You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@wicket.apache.org by "Parker, James" <Ja...@pegs.com> on 2013/09/11 23:03:54 UTC

custom authentication/authorization without Spring

I'm looking for a way to create custom authentication and authorization without the use of additional libraries such as Spring.  Our current need is to look for a portal authentication cookie and validate it, then search a database for what the user is authorized to do.  If validation fails, we need to forward the user on to our application portal.

Of course as soon as I get this working, there is a high likelihood we will change our authentication to a different system, so I need to keep it straight-forward and simple.  Nothing here is so important that we need high level security and hack prevention with the authentication.

There is no username and password, only a cookie (single sign on from our portal), and no login page sense our portal handles it all.  Can someone point me in the right direction?  Either point me to a class/interface or to a book/website.  Worst case scenario, I create a filter that upon passing authentication will pass processing onto Wicket's default filter.  Of course kludge something together for authorization.

All assistance is appreciated.

Jim
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org

Re: custom authentication/authorization without Spring

Posted by Martin Grigorov <mg...@apache.org>.

Hi,

You can do all this with a
custom org.apache.wicket.authorization.IAuthorizationStrategy.
There is also org.apache.wicket.authentication.IAuthenticationStrategy that
may help you.

Apache Wicket Cookbook has a very good chapter (several recipes) about
security Wicket application.


On Thu, Sep 12, 2013 at 12:03 AM, Parker, James <Ja...@pegs.com>wrote:

> I'm looking for a way to create custom authentication and authorization
> without the use of additional libraries such as Spring.  Our current need
> is to look for a portal authentication cookie and validate it, then search
> a database for what the user is authorized to do.  If validation fails, we
> need to forward the user on to our application portal.
>
> Of course as soon as I get this working, there is a high likelihood we
> will change our authentication to a different system, so I need to keep it
> straight-forward and simple.  Nothing here is so important that we need
> high level security and hack prevention with the authentication.
>
> There is no username and password, only a cookie (single sign on from our
> portal), and no login page sense our portal handles it all.  Can someone
> point me in the right direction?  Either point me to a class/interface or
> to a book/website.  Worst case scenario, I create a filter that upon
> passing authentication will pass processing onto Wicket's default filter.
>  Of course kludge something together for authorization.
>
> All assistance is appreciated.
>
> Jim
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>