Re: [Wicket-user] Wicket and JAAS integration

Thu, 02 Mar 2006 08:50:44 -0800 

I'd prefer to implement everything in Wicket usually, but letting the
container do at least the authentication makes it easier to implement
things like single singon and when you have a mixed webapp (e.g. that
uses plain JSP's etc).

Eelco

On 3/2/06, Eelco Hillenius <[EMAIL PROTECTED]> wrote:
> A good way in between is to let the container handle authentication
> and implement authorization with Wicket, much in the fashion of
> something like wicket-auth-roles, but for the user you would use
> ((WebRequest)getRequest()).getHttpServletRequest().getUserPrincipal()
> and / or ((WebRequest)getRequest()).isUserInRole()
>
> Eelco
>
> On 3/2/06, Johan Compagner <[EMAIL PROTECTED]> wrote:
> > this wouldn't really be the "wicket" way of doing stuff.
> > Because you want to base youre security on Request/Urls and that is just
> > what wicket wants to avoid.
> >
> > The security should be mapped on Components/Pages or Models (data).
> >
> > See for example our own security implementation wicket-auth-roles and
> > wicket-auth-roles-example
> >
> > http://sourceforge.net/project/showfiles.php?group_id=119783&package_id=173489
> >
> > johan
> >
> >
> > On 3/2/06, Piotr Bzdyl <[EMAIL PROTECTED]> wrote:
> > > Hello,
> > >
> > > How can I integrate wicket with the JAAS? I mean configuring web.xml
> > > with following configuration:
> > >
> > > <security-constraint>
> > >     <web-resource-collection>
> > >       <web-resource-name>MySystem authorized
> > area</web-resource-name>
> > >       <url-pattern>/app/*</url-pattern>
> > >       <http-method>DELETE</http-method>
> > >       <http-method>GET</http-method>
> > >       <http-method>POST</http-method>
> > >       <http-method>PUT</http-method>
> > >     </web-resource-collection>
> > >     <auth-constraint>
> > >       <role-name>MySystemUser</role-name>
> > >     </auth-constraint>
> > >     <user-data-constraint>
> > >       <transport-guarantee>
> > >     NONE
> > >       </transport-guarantee>
> > >     </user-data-constraint>
> > >   </security-constraint>
> > >   <login-config>
> > >     <auth-method>FORM</auth-method>
> > >     <realm-name>MySystem</realm-name>
> > >     <form-login-config>
> > >       <form-login-page>/login.html</form-login-page>
> > >
> > <form-error-page>/loginFailed.html</form-error-page>
> > >     </form-login-config>
> > >   </login-config>
> > >   <security-role>
> > >     <role-name>MySystemUser</role-name>
> > >   </security-role>
> > >
> > > Another concern is what to do if I want to let the user to access my
> > > wicket home page but restrict access to other pages using container
> > > authorization?
> > >
> > > Best regards,
> > > Piotr
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by xPML, a groundbreaking scripting
> > language
> > > that extends applications into web and mobile media. Attend the live
> > webcast
> > > and join the prime developer group breaking into this new coding
> > territory!
> > >
> > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> > > _______________________________________________
> > > Wicket-user mailing list
> > > [email protected]
> > > https://lists.sourceforge.net/lists/listinfo/wicket-user
> > >
> >
> >
>


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
_______________________________________________
Wicket-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/wicket-user

Reply via email to