Re: [Wicket-user] Re: Security framework in Wicket

[Eelco Hillenius]

> Signin is part of the authentication (not authorization), and I concur
> that a web framework should provide hooks for it.

Heh :) Don't agree. Authentication should be seen as part of
authorization. Authorization is the end-means of seeing whether action
x is permitted or not. Authentication is just a possible step to
validate whether client a is who he states he is, and to get clear
what security attributes are coupled to the client (like roles/
principals, etc).

> Not all web sites one may want to build with wicket require complex
> model objects that handle authorization. But do they really require
> security support from wicket?

Then don't use it. It's just a hook. The hook is built on a more
generic hook too.

We found the need to have a mechanism for authentication that is
supported out of the box, and it has been requested by many users. I
agree a framework should provide for anything and it's mother, but in
this case I think Wicket needed the ability to at least cooperate on
this with other layers of your application.

Eelco


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user