Hm, I had some problems. Are there any examples out there for this? On Mon, Mar 9, 2009 at 9:43 AM, Kent Larsson <[email protected]> wrote: > Hi, > > Great answer! :-) I'll try to do that today. > > Best regards, Kent > > > On Sun, Mar 8, 2009 at 8:38 PM, Erik van Oosten <[email protected]> wrote: >> Hi Kent, >> >> Go with something that enables authorization in the service layer (e.g. >> Spring Security, jSecurity, ...). >> >> Next base your custom wicket authorization on the authentication store of >> the chosen base technology. Spring Security uses a thread local as >> authentication store and has a servlet filter to copy the authenticated user >> to/from the session so that the authenticated user is handily available >> during a request and properly stored afterwards. >> >> Authentication itself can be implemented from Wicket in a custom way (e.g. a >> username/password form). On success you just store the authenticated user in >> the authentication store. >> >> Regards, >> Erik. >> >> >> Kent Larsson wrote: >>> >>> Hi, >>> >>> I know there has been some discussion on this. But I've had a hard >>> time deciding how this project should use security anyway. >>> >>> The application in question is layered into three layers for >>> presentation, services and persistence using Wicket, Spring and >>> Hibernate. >>> >>> What we need: >>> - Authentication >>> - Authorization on pages, components >>> - Authorization before being able to run methods in the service layer >>> - Authorization for viewing/editing some domain objects using Access >>> Control List's (ACL's) >>> >>> I have read Wicket in Action and it's custom security solution has some >>> pros: >>> - It's quite easy to understand >>> - We have a lot of freedom in how to do authentication and authorization >>> >>> And some cons: >>> - I don't know how to authorize calls of specific methods, and thus >>> - All security will be in the presentation layer >>> - It won't be usable if we want security on web services later (which >>> we do not need now, so maybe this can be disregarded) >>> >>> It would be nice if we could have a common solution to our security >>> needs that integrates well with Wicket and Spring. I know that the >>> Auth Roles project is out there as well as Swarm. But I don't know >>> which will meet our needs and which will most likely be an option to >>> us when we later move to Wicket 1.4 or a higher version. >>> >>> Best regards, >>> Kent >>> >>> >> >> >> -- >> Erik van Oosten >> http://www.day-to-day-stuff.blogspot.com/ >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> >
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
