Wicket-Security 1.3.1
With Wicket-Security 1.3.1 we are fixing the re usability of the sub projects, allowing you to use the same authentication / authorization framework in your soap calls as in your wicket application. In order to do that we drastically changed the way the projects were setup and we went from 2 projects (3 if you count the examples too) to 1 parent project with a total of 4 subprojects (not counting the examples).
WiComSec
Wicket Common Security, or WiComSec for short, contains common classes / interfaces required by most subprojects. It has no runtime dependencies.
WASP
Wicket Abstract Security Platform, or Wasp for short, contains the api and some secure components you can use. It has runtime dependencies on WiComSec, Wicket, SLF4J and optionally Wicket-Extensions.
Hive
Hive is just the name of this project, it does not mean anything like the other projects. Hive is a JAAS like security framework capable of supporting multiple security configuration in a single JVM. Its only runtime dependency is on WiComSec.
SWARM
Standard Wicket Authentication and Rights Management, or swarm for short, is the default implementation of Wasp. It has runtime dependencies on Wasp (and thus all its dependencies) and Hive.
1.3.0 compatability
We tried to keep the changes to both wasp and swarm api to a minimum but nonetheless 1.3.1 is not binary compatible with 1.3.0. We have compiled a list of changes here to ease the migration.
- ActionFactory#getAction(org.apache.wicket.authorization.Action) was moved to WaspActionFactory
- ActionFactory gained a method #getAction(org.apache.wicket.security.actions.WaspAction)
- org.apache.wicket.security.actions.WaspAction no longer extends org.apache.wicket.authorization.Action
- Subject#isClassAuthenticated(Class)
+Subject#isComponentAuthenticated(Component)
+Subject#isModelAuthenticated(IModel, Component) moved to a new interface org.apache.wicket.security.hive.authentication.WicketSubject - The constructor for ActionPermission(String, String) is replaced by ActionPermission(String, WaspAction)
- org.apache.wicket.security.strategies.LoginException moved to a new package org.apache.wicket.security.authentication.LoginException
- ${ComponentPermission} and ${DataPermission} are now registered as alias in SwarmPolicyFileHiveFactory, PolicyFileHiveFactory has no knowledge of them anymore.
- The constructor for PolicyFileHiveFactory() is replaced PolicyFileHiveFactory(ActionFactory)
- The constructor for SwarmActionFactory() is replaced by SwarmActionFactory(String)
- Primary means of locating an ActionFactory is now through the Actions singleton although the WaspApplication still provides a wrapper method to get the ActionFactory
- Constructors for ImpliesOtherAction are deprecated and replaced by 2 more simpler constructors requiring less knowledge of the internals
Unless you are building your own Wasp implementation you only have to think about 2 things when migrating your webapplication to 1.3.1
- Instead of the PolicyFileHiveFactory you must now use the SwarmPolicyFileHiveFactory in SwarmWebApplication#setUpHive
- You have to change the import statement for the LoginException to: import org.apache.wicket.security.authentication.LoginException;