I actually find that auth-roles is very simply to use and usually all
I need... if it is ever deprecated I assure you I'll revive it under
another source tree.
However although for some reason it says you should use wicket-
security (not sure why unless wicket-security has the same simple
implementation) as far as I know its still being maintained and used
by a large number of the people here.
I think what you use will depend on your application, if all you need
is a principle and a few "roles" to protect certain pages (or even a
single role), then auth-roles is for you. If you need something more
complex, then wicket-security may be the way to go.
FYI - I usually find wicket-security lags behind the current
snapshot... or at least it was when I last looked at it. The lag is
likely because it *is* more complex.
- Brill
On 26-Mar-09, at 12:51 PM, Christian Helmbold wrote:
Hello,
what would be your prefered way to secure a Wicket 1.4 application?
"Spring Security and Wicket-auth-roles" seems to be outdated. This
project suggests to use Wicket-Security. So it is presumably not the
best idea to use it.
http://cwiki.apache.org/WICKET/spring-security-and-wicket-auth-roles.html
Wicket-Security seems also to be not up to date and supports only
Wicket 1.3.
http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security
Somewhere I've read that a version of Wicket-Security for Wicket 1.4
exists in a SVN repository. Maybe that makes Wicket-Security a
candidate. But this framework looks quite complicated to me -
WiComSec, WASP, Hive, SWARM sounds confusing. Is Wicket-Security
limited to use JAAS permissions?
http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm
I don't like JAAS very much ...
My first impression is, that it is easier to write custom
authentication and authorization, than to use Wicket-Security. How
are your experiences?
Regards
Christian
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org