On Sat, Dec 25, 2010 at 1:41 AM, Dmytro Seredenko <[email protected]> wrote: > > I try to solve it using old-school approach with Spring + Spring Security + > web framework (Wicket in this case). However looks like not so many people > go this way. Can someone who has Wicket experience describe Wicket-friendly > solution for that? Do you really use Wicket security for all levels of you > app? Or you're using Apache Shiro every time when you choose Wicket as a web > framework? >
You do not use Wicket's security mechanisms for your entire applicaiton's security. You use it in the web tier to secure your pages/components. The request cycle trick I showed you is what you need to use when you're using @Secured annotations in your Spring beans to enforce security. All it does is look for spring security exceptions (which happen when it sees an annotation and you're either not logged in or you are and you don't have permission) to happen and takes the appropriate action (restart response at login page or redirect to the access denied page). We use Wicket/Spring security this way in our production application and it works just fine. I think you're trying to over-complicate things. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
