I just had a quick look at wicket-auth-roles. And I like its simplicity. On Wed, Jan 14, 2009 at 5:28 PM, Martijn Dashorst < martijn.dasho...@gmail.com> wrote:
> You could use wicket-auth-roles. Can't think of anything more simpler: > it provides two roles: user and admin. Based on my brief look at playing around with wicket-auth-roles-eamples, I would clarify the above statement like this: it provides two roles _out-of-the-box_ : user and admin, but you're not limited to these two roles, you can use as many custom string-based roles as you wish. Right ? Maarten > You can secure your pages and > components with annotations. I like it, but be warned: it is simple > and intended to stay that way. If you need something more complex or > different, use it as inspiration or example. > > Martijn > > On Wed, Jan 14, 2009 at 5:20 PM, Dane Laverty <danelave...@chemeketa.edu> > wrote: > > I'm currently using Swarm to secure my web application, but I think it > > provides a lot more functionality than I really need. Would simply > > checking for a User object the session on each page load work as well, > > or am I overlooking some major security hole? This way, when the user > > logs in successfully, the session would get a User object, but otherwise > > it would be null and the application would kick back to the login page. > > > > > > > > -- > Become a Wicket expert, learn from the best: http://wicketinaction.com > Apache Wicket 1.3.5 is released > Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > >