On Nov 22, 2010, at 12:58 PM, Jim Pinkham wrote: > For the security, I found a great help > here<http://out-println.blogspot.com/2009/02/wicket-swarm-spring-security-how-to.html>. > Unfortunately, it doesn't work with Wicket 1.5. Anyone working on that? I
Wicket-swarm was one of the first security frameworks for Wicket and is one of the more difficult ways to secure a Wicket application. Wicket apps are actually exceptionally easy to secure and one is almost *always* better off growing their own security environment.... some apps need RBAC, others just need single-role authorization. My suggestion is to implement IAuthorizationStrategy and IUnauthorizedComponentInstantiationListener with a stubbed class that always authorizes (i.e. always returns true) for each method. Hook that class in, set a breakpoint on each method, then see what parameters are being passed. Like a flash of white light, it will all become seriously obvious to you. I'm currently using Spring Security and the Oauth module in my Wicket app, and I'm happy to tell you it works great. As Spring has moved further and further toward namespace configuration, getting the beans wired properly has become somewhat difficult (they assume that you are securing a WebMVC application), but it's not impossible by any means. Hope that helps... --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
