You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Christian Helmbold <ch...@yahoo.de> on 2009/03/26 17:51:35 UTC
How to secure a Wicket 1.4 application?
Hello,
what would be your prefered way to secure a Wicket 1.4 application?
"Spring Security and Wicket-auth-roles" seems to be outdated. This project suggests to use Wicket-Security. So it is presumably not the best idea to use it.
http://cwiki.apache.org/WICKET/spring-security-and-wicket-auth-roles.html
Wicket-Security seems also to be not up to date and supports only Wicket 1.3.
http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security
Somewhere I've read that a version of Wicket-Security for Wicket 1.4 exists in a SVN repository. Maybe that makes Wicket-Security a candidate. But this framework looks quite complicated to me - WiComSec, WASP, Hive, SWARM sounds confusing. Is Wicket-Security limited to use JAAS permissions?
http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm
I don't like JAAS very much ...
My first impression is, that it is easier to write custom authentication and authorization, than to use Wicket-Security. How are your experiences?
Regards
Christian
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: How to secure a Wicket 1.4 application?
Posted by Linda van der Pal <lv...@heritageagenturen.nl>.
I'm still working on this problem myself. I'm still trying to combine
wicket-auth-roles with JAAS and Glassfish. I'll let you know when I
succeed. :)
Regards,
Linda
Christian Helmbold wrote:
> Hello,
>
> what would be your prefered way to secure a Wicket 1.4 application?
>
> "Spring Security and Wicket-auth-roles" seems to be outdated. This project suggests to use Wicket-Security. So it is presumably not the best idea to use it.
> http://cwiki.apache.org/WICKET/spring-security-and-wicket-auth-roles.html
>
> Wicket-Security seems also to be not up to date and supports only Wicket 1.3.
> http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security
> Somewhere I've read that a version of Wicket-Security for Wicket 1.4 exists in a SVN repository. Maybe that makes Wicket-Security a candidate. But this framework looks quite complicated to me - WiComSec, WASP, Hive, SWARM sounds confusing. Is Wicket-Security limited to use JAAS permissions?
> http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm
> I don't like JAAS very much ...
>
> My first impression is, that it is easier to write custom authentication and authorization, than to use Wicket-Security. How are your experiences?
>
> Regards
> Christian
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
> ------------------------------------------------------------------------
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.5.278 / Virus Database: 270.11.29/2023 - Release Date: 03/25/09 18:54:00
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: How to secure a Wicket 1.4 application?
Posted by Brill Pappin <br...@pappin.ca>.
I actually find that auth-roles is very simply to use and usually all
I need... if it is ever deprecated I assure you I'll revive it under
another source tree.
However although for some reason it says you should use wicket-
security (not sure why unless wicket-security has the same simple
implementation) as far as I know its still being maintained and used
by a large number of the people here.
I think what you use will depend on your application, if all you need
is a principle and a few "roles" to protect certain pages (or even a
single role), then auth-roles is for you. If you need something more
complex, then wicket-security may be the way to go.
FYI - I usually find wicket-security lags behind the current
snapshot... or at least it was when I last looked at it. The lag is
likely because it *is* more complex.
- Brill
On 26-Mar-09, at 12:51 PM, Christian Helmbold wrote:
>
> Hello,
>
> what would be your prefered way to secure a Wicket 1.4 application?
>
> "Spring Security and Wicket-auth-roles" seems to be outdated. This
> project suggests to use Wicket-Security. So it is presumably not the
> best idea to use it.
> http://cwiki.apache.org/WICKET/spring-security-and-wicket-auth-roles.html
>
> Wicket-Security seems also to be not up to date and supports only
> Wicket 1.3.
> http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security
> Somewhere I've read that a version of Wicket-Security for Wicket 1.4
> exists in a SVN repository. Maybe that makes Wicket-Security a
> candidate. But this framework looks quite complicated to me -
> WiComSec, WASP, Hive, SWARM sounds confusing. Is Wicket-Security
> limited to use JAAS permissions?
> http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm
> I don't like JAAS very much ...
>
> My first impression is, that it is easier to write custom
> authentication and authorization, than to use Wicket-Security. How
> are your experiences?
>
> Regards
> Christian
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org