I have a layered application using three layers:
- Presentation/View: Wicket
- Business/Service: Spring Singletons
- Persistence: DAO's using Hibernate (and Spring)
As I am not using Spring for the presentation layer I will do my own login page. It will have:
I will also create my own register page where a user will specify the above and some other information.
I have been given the this advice:
As this is new to me I have some questions to get me started. I realize some may be difficult to answer short in a forum thread, I would also appreciate any hint I can get on where to read more to get an answer to my question.Spring Security uses a thread local as authentication store and has a servlet filter to copy the authenticated user to/from the session so that the authenticated user is handily available during a request and properly stored afterwards.
Authentication itself can be implemented from Wicket in a custom way (e.g. a username/password form). On success you just store the authenticated user in the authentication store.
- For user registration. If I have a method which takes a username and a password using Wicket. Should I implement some bean which recieves this information, hashes the password and stores it in a table using Hibernate?
- The same goes for authorization. If I create a log in page using Wicket, should I pass the information on to a bean method which I've written?
- Are there methods I could use from Wicket to recieve the roles of a logged in user?
- Could I create a solution like this. And later on use it to authenticate users who are placing Web Service calls directly to the (Spring) service layer? (Wicket won't be involved in this case)