Annotations are planned for swarm 1.4 (should come out shortly after
wicket 1.4) .
Maurice
On Wed, Apr 2, 2008 at 11:14 AM, Nino Saturnino Martinez Vazquez Wael
<[EMAIL PROTECTED]> wrote:
>
>
> Maurice Marrink wrote:
>
> > Well my view is a bit biased :)
> >
> >
> I know..:)
>
>
> > swarm aims to be easy to use and flexible but i admit it can look a
> > bit intimidating at first.
> > But don't take my word for it, ask some of the other people that
> > actually use swarm what they think of it. There is a number of them
> > floating around on the mailing list.
> >
> > As for your usecase for authentication and just a little bit of
> > authorization (you are not giving me much to work with here)
> >
> >
> I also know. Basically, I have 5 roles depending on roles there are some
> pages they cant see, and of course the bookmarkable links should'nt work for
> those without proper rights. But I really liked auth-roles way with
> annotations, there arent such a thing for swarm or is it planned?
>
>
> > You can continue using the current authentication but you need to
> > provide a mapping between your current roles/permissions to the
> > authorization mechanism of swarm. This should not be that hard.
> > Then you apply the ISecurePage interface to all the page you want to
> protected.
> >
> >
> I've actually used markupinheritance /pageinheritance for this part, so it
> should be really easy todo..
>
>
> > Even without using roles/permissions or whatever else authorization
> > you already accomplished that for those pages you need to be logged in
> > to the application before you can access them
> > Add more security to components / pages that require special permission
> > (all this just in a nutshell :))
> >
> > Maurice
> >
> > P.S. sorry for hijacking the thread :)
> >
> >
> I believe I did it when asking:)
>
>
>
> >
> > On Wed, Apr 2, 2008 at 9:10 AM, Nino Saturnino Martinez Vazquez Wael
> > <[EMAIL PROTECTED]> wrote:
> >
> >
> > > Ahh, I need to look into swarm.
> > >
> > > Currently im using my own homebrewn solution, auth roles was almost
> okay,
> > > but were missing the ability to use enums in it's annotations:/ And
> swarm
> > > seems to be a bit overcomplicated if I just need some base
> authentication +
> > > maybe some component auth, please correct me if Im wrong?
> > >
> > > regards Nino
> > >
> > >
> > >
> > > Maurice Marrink wrote:
> > >
> > >
> > >
> > > > Yep that way you can switch between an application scoped strategy
> > > > (like wicket-auth-roles) and a session scoped strategy (like swarm)
> > > > Anyway the default is for the session to ask the application to return
> > > > the strategy.
> > > >
> > > >
> > > > On Wed, Apr 2, 2008 at 8:18 AM, Nino Saturnino Martinez Vazquez Wael
> > > > <[EMAIL PROTECTED]> wrote:
> > > >
> > > >
> > > >
> > > >
> > > > > Session could provide that too? Cool:)
> > > > >
> > > > >
> > > > >
> > > > > Maurice Marrink wrote:
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > > Or Session. Session.getAuthorizationStrategy().
> > > > > >
> > > > > > Maurice
> > > > > >
> > > > > > On Tue, Apr 1, 2008 at 8:51 PM, Nino Saturnino Martinez Vazquez
> Wael
> > > > > > <[EMAIL PROTECTED]> wrote:
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > > It's your webapplication that takes the ISecurityStrategy..
> > > > > > >
> > > > > > > public class ZeuzGroupApplication extends WebApplication {
> > > > > > >
> > > > > > > private SpringComponentInjector springComponentInjector;
> > > > > > >
> > > > > > > @Override
> > > > > > > protected void init() {
> > > > > > > super.init();
> > > > > > > // getSecuritySettings().setAuthorizationStrategy(
> > > > > > > // new RoleAuthorizationStrategy(new
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > UserRolesAuthorizer()));
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > >
> > > > > > > getSecuritySettings().setAuthorizationStrategy(
> > > > > > > new ZeuzSecurity(ZeuzAuthorizedPage.class,
> > > > > > > LoginPage.class) {
> > > > > > > @Override
> > > > > > > protected boolean isAuthorized(Class pageClass)
> {
> > > > > > > return (((ZeuzSession)
> > > > > > > Session.get()).isAuthorized());
> > > > > > > }
> > > > > > > });
> > > > > > > ...
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Bruce Petro wrote:
> > > > > > > > Thanks to the replies I received... yeah I didn't say it
> well,
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > but I
> > >
> > >
> > > >
> > > > >
> > > > > >
> > > > > > > > assumed the user would be kept in the session and that seems
> to
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > fit
> > >
> > >
> > > >
> > > > >
> > > > > >
> > > > > > > > everyone's reply. On top of that, I think I'm hearing I can
> use
> > > > > > > > inheritance and have every page utilize ISecurityStrategy to
> then
> > > > > > > > control access to the page.
> > > > > > > >
> > > > > > > > I'll check into it and see if I've got that all correct.
> Thanks
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > again.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: Nino Saturnino Martinez Vazquez Wael
> > > > > > > > [mailto:[EMAIL PROTECTED]
> > > > > > > > Sent: Tuesday, April 01, 2008 1:49 PM
> > > > > > > > To: [email protected]
> > > > > > > > Subject: Re: Question on page inheritance...
> > > > > > > >
> > > > > > > > True, as Igor wrote this is meant to be in conjuction with at
> > > > > > > > ISecurityStrategy.
> > > > > > > >
> > > > > > > > Nino Saturnino Martinez Vazquez Wael wrote:
> > > > > > > >
> > > > > > > >> You could actually also do this another way... Im using
> markup
> > > > > > > >> inheritance alot, but I stuff user object into the session
> like
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > this:
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > >
> > > > > > > >>
> > > > > > > >> See a nice view here:
> > > > > > > >> http://papernapkin.org/pastebin/view/281/
> > > > > > > >>
> > > > > > > >> package zeuzgroup.application;
> > > > > > > >>
> > > > > > > >> import javax.servlet.http.HttpSession;
> > > > > > > >>
> > > > > > > >> import org.apache.wicket.Application;
> > > > > > > >> import org.apache.wicket.Request;
> > > > > > > >> import org.apache.wicket.protocol.http.WebRequest;
> > > > > > > >> import org.apache.wicket.protocol.http.WebSession;
> > > > > > > >>
> > > > > > > >> import zeuzgroup.core.Person;
> > > > > > > >> import zeuzgroup.core.user.UserType;
> > > > > > > >>
> > > > > > > >> public class ZeuzSession extends WebSession {
> > > > > > > >>
> > > > > > > >> private boolean authorized = false;
> > > > > > > >>
> > > > > > > >> private Person person;
> > > > > > > >>
> > > > > > > >> private HttpSession httpSession;
> > > > > > > >>
> > > > > > > >> protected ZeuzSession(Application application, Request
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > request) {
> > >
> > >
> > > >
> > > > >
> > > > > >
> > > > > > > >> super(application, request);
> > > > > > > >> httpSession = ((WebRequest)
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > request).getHttpServletRequest()
> > >
> > >
> > > >
> > > > >
> > > > > >
> > > > > > > >> .getSession();
> > > > > > > >>
> > > > > > > >> }
> > > > > > > >>
> > > > > > > >> public boolean isAuthorized() {
> > > > > > > >> return authorized;
> > > > > > > >> }
> > > > > > > >>
> > > > > > > >> public void setAuthorized(boolean authorized) {
> > > > > > > >>
> > > > > > > >> this.authorized = authorized;
> > > > > > > >> if (authorized) {
> > > > > > > >>
> > > > > > > >>
> httpSession.setAttribute("sso.password.attribute",
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > person
> > >
> > >
> > > >
> > > > >
> > > > > >
> > > > > > > >> .getPassword());
> > > > > > > >> httpSession.setAttribute("sso.email.attribute",
> > > > > > > >> person.getEmail());
> > > > > > > >> httpSession.setAttribute("password",
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > person.getPassword());
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > >
> > > > > > > >> httpSession.setAttribute("email",
> person.getEmail());
> > > > > > > >>
> > > > > > > >> } else {
> > > > > > > >>
> httpSession.setAttribute("sso.password.attribute",
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > null);
> > >
> > >
> > > >
> > > > >
> > > > > >
> > > > > > > >> httpSession.setAttribute("sso.email.attribute",
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > null);
> > >
> > >
> > > >
> > > > >
> > > > > >
> > > > > > > >> }
> > > > > > > >> }
> > > > > > > >>
> > > > > > > >> public Person getPerson() {
> > > > > > > >> if (person != null) {
> > > > > > > >> return person;
> > > > > > > >> } else {
> > > > > > > >> Person person = new Person();
> > > > > > > >> person.setUserType(UserType.Guest);
> > > > > > > >> return person;
> > > > > > > >> }
> > > > > > > >> }
> > > > > > > >>
> > > > > > > >> public void setPerson(Person person) {
> > > > > > > >> this.person = person;
> > > > > > > >> }
> > > > > > > >>
> > > > > > > >> }
> > > > > > > >>
> > > > > > > >>
> > > > > > > >> Bruce Petro wrote:
> > > > > > > >>
> > > > > > > >>> I'm just getting started in wicket, so forgive me if this
> is a
> > > > > > > >>>
> > > > > > > > too-dumb
> > > > > > > >
> > > > > > > >>> question...
> > > > > > > >>>
> > > > > > > >>>
> > > > > > > >>>
> > > > > > > >>> I know wicket can check the session for a user to ask a
> "user"
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > object
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > >
> > > > > > > >>>
> > > > > > > > if
> > > > > > > >
> > > > > > > >>> it is logged in.
> > > > > > > >>>
> > > > > > > >>> However, you don't really want to paste code on every page.
> > > > > > > >>>
> > > > > > > >>> What is the best way, to have each page inherit the base
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > "security
> > >
> > >
> > > >
> > > > >
> > > > > >
> > > > > > > >>> check" routine?
> > > > > > > >>>
> > > > > > > >>>
> > > > > > > >>>
> > > > > > > >>> Would you create a BasePage extends WebPage and put the
> logic
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > there
> > >
> > >
> > > >
> > > > >
> > > > > >
> > > > > > > >>>
> > > > > > > > and
> > > > > > > >
> > > > > > > >>> have all other pages extend BasePage?
> > > > > > > >>>
> > > > > > > >>> Or would you attach some sort of a command object to each
> page
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > and
> > >
> > >
> > > >
> > > > >
> > > > > >
> > > > > > > >>>
> > > > > > > > put
> > > > > > > >
> > > > > > > >>> the logic in that?
> > > > > > > >>>
> > > > > > > >>>
> > > > > > > >>>
> > > > > > > >>> Anyone have a reference to an example of code to do this?
> > > > > > > >>>
> > > > > > > >>>
> > > > > > > >>>
> > > > > > > >>> THANKS!
> > > > > > > >>>
> > > > > > > >>>
> > > > > > > >>>
> > > > > > > >>>
> > > > > > > >>>
> > > > > > > >>>
> > > > > > > >>>
> > > > > > > >>>
> > > > > > > >>>
> > > > > > > >>>
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > -Wicket for love
> > > > > > >
> > > > > > > Nino Martinez Wael
> > > > > > > Java Specialist @ Jayway DK
> > > > > > > http://www.jayway.dk
> > > > > > > +45 2936 7684
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > ---------------------------------------------------------------------
> > >
> > >
> > > >
> > > > >
> > > > > >
> > > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> ---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > --
> > > > >
> > > > > -Wicket for love
> > > > >
> > > > > Nino Martinez Wael
> > > > > Java Specialist @ Jayway DK
> > > > > http://www.jayway.dk
> > > > > +45 2936 7684
> > > > >
> > > > >
> > > > >
> ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > --
> > > -Wicket for love
> > >
> > > Nino Martinez Wael
> > > Java Specialist @ Jayway DK
> > > http://www.jayway.dk
> > > +45 2936 7684
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> >
>
> --
> -Wicket for love
>
> Nino Martinez Wael
> Java Specialist @ Jayway DK
> http://www.jayway.dk
> +45 2936 7684
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
