> By the way, I'm not saying wicket security is bad, other than my example I > think it is a well put together framework that beats the hell out of using > JAAS.
Thanks, i appreciate that :) > I've had a pretty good look at wicket security but the conclusion that I've > come to with that is it only supports the fact that you have pre defined > roles within your application. > Well i am not saying it is impossible to declare and add new permissions / principals at runtime but i think it is generally undesirable to do so. Instead you should make your principals fine grained enough to be used as building blocks for roles. > I'm currently working on a multi tenant web application where the > application provided a set of permission, such and read / write access to an > object and each tenant in the application defines their own role heirachy > based on those permissions. This is exactly what we are doing in our application. We have literally +- 1000 principals defined in our system. By allowing the users to group principals together they can build there own roles. We have multiple organizations in our application and each of them can completely redesign there user roles in the system (well only up to a point because we could not allow that, but that aside they could). We provide each organization with a set of default roles as we think will suit most of them but they are completely free to alter/ rename/ delete/ whatever do with those roles because we do not depend on the roles but on the underlying principals, which are controlled by us. A big help is the fact that we made our principals imply each other (write implies read, etc) So when a user designs there roles they don't have to check read access to page A and write access to page A but can suffice with write access to page A. Although most of our principals handle a couple of related pages we also have principals going as deep as individual components. For instance we have a large data grid, the principals are fine grained enough to give you read or write access up to the individual cell. Correct me if i am wrong but this seems to be what you want too. Maurice On 6/28/07, craigdd <[EMAIL PROTECTED]> wrote: > > I've had a pretty good look at wicket security but the conclusion that I've > come to with that is it only supports the fact that you have pre defined > roles within your application. > > I'm currently working on a multi tenant web application where the > application provided a set of permission, such and read / write access to an > object and each tenant in the application defines their own role heirachy > based on those permissions. > > We are currently using acegi and I'm trying to figure out the best way to > bake acl into wicket's components. Example, a link is set to invisible if > the authenticated use doesn't contain a role with the given permission of > that link. So lets say the link is to delete an object, the user must have > a role with the permission to delete that object or the link will not show > on the page. > > By the way, I'm not saying wicket security is bad, other than my example I > think it is a well put together framework that beats the hell out of using > JAAS. > > -Craig > > > Mr Mean wrote: > > > > If you mean java Jaas like acl than swarm is what you are looking for. > > Optionally if you really want to use jaas and not some look alike i > > made up you could practically copy swarm and replace most objects with > > there jaas counterparts. > > However i chose not to use jaas because we are using that in one of > > our projects right now and although it works it is less than optimal > > :) As soon as we make the switch to wicket 1.3.0 jaas will be replaced > > by swarm. > > > > You can also check out the example project here > > https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-examples > > > > > > Maurice > > > > On 6/21/07, Igor Vaynberg <[EMAIL PROTECTED]> wrote: > >> wicket's security model is completely generic > >> > >> see IAuthorizationStrategy - it is very abstract and thus can be used to > >> implement any kind of authorization > >> > >> wicket-auth is just an example that implements basic role-based model > >> > >> see wicket-stuff wasp and swarm projects > >> > >> http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security > >> > >> -igor > >> > >> > >> On 6/21/07, craigdd <[EMAIL PROTECTED]> wrote: > >> > > >> > Is wicket security based only on role based authorization or could it > >> somehow > >> > be used with a more traditional ACL type of file / logic. > >> > > >> > -Craig > >> > -- > >> > View this message in context: > >> http://www.nabble.com/wicket-security-and-acl-files-tf3960558.html#a11239024 > >> > Sent from the Wicket - User mailing list archive at Nabble.com. > >> > > >> > > >> > > >> ------------------------------------------------------------------------- > >> > This SF.net email is sponsored by DB2 Express > >> > Download DB2 Express C - the FREE version of DB2 express and take > >> > control of your XML. No limits. Just data. Click to get it now. > >> > http://sourceforge.net/powerbar/db2/ > >> > _______________________________________________ > >> > Wicket-user mailing list > >> > Wicket-user@lists.sourceforge.net > >> > https://lists.sourceforge.net/lists/listinfo/wicket-user > >> > > >> > >> > >> ------------------------------------------------------------------------- > >> This SF.net email is sponsored by DB2 Express > >> Download DB2 Express C - the FREE version of DB2 express and take > >> control of your XML. No limits. Just data. Click to get it now. > >> http://sourceforge.net/powerbar/db2/ > >> _______________________________________________ > >> Wicket-user mailing list > >> Wicket-user@lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/wicket-user > >> > >> > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by DB2 Express > > Download DB2 Express C - the FREE version of DB2 express and take > > control of your XML. No limits. Just data. Click to get it now. > > http://sourceforge.net/powerbar/db2/ > > _______________________________________________ > > Wicket-user mailing list > > Wicket-user@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/wicket-user > > > > > > -- > View this message in context: > http://www.nabble.com/wicket-security-and-acl-files-tf3960558.html#a11350022 > Sent from the Wicket - User mailing list archive at Nabble.com. > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Wicket-user mailing list > Wicket-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wicket-user > ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
