Thanks for responding, we always try to improve. On Jan 2, 2008 11:20 AM, Sébastien Piller <[EMAIL PROTECTED]> wrote: > > Well, with swarm I do need to define the policy files, which isn't trivial > for me (I never saw this kind of syntax before). True, policy file is not a trivial task especially for a big app the policy can grow to several thousands of lines. As for the syntax, it is the same as for a Jaas policy file, but if you never worked with jaas that is not going to help you much. On the other hand swarm is flexible enough for you to swap in you own "policy file" implementation, whether it is stored in a database or in a policy file with a completely different syntax. If you use java 1.5 you might even put something together that gets the information from annotations on your wicket pages.
> And there is a lot of new classes/interfaces in this api (SwarmWebApp, > Principal, SwarmActionFactory, LoginContext, ...) with no much > documentation. Sure there are new classes every framework extension has them, they are here to help you with the grunt work, they are not your enemies. What documentation are you missing? every class has javadoc, there are several wiki pages with information, including how to get started http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security, There is an examples project (which could benefit from imprvements, no arguments there). > It's not easy to transform an AuthenticatedWebApp in a > SwarmWebApp. Well that is because they both have a very different approach on how to do things. Personally i have not worked much with wicket-auth-roles but perhaps a step by step conversion would be helpful to some people. > > I think wicket-auth-roles is more clear and easy to use (just to put an > annotation and implement getRoles in the session). It's trivial and looks > pretty. When I need to, I manually enable/disable the links. It's easy to > implement with my layout. That is your opinion, i have however seen loads of questions about wicket-auth-roles on the mailing list as well, and thats ok there will always be questions about frameworks, and some users will get along better with product A and some with product B. Personally i feel wicket-auth-roles is to simple to get the job done for the type of applications we build, but if it suits your needs then by all means go for it. > > I think some clear and simple examples using swarm with users extracted > from a db will be a very good improvement. (with login page, normal pages, > securized pages and several security levels) There are already several simple examples, but apparently you would like to see a full blown app, we'll see if we can build one. http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security+Examples > > If so, I might upgrade my app to use swarm. But for now it looks too > complicated for just autorizing instantiation. > > And last but not least, swarm/wasp are both in version 0.1 beta, I'd prefer > to wait for a stable release or at least a rc. (my app will be in production > soon) version 0.2 beta should be out soon, and for what its worth so is our app and we still use it. Don't let the 0.1 fool you i don't believe in starting version numbers from 1.0. Besides you did know that wicket-auth-roles is a demo project? ;) Anyway, thanks for this insight. I'll try to do something with it. Maurice --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
