Thanks guys. The last question: do you use Spring Security for https (secure channel) ? It's configuration based on <intercept-url>
On Sat, Dec 25, 2010 at 1:42 AM, James Carman <[email protected]>wrote: > On Sat, Dec 25, 2010 at 1:41 AM, Dmytro Seredenko <[email protected]> > wrote: > > > > I try to solve it using old-school approach with Spring + Spring Security > + > > web framework (Wicket in this case). However looks like not so many > people > > go this way. Can someone who has Wicket experience describe > Wicket-friendly > > solution for that? Do you really use Wicket security for all levels of > you > > app? Or you're using Apache Shiro every time when you choose Wicket as a > web > > framework? > > > > You do not use Wicket's security mechanisms for your entire > applicaiton's security. You use it in the web tier to secure your > pages/components. The request cycle trick I showed you is what you > need to use when you're using @Secured annotations in your Spring > beans to enforce security. All it does is look for spring security > exceptions (which happen when it sees an annotation and you're either > not logged in or you are and you don't have permission) to happen and > takes the appropriate action (restart response at login page or > redirect to the access denied page). We use Wicket/Spring security > this way in our production application and it works just fine. I > think you're trying to over-complicate things. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Best regards, Dmytro Seredenko
