> What makes me wonder is, using Acegi as a Filter means not to use > component-based authorization. But it should be possible to integrate Acegi > into > the application and all Filter-gotchas should be resolvable. Or am I missing > something?
You're right, if you really want, you can use URL based authorization. > Why re-invent the wheel with Wasp/Swarm? I don't know about Wasp/Swarm particularly, but I'm guessing you wonder about why do component-level auhtorization rather then URL based authorization. First, there are advantages to URL based auth: * widely supported, including through servlet containers and libs like Acegi * good when you mix technologies as this way you have one solution for all But the disadvantages are pretty grave: * severely limits your options as you'll pretty much have to get back to page-based development. URL based authorization only works for course grained cases, and won't work with e.g. when you do component replacement[1] and Ajax. * it leaks abstraction. With Wicket you can abstract much of your functionality to self contained components, including the relevant authorization if you like. This opens the door for really fine grained auth models, and with such components you'll never have to worry where they are used, as you'll know that the functionality can't be exposed in the wrong places. Great when you work with teams. You'll loose this when you do URL based auth, as then you'll have to be aware what's actually on your pages at any time. * for this to work with Wicket you'll have to work with URL mounting. And re-organizing the mounts can break security. My 2c, Eelco [1] http://chillenious.wordpress.com/2006/07/16/on-page-navigation/ ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user