Hi, I know there has been some discussion on this. But I've had a hard time deciding how this project should use security anyway.
The application in question is layered into three layers for presentation, services and persistence using Wicket, Spring and Hibernate. What we need: - Authentication - Authorization on pages, components - Authorization before being able to run methods in the service layer - Authorization for viewing/editing some domain objects using Access Control List's (ACL's) I have read Wicket in Action and it's custom security solution has some pros: - It's quite easy to understand - We have a lot of freedom in how to do authentication and authorization And some cons: - I don't know how to authorize calls of specific methods, and thus - All security will be in the presentation layer - It won't be usable if we want security on web services later (which we do not need now, so maybe this can be disregarded) It would be nice if we could have a common solution to our security needs that integrates well with Wicket and Spring. I know that the Auth Roles project is out there as well as Swarm. But I don't know which will meet our needs and which will most likely be an option to us when we later move to Wicket 1.4 or a higher version. Best regards, Kent --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org