hi martijn, >> what i really dislike about acegi is the spring/xml-stuff. but that's another >> story... ;-) > > If you take the spring/xml and the URL based authorization out of > Acegi, what is left? > > Not a stab at Acegi, just asking.
hehe - now i'm having to argue pro acegi where i'm not yet finished finding out if it really is what i'm looking for. *ggg* first of all, what i dislike is the xml-/spring-injection-dependent configuration. everything else is not tight to spring, it can be used in any other environment. everything else is: acegi supports a wide range of authentication models. from http basic authentication headers, ldap to jaas - you just have to choose. also, the authorization is as customizable as is e.g. swarm. like in swarm, you have to define your policies. it's just an implementation detail, if you use it url- or component-based. so, when thinking about authentication/authorization, i don't think of a one-time-installation at one defined customer but how it can be integrated into a variety of heterogenous systems. having a wicket application running in a system using a service-oriented-approach, i might have to use a ticketing system (like cas) to handle authorization. acegi delivers such functionality. best regards, --- jan. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user