Re: [Wicket-user] Wicket and JAAS integration

Thu, 02 Mar 2006 08:41:44 -0800 

A good way in between is to let the container handle authentication
and implement authorization with Wicket, much in the fashion of
something like wicket-auth-roles, but for the user you would use
((WebRequest)getRequest()).getHttpServletRequest().getUserPrincipal()
and / or ((WebRequest)getRequest()).isUserInRole()

Eelco

On 3/2/06, Johan Compagner <[EMAIL PROTECTED]> wrote:
> this wouldn't really be the "wicket" way of doing stuff.
> Because you want to base youre security on Request/Urls and that is just
> what wicket wants to avoid.
>
> The security should be mapped on Components/Pages or Models (data).
>
> See for example our own security implementation wicket-auth-roles and
> wicket-auth-roles-example
>
> http://sourceforge.net/project/showfiles.php?group_id=119783&package_id=173489
>
> johan
>
>
> On 3/2/06, Piotr Bzdyl <[EMAIL PROTECTED]> wrote:
> > Hello,
> >
> > How can I integrate wicket with the JAAS? I mean configuring web.xml
> > with following configuration:
> >
> > <security-constraint>
> >     <web-resource-collection>
> >       <web-resource-name>MySystem authorized
> area</web-resource-name>
> >       <url-pattern>/app/*</url-pattern>
> >       <http-method>DELETE</http-method>
> >       <http-method>GET</http-method>
> >       <http-method>POST</http-method>
> >       <http-method>PUT</http-method>
> >     </web-resource-collection>
> >     <auth-constraint>
> >       <role-name>MySystemUser</role-name>
> >     </auth-constraint>
> >     <user-data-constraint>
> >       <transport-guarantee>
> >     NONE
> >       </transport-guarantee>
> >     </user-data-constraint>
> >   </security-constraint>
> >   <login-config>
> >     <auth-method>FORM</auth-method>
> >     <realm-name>MySystem</realm-name>
> >     <form-login-config>
> >       <form-login-page>/login.html</form-login-page>
> >
> <form-error-page>/loginFailed.html</form-error-page>
> >     </form-login-config>
> >   </login-config>
> >   <security-role>
> >     <role-name>MySystemUser</role-name>
> >   </security-role>
> >
> > Another concern is what to do if I want to let the user to access my
> > wicket home page but restrict access to other pages using container
> > authorization?
> >
> > Best regards,
> > Piotr
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by xPML, a groundbreaking scripting
> language
> > that extends applications into web and mobile media. Attend the live
> webcast
> > and join the prime developer group breaking into this new coding
> territory!
> >
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> > _______________________________________________
> > Wicket-user mailing list
> > Wicket-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/wicket-user
> >
>
>


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Reply via email to