[Wicket-user] Removal of ISecuritySettings.get/setSignInPage()

[Jonathan Locke]

Eelco tells me that a couple people are complaining about this change and I wanted to explain why it happened and also reassure everyone that the big bunch of changes that just went through is the last of what I wanted to get done for 1.2.  From here on out, I'd like to see us just fix bugs and improve the examples and documentation for what we've got.

The problem with the sign-in page setting is that (a) it's magical in nature and a bunch of stuff happens behind the scenes that is hard to find and extend and (b) the setting will not necessarily be respected by Wicket in the future.  In fact, if you use the wicket-auth-roles-examples project's authentication package (which I'm hoping will be moved into core in 2.0 when we adopt Java 5), the setting is totally ignored.  This becomes very confusing to users who think that the sign-in page is a contract with wicket for authentication.  It isn't and cannot be.  Igor complained about this and I agreed with his complaint and so it was removed.

The big long scary names of those classes reflect exactly what the classes do.  However, nobody really needs to use them directly.  The intent of wicket-auth-roles-examples (we could move this into wicket-auth-roles for 1.2 final if people like that idea) is to make a really simple way to do authentication in Wicket that is (a) not magical and (b) highly extensible and (c) does not require that you understand much about how it works.  Please check out my blog on JRoller where I very briefly discuss this code.  And let us know if this is a better approach to authentication.  It's my strong feeling that it is a huge improvement over get/setSignInPage.

Best,

     Jonathan