I have not used it (yet), but check:
http://code.google.com/p/wicket-jsecurity/
On Mar 9, 2009, at 1:46 PM, Kent Larsson wrote:
Hm, I had some problems. Are there any examples out there for this?
On Mon, Mar 9, 2009 at 9:43 AM, Kent Larsson
<[email protected]> wrote:
Hi,
Great answer! :-) I'll try to do that today.
Best regards, Kent
On Sun, Mar 8, 2009 at 8:38 PM, Erik van Oosten
<[email protected]> wrote:
Hi Kent,
Go with something that enables authorization in the service layer
(e.g.
Spring Security, jSecurity, ...).
Next base your custom wicket authorization on the authentication
store of
the chosen base technology. Spring Security uses a thread local as
authentication store and has a servlet filter to copy the
authenticated user
to/from the session so that the authenticated user is handily
available
during a request and properly stored afterwards.
Authentication itself can be implemented from Wicket in a custom
way (e.g. a
username/password form). On success you just store the
authenticated user in
the authentication store.
Regards,
Erik.
Kent Larsson wrote:
Hi,
I know there has been some discussion on this. But I've had a hard
time deciding how this project should use security anyway.
The application in question is layered into three layers for
presentation, services and persistence using Wicket, Spring and
Hibernate.
What we need:
- Authentication
- Authorization on pages, components
- Authorization before being able to run methods in the service
layer
- Authorization for viewing/editing some domain objects using
Access
Control List's (ACL's)
I have read Wicket in Action and it's custom security solution
has some
pros:
- It's quite easy to understand
- We have a lot of freedom in how to do authentication and
authorization
And some cons:
- I don't know how to authorize calls of specific methods, and thus
- All security will be in the presentation layer
- It won't be usable if we want security on web services later
(which
we do not need now, so maybe this can be disregarded)
It would be nice if we could have a common solution to our security
needs that integrates well with Wicket and Spring. I know that the
Auth Roles project is out there as well as Swarm. But I don't know
which will meet our needs and which will most likely be an option
to
us when we later move to Wicket 1.4 or a higher version.
Best regards,
Kent
--
Erik van Oosten
http://www.day-to-day-stuff.blogspot.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
