Of course, that means your WebSession class must extend AuthenticatedWebSession.
On Mon, May 5, 2008 at 10:49 AM, James Carman <[EMAIL PROTECTED]> wrote: > We use Acegi/Wicket in our current project at work. The main thing > you need to worry about is the session implementation. Here's a > snippet from ours: > > private AuthenticationManager getAuthenticationManager() > { > return (( MyWebApplication ) > getApplication()).getAuthenticationManager(); > } > > public boolean authenticate(String username, String password) > { > UsernamePasswordAuthenticationToken tok = new > UsernamePasswordAuthenticationToken(username, password); > final Authentication auth = > getAuthenticationManager().authenticate(tok); > if (auth != null && auth.isAuthenticated()) > { > SecurityContextHolder.getContext().setAuthentication(auth); > return true; > } > return false; > } > > public Roles getRoles() > { > if (isSignedIn()) > { > final Authentication auth = > SecurityContextHolder.getContext().getAuthentication(); > if (auth == null) > { > return null; > } > Roles roles = new Roles(); > for (GrantedAuthority grantedAuthority : auth.getAuthorities()) > { > roles.add(grantedAuthority.getAuthority()); > } > return roles; > } > return null; > } > > > So, your custom web application has to be able to get a handle on the > Acegi (I'd go with spring-security if I were you if you're starting > from scratch because that seems to be the next generation of Acegi) > AuthenticationManager (we used Spring to do this). Alternatively, you > could mark your session class as @Configurable and let Spring inject > the AuthenticationManager in. The other part you need is to set up > the Spring/Acegi filter stuff in your web.xml: > > <filter> > <filter-name>Acegi Filter Chain Proxy</filter-name> > <filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class> > <init-param> > <param-name>targetClass</param-name> > <param-value>org.acegisecurity.util.FilterChainProxy</param-value> > </init-param> > </filter> > <filter-mapping> > <filter-name>Acegi Filter Chain Proxy</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > > Then, in your applicationContext.xml file: > > <bean id="filterChainProxy" > class="org.acegisecurity.util.FilterChainProxy"> > <property name="filterInvocationDefinitionSource"> > <value> > CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON > PATTERN_TYPE_APACHE_ANT > /**=httpSessionContextIntegrationFilter > </value> > </property> > </bean> > > <bean id="httpSessionContextIntegrationFilter" > class="org.acegisecurity.context.HttpSessionContextIntegrationFilter" > autowire="autodetect"> > <property name="forceEagerSessionCreation" value="true"/> > </bean> > > Hope this helps. The last two parts are just vanilla Acegi stuff. > So, if you've had Acegi working in the past, just copy/paste it from > there. > > > > On Mon, May 5, 2008 at 10:40 AM, David Nedrow <[EMAIL PROTECTED]> wrote: > > I'm adding Acegi support to a Wicket project, but have been completely > > unable to get all the pieces correct. One of the main problems is that > there > > appears to be no standalone example available. The acegi-security examples > > are awful, since all thirty of the samples are mixed with each other and > > re-use components, needlessly complicating each example. IE., there's no > way > > to see what is actually required for a specific example. > > > > The online guides > > > (eg.http://wicketstuff.org/confluence/display/STUFFWIKI/Swarm+and+Acegi+HowTo > > ) refer to existing mixed examples without providing a full sample. > > > > Has anyone seen an Acegi+Wicket example that is: > > > > 1) Targeted at implementing Acegi in Wicket > > 2) Contains all the sample sources in a self-contained tree > > > > -David > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]