Maurice Marrink wrote:
Well my view is a bit biased :)
I know..:)
swarm aims to be easy to use and flexible but i admit it can look a
bit intimidating at first.
But don't take my word for it, ask some of the other people that
actually use swarm what they think of it. There is a number of them
floating around on the mailing list.
As for your usecase for authentication and just a little bit of
authorization (you are not giving me much to work with here)
I also know. Basically, I have 5 roles depending on roles there are some
pages they cant see, and of course the bookmarkable links should'nt work
for those without proper rights. But I really liked auth-roles way with
annotations, there arent such a thing for swarm or is it planned?
You can continue using the current authentication but you need to
provide a mapping between your current roles/permissions to the
authorization mechanism of swarm. This should not be that hard.
Then you apply the ISecurePage interface to all the page you want to protected.
I've actually used markupinheritance /pageinheritance for this part, so
it should be really easy todo..
Even without using roles/permissions or whatever else authorization
you already accomplished that for those pages you need to be logged in
to the application before you can access them
Add more security to components / pages that require special permission
(all this just in a nutshell :))
Maurice
P.S. sorry for hijacking the thread :)
I believe I did it when asking:)
On Wed, Apr 2, 2008 at 9:10 AM, Nino Saturnino Martinez Vazquez Wael
<[EMAIL PROTECTED]> wrote:
Ahh, I need to look into swarm.
Currently im using my own homebrewn solution, auth roles was almost okay,
but were missing the ability to use enums in it's annotations:/ And swarm
seems to be a bit overcomplicated if I just need some base authentication +
maybe some component auth, please correct me if Im wrong?
regards Nino
Maurice Marrink wrote:
Yep that way you can switch between an application scoped strategy
(like wicket-auth-roles) and a session scoped strategy (like swarm)
Anyway the default is for the session to ask the application to return
the strategy.
On Wed, Apr 2, 2008 at 8:18 AM, Nino Saturnino Martinez Vazquez Wael
<[EMAIL PROTECTED]> wrote:
Session could provide that too? Cool:)
Maurice Marrink wrote:
Or Session. Session.getAuthorizationStrategy().
Maurice
On Tue, Apr 1, 2008 at 8:51 PM, Nino Saturnino Martinez Vazquez Wael
<[EMAIL PROTECTED]> wrote:
It's your webapplication that takes the ISecurityStrategy..
public class ZeuzGroupApplication extends WebApplication {
private SpringComponentInjector springComponentInjector;
@Override
protected void init() {
super.init();
// getSecuritySettings().setAuthorizationStrategy(
// new RoleAuthorizationStrategy(new
UserRolesAuthorizer()));
getSecuritySettings().setAuthorizationStrategy(
new ZeuzSecurity(ZeuzAuthorizedPage.class,
LoginPage.class) {
@Override
protected boolean isAuthorized(Class pageClass) {
return (((ZeuzSession)
Session.get()).isAuthorized());
}
});
...
Bruce Petro wrote:
> Thanks to the replies I received... yeah I didn't say it well,
but I
> assumed the user would be kept in the session and that seems to
fit
> everyone's reply. On top of that, I think I'm hearing I can use
> inheritance and have every page utilize ISecurityStrategy to then
> control access to the page.
>
> I'll check into it and see if I've got that all correct. Thanks
again.
>
>
> -----Original Message-----
> From: Nino Saturnino Martinez Vazquez Wael
> [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, April 01, 2008 1:49 PM
> To: users@wicket.apache.org
> Subject: Re: Question on page inheritance...
>
> True, as Igor wrote this is meant to be in conjuction with at
> ISecurityStrategy.
>
> Nino Saturnino Martinez Vazquez Wael wrote:
>
>> You could actually also do this another way... Im using markup
>> inheritance alot, but I stuff user object into the session like
this:
>>
>> See a nice view here:
>> http://papernapkin.org/pastebin/view/281/
>>
>> package zeuzgroup.application;
>>
>> import javax.servlet.http.HttpSession;
>>
>> import org.apache.wicket.Application;
>> import org.apache.wicket.Request;
>> import org.apache.wicket.protocol.http.WebRequest;
>> import org.apache.wicket.protocol.http.WebSession;
>>
>> import zeuzgroup.core.Person;
>> import zeuzgroup.core.user.UserType;
>>
>> public class ZeuzSession extends WebSession {
>>
>> private boolean authorized = false;
>>
>> private Person person;
>>
>> private HttpSession httpSession;
>>
>> protected ZeuzSession(Application application, Request
request) {
>> super(application, request);
>> httpSession = ((WebRequest)
request).getHttpServletRequest()
>> .getSession();
>>
>> }
>>
>> public boolean isAuthorized() {
>> return authorized;
>> }
>>
>> public void setAuthorized(boolean authorized) {
>>
>> this.authorized = authorized;
>> if (authorized) {
>>
>> httpSession.setAttribute("sso.password.attribute",
person
>> .getPassword());
>> httpSession.setAttribute("sso.email.attribute",
>> person.getEmail());
>> httpSession.setAttribute("password",
person.getPassword());
>> httpSession.setAttribute("email", person.getEmail());
>>
>> } else {
>> httpSession.setAttribute("sso.password.attribute",
null);
>> httpSession.setAttribute("sso.email.attribute",
null);
>> }
>> }
>>
>> public Person getPerson() {
>> if (person != null) {
>> return person;
>> } else {
>> Person person = new Person();
>> person.setUserType(UserType.Guest);
>> return person;
>> }
>> }
>>
>> public void setPerson(Person person) {
>> this.person = person;
>> }
>>
>> }
>>
>>
>> Bruce Petro wrote:
>>
>>> I'm just getting started in wicket, so forgive me if this is a
>>>
> too-dumb
>
>>> question...
>>>
>>>
>>>
>>> I know wicket can check the session for a user to ask a "user"
object
>>>
> if
>
>>> it is logged in.
>>>
>>> However, you don't really want to paste code on every page.
>>>
>>> What is the best way, to have each page inherit the base
"security
>>> check" routine?
>>>
>>>
>>>
>>> Would you create a BasePage extends WebPage and put the logic
there
>>>
> and
>
>>> have all other pages extend BasePage?
>>>
>>> Or would you attach some sort of a command object to each page
and
>>>
> put
>
>>> the logic in that?
>>>
>>>
>>>
>>> Anyone have a reference to an example of code to do this?
>>>
>>>
>>>
>>> THANKS!
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>
>
--
-Wicket for love
Nino Martinez Wael
Java Specialist @ Jayway DK
http://www.jayway.dk
+45 2936 7684
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
-Wicket for love
Nino Martinez Wael
Java Specialist @ Jayway DK
http://www.jayway.dk
+45 2936 7684
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
-Wicket for love
Nino Martinez Wael
Java Specialist @ Jayway DK
http://www.jayway.dk
+45 2936 7684
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
-Wicket for love
Nino Martinez Wael
Java Specialist @ Jayway DK
http://www.jayway.dk
+45 2936 7684
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
