You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by "Parker, James" <Ja...@pegs.com> on 2013/09/11 23:03:54 UTC
custom authentication/authorization without Spring
I'm looking for a way to create custom authentication and authorization without the use of additional libraries such as Spring. Our current need is to look for a portal authentication cookie and validate it, then search a database for what the user is authorized to do. If validation fails, we need to forward the user on to our application portal.
Of course as soon as I get this working, there is a high likelihood we will change our authentication to a different system, so I need to keep it straight-forward and simple. Nothing here is so important that we need high level security and hack prevention with the authentication.
There is no username and password, only a cookie (single sign on from our portal), and no login page sense our portal handles it all. Can someone point me in the right direction? Either point me to a class/interface or to a book/website. Worst case scenario, I create a filter that upon passing authentication will pass processing onto Wicket's default filter. Of course kludge something together for authorization.
All assistance is appreciated.
Jim
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: custom authentication/authorization without Spring
Posted by Martin Grigorov <mg...@apache.org>.
Hi,
You can do all this with a
custom org.apache.wicket.authorization.IAuthorizationStrategy.
There is also org.apache.wicket.authentication.IAuthenticationStrategy that
may help you.
Apache Wicket Cookbook has a very good chapter (several recipes) about
security Wicket application.
On Thu, Sep 12, 2013 at 12:03 AM, Parker, James <Ja...@pegs.com>wrote:
> I'm looking for a way to create custom authentication and authorization
> without the use of additional libraries such as Spring. Our current need
> is to look for a portal authentication cookie and validate it, then search
> a database for what the user is authorized to do. If validation fails, we
> need to forward the user on to our application portal.
>
> Of course as soon as I get this working, there is a high likelihood we
> will change our authentication to a different system, so I need to keep it
> straight-forward and simple. Nothing here is so important that we need
> high level security and hack prevention with the authentication.
>
> There is no username and password, only a cookie (single sign on from our
> portal), and no login page sense our portal handles it all. Can someone
> point me in the right direction? Either point me to a class/interface or
> to a book/website. Worst case scenario, I create a filter that upon
> passing authentication will pass processing onto Wicket's default filter.
> Of course kludge something together for authorization.
>
> All assistance is appreciated.
>
> Jim
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>