You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@wicket.apache.org by Maurice Marrink <ma...@gmail.com> on 2007/05/21 16:34:28 UTC
New Wicket-Stuff project, Wicket-Security
Hi, all
With the help of Martijn i added 2 new projects to wicket-stuff under
the name of wicket-security-wasp and wicket-security-swarm.
I hope it will prove to be an out of the box solution for all things
related to authentication and authorization. It's current trunk is
build for wicket-1.3 using java 1.4 but other branches will probably
soon arise.
I have created an initial page for this project under the wicket-stuff
wiki http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security
It contains the following description:
Wicket-Security is an attempt to create an out of the box reusable
authenticating and authorization framework for Wicket.
It contains 2 projects Wasp and Swarm.
Wasp defines the api of the framework and Swarm provides a standard
implementation.
Wicket Abstract Security Platform or Wasp for short builds on the
IAuthorisationStrategies provided by Wicket and allows individual
components to do their own authentication or authorization checks.
For this purpose a few new Actions are defined:
* access, checks for component instantiation rights
* inherit, allows container components like Page and Panel to make
certain rights inheritable to all there children
Also the concept of Action has changed somewhat as it is now possible
to create an inheritance structure, for example render implies access
and enable implies render. An ActionFactory makes it possible to
define your own custom actions.
To enable security on a component there are 3 paths to choose from:
* Enhance an existing component by adding an ISecurityCheck like
the SecureComponentCheck. This gives you a fair amount of control with
the least amount of effort.
* Use an ISecureModel on the component. Giving you control over
reading and writing to and from components as you require.
* Have your component implement the ISecureComponent interface
allowing you complete control every step of the way.
For the purpose of user authentication you can choose between a single
login or multiple logins like required for online banking.
Standard Wicket Authentication and Rights Management or swarm for
short provides the standard implementation of wasp.
Swarm comes with a default ActionFactory, IAuthorizationStrategy and
Hive, the Jaas like authorization and authentication mechanism, to get
you started right away.
If the above has raised your interest please feel free to check out
the code as the code / api doc is currently the biggest source of
info, i plan to change that asap :)
In the mean time if there are any questions you can reach me at the
wicket-mailing list.
Just in case you are wondering if there are any examples: I plan on
making some real ones asap but in the mean time you could check out
GeneralTest (in both projects) it shows various uses such as
multi-login, securing pages, read-write textfields and securing links.
https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-wasp
https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-swarm
Maurice Marrink
Re: New Wicket-Stuff project, Wicket-Security
Posted by Igor Vaynberg <ig...@gmail.com>.
havent checked out the projects yet, but you already get the props just for
the acronyms :)
-igor
On 5/21/07, Maurice Marrink <ma...@gmail.com> wrote:
>
> Hi, all
>
> With the help of Martijn i added 2 new projects to wicket-stuff under
> the name of wicket-security-wasp and wicket-security-swarm.
>
> I hope it will prove to be an out of the box solution for all things
> related to authentication and authorization. It's current trunk is
> build for wicket-1.3 using java 1.4 but other branches will probably
> soon arise.
>
> I have created an initial page for this project under the wicket-stuff
> wiki http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security
>
> It contains the following description:
>
> Wicket-Security is an attempt to create an out of the box reusable
> authenticating and authorization framework for Wicket.
> It contains 2 projects Wasp and Swarm.
> Wasp defines the api of the framework and Swarm provides a standard
> implementation.
>
> Wicket Abstract Security Platform or Wasp for short builds on the
> IAuthorisationStrategies provided by Wicket and allows individual
> components to do their own authentication or authorization checks.
>
> For this purpose a few new Actions are defined:
>
> * access, checks for component instantiation rights
>
> * inherit, allows container components like Page and Panel to make
> certain rights inheritable to all there children
>
> Also the concept of Action has changed somewhat as it is now possible
> to create an inheritance structure, for example render implies access
> and enable implies render. An ActionFactory makes it possible to
> define your own custom actions.
>
> To enable security on a component there are 3 paths to choose from:
>
> * Enhance an existing component by adding an ISecurityCheck like
> the SecureComponentCheck. This gives you a fair amount of control with
> the least amount of effort.
>
> * Use an ISecureModel on the component. Giving you control over
> reading and writing to and from components as you require.
>
> * Have your component implement the ISecureComponent interface
> allowing you complete control every step of the way.
>
> For the purpose of user authentication you can choose between a single
> login or multiple logins like required for online banking.
>
> Standard Wicket Authentication and Rights Management or swarm for
> short provides the standard implementation of wasp.
> Swarm comes with a default ActionFactory, IAuthorizationStrategy and
> Hive, the Jaas like authorization and authentication mechanism, to get
> you started right away.
>
>
>
> If the above has raised your interest please feel free to check out
> the code as the code / api doc is currently the biggest source of
> info, i plan to change that asap :)
> In the mean time if there are any questions you can reach me at the
> wicket-mailing list.
>
> Just in case you are wondering if there are any examples: I plan on
> making some real ones asap but in the mean time you could check out
> GeneralTest (in both projects) it shows various uses such as
> multi-login, securing pages, read-write textfields and securing links.
>
>
> https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-wasp
>
> https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-swarm
>
> Maurice Marrink
>
Re: New Wicket-Stuff project, Wicket-Security
Posted by Maurice Marrink <ma...@gmail.com>.
Nope this is completely going to to replace my previous wicket-jaas project.
For those not so up to date on the projects here at Topicus, we were
up untill now using an internal project utilizing the power of wicket
and jaas. unfortunately jaas proofed to be a less then ideal candidate
for web apps.
Maurice
On 5/21/07, Johan Compagner <jc...@gmail.com> wrote:
> Whoohoo
>
> are you going to use it now yourself! ;)
> or stick with the always so nice to have JAAS!
>
> johan
>
>
> On 5/21/07, Maurice Marrink <ma...@gmail.com> wrote:
> >
> > Hi, all
> >
> > With the help of Martijn i added 2 new projects to wicket-stuff under
> > the name of wicket-security-wasp and wicket-security-swarm.
> >
> > I hope it will prove to be an out of the box solution for all things
> > related to authentication and authorization. It's current trunk is
> > build for wicket-1.3 using java 1.4 but other branches will probably
> > soon arise.
> >
> > I have created an initial page for this project under the wicket-stuff
> > wiki http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security
> >
> > It contains the following description:
> >
> > Wicket-Security is an attempt to create an out of the box reusable
> > authenticating and authorization framework for Wicket.
> > It contains 2 projects Wasp and Swarm.
> > Wasp defines the api of the framework and Swarm provides a standard
> > implementation.
> >
> > Wicket Abstract Security Platform or Wasp for short builds on the
> > IAuthorisationStrategies provided by Wicket and allows individual
> > components to do their own authentication or authorization checks.
> >
> > For this purpose a few new Actions are defined:
> >
> > * access, checks for component instantiation rights
> >
> > * inherit, allows container components like Page and Panel to make
> > certain rights inheritable to all there children
> >
> > Also the concept of Action has changed somewhat as it is now possible
> > to create an inheritance structure, for example render implies access
> > and enable implies render. An ActionFactory makes it possible to
> > define your own custom actions.
> >
> > To enable security on a component there are 3 paths to choose from:
> >
> > * Enhance an existing component by adding an ISecurityCheck like
> > the SecureComponentCheck. This gives you a fair amount of control with
> > the least amount of effort.
> >
> > * Use an ISecureModel on the component. Giving you control over
> > reading and writing to and from components as you require.
> >
> > * Have your component implement the ISecureComponent interface
> > allowing you complete control every step of the way.
> >
> > For the purpose of user authentication you can choose between a single
> > login or multiple logins like required for online banking.
> >
> > Standard Wicket Authentication and Rights Management or swarm for
> > short provides the standard implementation of wasp.
> > Swarm comes with a default ActionFactory, IAuthorizationStrategy and
> > Hive, the Jaas like authorization and authentication mechanism, to get
> > you started right away.
> >
> >
> >
> > If the above has raised your interest please feel free to check out
> > the code as the code / api doc is currently the biggest source of
> > info, i plan to change that asap :)
> > In the mean time if there are any questions you can reach me at the
> > wicket-mailing list.
> >
> > Just in case you are wondering if there are any examples: I plan on
> > making some real ones asap but in the mean time you could check out
> > GeneralTest (in both projects) it shows various uses such as
> > multi-login, securing pages, read-write textfields and securing links.
> >
> >
> > https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-wasp
> >
> > https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-swarm
> >
> > Maurice Marrink
> >
>
Re: New Wicket-Stuff project, Wicket-Security
Posted by Martijn Dashorst <ma...@gmail.com>.
On 5/21/07, Johan Compagner <jc...@gmail.com> wrote:
> are you going to use it now yourself! ;)
> or stick with the always so nice to have JAAS!
I think we'll upgrade vocus to use this one someday (after the exam period).
Martijn
--
Learn Wicket at ApacheCon Europe: http://apachecon.com
Join the wicket community at irc.freenode.net: ##wicket
Wicket 1.2.6 contains a very important fix. Download Wicket now!
http://wicketframework.org
Re: New Wicket-Stuff project, Wicket-Security
Posted by Johan Compagner <jc...@gmail.com>.
Whoohoo
are you going to use it now yourself! ;)
or stick with the always so nice to have JAAS!
johan
On 5/21/07, Maurice Marrink <ma...@gmail.com> wrote:
>
> Hi, all
>
> With the help of Martijn i added 2 new projects to wicket-stuff under
> the name of wicket-security-wasp and wicket-security-swarm.
>
> I hope it will prove to be an out of the box solution for all things
> related to authentication and authorization. It's current trunk is
> build for wicket-1.3 using java 1.4 but other branches will probably
> soon arise.
>
> I have created an initial page for this project under the wicket-stuff
> wiki http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security
>
> It contains the following description:
>
> Wicket-Security is an attempt to create an out of the box reusable
> authenticating and authorization framework for Wicket.
> It contains 2 projects Wasp and Swarm.
> Wasp defines the api of the framework and Swarm provides a standard
> implementation.
>
> Wicket Abstract Security Platform or Wasp for short builds on the
> IAuthorisationStrategies provided by Wicket and allows individual
> components to do their own authentication or authorization checks.
>
> For this purpose a few new Actions are defined:
>
> * access, checks for component instantiation rights
>
> * inherit, allows container components like Page and Panel to make
> certain rights inheritable to all there children
>
> Also the concept of Action has changed somewhat as it is now possible
> to create an inheritance structure, for example render implies access
> and enable implies render. An ActionFactory makes it possible to
> define your own custom actions.
>
> To enable security on a component there are 3 paths to choose from:
>
> * Enhance an existing component by adding an ISecurityCheck like
> the SecureComponentCheck. This gives you a fair amount of control with
> the least amount of effort.
>
> * Use an ISecureModel on the component. Giving you control over
> reading and writing to and from components as you require.
>
> * Have your component implement the ISecureComponent interface
> allowing you complete control every step of the way.
>
> For the purpose of user authentication you can choose between a single
> login or multiple logins like required for online banking.
>
> Standard Wicket Authentication and Rights Management or swarm for
> short provides the standard implementation of wasp.
> Swarm comes with a default ActionFactory, IAuthorizationStrategy and
> Hive, the Jaas like authorization and authentication mechanism, to get
> you started right away.
>
>
>
> If the above has raised your interest please feel free to check out
> the code as the code / api doc is currently the biggest source of
> info, i plan to change that asap :)
> In the mean time if there are any questions you can reach me at the
> wicket-mailing list.
>
> Just in case you are wondering if there are any examples: I plan on
> making some real ones asap but in the mean time you could check out
> GeneralTest (in both projects) it shows various uses such as
> multi-login, securing pages, read-write textfields and securing links.
>
>
> https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-wasp
>
> https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-swarm
>
> Maurice Marrink
>