so when you do that a redirect is created and then the filter has to pick those up? But those are then just in the url It seems to me that that is a major security hole. You just append the user/password combination to an url that will be seen in the browser...
johan On Tue, Apr 29, 2008 at 9:46 AM, andrea pantaleoni < [EMAIL PROTECTED]> wrote: > > This is the code we used > > PageParameters parameters = new PageParameters(); > > parameters.put(ApplicationConstants.REQUEST_USERNAME,userIdField.getModelObject().toString()); > > parameters.put(ApplicationConstants.REQUEST_PASSWORD,passField.getModelObject().toString()); > setResponsePage(RegistrationPage.class,parameters); > > You can see we tried to add the values for the authentication as > parameters > as well as attribute but in the filter class we couldn't find it. > If that is a redirect or not anyway I would expect to to find that > parameters in the request in the filter class > > thanks > > > Johan Compagner wrote: > > > > Because its a redirect?? > > Then you have a new http request object without you attributes > > > > On 4/28/08, andrea pantaleoni <[EMAIL PROTECTED]> wrote: > >> > >> Hi, > >> I and my colleagues decided to write a custom filter class to check > >> authorization against a LDAP server > >> Inside the Filter class we got some parameters or attributes such as > >> netId > >> and password from the HttpServletRequest object and we check that > against > >> the server. > >> Our first page is a wicket page called LoginPage from this page we > call > >> another page adding in the HttpServletRequest two attributes (the netId > >> and > >> the password) > >> WebRequest wRequest = (WebRequest)webpage.getRequest(); > >> wRequest.getHttpServletRequest().setAttribute(...)... > >> > >> In this way before the other wicket page is loaded the filter class is > >> invoked, then the request object inside the filter class is completely > >> empty > >> without any attributes or parameters. > >> > >> Anyway if we get a HttpSession inside the LoginPage from the request > >> object > >> and we add in the session the attributes we are able to access them > from > >> filter class(the session in not empty). > >> > >> Anyone of you has already faced a problem such that. > >> > >> Thanks in advance > >> > >> Andrea > >> -- > >> View this message in context: > >> > http://www.nabble.com/HttpRequest-and-Filter-class-tp16945908p16945908.html > >> Sent from the Wicket - Dev mailing list archive at Nabble.com. > >> > >> > > > > > > -- > View this message in context: > http://www.nabble.com/HttpRequest-and-Filter-class-tp16945908p16953891.html > Sent from the Wicket - Dev mailing list archive at Nabble.com. > >
