Hi, Great answer! :-) I'll try to do that today.
Best regards, Kent On Sun, Mar 8, 2009 at 8:38 PM, Erik van Oosten <[email protected]> wrote: > Hi Kent, > > Go with something that enables authorization in the service layer (e.g. > Spring Security, jSecurity, ...). > > Next base your custom wicket authorization on the authentication store of > the chosen base technology. Spring Security uses a thread local as > authentication store and has a servlet filter to copy the authenticated user > to/from the session so that the authenticated user is handily available > during a request and properly stored afterwards. > > Authentication itself can be implemented from Wicket in a custom way (e.g. a > username/password form). On success you just store the authenticated user in > the authentication store. > > Regards, > Erik. > > > Kent Larsson wrote: >> >> Hi, >> >> I know there has been some discussion on this. But I've had a hard >> time deciding how this project should use security anyway. >> >> The application in question is layered into three layers for >> presentation, services and persistence using Wicket, Spring and >> Hibernate. >> >> What we need: >> - Authentication >> - Authorization on pages, components >> - Authorization before being able to run methods in the service layer >> - Authorization for viewing/editing some domain objects using Access >> Control List's (ACL's) >> >> I have read Wicket in Action and it's custom security solution has some >> pros: >> - It's quite easy to understand >> - We have a lot of freedom in how to do authentication and authorization >> >> And some cons: >> - I don't know how to authorize calls of specific methods, and thus >> - All security will be in the presentation layer >> - It won't be usable if we want security on web services later (which >> we do not need now, so maybe this can be disregarded) >> >> It would be nice if we could have a common solution to our security >> needs that integrates well with Wicket and Spring. I know that the >> Auth Roles project is out there as well as Swarm. But I don't know >> which will meet our needs and which will most likely be an option to >> us when we later move to Wicket 1.4 or a higher version. >> >> Best regards, >> Kent >> >> > > > -- > Erik van Oosten > http://www.day-to-day-stuff.blogspot.com/ > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
