You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by suranjay <su...@hotmail.com> on 2007/12/02 19:50:14 UTC
Using another webapp's authentication
Hi!
I'm new to web-security and this is my question. I have a webapp (jsp) which
uses Acegi for user login authentication. Once a user has logged in, on the
first page he sees, there is a static link that points to a Wicket webapp,
deployed in the same servlet container(jboss). Is there a way in which I can
use the other webapp's authentication to make sure that access to the wicket
webapp is secured? i.e. allow access to the wicket webapp only though that
link? Can I do something like checking for a value on the session? Would I
need to add the custom session classes etc used by the other webapp to the
wicket webapp?
Any help would be greatly appreciated.
Thanks.
--
View this message in context: http://www.nabble.com/Using-another-webapp%27s-authentication-tf4932724.html#a14118561
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Using another webapp's authentication
Posted by Maurice Marrink <ma...@gmail.com>.
Just my thoughts on the subject.
You could use swarm in combination with acegi and because of the way
acegi works you can reuse the user credentials in your wicket app.
couple of things you need to do, that i can think of:
1 copy acegi config to the wicket app
2 inside your wicket app translate acegi credentials to principals
3 check for credentials with acegi before redirecting to the login page.
For the rest you can follow standard swarm practices
It would be possible to not let the wicket app have a login page and
thus forcing the use of jsp app but it would be easier if the wicket
app had its own login page. And because the user credentials would be
shared through acegi there would not be any difference in a user
logging in through wicket or through jsp.
More info:
http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security
http://wicketstuff.org/confluence/display/STUFFWIKI/Swarm+and+Acegi+HowTo
Maurice
On Dec 2, 2007 7:50 PM, suranjay <su...@hotmail.com> wrote:
>
> Hi!
>
> I'm new to web-security and this is my question. I have a webapp (jsp) which
> uses Acegi for user login authentication. Once a user has logged in, on the
> first page he sees, there is a static link that points to a Wicket webapp,
> deployed in the same servlet container(jboss). Is there a way in which I can
> use the other webapp's authentication to make sure that access to the wicket
> webapp is secured? i.e. allow access to the wicket webapp only though that
> link? Can I do something like checking for a value on the session? Would I
> need to add the custom session classes etc used by the other webapp to the
> wicket webapp?
>
> Any help would be greatly appreciated.
> Thanks.
> --
> View this message in context: http://www.nabble.com/Using-another-webapp%27s-authentication-tf4932724.html#a14118561
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org