A good way in between is to let the container handle authentication and implement authorization with Wicket, much in the fashion of something like wicket-auth-roles, but for the user you would use ((WebRequest)getRequest()).getHttpServletRequest().getUserPrincipal() and / or ((WebRequest)getRequest()).isUserInRole()
Eelco On 3/2/06, Johan Compagner <[EMAIL PROTECTED]> wrote: > this wouldn't really be the "wicket" way of doing stuff. > Because you want to base youre security on Request/Urls and that is just > what wicket wants to avoid. > > The security should be mapped on Components/Pages or Models (data). > > See for example our own security implementation wicket-auth-roles and > wicket-auth-roles-example > > http://sourceforge.net/project/showfiles.php?group_id=119783&package_id=173489 > > johan > > > On 3/2/06, Piotr Bzdyl <[EMAIL PROTECTED]> wrote: > > Hello, > > > > How can I integrate wicket with the JAAS? I mean configuring web.xml > > with following configuration: > > > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>MySystem authorized > area</web-resource-name> > > <url-pattern>/app/*</url-pattern> > > <http-method>DELETE</http-method> > > <http-method>GET</http-method> > > <http-method>POST</http-method> > > <http-method>PUT</http-method> > > </web-resource-collection> > > <auth-constraint> > > <role-name>MySystemUser</role-name> > > </auth-constraint> > > <user-data-constraint> > > <transport-guarantee> > > NONE > > </transport-guarantee> > > </user-data-constraint> > > </security-constraint> > > <login-config> > > <auth-method>FORM</auth-method> > > <realm-name>MySystem</realm-name> > > <form-login-config> > > <form-login-page>/login.html</form-login-page> > > > <form-error-page>/loginFailed.html</form-error-page> > > </form-login-config> > > </login-config> > > <security-role> > > <role-name>MySystemUser</role-name> > > </security-role> > > > > Another concern is what to do if I want to let the user to access my > > wicket home page but restrict access to other pages using container > > authorization? > > > > Best regards, > > Piotr > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by xPML, a groundbreaking scripting > language > > that extends applications into web and mobile media. Attend the live > webcast > > and join the prime developer group breaking into this new coding > territory! > > > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 > > _______________________________________________ > > Wicket-user mailing list > > Wicket-user@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/wicket-user > > > > ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642 _______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user