Martin, I started to write a long response to you, but decided it made a better blog post. So I just posted a tutorial on using Shiro with Wicket. It includes code samples for doing dynamic permissions-based authorization as well. You might want to take a look at it: http://blog.tauren.com/2010/01/using-wicket-with-shiro-for.html
I'm still using blogger, so the code snippets are not formatted well at all. Sorry, I know I really need to take some time to change... Tauren On Mon, Jan 25, 2010 at 11:50 PM, Martin Asenov <[email protected]> wrote: > Hello, Les! :) > > As I said I've got a wicket webapp, which stores objects in session. But it > complains about the JSecurity objects, since they are not serializable. > > I'm thinking of authenticating through JSecurity and authorizing through > Wicket. > I just want to create an authenticated realm with JSecurity and somehow > avoid the serialization issues with Wicket. > > Can someone tell me what's the most safe and easy method to achieve that, > since I don't need any super-hyper security restrictions and checks... Using > AuthorizingRealm only? > > Thanks in advance! > > Regards, > Martin > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Les Hazlewood > Sent: Thursday, January 07, 2010 4:44 PM > To: [email protected] > Subject: Re: Some info needed regarding authentication config with JPA and > JSecurity > > If you're doing authentication only, then yes, you can subclass > AuthenticatingRealm. > > However, it is usually better to subclass AuthorizingRealm so you only > have 2 methods to implement: doGetAuthenticationInfo and > doGetAuthorizationInfo. Then you'll have everything you need for both > authentication and authorization in very short order. > > You would only need to override any of the Authorizer methods on your > Realm implementation if you want more control over how an access check > happens beyond what the SimpleAuthorizationInfo class can do (an > instance of which is usually returned from the doGetAuthorizationInfo > method). > > Cheers, > > Les > > On Thu, Jan 7, 2010 at 7:13 AM, Martin Asenov <[email protected]> wrote: > > Hello, everyone.. I need to implement > > authentication module in my webapp and I want to use JSecyrity, but I > can't > > figure out how to connect the authc process with my JPA module I use for > > accessing user details (i.e. username, password, roles, etc..). Suppose I > > have to set AuthenticatingRealm to my SecurityManager and implemenent all > > these methods, inherited from Authorizer interface, but since I'll do > authr > > in my Wicket app, I suppose i just need to implement the > > 'doGetAuthenticationInfo(AuthenticationToken token)' method with the > means > > of the JPA implementation I have. Am I right? :) > > > > Thank you in advance for your time! :) > > > > >
