[x] I use my own custom framework We needed to have a group-based authentication: a relation between a secured-item (a bean, linked to a DB item) and some allowed-groups for that item. But the relation itself is quite complex to establish (because Items are in a graph), so we decided to implement our own authorization mechanism (but to be honest, we did not really looked to existing 3rd parties...).
I a few word: The Authentication is made trough a JAAS login module which gets GroupPrincipal(s) for the current user. We have implemented an IGroupCheckingStrategy, similar to IRoleCheckingStrategy, then we bound a custom IAuthorizationStrategy to the application, in charge to check whether the item being displayed (in an edit page for instance) has a group that also belongs to the user. Sebastien. On Thu, Oct 18, 2012 at 4:09 PM, Nick Pratt <nbpr...@gmail.com> wrote: > [X] I use my own custom framework > > We rolled our own because it gave us the most flexibility (components are > annotated and the permissions are kept separate from users and > groups/roles). We can reconfigure the permissions on the fly (since > everything is stored in the DB, cached in mem) and plug in different > authentication and authorization strategies to facilitate different > deployment scenarios and also for unit testing. > > We're not aware of a 3rd party lib that will do this - but Id be happy to > use one if there is one out there. > > N > > On Thu, Oct 18, 2012 at 12:08 AM, Jeremy Thomerson < > jer...@wickettraining.com> wrote: > > > Our of curiosity: among the wider community: what security framework(s) > do > > you use with with Wicket, and why? > > > > [ ] I use my own custom framework > > [ ] I use Shiro > > [ ] I use Spring Security > > [ ] I use WASP/Swarm > > [ ] Other (please specify) > > > > And don't forget the "why". > > > > -- > > Jeremy Thomerson > > http://wickettraining.com > > >
