You know, when I think about it, you can have a polymorphic users domain that is also assigned roles, so that's not a problem for Acegi. My latest blog entry talks about the problem jroller.com/page/pkulak
I just think that Acegi is very complex. That may be fine is you have very complex permissions requirements to match, but I just don't need declatative security. I'd rather just write a couple lines in Wicket's checkAccess() method, or whatever it's called. On 8/9/05, Igor Vaynberg <[EMAIL PROTECTED]> wrote: > I always liked systems where the lowest level is a permission (read this, > write that, etc), then roles consist of sets of permissions, and the user > has a set of roles. > > Just my 2 cents. > > -Igor ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Wicket-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/wicket-user
