Re: [Wicket-user] Wicket + Acegi Security ?

Tue, 02 Aug 2005 07:14:04 -0700 

We have Acegi working with Wicket in our initial prototype project (User,
Organisation, etc management). We had to subclass the
AuthenticationProcessingFilter included with Acegi to look for a
username/password pair in the request (instead of interrogating the URL) in
order to determine that Authentication was required. Not sure if this is the
best methodology, but it seems to work fine.

Basically the filter does this:

1) look in request for username/password - if yes --> Authenticate and put
Principal into Session and ThreadLocal SecureContext.

2) if no - look in session for Principal - if yes --> put Principal in
ThreadLocal SecureContext

3) if no - redirect to login page

With the correct Principal in the ThreadLocal SecureContext Acegi will work
properly throughout.

Acegi is nice and clean, and so not very hard to interact with. The beauties
of open-source... :)

Cheers,

Adam Chesney
Senior Architect
Multicom Products Ltd

=====================================================

Tel:   (+44) 117 908 1254 (Direct)
Mobile (+44) 7780 962 961
email: [EMAIL PROTECTED]

This communication is intended solely for the addressee and is confidential.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful.

Although this e-mail and any attachments are believed to be free of any
virus, or any other defect which might affect any computer or IT system into
which they are received and opened, it is the responsibility of the
recipient to ensure that they are virus free and no responsibility is
accepted by Multicom Products Limited for any loss or damage arising in any
way from receipt or use thereof.
----- Original Message ----- From: "Bennett, Timothy (JIS - Applications)" 
<[EMAIL PROTECTED]>
To: <wicket-user@lists.sourceforge.net>
Sent: Tuesday, August 02, 2005 2:43 PM
Subject: RE: [Wicket-user] Wicket + Acegi Security ?



-----Original Message-----
From: Eelco Hillenius [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 02, 2005 4:28 AM
To: wicket-user@lists.sourceforge.net
Subject: Re: [Wicket-user] Wicket + Acegi Security ?

Now, I don't want to downplay the advantages a product like
SiteMinder or Acegi has, but I'd like to express that it
sucks that those products impose a url model on you. It makes
it harder for you to decide later on to restructure your site
as well; in the end for non-document oriented
webapplications, imo URLs should be part of your application
internals really.



Does Acegi impose a URL model on the application?


I think the way to go is to have a proper JAAS implementation
that is independent of URLs. I think Acegi can do such stuff
too, so I think that would be a good path to investigate.



Yup.  Questions lurk in my mind too regarding whether to attempt Acegi
or JAAS in Wicket.



Gert Jan Verhoog wrote:

> Hi list,
>
> Just wondering if anybody has successfully used the Acegi security
> framework with Wicket (Phil?). I'm currently using Acegi with
> SpringMVC and I'd like to use it with Spring/Wicket.
>


This is something that's on my TODO list as well, Gert.  Thanks for
bringing it up on the list.



-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=ick
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user





-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Reply via email to