Johan Compagner schrieb:
most of the time you want security over pages or links (rendered/shown or
not)
This can be very elegantly solved with an application model. For
example, a navigation provider should only return navigation items the
user has access to.
As for other links/buttons that require access checks, they are most
likely actions on model objects. So it's up to the model object to
provide only the actions the user has access to.
It should be easy to integrate a signin page and so on.
Signin is part of the authentication (not authorization), and I concur
that a web framework should provide hooks for it.
that should be possible in wicket. And that is what the security interfaces
(and an example implemention) is for
just to provide hooks to do those things.
Most people don't look at the model (data) for security things they have
pages that they know are showing data.
This argument nearly convices me :)
Not all web sites one may want to build with wicket require complex
model objects that handle authorization. But do they really require
security support from wicket?
Timo
Just like many url based frameworks do it even on the url /admin /xxx / yyy
johan
On 2/11/06, Timo Stamm <[EMAIL PROTECTED]> wrote:
Igor Vaynberg schrieb:
wicket is not MVC so the design of your application will be different.
I think a lot of people take wicket for a MVC framework, but let's not
have yet another discussion about what MVC is.
Since wicket propagates seperation of concerns (and it has a very good
separation between model and presentation), I think my point is valid.
what
we provide are hooks for you to build on, if you dont want to use them
you
dont have to. that is the beauty of the design: they are there for you
if
you need them, and invisible if you dont.
Putting authorization tasks into the presentation is not a good design
choice because you will have to reimplement all access checks if you
need a different way to access the model. And you are bound to make
errors sooner or later, which is especially bad since they affect the
business layer.
In my opinion, Wicket should concentrate on it's core tasks, and leave
the other tasks to different frameworks. Authorization would be part of
a model framework.
A beautiful design would be to make it possible to add any kind of hook,
and not to provide any hooks that are unrelated to the core tasks.
Timo
On 2/11/06, Timo Stamm <[EMAIL PROTECTED]> wrote:
Johan Compagner schrieb:
We have now a Security framework (better said security interfaces)
inside
wicket.
I was wondering whether this is really a good idea. Isn't authorization
a responsibility of the model in a MVC application?
Timo
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Wicket-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/wicket-user
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Wicket-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/wicket-user
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Wicket-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/wicket-user
