On Wed, Jan 21, 2009 at 8:03 AM, Lars Vonk <[email protected]> wrote: > Hi James, > > Thanks for the example. > > I actually already have it running but was just wondering if there is any > other reason than securing static resources, to still configure the > org.springframework.web.filter.DelegatingFilterProxy in the web.xml. As far > as I can reason by using the wicket-auth-roles Wicket is responsible to > check whether or not someone is signed and not Spring Security. (The check > is implemented in the AuthenticatedWebSession.authenticate(..) that > delegates is to Spring Securities AuthenticationManager. ). > I removed the filter and all still works, but I might be overlooking > something... Any thoughts?
I only use one the HttpSessionContextIntegrationFilter in my application. However, I copied that from a different working application and that application actually has spring remoting in it, so that might be why I have that in there. > > About the example: Beware that in your SpringSecuritySession ( > http://svn.carmanconsulting.com/public/wicket-advanced/trunk/src/main/java/com/carmanconsulting/wicket/advanced/web/common/session/SpringSecuritySession.java) > you'll need to catch AuthenticationException. According to the contract the > AuthenticationManager.authenticate throws an AuthenticationException when > login fails (see javadoc of AuthenticationManager.authenticate). Thanks for the heads-up. I think I've fixed that in a subsequent application based on the same code. I haven't touched that example in quite a while (I gave my advanced wicket talk last year sometime). > > Lars > > On Wed, Jan 21, 2009 at 1:35 PM, James Carman > <[email protected]>wrote: > >> Lars, >> >> My wicket-advanced example code uses Spring security and >> wicket-auth-roles. You can download it here: >> >> http://svn.carmanconsulting.com/public/wicket-advanced/trunk/ >> >> Hope that helps. >> >> James >> >> On Wed, Jan 21, 2009 at 5:07 AM, Lars Vonk <[email protected]> wrote: >> > Hi, >> > >> > I am currently configuring my project to use spring-security 2.x with >> > wicket-auth-roles and noticed that the >> > http://cwiki.apache.org/WICKET/acegi-and-wicket-auth-roles.html page is >> > slightly out-of-date. Is it okay is I add a wicket 1.3.5 and spring >> security >> > 2.x example? >> > >> > Another thing I noticed is that in the example ( >> > http://cwiki.apache.org/WICKET/acegi-and-wicket-auth-roles.html) the >> Spring >> > Security Filter is added to the web.xml. But I think this is only >> necessary >> > if you also want to protect static resources right? Or is there another >> > reason to add the Spring Security Filter? >> > >> > Thanks in advance, >> > >> > Lars >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
