Re: How to secure a Wicket 1.4 application?

Thu, 26 Mar 2009 11:12:37 -0700

I actually find that auth-roles is very simply to use and usually all I need... if it is ever deprecated I assure you I'll revive it under another source tree. However although for some reason it says you should use wicket- security (not sure why unless wicket-security has the same simple implementation) as far as I know its still being maintained and used by a large number of the people here.
I think what you use will depend on your application, if all you need is a principle and a few "roles" to protect certain pages (or even a single role), then auth-roles is for you. If you need something more complex, then wicket-security may be the way to go. 


FYI - I usually find wicket-security lags behind the current  
snapshot... or at least it was when I last looked at it. The lag is  
likely because it *is* more complex.


- Brill

On 26-Mar-09, at 12:51 PM, Christian Helmbold wrote:



Hello,

what would be your prefered way to secure a Wicket 1.4 application?


"Spring Security and Wicket-auth-roles" seems to be outdated. This  
project suggests to use Wicket-Security. So it is presumably not the  
best idea to use it.

http://cwiki.apache.org/WICKET/spring-security-and-wicket-auth-roles.html


Wicket-Security seems also to be not up to date and supports only  
Wicket 1.3.

http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security

Somewhere I've read that a version of Wicket-Security for Wicket 1.4  
exists in a SVN repository. Maybe that makes Wicket-Security a  
candidate. But this framework looks quite complicated to me -  
WiComSec, WASP, Hive, SWARM sounds confusing. Is Wicket-Security  
limited to use JAAS permissions?

http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm
I don't like JAAS very much ...


My first impression is, that it is easier to write custom  
authentication and authorization, than to use Wicket-Security. How  
are your experiences?


Regards
Christian





---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org























					Reply via email to