I just got started with SWARM, but imho it would be fairly easy to do
what you want.
You would have to provide an implementation of LoginContext that checks
against your auth token in the LoginContext#login() method, and a login
page that takes the auth token as a parameter.
In the login page, create an instance of your LoginContext and pass that
auth token to it, then call login().
Basically that should do it...
As for page access restrictions, you can easily grant permissions
("actions") for whole pages based on Principals (which is swarm-speech
for "rights") that you can assign e.g. in the login() method of your
custom LoginContext.
Overall I found SWARM to be quite flexible yet easy to use, it took me
about a day to read up on SWARM and implement a basic per page
authentication for my application. There is a good Getting started
tutorial on the SWARM project page that covers all the basic stuff...
-stephan
mfs wrote:
Guys,
I need some suggestions as to which of the above would be the right
framework for the the application i am currently working on..Some important
fact which would help are as follows :
1) All the pages in the application would be secure and hence would require
authentication.
2) There would be two type of users accessing the application. For now, i
see access being restricted on the whole page itself rather on more granular
components. But later down the road that would come in too as the scope
increases.
3) IMP - The application has to support inter-operability with some other
external apps. Now these (non java) external apps already have their own
mini authentication framework and thats what i will be using for user
authentication. So basically for all my Secure Pages i would have to
redirect to the LoginPage part of these external apps (and not wicket), I
hope thats possible ? , i believe it is with SWARM, some hints would be
really appreciated on that too. A bit on the authentication mechanism, so
basically on succesful login, this external app would 1) encode an authtoken
in the url 2) transfer the control over to my wicket app, and thats where i
would check if it is a valid/authenticated user based on the authToken.
Later on we plan to change this though, and instead have the authtoken
passed over in the cookie instead.
Initially when i started of i wasnt planning to use any of the above
frameworks but than taking a look into SWARM made me feel like that it might
be a good choice, but would still want to have everyones opinion
Please comment..
Thanks in advance
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
