I understand what you are saying and I see how you have accomplished something similar to what I'm trying to do, however it seems to me that you are miss using the concept of a Principal. I'm not a security expert but a principal seems to point to an individual and not with something called write. Write fits a little better into the concepts of ACL.
-Craig Mr Mean wrote: > >> By the way, I'm not saying wicket security is bad, other than my example >> I >> think it is a well put together framework that beats the hell out of >> using >> JAAS. > > Thanks, i appreciate that :) > >> I've had a pretty good look at wicket security but the conclusion that >> I've >> come to with that is it only supports the fact that you have pre defined >> roles within your application. >> > > Well i am not saying it is impossible to declare and add new > permissions / principals at runtime but i think it is generally > undesirable to do so. Instead you should make your principals fine > grained enough to be used as building blocks for roles. > >> I'm currently working on a multi tenant web application where the >> application provided a set of permission, such and read / write access to >> an >> object and each tenant in the application defines their own role heirachy >> based on those permissions. > > This is exactly what we are doing in our application. We have > literally +- 1000 principals defined in our system. By allowing the > users to group principals together they can build there own roles. We > have multiple organizations in our application and each of them can > completely redesign there user roles in the system (well only up to a > point because we could not allow that, but that aside they could). We > provide each organization with a set of default roles as we think will > suit most of them but they are completely free to alter/ rename/ > delete/ whatever do with those roles because we do not depend on the > roles but on the underlying principals, which are controlled by us. A > big help is the fact that we made our principals imply each other > (write implies read, etc) So when a user designs there roles they > don't have to check read access to page A and write access to page A > but can suffice with write access to page A. Although most of our > principals handle a couple of related pages we also have principals > going as deep as individual components. For instance we have a large > data grid, the principals are fine grained enough to give you read or > write access up to the individual cell. > > Correct me if i am wrong but this seems to be what you want too. > > Maurice > > > On 6/28/07, craigdd <[EMAIL PROTECTED]> wrote: >> >> I've had a pretty good look at wicket security but the conclusion that >> I've >> come to with that is it only supports the fact that you have pre defined >> roles within your application. >> >> I'm currently working on a multi tenant web application where the >> application provided a set of permission, such and read / write access to >> an >> object and each tenant in the application defines their own role heirachy >> based on those permissions. >> >> We are currently using acegi and I'm trying to figure out the best way to >> bake acl into wicket's components. Example, a link is set to invisible >> if >> the authenticated use doesn't contain a role with the given permission of >> that link. So lets say the link is to delete an object, the user must >> have >> a role with the permission to delete that object or the link will not >> show >> on the page. >> >> By the way, I'm not saying wicket security is bad, other than my example >> I >> think it is a well put together framework that beats the hell out of >> using >> JAAS. >> >> -Craig >> >> >> Mr Mean wrote: >> > >> > If you mean java Jaas like acl than swarm is what you are looking for. >> > Optionally if you really want to use jaas and not some look alike i >> > made up you could practically copy swarm and replace most objects with >> > there jaas counterparts. >> > However i chose not to use jaas because we are using that in one of >> > our projects right now and although it works it is less than optimal >> > :) As soon as we make the switch to wicket 1.3.0 jaas will be replaced >> > by swarm. >> > >> > You can also check out the example project here >> > >> https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-examples >> > >> > >> > Maurice >> > >> > On 6/21/07, Igor Vaynberg <[EMAIL PROTECTED]> wrote: >> >> wicket's security model is completely generic >> >> >> >> see IAuthorizationStrategy - it is very abstract and thus can be used >> to >> >> implement any kind of authorization >> >> >> >> wicket-auth is just an example that implements basic role-based model >> >> >> >> see wicket-stuff wasp and swarm projects >> >> >> >> http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security >> >> >> >> -igor >> >> >> >> >> >> On 6/21/07, craigdd <[EMAIL PROTECTED]> wrote: >> >> > >> >> > Is wicket security based only on role based authorization or could >> it >> >> somehow >> >> > be used with a more traditional ACL type of file / logic. >> >> > >> >> > -Craig >> >> > -- >> >> > View this message in context: >> >> >> http://www.nabble.com/wicket-security-and-acl-files-tf3960558.html#a11239024 >> >> > Sent from the Wicket - User mailing list archive at Nabble.com. >> >> > >> >> > >> >> > >> >> >> ------------------------------------------------------------------------- >> >> > This SF.net email is sponsored by DB2 Express >> >> > Download DB2 Express C - the FREE version of DB2 express and take >> >> > control of your XML. No limits. Just data. Click to get it now. >> >> > http://sourceforge.net/powerbar/db2/ >> >> > _______________________________________________ >> >> > Wicket-user mailing list >> >> > Wicket-user@lists.sourceforge.net >> >> > https://lists.sourceforge.net/lists/listinfo/wicket-user >> >> > >> >> >> >> >> >> >> ------------------------------------------------------------------------- >> >> This SF.net email is sponsored by DB2 Express >> >> Download DB2 Express C - the FREE version of DB2 express and take >> >> control of your XML. No limits. Just data. Click to get it now. >> >> http://sourceforge.net/powerbar/db2/ >> >> _______________________________________________ >> >> Wicket-user mailing list >> >> Wicket-user@lists.sourceforge.net >> >> https://lists.sourceforge.net/lists/listinfo/wicket-user >> >> >> >> >> > >> > >> ------------------------------------------------------------------------- >> > This SF.net email is sponsored by DB2 Express >> > Download DB2 Express C - the FREE version of DB2 express and take >> > control of your XML. No limits. Just data. Click to get it now. >> > http://sourceforge.net/powerbar/db2/ >> > _______________________________________________ >> > Wicket-user mailing list >> > Wicket-user@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/wicket-user >> > >> > >> >> -- >> View this message in context: >> http://www.nabble.com/wicket-security-and-acl-files-tf3960558.html#a11350022 >> Sent from the Wicket - User mailing list archive at Nabble.com. >> >> >> ------------------------------------------------------------------------- >> This SF.net email is sponsored by DB2 Express >> Download DB2 Express C - the FREE version of DB2 express and take >> control of your XML. No limits. Just data. Click to get it now. >> http://sourceforge.net/powerbar/db2/ >> _______________________________________________ >> Wicket-user mailing list >> Wicket-user@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/wicket-user >> > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Wicket-user mailing list > Wicket-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wicket-user > > -- View this message in context: http://www.nabble.com/wicket-security-and-acl-files-tf3960558.html#a11352386 Sent from the Wicket - User mailing list archive at Nabble.com. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
