Hello, Les! :) As I said I've got a wicket webapp, which stores objects in session. But it complains about the JSecurity objects, since they are not serializable.
I'm thinking of authenticating through JSecurity and authorizing through Wicket. I just want to create an authenticated realm with JSecurity and somehow avoid the serialization issues with Wicket. Can someone tell me what's the most safe and easy method to achieve that, since I don't need any super-hyper security restrictions and checks... Using AuthorizingRealm only? Thanks in advance! Regards, Martin -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Les Hazlewood Sent: Thursday, January 07, 2010 4:44 PM To: [email protected] Subject: Re: Some info needed regarding authentication config with JPA and JSecurity If you're doing authentication only, then yes, you can subclass AuthenticatingRealm. However, it is usually better to subclass AuthorizingRealm so you only have 2 methods to implement: doGetAuthenticationInfo and doGetAuthorizationInfo. Then you'll have everything you need for both authentication and authorization in very short order. You would only need to override any of the Authorizer methods on your Realm implementation if you want more control over how an access check happens beyond what the SimpleAuthorizationInfo class can do (an instance of which is usually returned from the doGetAuthorizationInfo method). Cheers, Les On Thu, Jan 7, 2010 at 7:13 AM, Martin Asenov <[email protected]> wrote: > Hello, everyone.. I need to implement > authentication module in my webapp and I want to use JSecyrity, but I can't > figure out how to connect the authc process with my JPA module I use for > accessing user details (i.e. username, password, roles, etc..). Suppose I > have to set AuthenticatingRealm to my SecurityManager and implemenent all > these methods, inherited from Authorizer interface, but since I'll do authr > in my Wicket app, I suppose i just need to implement the > 'doGetAuthenticationInfo(AuthenticationToken token)' method with the means > of the JPA implementation I have. Am I right? :) > > Thank you in advance for your time! :) > >
