I've had a pretty good look at wicket security but the conclusion that I've come to with that is it only supports the fact that you have pre defined roles within your application.
I'm currently working on a multi tenant web application where the application provided a set of permission, such and read / write access to an object and each tenant in the application defines their own role heirachy based on those permissions. We are currently using acegi and I'm trying to figure out the best way to bake acl into wicket's components. Example, a link is set to invisible if the authenticated use doesn't contain a role with the given permission of that link. So lets say the link is to delete an object, the user must have a role with the permission to delete that object or the link will not show on the page. By the way, I'm not saying wicket security is bad, other than my example I think it is a well put together framework that beats the hell out of using JAAS. -Craig Mr Mean wrote: > > If you mean java Jaas like acl than swarm is what you are looking for. > Optionally if you really want to use jaas and not some look alike i > made up you could practically copy swarm and replace most objects with > there jaas counterparts. > However i chose not to use jaas because we are using that in one of > our projects right now and although it works it is less than optimal > :) As soon as we make the switch to wicket 1.3.0 jaas will be replaced > by swarm. > > You can also check out the example project here > https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-examples > > > Maurice > > On 6/21/07, Igor Vaynberg <[EMAIL PROTECTED]> wrote: >> wicket's security model is completely generic >> >> see IAuthorizationStrategy - it is very abstract and thus can be used to >> implement any kind of authorization >> >> wicket-auth is just an example that implements basic role-based model >> >> see wicket-stuff wasp and swarm projects >> >> http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security >> >> -igor >> >> >> On 6/21/07, craigdd <[EMAIL PROTECTED]> wrote: >> > >> > Is wicket security based only on role based authorization or could it >> somehow >> > be used with a more traditional ACL type of file / logic. >> > >> > -Craig >> > -- >> > View this message in context: >> http://www.nabble.com/wicket-security-and-acl-files-tf3960558.html#a11239024 >> > Sent from the Wicket - User mailing list archive at Nabble.com. >> > >> > >> > >> ------------------------------------------------------------------------- >> > This SF.net email is sponsored by DB2 Express >> > Download DB2 Express C - the FREE version of DB2 express and take >> > control of your XML. No limits. Just data. Click to get it now. >> > http://sourceforge.net/powerbar/db2/ >> > _______________________________________________ >> > Wicket-user mailing list >> > Wicket-user@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/wicket-user >> > >> >> >> ------------------------------------------------------------------------- >> This SF.net email is sponsored by DB2 Express >> Download DB2 Express C - the FREE version of DB2 express and take >> control of your XML. No limits. Just data. Click to get it now. >> http://sourceforge.net/powerbar/db2/ >> _______________________________________________ >> Wicket-user mailing list >> Wicket-user@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/wicket-user >> >> > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Wicket-user mailing list > Wicket-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wicket-user > > -- View this message in context: http://www.nabble.com/wicket-security-and-acl-files-tf3960558.html#a11350022 Sent from the Wicket - User mailing list archive at Nabble.com. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
