Hi Erik, Yes. So you mean in short: use Acegi for authentication and use wicket-auth-roles for authorization. That is a good compromise because you get some of the features of Acegi out-of-the-box, like a LDAP-server authentication as you mention.
Questions; Do you use a "normal" login form according to Acegi or do you use a Wicket login form? Where do you put your authorization settings? > If desired we > could have easily read that information from an ACL file. What do you have in mind as content for the ACL file. I understand from the Acegi reference guide that you can set authorization on domain objects. But what for example if the case is that a delete button may only be visible for administrators? Regards, Rik On 10-nov-2006, at 22:17, Erik van Oosten wrote: > Hi Rik, > > We use Acegi because of its excellent backend features. We do not use > Acegi to do authorization in the frontend, we just give a > username/pasword and ask it for the roles. Acegi gets it out of > LDAP for > us, wicket-auth-roles does the authorization. The Acegi filter sets > the > authenticated user on a tread-local, but that is the only > involvement of > Acegi in the front-end. However, having the thread-local Acegi can be > still for used for securing the spring configured services. > > The authorization settings are set by our application and stored in > the > Wicket metadata facility (again using wicket-auth-roles). If > desired we > could have easily read that information from an ACL file. > > Would this be an acceptable solution? > > Erik. > > > Rik van der Kleij schreef: >> Hi, >> >> That is also the reason why Acegi and Wicket don't integrate well. >> Till now I have not found a good way to secure Wicket components by >> Acegi. Acegi is based on URL requests, method intercepting and >> securing domain objects by ACL's. According to me you want to set >> authorization on component level. Annotations is a way but I prefer >> security by configuration. Maybe the only good solution is to build a >> Wicket specific solution. >> >> Regards, >> Rik >> > > -- > Erik van Oosten > http://day-to-day-stuff.blogspot.com/ > > > ---------------------------------------------------------------------- > --- > Using Tomcat but need to do more? Need to support web services, > security? > Get stuff done quickly with pre-integrated technology to make your > job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache > Geronimo > http://sel.as-us.falkag.net/sel? > cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Wicket-user mailing list > Wicket-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wicket-user ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
