Hi, all With the help of Martijn i added 2 new projects to wicket-stuff under the name of wicket-security-wasp and wicket-security-swarm.
I hope it will prove to be an out of the box solution for all things related to authentication and authorization. It's current trunk is build for wicket-1.3 using java 1.4 but other branches will probably soon arise. I have created an initial page for this project under the wicket-stuff wiki http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security It contains the following description: Wicket-Security is an attempt to create an out of the box reusable authenticating and authorization framework for Wicket. It contains 2 projects Wasp and Swarm. Wasp defines the api of the framework and Swarm provides a standard implementation. Wicket Abstract Security Platform or Wasp for short builds on the IAuthorisationStrategies provided by Wicket and allows individual components to do their own authentication or authorization checks. For this purpose a few new Actions are defined: * access, checks for component instantiation rights * inherit, allows container components like Page and Panel to make certain rights inheritable to all there children Also the concept of Action has changed somewhat as it is now possible to create an inheritance structure, for example render implies access and enable implies render. An ActionFactory makes it possible to define your own custom actions. To enable security on a component there are 3 paths to choose from: * Enhance an existing component by adding an ISecurityCheck like the SecureComponentCheck. This gives you a fair amount of control with the least amount of effort. * Use an ISecureModel on the component. Giving you control over reading and writing to and from components as you require. * Have your component implement the ISecureComponent interface allowing you complete control every step of the way. For the purpose of user authentication you can choose between a single login or multiple logins like required for online banking. Standard Wicket Authentication and Rights Management or swarm for short provides the standard implementation of wasp. Swarm comes with a default ActionFactory, IAuthorizationStrategy and Hive, the Jaas like authorization and authentication mechanism, to get you started right away. If the above has raised your interest please feel free to check out the code as the code / api doc is currently the biggest source of info, i plan to change that asap :) In the mean time if there are any questions you can reach me at the wicket-mailing list. Just in case you are wondering if there are any examples: I plan on making some real ones asap but in the mean time you could check out GeneralTest (in both projects) it shows various uses such as multi-login, securing pages, read-write textfields and securing links. https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-wasp https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-swarm Maurice Marrink
