarm working. I am attempting to try it out in a simple application. However, I am receiving a NullPointerException in WaspSession because the StrategyFactory is not instantiated. Is there something else that needs to be down in the SwarmWebApplication (following the instructions from http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm)? public WaspSession(WaspApplication application, Request request) { super(request); securityStrategy = application.getStrategyFactory().newStrategy(); // throws npe } -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 11:16 AM To: users@wicket.apache.org Subject: Re: [wicket-security] LDAP integration? I think there will be one more beta before we do the final. I recently made some changes to boost performance and a public beta for that will be better. Even though we are already using it in our apps without problems through the snapshot release. With any luck the 2nd beta will be released this weekend and the final will probably follow soon after. Well the slightly more complex route is connecting to ldap yourself (option number 1 in my previous mail). Personally i think the mapping between ldap and swarm will be a breeze. because a swarm principal is basically just a name. Maurice On Jan 4, 2008 3:43 PM, William Hoover [EMAIL PROTECTED] wrote: Thanks for the info. We are not using Spring (opted for Plexus) so I'm not sure how plausible it will be to implement the easiest solution in our case. The application in question is still in the preliminary evaluation stage so we may have to look for another route. Do you have a roadmap/timeline on a release date for wicket-security? -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 8:36 AM To: users@wicket.apache.org Subject: Re: [wicket-security] LDAP integration? Yes and not exactly. wicket-security is build with plugability in mind, meaning if it does not yet exist you can build it yourself quite easily. Regarding LDAP, i myself have never worked with it but there are a couple of options you can try -use swarm and map ldap permissions to swarm principals -use swarm with acegi and let acegi handle the ldap part, you still need to map acegi permissions to swarm principals though but it saves you from having to do all the ldap connection stuff yourself -use wasp and build your own ldap implementation, more work but also more control As for the ldap example part, i am afraid you are somewhat on your own. There is however an example showing how to integrate swarm with acegi http://wicketstuff.org/confluence/display/STUFFWIKI/Swarm+and+Acegi+HowTo and there is an other example showing wicket-auth-roles acegi and ldap http://cwiki.apache.org/WICKET/acegi-and-wicket-auth-roles.html So if you rip the ldap config from the last example and use it in the first example instead of the TestingAuthenticationProvider you should be ready to go The example also has some suggestion on how you could do your own ldap permission mapping if you choose to go that way. If you decide to go all out and build directly on wasp you should take a look at swarm itself a a reference, just ignore all the stuff about permissions, principals, subjects and stuff. Maurice On Jan 4, 2008 2:15 PM, William Hoover [EMAIL PROTECTED] wrote: Can wicket-security be used with LDAP? If so, are there any examples available demonstrating its use? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [wicket-security] LDAP integration?
Never mind... I wasn't calling super.init() when I was overriding init() in SwarmWebApplication impl -Original Message- From: William Hoover [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 1:14 PM To: users@wicket.apache.org Subject: RE: [wicket-security] LDAP integration? I'm with you... it doesn't seem to be too difficult to get the mapping between ldap/swarm working. I am attempting to try it out in a simple application. However, I am receiving a NullPointerException in WaspSession because the StrategyFactory is not instantiated. Is there something else that needs to be down in the SwarmWebApplication (following the instructions from http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm)? public WaspSession(WaspApplication application, Request request) { super(request); securityStrategy = application.getStrategyFactory().newStrategy(); // throws npe } -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 11:16 AM To: users@wicket.apache.org Subject: Re: [wicket-security] LDAP integration? I think there will be one more beta before we do the final. I recently made some changes to boost performance and a public beta for that will be better. Even though we are already using it in our apps without problems through the snapshot release. With any luck the 2nd beta will be released this weekend and the final will probably follow soon after. Well the slightly more complex route is connecting to ldap yourself (option number 1 in my previous mail). Personally i think the mapping between ldap and swarm will be a breeze. because a swarm principal is basically just a name. Maurice On Jan 4, 2008 3:43 PM, William Hoover [EMAIL PROTECTED] wrote: Thanks for the info. We are not using Spring (opted for Plexus) so I'm not sure how plausible it will be to implement the easiest solution in our case. The application in question is still in the preliminary evaluation stage so we may have to look for another route. Do you have a roadmap/timeline on a release date for wicket-security? -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 8:36 AM To: users@wicket.apache.org Subject: Re: [wicket-security] LDAP integration? Yes and not exactly. wicket-security is build with plugability in mind, meaning if it does not yet exist you can build it yourself quite easily. Regarding LDAP, i myself have never worked with it but there are a couple of options you can try -use swarm and map ldap permissions to swarm principals -use swarm with acegi and let acegi handle the ldap part, you still need to map acegi permissions to swarm principals though but it saves you from having to do all the ldap connection stuff yourself -use wasp and build your own ldap implementation, more work but also more control As for the ldap example part, i am afraid you are somewhat on your own. There is however an example showing how to integrate swarm with acegi http://wicketstuff.org/confluence/display/STUFFWIKI/Swarm+and+Acegi+HowTo and there is an other example showing wicket-auth-roles acegi and ldap http://cwiki.apache.org/WICKET/acegi-and-wicket-auth-roles.html So if you rip the ldap config from the last example and use it in the first example instead of the TestingAuthenticationProvider you should be ready to go The example also has some suggestion on how you could do your own ldap permission mapping if you choose to go that way. If you decide to go all out and build directly on wasp you should take a look at swarm itself a a reference, just ignore all the stuff about permissions, principals, subjects and stuff. Maurice On Jan 4, 2008 2:15 PM, William Hoover [EMAIL PROTECTED] wrote: Can wicket-security be used with LDAP? If so, are there any examples available demonstrating its use? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [wicket-security] LDAP integration?
I do have another question... According to the documentation one should not extend SecureWebPage for the login page (makes sense), but if you have a decorator that is used on all of your pages (including the login page) how can you accomplish this? For example: Example 1: AbstractBasePage extends SecureWebPage (wrapper) LoginPage extends AbstractBasePage (will not work) OtherPage1 extends AbstractBasePage OtherPage2 extends AbstractBasePage ... Example 2: AbstractBasePage extends WebPage (wrapper) LoginPage extends AbstractBasePage OtherPage1 extends ? (cannot extend both AbstractBasePage and SecureWebPage) OtherPage2 extends ? (cannot extend both AbstractBasePage and SecureWebPage) ... -Original Message- From: William Hoover [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 1:24 PM To: users@wicket.apache.org Subject: RE: [wicket-security] LDAP integration? Never mind... I wasn't calling super.init() when I was overriding init() in SwarmWebApplication impl -Original Message- From: William Hoover [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 1:14 PM To: users@wicket.apache.org Subject: RE: [wicket-security] LDAP integration? I'm with you... it doesn't seem to be too difficult to get the mapping between ldap/swarm working. I am attempting to try it out in a simple application. However, I am receiving a NullPointerException in WaspSession because the StrategyFactory is not instantiated. Is there something else that needs to be down in the SwarmWebApplication (following the instructions from http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm)? public WaspSession(WaspApplication application, Request request) { super(request); securityStrategy = application.getStrategyFactory().newStrategy(); // throws npe } -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 11:16 AM To: users@wicket.apache.org Subject: Re: [wicket-security] LDAP integration? I think there will be one more beta before we do the final. I recently made some changes to boost performance and a public beta for that will be better. Even though we are already using it in our apps without problems through the snapshot release. With any luck the 2nd beta will be released this weekend and the final will probably follow soon after. Well the slightly more complex route is connecting to ldap yourself (option number 1 in my previous mail). Personally i think the mapping between ldap and swarm will be a breeze. because a swarm principal is basically just a name. Maurice On Jan 4, 2008 3:43 PM, William Hoover [EMAIL PROTECTED] wrote: Thanks for the info. We are not using Spring (opted for Plexus) so I'm not sure how plausible it will be to implement the easiest solution in our case. The application in question is still in the preliminary evaluation stage so we may have to look for another route. Do you have a roadmap/timeline on a release date for wicket-security? -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 8:36 AM To: users@wicket.apache.org Subject: Re: [wicket-security] LDAP integration? Yes and not exactly. wicket-security is build with plugability in mind, meaning if it does not yet exist you can build it yourself quite easily. Regarding LDAP, i myself have never worked with it but there are a couple of options you can try -use swarm and map ldap permissions to swarm principals -use swarm with acegi and let acegi handle the ldap part, you still need to map acegi permissions to swarm principals though but it saves you from having to do all the ldap connection stuff yourself -use wasp and build your own ldap implementation, more work but also more control As for the ldap example part, i am afraid you are somewhat on your own. There is however an example showing how to integrate swarm with acegi http://wicketstuff.org/confluence/display/STUFFWIKI/Swarm+and+Acegi+HowTo and there is an other example showing wicket-auth-roles acegi and ldap http://cwiki.apache.org/WICKET/acegi-and-wicket-auth-roles.html So if you rip the ldap config from the last example and use it in the first example instead of the TestingAuthenticationProvider you should be ready to go The example also has some suggestion on how you could do your own ldap permission mapping if you choose to go that way. If you decide to go all out and build directly on wasp you should take a look at swarm itself a a reference, just ignore all the stuff about permissions, principals, subjects and stuff. Maurice On Jan 4, 2008 2:15 PM, William Hoover [EMAIL PROTECTED] wrote: Can wicket-security be used with LDAP? If so, are there any examples available demonstrating its use? - To unsubscribe, e-mail: [EMAIL PROTECTED