Hi, I'm new to both Wicket and Spring Security, so bear that in mind :)
I'm trying to integrate Wicket and Spring Security into my webapp, but I'm not feeling happy with the end result. As you might know, Spring Security works by listening to requests sent to virtual URLs. So, for example, to login you have to send a request to '/j_spring_security_check' with the username in a parameter called 'j_username' and the password in 'j_password'. Similarly, to logout you send a request to '/j_spring_security_logout'. Currently I have a simple HTML login form with action set to '/j_spring_security_check' and it works fine, but this just bypasses Wicket completely. Moreover, it doesn't feel like the "Wicket way". As someone else put it at http://tomaszdziurko.pl/2012/09/remember-functionality-apache-wicket/, "(...) in my opinion using request based authentication framework with component based web framework is not the best idea. These two worlds just do not fit well together" I tend to agree with his view. However, I don't want to reinvent the wheel and I'd like to reuse as much as possible from Spring Security. I've seen some articles on integrating Wicket and Spring Security (such as http://javajeedevelopment.blogspot.co.uk/2011/03/integrating-spring-security-3-with.html), but it seems to me like the approach followed here would force me to re-implementing lots of stuff that Spring Security already provides -- for instance, remember-me functionality. Do you have any thoughts on this? Thanks! Luis Pureza
