Re: Wicket+Spring Security the Wicket way
Check out this open-source project http://www.jfrog.com/home/v_artifactory_opensource_source and look at security.xml file. It is good example how to integrate wicket and spring security. - -- http://www.linkedin.com/in/amorozov -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Wicket-Spring-Security-the-Wicket-way-tp4652112p4652592.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Wicket+Spring Security the Wicket way
Hi Michal, In the end I opted for shiro instead. Much simpler and does everything I need. See this: https://github.com/wicketstuff/core/tree/master/jdk-1.6-parent/shiro-security/ -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Wicket-Spring-Security-the-Wicket-way-tp4652112p4652271.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Wicket+Spring Security the Wicket way
Hello, I really would like to read some comments about this topic. Anyone have some experience with putting Spring Security and Wicket together? 2012/9/18 Luis Pureza > Hi, > > I'm new to both Wicket and Spring Security, so bear that in mind :) > > I'm trying to integrate Wicket and Spring Security into my webapp, but I'm > not feeling happy with the end result. As you might know, Spring Security > works by listening to requests sent to virtual URLs. So, for example, to > login you have to send a request to '/j_spring_security_check' with the > username in a parameter called 'j_username' and the password in > 'j_password'. Similarly, to logout you send a request to > '/j_spring_security_logout'. > > Currently I have a simple HTML login form with action set to > '/j_spring_security_check' and it works fine, but this just bypasses Wicket > completely. Moreover, it doesn't feel like the "Wicket way". As someone > else put it at > http://tomaszdziurko.pl/2012/09/remember-functionality-apache-wicket/, > > "(...) in my opinion using request based authentication framework with > component based web framework is not the best idea. These two worlds just > do not fit well together" > > I tend to agree with his view. However, I don't want to reinvent the wheel > and I'd like to reuse as much as possible from Spring Security. > > I've seen some articles on integrating Wicket and Spring Security (such as > > http://javajeedevelopment.blogspot.co.uk/2011/03/integrating-spring-security-3-with.html > ), > but it seems to me like the approach followed here would force me to > re-implementing lots of stuff that Spring Security already provides -- for > instance, remember-me functionality. > > Do you have any thoughts on this? > > Thanks! > > Luis Pureza > -- Pozdrawiam/Best regards MichaĆ Margiel http://www.confitura.pl (dawniej Javarsovia) http://www.linkedin.com/in/MichalMargiel http://www.margiel.eu
Wicket+Spring Security the Wicket way
Hi, I'm new to both Wicket and Spring Security, so bear that in mind :) I'm trying to integrate Wicket and Spring Security into my webapp, but I'm not feeling happy with the end result. As you might know, Spring Security works by listening to requests sent to virtual URLs. So, for example, to login you have to send a request to '/j_spring_security_check' with the username in a parameter called 'j_username' and the password in 'j_password'. Similarly, to logout you send a request to '/j_spring_security_logout'. Currently I have a simple HTML login form with action set to '/j_spring_security_check' and it works fine, but this just bypasses Wicket completely. Moreover, it doesn't feel like the "Wicket way". As someone else put it at http://tomaszdziurko.pl/2012/09/remember-functionality-apache-wicket/, "(...) in my opinion using request based authentication framework with component based web framework is not the best idea. These two worlds just do not fit well together" I tend to agree with his view. However, I don't want to reinvent the wheel and I'd like to reuse as much as possible from Spring Security. I've seen some articles on integrating Wicket and Spring Security (such as http://javajeedevelopment.blogspot.co.uk/2011/03/integrating-spring-security-3-with.html), but it seems to me like the approach followed here would force me to re-implementing lots of stuff that Spring Security already provides -- for instance, remember-me functionality. Do you have any thoughts on this? Thanks! Luis Pureza
