The key for using Wicket authorization annotations is to implement IAuthorizationStrategy and IUnauthorizedComponentInstantiationListener. When you get called in those methods, you can call out to Spring Security to check how to proceed. Just implement the methods with stubs, set breakpoints there, and look at what you are passed. All will be clear, it's really easy to use.
Doing it with intercept URLs might work for a few pages that you have mounted in Wicket, but in the end, every new page is going to have to be set up perfectly. It's not worth it go go that route. Brian On Dec 24, 2010, at 2:38 AM, Dmytro Seredenko wrote: > Guys, > > did anyone use Spring Security <intercept-url> for managing authorization > for Wicket-driven webapp? > > It's still unclear to me: can I use SS 3 as an authorization tool with > configuration like: > > <security:http create-session="never" auto-config="true"> > <security:intercept-url pattern="/admin" access="ROLE_ADMIN"/> > <security:intercept-url pattern="/**"/> > </security:http> > > or there is no way to omit wicket-auth-roles? > > P.S. Although Wicket 'auth' annotations work, I couldn't make it work with > Spring Security only. > > Thanks, > Dmytro. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
