Because you want to base youre security on Request/Urls and that is just what wicket wants to avoid.
The security should be mapped on Components/Pages or Models (data).
See for example our own security implementation wicket-auth-roles and wicket-auth-roles-example
http://sourceforge.net/project/showfiles.php?group_id=119783&package_id=173489
johan
On 3/2/06, Piotr Bzdyl <[EMAIL PROTECTED]> wrote:
Hello,
How can I integrate wicket with the JAAS? I mean configuring web.xml
with following configuration:
<security-constraint>
<web-resource-collection>
<web-resource-name>MySystem authorized area</web-resource-name>
<url-pattern>/app/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>MySystemUser</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>
NONE
</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MySystem</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/loginFailed.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>MySystemUser</role-name>
</security-role>
Another concern is what to do if I want to let the user to access my
wicket home page but restrict access to other pages using container
authorization?
Best regards,
Piotr
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Wicket-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/wicket-user
