I'm making a forum project to learn about Wicket, Hibernate & Spring. It has been interesting, but now I am kinda stuck for a while on authentication/authorization.
The difficulty I am having is that the "roles" a user can have is based on the forum he is on. Each forum is owned by a different user. So a user can be a "forum administator" on forum A, but be a "registered user" on forum B. All examples I see seem to determine the roles context-free. Is it still possible to use Wasp/Swarm with such a use case. And if so could someone explain the basics for how to do this on a conceptual level? When and where do I determine the roles and store them? Kinda off-topic... when searching for more information about Java and security I found this book: Core Security Patterns: Best Practices and Strategies for J2EE http://www.amazon.com/Core-Security-Patterns-Strategies-Management/dp/0131463071/ref=pd_bbs_sr_1/002-9886411-4978452?ie=UTF8&s=books&qid=1190190555&sr=1-1 I was curious if someone here read this book and if the information in this book is still useful when working with Wicket. Thanks for any help.