Hi Rik,
We use Acegi because of its excellent backend features. We do not use
Acegi to do authorization in the frontend, we just give a
username/pasword and ask it for the roles. Acegi gets it out of LDAP for
us, wicket-auth-roles does the authorization. The Acegi filter sets the
authenticated user on a tread-local, but that is the only involvement of
Acegi in the front-end. However, having the thread-local Acegi can be
still for used for securing the spring configured services.
The authorization settings are set by our application and stored in the
Wicket metadata facility (again using wicket-auth-roles). If desired we
could have easily read that information from an ACL file.
Would this be an acceptable solution?
Erik.
Rik van der Kleij schreef:
> Hi,
>
> That is also the reason why Acegi and Wicket don't integrate well.
> Till now I have not found a good way to secure Wicket components by
> Acegi. Acegi is based on URL requests, method intercepting and
> securing domain objects by ACL's. According to me you want to set
> authorization on component level. Annotations is a way but I prefer
> security by configuration. Maybe the only good solution is to build a
> Wicket specific solution.
>
> Regards,
> Rik
>
--
Erik van Oosten
http://day-to-day-stuff.blogspot.com/
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
