Maybe some other people could respond also since i am a bit biased :) but here goes.
On Fri, Apr 18, 2008 at 7:14 AM, mfs <[EMAIL PROTECTED]> wrote: > > Guys, > > I need some suggestions as to which of the above would be the right > framework for the the application i am currently working on..Some important > fact which would help are as follows : > > > 1) All the pages in the application would be secure and hence would require > authentication. You can do this with Swarm, Wicket-auth-roles or a custom build solution. It is dead easy. > > 2) There would be two type of users accessing the application. For now, i > see access being restricted on the whole page itself rather on more granular > components. But later down the road that would come in too as the scope > increases. 2 types of users sounds like something you could do easily with Wicket-auth-roles, especially with the page security scope. However if you want to go more granular later on i think Swarm would be a better choice because it allows more flexibility on the granularity of your authorization and makes no distinction between 2 or 200 user types > > 3) IMP - The application has to support inter-operability with some other > external apps. Now these (non java) external apps already have their own > mini authentication framework and thats what i will be using for user > authentication. So basically for all my Secure Pages i would have to > redirect to the LoginPage part of these external apps (and not wicket), I > hope thats possible ? , i believe it is with SWARM, some hints would be > really appreciated on that too. A bit on the authentication mechanism, so > basically on succesful login, this external app would 1) encode an authtoken > in the url 2) transfer the control over to my wicket app, and thats where i > would check if it is a valid/authenticated user based on the authToken. > Later on we plan to change this though, and instead have the authtoken > passed over in the cookie instead. Well I haven't looked at all the possibilities yet but you could take a look at https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security/examples/yahoo-bbauth it contains some unfinished code to let another server handle authentication, another option might be something with the WicketSessionFilter. There might be other (better) options i'm still experimenting :) > > Initially when i started of i wasnt planning to use any of the above > frameworks but than taking a look into SWARM made me feel like that it might > be a good choice, but would still want to have everyones opinion I think Swarm is flexible enough to handle your requirements, but like i said before i am biased :) Maurice > > Please comment.. > > Thanks in advance > -- > View this message in context: > http://www.nabble.com/Swarm-Wasp-or-wicket-auth-roles-or---tp16760342p16760342.html > Sent from the Wicket - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
