调整Wicket和Spring Security
整合Wicket和Spring Security官方指南:https://cwiki.apache.org/WICKET/spring-security-and-wicket-auth
整合Wicket和Spring Security
官方指南:
https://cwiki.apache.org/WICKET/spring-security-and-wicket-auth-roles.html
?
wicket预留了安全接口,参考ISecuritySettings。wicket in action中有一章描述了一个简单的安全实现机制。wicket-auth-roles是其安全接口的一个实现。可通过annotation和metadata两种方式对页面及组件进行安全设置。当annotation不传入角色名时,wicket-auth-roles默认验证通过。个人认为此时应验证用户是否已登录能给开发人员带来便利。官方指南Spring security version 3 and wicket 1.4一节列出的web.xml配置有缺失,并且他在下面提到 "Adding the spring.securityFilterChain is only necessary if you also want to secure static resources."易误导开发者。web.xml中应加上:?<filter><filter-name>springSecurityFilterChain</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class></filter><filter-mapping><filter-name>springSecurityFilterChain</filter-name><url-pattern>/*</url-pattern></filter-mapping>
?以保证Spring Security的SecurityContext能通过HttpSession传递,否则会出现SecurityContext丢失的情况。
?
?
