Hi, You can do all this with a custom org.apache.wicket.authorization.IAuthorizationStrategy. There is also org.apache.wicket.authentication.IAuthenticationStrategy that may help you.
Apache Wicket Cookbook has a very good chapter (several recipes) about security Wicket application. On Thu, Sep 12, 2013 at 12:03 AM, Parker, James <[email protected]>wrote: > I'm looking for a way to create custom authentication and authorization > without the use of additional libraries such as Spring. Our current need > is to look for a portal authentication cookie and validate it, then search > a database for what the user is authorized to do. If validation fails, we > need to forward the user on to our application portal. > > Of course as soon as I get this working, there is a high likelihood we > will change our authentication to a different system, so I need to keep it > straight-forward and simple. Nothing here is so important that we need > high level security and hack prevention with the authentication. > > There is no username and password, only a cookie (single sign on from our > portal), and no login page sense our portal handles it all. Can someone > point me in the right direction? Either point me to a class/interface or > to a book/website. Worst case scenario, I create a filter that upon > passing authentication will pass processing onto Wicket's default filter. > Of course kludge something together for authorization. > > All assistance is appreciated. > > Jim > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
