wicket-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Grigorov <mgrigo...@apache.org>
Subject Re: custom authentication/authorization without Spring
Date Mon, 16 Sep 2013 09:47:34 GMT
Hi,

You can do all this with a
custom org.apache.wicket.authorization.IAuthorizationStrategy.
There is also org.apache.wicket.authentication.IAuthenticationStrategy that
may help you.

Apache Wicket Cookbook has a very good chapter (several recipes) about
security Wicket application.


On Thu, Sep 12, 2013 at 12:03 AM, Parker, James <James.Parker@pegs.com>wrote:

> I'm looking for a way to create custom authentication and authorization
> without the use of additional libraries such as Spring.  Our current need
> is to look for a portal authentication cookie and validate it, then search
> a database for what the user is authorized to do.  If validation fails, we
> need to forward the user on to our application portal.
>
> Of course as soon as I get this working, there is a high likelihood we
> will change our authentication to a different system, so I need to keep it
> straight-forward and simple.  Nothing here is so important that we need
> high level security and hack prevention with the authentication.
>
> There is no username and password, only a cookie (single sign on from our
> portal), and no login page sense our portal handles it all.  Can someone
> point me in the right direction?  Either point me to a class/interface or
> to a book/website.  Worst case scenario, I create a filter that upon
> passing authentication will pass processing onto Wicket's default filter.
>  Of course kludge something together for authorization.
>
> All assistance is appreciated.
>
> Jim
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message