Announcement Announcement Module
No announcement yet.
Interacting with Spring Security from a third party view library (like Wicket) Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Interacting with Spring Security from a third party view library (like Wicket)

    I have a layered application using three layers:
    • Presentation/View: Wicket
    • Business/Service: Spring Singletons
    • Persistence: DAO's using Hibernate (and Spring)

    As I am not using Spring for the presentation layer I will do my own login page. It will have:
    • Username
    • Password
    I will also create my own register page where a user will specify the above and some other information.

    I have been given the this advice:
    Spring Security uses a thread local as authentication store and has a servlet filter to copy the authenticated user to/from the session so that the authenticated user is handily available during a request and properly stored afterwards.

    Authentication itself can be implemented from Wicket in a custom way (e.g. a username/password form). On success you just store the authenticated user in the authentication store.
    As this is new to me I have some questions to get me started. I realize some may be difficult to answer short in a forum thread, I would also appreciate any hint I can get on where to read more to get an answer to my question.
    1. For user registration. If I have a method which takes a username and a password using Wicket. Should I implement some bean which recieves this information, hashes the password and stores it in a table using Hibernate?
    2. The same goes for authorization. If I create a log in page using Wicket, should I pass the information on to a bean method which I've written?
    3. Are there methods I could use from Wicket to recieve the roles of a logged in user?
    4. Could I create a solution like this. And later on use it to authenticate users who are placing Web Service calls directly to the (Spring) service layer? (Wicket won't be involved in this case)

  • #2

    I'm reading the Spring Security documentation. But it's so focused on using it together with Spring and has too few examples for me to grasp it completely.


    • #3
      N Tier - Web Business Data and Security

      I already implement Wicket, Spring and Hibernate with almost the same purpose as yours.

      Web Tier - Wicket
      Business Tier - Spring
      Data Tier - Hibernate
      Security Tier - Acegi / Spring Security.

      It works what I expected.

      Now I my new project, I will try to use Spring JPA instead of Hibernate, because I don't need to use the full Hibernate functionality. I just need the simple CRUD.