Do not fight the framework. Use wicket security (wichet-auth-roles + Spring security in my case) for all web tier classes. Use just spring security for service layer (annotations, etc). You can use also url spring security filter, if you need to. In normal wicket applications you do not. But if you are using Spring MVC + Wicket, for example, use filter for Spring MVC links.
On Fri, 24 Dec 2010 22:41:04 -0800 Dmytro Seredenko <d.serede...@gmail.com> wrote: > Ok, things become more complex :) > > Guys, here is the trivial task I'm trying to resolve: provide authentication > against datasource (using custom AuthenticationProvider) + authorization > based on a set of criteria (user role - one of them) + secure specific > pages. > > I try to solve it using old-school approach with Spring + Spring Security + > web framework (Wicket in this case). However looks like not so many people > go this way. Can someone who has Wicket experience describe Wicket-friendly > solution for that? Do you really use Wicket security for all levels of you > app? Or you're using Apache Shiro every time when you choose Wicket as a web > framework? > > P.S. There is not much information about Wicket security strategy on the > site and most of it is outdated. I believe some rough design pattern for the > task I described will be really useful for other people. > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
