Wicket Security

[Marc Ende <ml...@e-beyond.de>]

Hi,

I'd like to integrate security in my wicket application. I've seen a
tutorial regarding jaas, ldap etc.
(http://blog.xebia.com/2008/05/08/wicket-jboss-jaas-ldap/) and I've
found swarm. In the repositories I had found wicket-security. While
reading the tutorial I've found that the wicket-security and the
tutorial relates to each other. After reading swarm I had the impression
that this will be another approach OR I had missed some things.

What I'd like to do is:

I have a webapp which has some parts in public areas which should only
be shown to authorized people. On the other hand there should be pages
which are completely only for these authorized peoples. As a backend I
have to use JAAS. The business-logic is encapsulated in ejb's which also
have declarative security (which annotations).

Now I have some questions:

- Are both projects (wicket-security and swarm) diffrent project or do
I have a completly wrong understanding of these both projects?
- I've found that the Tutorial is working great and I know how to
protect a whole page. But when I'd like to set parts invisible if there
is no authenticated people seeing the page. How can I get access to the
roles when I'm using a page where only parts should be set visible or
invisible regarding the authorization.
- Following this tutorial can I use the LoginContext from Jaas to
authenticate against the ejb's or is it lost after login?
- When the login context is available: Can I also use wicket-javaee with
this context?

Sorry for this stupid questions. I had used other frameworks before and
now I'm a complete beginner on wicket (and JAAS was used by me a long
time ago...)
Anyway: The few steps I had done with wicket and I really like it. It's
a great framework! You've done a really good job!!!

marc