You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by David Beer <da...@gmail.com> on 2016/04/22 00:34:05 UTC
Wicket 7 Security and JBoss Keycloak
Hi All
I am looking at how to integrate JBoss Keycloak with wicket 7. I am not
quite sure where to start the configuration the example given is where the
jsp pages are secured by configuration in the web.xml file. Wicket is a
little different in that you need to create a Authorization Strategy. I am
not sure how to secure the pages I want to.
Has anybody tried integrating wicket with keycloak before or even
picketlink.
Thanks
David
Re: Wicket 7 Security and JBoss Keycloak
Posted by Martin Grigorov <mg...@apache.org>.
Hi David,
I'm afraid you will have to look deeper in the Keycloac APIs to see how to
set the principal yourself (after a successful login) and how to look it up
later in the authorization strategy, in case you don't keep a reference to
it in your Session.
Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov
On Fri, Apr 22, 2016 at 5:14 PM, David Beer <da...@gmail.com> wrote:
> Hi Martin
>
> This what I am thinking that I need a similar Authorisation plugging to
> shiro, my problem is that the security process is set-up in the web.xml
> file, then the auth method is declare as Keycloak. Which redirects to the
> provided server and provides a user principal back. Would I still need to
> create a filter for the authorization process.
>
> Thanks
>
> David
> On 22 Apr 2016 9:57 a.m., "Martin Grigorov" <mg...@apache.org> wrote:
>
> Hi,
>
> I don't know how Keycloak works but from my experience with Spring Security
> and Apache Shiro you have to create an AuthorizationStrategy that reads
> from somewhere (e.g. the Wicket Session or some Subject holder) the logged
> in User and then compares its roles with the one set in @AuthorizeAction on
> the Wicket component.
>
> Martin Grigorov
> Wicket Training and Consulting
> https://twitter.com/mtgrigorov
>
> On Fri, Apr 22, 2016 at 12:34 AM, David Beer <da...@gmail.com>
> wrote:
>
> > Hi All
> >
> > I am looking at how to integrate JBoss Keycloak with wicket 7. I am not
> > quite sure where to start the configuration the example given is where
> the
> > jsp pages are secured by configuration in the web.xml file. Wicket is a
> > little different in that you need to create a Authorization Strategy. I
> am
> > not sure how to secure the pages I want to.
> >
> > Has anybody tried integrating wicket with keycloak before or even
> > picketlink.
> >
> > Thanks
> >
> > David
> >
>
Re: Wicket 7 Security and JBoss Keycloak
Posted by David Beer <da...@gmail.com>.
Hi Martin
This what I am thinking that I need a similar Authorisation plugging to
shiro, my problem is that the security process is set-up in the web.xml
file, then the auth method is declare as Keycloak. Which redirects to the
provided server and provides a user principal back. Would I still need to
create a filter for the authorization process.
Thanks
David
On 22 Apr 2016 9:57 a.m., "Martin Grigorov" <mg...@apache.org> wrote:
Hi,
I don't know how Keycloak works but from my experience with Spring Security
and Apache Shiro you have to create an AuthorizationStrategy that reads
from somewhere (e.g. the Wicket Session or some Subject holder) the logged
in User and then compares its roles with the one set in @AuthorizeAction on
the Wicket component.
Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov
On Fri, Apr 22, 2016 at 12:34 AM, David Beer <da...@gmail.com> wrote:
> Hi All
>
> I am looking at how to integrate JBoss Keycloak with wicket 7. I am not
> quite sure where to start the configuration the example given is where the
> jsp pages are secured by configuration in the web.xml file. Wicket is a
> little different in that you need to create a Authorization Strategy. I am
> not sure how to secure the pages I want to.
>
> Has anybody tried integrating wicket with keycloak before or even
> picketlink.
>
> Thanks
>
> David
>
Re: Wicket 7 Security and JBoss Keycloak
Posted by Martin Grigorov <mg...@apache.org>.
Hi,
I don't know how Keycloak works but from my experience with Spring Security
and Apache Shiro you have to create an AuthorizationStrategy that reads
from somewhere (e.g. the Wicket Session or some Subject holder) the logged
in User and then compares its roles with the one set in @AuthorizeAction on
the Wicket component.
Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov
On Fri, Apr 22, 2016 at 12:34 AM, David Beer <da...@gmail.com> wrote:
> Hi All
>
> I am looking at how to integrate JBoss Keycloak with wicket 7. I am not
> quite sure where to start the configuration the example given is where the
> jsp pages are secured by configuration in the web.xml file. Wicket is a
> little different in that you need to create a Authorization Strategy. I am
> not sure how to secure the pages I want to.
>
> Has anybody tried integrating wicket with keycloak before or even
> picketlink.
>
> Thanks
>
> David
>