Hi-
I'm trying to get started with JSecurity/Ki and before chasing myself
down the wrong path, i figured I would ask here first.. (BTW, is this
the preferred location? what about http://www.jsecurity.org/forum ?)
I have a wicket application where I need to offer a variety of
authentication methods. By default anyone can do anything, then users
could enable security that will either pull authentication from JDBC
or LDAP.
1. Is it possible to change the SecurityManager/Realm configuration
at runtime? My plan is to configure a SecurityManager in the init()
method, then potentially change it when users twiddle the settings
(via UI). Although I am running spring, I don't want users to have to
configure spring to change the settings.
2. I need to apply authentication rules throughout my applicaiton, BUT
by default let anyone do anything. What is the recommend way to do
this? Use something already built? Implement a SecurityManager? I
could make a Realm with all known permissions, but that seems really
brittle *and* it would not let me use "isAuthenticated()"
3. In the wicket examples [1], I am trying to add some debug info to
help learn/understand what is going on. I added a panel to show the
contents of SecurityUtils.getSecurityManager().getClass() but it looks
like that is not used by default (makes sense). Is there a way to
access the current SecurityManager?
[1]
https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicketstuff-core/ki-security/ki-security-examples/
Thanks for any pointers!
ryan
