You could use wicket-auth-roles. Can't think of anything more simpler: it provides two roles: user and admin. You can secure your pages and components with annotations. I like it, but be warned: it is simple and intended to stay that way. If you need something more complex or different, use it as inspiration or example.
Martijn On Wed, Jan 14, 2009 at 5:20 PM, Dane Laverty <danelave...@chemeketa.edu> wrote: > I'm currently using Swarm to secure my web application, but I think it > provides a lot more functionality than I really need. Would simply > checking for a User object the session on each page load work as well, > or am I overlooking some major security hole? This way, when the user > logs in successfully, the session would get a User object, but otherwise > it would be null and the application would kick back to the login page. > > -- Become a Wicket expert, learn from the best: http://wicketinaction.com Apache Wicket 1.3.5 is released Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org