Re: Question on page inheritance...
Session could provide that too? Cool:)
Maurice Marrink wrote:
Or Session. Session.getAuthorizationStrategy().
Maurice
On Tue, Apr 1, 2008 at 8:51 PM, Nino Saturnino Martinez Vazquez Wael
[EMAIL PROTECTED] wrote:
It's your webapplication that takes the ISecurityStrategy..
public class ZeuzGroupApplication extends WebApplication {
private SpringComponentInjector springComponentInjector;
@Override
protected void init() {
super.init();
//getSecuritySettings().setAuthorizationStrategy(
//new RoleAuthorizationStrategy(new UserRolesAuthorizer()));
getSecuritySettings().setAuthorizationStrategy(
new ZeuzSecurity(ZeuzAuthorizedPage.class,
LoginPage.class) {
@Override
protected boolean isAuthorized(Class pageClass) {
return (((ZeuzSession)
Session.get()).isAuthorized());
}
});
...
Bruce Petro wrote:
Thanks to the replies I received... yeah I didn't say it well, but I
assumed the user would be kept in the session and that seems to fit
everyone's reply. On top of that, I think I'm hearing I can use
inheritance and have every page utilize ISecurityStrategy to then
control access to the page.
I'll check into it and see if I've got that all correct. Thanks again.
-Original Message-
From: Nino Saturnino Martinez Vazquez Wael
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 01, 2008 1:49 PM
To: users@wicket.apache.org
Subject: Re: Question on page inheritance...
True, as Igor wrote this is meant to be in conjuction with at
ISecurityStrategy.
Nino Saturnino Martinez Vazquez Wael wrote:
You could actually also do this another way... Im using markup
inheritance alot, but I stuff user object into the session like this:
See a nice view here:
http://papernapkin.org/pastebin/view/281/
package zeuzgroup.application;
import javax.servlet.http.HttpSession;
import org.apache.wicket.Application;
import org.apache.wicket.Request;
import org.apache.wicket.protocol.http.WebRequest;
import org.apache.wicket.protocol.http.WebSession;
import zeuzgroup.core.Person;
import zeuzgroup.core.user.UserType;
public class ZeuzSession extends WebSession {
private boolean authorized = false;
private Person person;
private HttpSession httpSession;
protected ZeuzSession(Application application, Request request) {
super(application, request);
httpSession = ((WebRequest) request).getHttpServletRequest()
.getSession();
}
public boolean isAuthorized() {
return authorized;
}
public void setAuthorized(boolean authorized) {
this.authorized = authorized;
if (authorized) {
httpSession.setAttribute(sso.password.attribute, person
.getPassword());
httpSession.setAttribute(sso.email.attribute,
person.getEmail());
httpSession.setAttribute(password, person.getPassword());
httpSession.setAttribute(email, person.getEmail());
} else {
httpSession.setAttribute(sso.password.attribute, null);
httpSession.setAttribute(sso.email.attribute, null);
}
}
public Person getPerson() {
if (person != null) {
return person;
} else {
Person person = new Person();
person.setUserType(UserType.Guest);
return person;
}
}
public void setPerson(Person person) {
this.person = person;
}
}
Bruce Petro wrote:
I'm just getting started in wicket, so forgive me if this is a
too-dumb
question...
I know wicket can check the session for a user to ask a user object
if
it is logged in.
However, you don't really want to paste code on every page.
What is the best way, to have each page inherit the base security
check routine?
Would you create a BasePage extends WebPage and put the logic there
and
have all other pages extend BasePage?
Or would you attach some sort of a command object to each page and
put
the logic in that?
Anyone have a reference to an example of code to do this?
THANKS!
--
-Wicket for love
Nino Martinez Wael
Java Specialist @ Jayway DK
http://www.jayway.dk
+45 2936 7684
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
-Wicket for love
Nino Martinez Wael
Java Specialist @ Jayway DK
http://www.jayway.dk
+45 2936 7684
Re: Question on page inheritance...
Yep that way you can switch between an application scoped strategy
(like wicket-auth-roles) and a session scoped strategy (like swarm)
Anyway the default is for the session to ask the application to return
the strategy.
On Wed, Apr 2, 2008 at 8:18 AM, Nino Saturnino Martinez Vazquez Wael
[EMAIL PROTECTED] wrote:
Session could provide that too? Cool:)
Maurice Marrink wrote:
Or Session. Session.getAuthorizationStrategy().
Maurice
On Tue, Apr 1, 2008 at 8:51 PM, Nino Saturnino Martinez Vazquez Wael
[EMAIL PROTECTED] wrote:
It's your webapplication that takes the ISecurityStrategy..
public class ZeuzGroupApplication extends WebApplication {
private SpringComponentInjector springComponentInjector;
@Override
protected void init() {
super.init();
//getSecuritySettings().setAuthorizationStrategy(
//new RoleAuthorizationStrategy(new
UserRolesAuthorizer()));
getSecuritySettings().setAuthorizationStrategy(
new ZeuzSecurity(ZeuzAuthorizedPage.class,
LoginPage.class) {
@Override
protected boolean isAuthorized(Class pageClass) {
return (((ZeuzSession)
Session.get()).isAuthorized());
}
});
...
Bruce Petro wrote:
Thanks to the replies I received... yeah I didn't say it well, but I
assumed the user would be kept in the session and that seems to fit
everyone's reply. On top of that, I think I'm hearing I can use
inheritance and have every page utilize ISecurityStrategy to then
control access to the page.
I'll check into it and see if I've got that all correct. Thanks
again.
-Original Message-
From: Nino Saturnino Martinez Vazquez Wael
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 01, 2008 1:49 PM
To: users@wicket.apache.org
Subject: Re: Question on page inheritance...
True, as Igor wrote this is meant to be in conjuction with at
ISecurityStrategy.
Nino Saturnino Martinez Vazquez Wael wrote:
You could actually also do this another way... Im using markup
inheritance alot, but I stuff user object into the session like
this:
See a nice view here:
http://papernapkin.org/pastebin/view/281/
package zeuzgroup.application;
import javax.servlet.http.HttpSession;
import org.apache.wicket.Application;
import org.apache.wicket.Request;
import org.apache.wicket.protocol.http.WebRequest;
import org.apache.wicket.protocol.http.WebSession;
import zeuzgroup.core.Person;
import zeuzgroup.core.user.UserType;
public class ZeuzSession extends WebSession {
private boolean authorized = false;
private Person person;
private HttpSession httpSession;
protected ZeuzSession(Application application, Request request) {
super(application, request);
httpSession = ((WebRequest) request).getHttpServletRequest()
.getSession();
}
public boolean isAuthorized() {
return authorized;
}
public void setAuthorized(boolean authorized) {
this.authorized = authorized;
if (authorized) {
httpSession.setAttribute(sso.password.attribute, person
.getPassword());
httpSession.setAttribute(sso.email.attribute,
person.getEmail());
httpSession.setAttribute(password,
person.getPassword());
httpSession.setAttribute(email, person.getEmail());
} else {
httpSession.setAttribute(sso.password.attribute, null);
httpSession.setAttribute(sso.email.attribute, null);
}
}
public Person getPerson() {
if (person != null) {
return person;
} else {
Person person = new Person();
person.setUserType(UserType.Guest);
return person;
}
}
public void setPerson(Person person) {
this.person = person;
}
}
Bruce Petro wrote:
I'm just getting started in wicket, so forgive me if this is a
too-dumb
question...
I know wicket can check the session for a user to ask a user
object
if
it is logged in.
However, you don't really want to paste code on every page.
What is the best way, to have each page inherit the base security
check routine?
Would you create a BasePage extends WebPage and put the logic there
and
have all other pages extend BasePage?
Or would you attach some sort
Re: Question on page inheritance...
Ahh, I need to look into swarm.
Currently im using my own homebrewn solution, auth roles was almost
okay, but were missing the ability to use enums in it's annotations:/
And swarm seems to be a bit overcomplicated if I just need some base
authentication + maybe some component auth, please correct me if Im wrong?
regards Nino
Maurice Marrink wrote:
Yep that way you can switch between an application scoped strategy
(like wicket-auth-roles) and a session scoped strategy (like swarm)
Anyway the default is for the session to ask the application to return
the strategy.
On Wed, Apr 2, 2008 at 8:18 AM, Nino Saturnino Martinez Vazquez Wael
[EMAIL PROTECTED] wrote:
Session could provide that too? Cool:)
Maurice Marrink wrote:
Or Session. Session.getAuthorizationStrategy().
Maurice
On Tue, Apr 1, 2008 at 8:51 PM, Nino Saturnino Martinez Vazquez Wael
[EMAIL PROTECTED] wrote:
It's your webapplication that takes the ISecurityStrategy..
public class ZeuzGroupApplication extends WebApplication {
private SpringComponentInjector springComponentInjector;
@Override
protected void init() {
super.init();
//getSecuritySettings().setAuthorizationStrategy(
//new RoleAuthorizationStrategy(new
UserRolesAuthorizer()));
getSecuritySettings().setAuthorizationStrategy(
new ZeuzSecurity(ZeuzAuthorizedPage.class,
LoginPage.class) {
@Override
protected boolean isAuthorized(Class pageClass) {
return (((ZeuzSession)
Session.get()).isAuthorized());
}
});
...
Bruce Petro wrote:
Thanks to the replies I received... yeah I didn't say it well, but I
assumed the user would be kept in the session and that seems to fit
everyone's reply. On top of that, I think I'm hearing I can use
inheritance and have every page utilize ISecurityStrategy to then
control access to the page.
I'll check into it and see if I've got that all correct. Thanks
again.
-Original Message-
From: Nino Saturnino Martinez Vazquez Wael
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 01, 2008 1:49 PM
To: users@wicket.apache.org
Subject: Re: Question on page inheritance...
True, as Igor wrote this is meant to be in conjuction with at
ISecurityStrategy.
Nino Saturnino Martinez Vazquez Wael wrote:
You could actually also do this another way... Im using markup
inheritance alot, but I stuff user object into the session like
this:
See a nice view here:
http://papernapkin.org/pastebin/view/281/
package zeuzgroup.application;
import javax.servlet.http.HttpSession;
import org.apache.wicket.Application;
import org.apache.wicket.Request;
import org.apache.wicket.protocol.http.WebRequest;
import org.apache.wicket.protocol.http.WebSession;
import zeuzgroup.core.Person;
import zeuzgroup.core.user.UserType;
public class ZeuzSession extends WebSession {
private boolean authorized = false;
private Person person;
private HttpSession httpSession;
protected ZeuzSession(Application application, Request request) {
super(application, request);
httpSession = ((WebRequest) request).getHttpServletRequest()
.getSession();
}
public boolean isAuthorized() {
return authorized;
}
public void setAuthorized(boolean authorized) {
this.authorized = authorized;
if (authorized) {
httpSession.setAttribute(sso.password.attribute, person
.getPassword());
httpSession.setAttribute(sso.email.attribute,
person.getEmail());
httpSession.setAttribute(password,
person.getPassword());
httpSession.setAttribute(email, person.getEmail());
} else {
httpSession.setAttribute(sso.password.attribute, null);
httpSession.setAttribute(sso.email.attribute, null);
}
}
public Person getPerson() {
if (person != null) {
return person;
} else {
Person person = new Person();
person.setUserType(UserType.Guest);
return person;
}
}
public void setPerson(Person person) {
this.person = person;
}
}
Bruce Petro wrote:
I'm just getting started in wicket, so forgive me if this is a
too-dumb
question...
I know wicket can check the session for a user to ask a user
object
if
it is logged in.
However, you don't really want to paste code on every page.
What is the best way, to have each page inherit the base security
check routine?
Would you create a BasePage extends WebPage and put the logic there
and
have all other pages extend BasePage?
Or would you attach some sort
Re: Question on page inheritance...
Well my view is a bit biased :)
swarm aims to be easy to use and flexible but i admit it can look a
bit intimidating at first.
But don't take my word for it, ask some of the other people that
actually use swarm what they think of it. There is a number of them
floating around on the mailing list.
As for your usecase for authentication and just a little bit of
authorization (you are not giving me much to work with here)
You can continue using the current authentication but you need to
provide a mapping between your current roles/permissions to the
authorization mechanism of swarm. This should not be that hard.
Then you apply the ISecurePage interface to all the page you want to protected.
Even without using roles/permissions or whatever else authorization
you already accomplished that for those pages you need to be logged in
to the application before you can access them
Add more security to components / pages that require special permission
(all this just in a nutshell :))
Maurice
P.S. sorry for hijacking the thread :)
On Wed, Apr 2, 2008 at 9:10 AM, Nino Saturnino Martinez Vazquez Wael
[EMAIL PROTECTED] wrote:
Ahh, I need to look into swarm.
Currently im using my own homebrewn solution, auth roles was almost okay,
but were missing the ability to use enums in it's annotations:/ And swarm
seems to be a bit overcomplicated if I just need some base authentication +
maybe some component auth, please correct me if Im wrong?
regards Nino
Maurice Marrink wrote:
Yep that way you can switch between an application scoped strategy
(like wicket-auth-roles) and a session scoped strategy (like swarm)
Anyway the default is for the session to ask the application to return
the strategy.
On Wed, Apr 2, 2008 at 8:18 AM, Nino Saturnino Martinez Vazquez Wael
[EMAIL PROTECTED] wrote:
Session could provide that too? Cool:)
Maurice Marrink wrote:
Or Session. Session.getAuthorizationStrategy().
Maurice
On Tue, Apr 1, 2008 at 8:51 PM, Nino Saturnino Martinez Vazquez Wael
[EMAIL PROTECTED] wrote:
It's your webapplication that takes the ISecurityStrategy..
public class ZeuzGroupApplication extends WebApplication {
private SpringComponentInjector springComponentInjector;
@Override
protected void init() {
super.init();
//getSecuritySettings().setAuthorizationStrategy(
//new RoleAuthorizationStrategy(new
UserRolesAuthorizer()));
getSecuritySettings().setAuthorizationStrategy(
new ZeuzSecurity(ZeuzAuthorizedPage.class,
LoginPage.class) {
@Override
protected boolean isAuthorized(Class pageClass) {
return (((ZeuzSession)
Session.get()).isAuthorized());
}
});
...
Bruce Petro wrote:
Thanks to the replies I received... yeah I didn't say it well,
but I
assumed the user would be kept in the session and that seems to
fit
everyone's reply. On top of that, I think I'm hearing I can use
inheritance and have every page utilize ISecurityStrategy to then
control access to the page.
I'll check into it and see if I've got that all correct. Thanks
again.
-Original Message-
From: Nino Saturnino Martinez Vazquez Wael
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 01, 2008 1:49 PM
To: users@wicket.apache.org
Subject: Re: Question on page inheritance...
True, as Igor wrote this is meant to be in conjuction with at
ISecurityStrategy.
Nino Saturnino Martinez Vazquez Wael wrote:
You could actually also do this another way... Im using markup
inheritance alot, but I stuff user object into the session like
this:
See a nice view here:
http://papernapkin.org/pastebin/view/281/
package zeuzgroup.application;
import javax.servlet.http.HttpSession;
import org.apache.wicket.Application;
import org.apache.wicket.Request;
import org.apache.wicket.protocol.http.WebRequest;
import org.apache.wicket.protocol.http.WebSession;
import zeuzgroup.core.Person;
import zeuzgroup.core.user.UserType;
public class ZeuzSession extends WebSession {
private boolean authorized = false;
private Person person;
private HttpSession httpSession;
protected ZeuzSession(Application application, Request
request) {
super(application, request);
httpSession = ((WebRequest)
request).getHttpServletRequest()
.getSession
Re: Question on page inheritance...
Annotations are planned for swarm 1.4 (should come out shortly after
wicket 1.4) .
Maurice
On Wed, Apr 2, 2008 at 11:14 AM, Nino Saturnino Martinez Vazquez Wael
[EMAIL PROTECTED] wrote:
Maurice Marrink wrote:
Well my view is a bit biased :)
I know..:)
swarm aims to be easy to use and flexible but i admit it can look a
bit intimidating at first.
But don't take my word for it, ask some of the other people that
actually use swarm what they think of it. There is a number of them
floating around on the mailing list.
As for your usecase for authentication and just a little bit of
authorization (you are not giving me much to work with here)
I also know. Basically, I have 5 roles depending on roles there are some
pages they cant see, and of course the bookmarkable links should'nt work for
those without proper rights. But I really liked auth-roles way with
annotations, there arent such a thing for swarm or is it planned?
You can continue using the current authentication but you need to
provide a mapping between your current roles/permissions to the
authorization mechanism of swarm. This should not be that hard.
Then you apply the ISecurePage interface to all the page you want to
protected.
I've actually used markupinheritance /pageinheritance for this part, so it
should be really easy todo..
Even without using roles/permissions or whatever else authorization
you already accomplished that for those pages you need to be logged in
to the application before you can access them
Add more security to components / pages that require special permission
(all this just in a nutshell :))
Maurice
P.S. sorry for hijacking the thread :)
I believe I did it when asking:)
On Wed, Apr 2, 2008 at 9:10 AM, Nino Saturnino Martinez Vazquez Wael
[EMAIL PROTECTED] wrote:
Ahh, I need to look into swarm.
Currently im using my own homebrewn solution, auth roles was almost
okay,
but were missing the ability to use enums in it's annotations:/ And
swarm
seems to be a bit overcomplicated if I just need some base
authentication +
maybe some component auth, please correct me if Im wrong?
regards Nino
Maurice Marrink wrote:
Yep that way you can switch between an application scoped strategy
(like wicket-auth-roles) and a session scoped strategy (like swarm)
Anyway the default is for the session to ask the application to return
the strategy.
On Wed, Apr 2, 2008 at 8:18 AM, Nino Saturnino Martinez Vazquez Wael
[EMAIL PROTECTED] wrote:
Session could provide that too? Cool:)
Maurice Marrink wrote:
Or Session. Session.getAuthorizationStrategy().
Maurice
On Tue, Apr 1, 2008 at 8:51 PM, Nino Saturnino Martinez Vazquez
Wael
[EMAIL PROTECTED] wrote:
It's your webapplication that takes the ISecurityStrategy..
public class ZeuzGroupApplication extends WebApplication {
private SpringComponentInjector springComponentInjector;
@Override
protected void init() {
super.init();
//getSecuritySettings().setAuthorizationStrategy(
//new RoleAuthorizationStrategy(new
UserRolesAuthorizer()));
getSecuritySettings().setAuthorizationStrategy(
new ZeuzSecurity(ZeuzAuthorizedPage.class,
LoginPage.class) {
@Override
protected boolean isAuthorized(Class pageClass)
{
return (((ZeuzSession)
Session.get()).isAuthorized());
}
});
...
Bruce Petro wrote:
Thanks to the replies I received... yeah I didn't say it
well,
but I
assumed the user would be kept in the session and that seems
to
fit
everyone's reply. On top of that, I think I'm hearing I can
use
inheritance and have every page utilize ISecurityStrategy to
then
control access to the page.
I'll check into it and see if I've got that all correct.
Thanks
again.
-Original Message-
From: Nino Saturnino Martinez Vazquez Wael
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 01, 2008 1:49 PM
To: users@wicket.apache.org
Subject: Re: Question on page inheritance...
True, as Igor wrote this is meant to be in conjuction with at
ISecurityStrategy.
Nino Saturnino Martinez Vazquez Wael wrote
Re: Question on page inheritance...
I cant wait:) Say if you need some help with them.. I've dabbled a
little with it in the JPA-translator project.
So i'll wait upgrading my app until then..
Maurice Marrink wrote:
Annotations are planned for swarm 1.4 (should come out shortly after
wicket 1.4) .
Maurice
On Wed, Apr 2, 2008 at 11:14 AM, Nino Saturnino Martinez Vazquez Wael
[EMAIL PROTECTED] wrote:
Maurice Marrink wrote:
Well my view is a bit biased :)
I know..:)
swarm aims to be easy to use and flexible but i admit it can look a
bit intimidating at first.
But don't take my word for it, ask some of the other people that
actually use swarm what they think of it. There is a number of them
floating around on the mailing list.
As for your usecase for authentication and just a little bit of
authorization (you are not giving me much to work with here)
I also know. Basically, I have 5 roles depending on roles there are some
pages they cant see, and of course the bookmarkable links should'nt work for
those without proper rights. But I really liked auth-roles way with
annotations, there arent such a thing for swarm or is it planned?
You can continue using the current authentication but you need to
provide a mapping between your current roles/permissions to the
authorization mechanism of swarm. This should not be that hard.
Then you apply the ISecurePage interface to all the page you want to
protected.
I've actually used markupinheritance /pageinheritance for this part, so it
should be really easy todo..
Even without using roles/permissions or whatever else authorization
you already accomplished that for those pages you need to be logged in
to the application before you can access them
Add more security to components / pages that require special permission
(all this just in a nutshell :))
Maurice
P.S. sorry for hijacking the thread :)
I believe I did it when asking:)
On Wed, Apr 2, 2008 at 9:10 AM, Nino Saturnino Martinez Vazquez Wael
[EMAIL PROTECTED] wrote:
Ahh, I need to look into swarm.
Currently im using my own homebrewn solution, auth roles was almost
okay,
but were missing the ability to use enums in it's annotations:/ And
swarm
seems to be a bit overcomplicated if I just need some base
authentication +
maybe some component auth, please correct me if Im wrong?
regards Nino
Maurice Marrink wrote:
Yep that way you can switch between an application scoped strategy
(like wicket-auth-roles) and a session scoped strategy (like swarm)
Anyway the default is for the session to ask the application to return
the strategy.
On Wed, Apr 2, 2008 at 8:18 AM, Nino Saturnino Martinez Vazquez Wael
[EMAIL PROTECTED] wrote:
Session could provide that too? Cool:)
Maurice Marrink wrote:
Or Session. Session.getAuthorizationStrategy().
Maurice
On Tue, Apr 1, 2008 at 8:51 PM, Nino Saturnino Martinez Vazquez
Wael
[EMAIL PROTECTED] wrote:
It's your webapplication that takes the ISecurityStrategy..
public class ZeuzGroupApplication extends WebApplication {
private SpringComponentInjector springComponentInjector;
@Override
protected void init() {
super.init();
//getSecuritySettings().setAuthorizationStrategy(
//new RoleAuthorizationStrategy(new
UserRolesAuthorizer()));
getSecuritySettings().setAuthorizationStrategy(
new ZeuzSecurity(ZeuzAuthorizedPage.class,
LoginPage.class) {
@Override
protected boolean isAuthorized(Class pageClass)
{
return (((ZeuzSession)
Session.get()).isAuthorized());
}
});
...
Bruce Petro wrote:
Thanks to the replies I received... yeah I didn't say it
well,
but I
assumed the user would be kept in the session and that seems
to
fit
everyone's reply. On top of that, I think I'm hearing I can
use
inheritance and have every page utilize ISecurityStrategy to
then
control access to the page.
I'll check into it and see if I've got that all correct.
Thanks
again.
-Original Message-
From: Nino Saturnino Martinez Vazquez Wael
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 01, 2008 1:49 PM
To: users@wicket.apache.org
Subject: Re: Question on page inheritance...
True, as Igor wrote this is meant to be in conjuction with at
ISecurityStrategy.
Nino Saturnino Martinez Vazquez Wael wrote:
You could actually also do this another way... Im using
markup
inheritance alot, but I stuff user object
Re: Question on page inheritance...
Maurice Marrink wrote:
Well my view is a bit biased :)
I know..:)
swarm aims to be easy to use and flexible but i admit it can look a
bit intimidating at first.
But don't take my word for it, ask some of the other people that
actually use swarm what they think of it. There is a number of them
floating around on the mailing list.
As for your usecase for authentication and just a little bit of
authorization (you are not giving me much to work with here)
I also know. Basically, I have 5 roles depending on roles there are some
pages they cant see, and of course the bookmarkable links should'nt work
for those without proper rights. But I really liked auth-roles way with
annotations, there arent such a thing for swarm or is it planned?
You can continue using the current authentication but you need to
provide a mapping between your current roles/permissions to the
authorization mechanism of swarm. This should not be that hard.
Then you apply the ISecurePage interface to all the page you want to protected.
I've actually used markupinheritance /pageinheritance for this part, so
it should be really easy todo..
Even without using roles/permissions or whatever else authorization
you already accomplished that for those pages you need to be logged in
to the application before you can access them
Add more security to components / pages that require special permission
(all this just in a nutshell :))
Maurice
P.S. sorry for hijacking the thread :)
I believe I did it when asking:)
On Wed, Apr 2, 2008 at 9:10 AM, Nino Saturnino Martinez Vazquez Wael
[EMAIL PROTECTED] wrote:
Ahh, I need to look into swarm.
Currently im using my own homebrewn solution, auth roles was almost okay,
but were missing the ability to use enums in it's annotations:/ And swarm
seems to be a bit overcomplicated if I just need some base authentication +
maybe some component auth, please correct me if Im wrong?
regards Nino
Maurice Marrink wrote:
Yep that way you can switch between an application scoped strategy
(like wicket-auth-roles) and a session scoped strategy (like swarm)
Anyway the default is for the session to ask the application to return
the strategy.
On Wed, Apr 2, 2008 at 8:18 AM, Nino Saturnino Martinez Vazquez Wael
[EMAIL PROTECTED] wrote:
Session could provide that too? Cool:)
Maurice Marrink wrote:
Or Session. Session.getAuthorizationStrategy().
Maurice
On Tue, Apr 1, 2008 at 8:51 PM, Nino Saturnino Martinez Vazquez Wael
[EMAIL PROTECTED] wrote:
It's your webapplication that takes the ISecurityStrategy..
public class ZeuzGroupApplication extends WebApplication {
private SpringComponentInjector springComponentInjector;
@Override
protected void init() {
super.init();
//getSecuritySettings().setAuthorizationStrategy(
//new RoleAuthorizationStrategy(new
UserRolesAuthorizer()));
getSecuritySettings().setAuthorizationStrategy(
new ZeuzSecurity(ZeuzAuthorizedPage.class,
LoginPage.class) {
@Override
protected boolean isAuthorized(Class pageClass) {
return (((ZeuzSession)
Session.get()).isAuthorized());
}
});
...
Bruce Petro wrote:
Thanks to the replies I received... yeah I didn't say it well,
but I
assumed the user would be kept in the session and that seems to
fit
everyone's reply. On top of that, I think I'm hearing I can use
inheritance and have every page utilize ISecurityStrategy to then
control access to the page.
I'll check into it and see if I've got that all correct. Thanks
again.
-Original Message-
From: Nino Saturnino Martinez Vazquez Wael
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 01, 2008 1:49 PM
To: users@wicket.apache.org
Subject: Re: Question on page inheritance...
True, as Igor wrote this is meant to be in conjuction with at
ISecurityStrategy.
Nino Saturnino Martinez Vazquez Wael wrote:
You could actually also do this another way... Im using markup
inheritance alot, but I stuff user object into the session like
this:
See a nice view here:
http://papernapkin.org/pastebin/view/281/
package zeuzgroup.application;
import javax.servlet.http.HttpSession;
import org.apache.wicket.Application;
import org.apache.wicket.Request;
import org.apache.wicket.protocol.http.WebRequest;
import org.apache.wicket.protocol.http.WebSession;
import zeuzgroup.core.Person;
import zeuzgroup.core.user.UserType;
public class ZeuzSession extends WebSession {
private boolean authorized = false;
private Person person;
private HttpSession httpSession;
protected ZeuzSession(Application application, Request
request) {
super(application
Re: Question on page inheritance...
Creating a BasePage and have every other page extend from it it the preferred way. Your BasePage can but is not required to provide a base markup. See http://wicket.apache.org/examplemarkupinheritance.html Maurice On Tue, Apr 1, 2008 at 7:28 PM, Bruce Petro [EMAIL PROTECTED] wrote: I'm just getting started in wicket, so forgive me if this is a too-dumb question... I know wicket can check the session for a user to ask a user object if it is logged in. However, you don't really want to paste code on every page. What is the best way, to have each page inherit the base security check routine? Would you create a BasePage extends WebPage and put the logic there and have all other pages extend BasePage? Or would you attach some sort of a command object to each page and put the logic in that? Anyone have a reference to an example of code to do this? THANKS! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Question on page inheritance...
such a check belongs in ISecurityStrategy and not really in your page hierarchy. see wicket-auth-roles for examples. -igor On Tue, Apr 1, 2008 at 10:28 AM, Bruce Petro [EMAIL PROTECTED] wrote: I'm just getting started in wicket, so forgive me if this is a too-dumb question... I know wicket can check the session for a user to ask a user object if it is logged in. However, you don't really want to paste code on every page. What is the best way, to have each page inherit the base security check routine? Would you create a BasePage extends WebPage and put the logic there and have all other pages extend BasePage? Or would you attach some sort of a command object to each page and put the logic in that? Anyone have a reference to an example of code to do this? THANKS! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Question on page inheritance...
Can you check the mailing-list by search the following topic Where to apply a general security policy - there much strategies are explained (or links can be found). Cheers Per - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Question on page inheritance...
Thanks to the replies I received... yeah I didn't say it well, but I
assumed the user would be kept in the session and that seems to fit
everyone's reply. On top of that, I think I'm hearing I can use
inheritance and have every page utilize ISecurityStrategy to then
control access to the page.
I'll check into it and see if I've got that all correct. Thanks again.
-Original Message-
From: Nino Saturnino Martinez Vazquez Wael
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 01, 2008 1:49 PM
To: users@wicket.apache.org
Subject: Re: Question on page inheritance...
True, as Igor wrote this is meant to be in conjuction with at
ISecurityStrategy.
Nino Saturnino Martinez Vazquez Wael wrote:
You could actually also do this another way... Im using markup
inheritance alot, but I stuff user object into the session like this:
See a nice view here:
http://papernapkin.org/pastebin/view/281/
package zeuzgroup.application;
import javax.servlet.http.HttpSession;
import org.apache.wicket.Application;
import org.apache.wicket.Request;
import org.apache.wicket.protocol.http.WebRequest;
import org.apache.wicket.protocol.http.WebSession;
import zeuzgroup.core.Person;
import zeuzgroup.core.user.UserType;
public class ZeuzSession extends WebSession {
private boolean authorized = false;
private Person person;
private HttpSession httpSession;
protected ZeuzSession(Application application, Request request) {
super(application, request);
httpSession = ((WebRequest) request).getHttpServletRequest()
.getSession();
}
public boolean isAuthorized() {
return authorized;
}
public void setAuthorized(boolean authorized) {
this.authorized = authorized;
if (authorized) {
httpSession.setAttribute(sso.password.attribute, person
.getPassword());
httpSession.setAttribute(sso.email.attribute,
person.getEmail());
httpSession.setAttribute(password, person.getPassword());
httpSession.setAttribute(email, person.getEmail());
} else {
httpSession.setAttribute(sso.password.attribute, null);
httpSession.setAttribute(sso.email.attribute, null);
}
}
public Person getPerson() {
if (person != null) {
return person;
} else {
Person person = new Person();
person.setUserType(UserType.Guest);
return person;
}
}
public void setPerson(Person person) {
this.person = person;
}
}
Bruce Petro wrote:
I'm just getting started in wicket, so forgive me if this is a
too-dumb
question...
I know wicket can check the session for a user to ask a user object
if
it is logged in.
However, you don't really want to paste code on every page.
What is the best way, to have each page inherit the base security
check routine?
Would you create a BasePage extends WebPage and put the logic there
and
have all other pages extend BasePage?
Or would you attach some sort of a command object to each page and
put
the logic in that?
Anyone have a reference to an example of code to do this?
THANKS!
--
-Wicket for love
Nino Martinez Wael
Java Specialist @ Jayway DK
http://www.jayway.dk
+45 2936 7684
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Question on page inheritance...
It's your webapplication that takes the ISecurityStrategy..
public class ZeuzGroupApplication extends WebApplication {
private SpringComponentInjector springComponentInjector;
@Override
protected void init() {
super.init();
//getSecuritySettings().setAuthorizationStrategy(
//new RoleAuthorizationStrategy(new UserRolesAuthorizer()));
getSecuritySettings().setAuthorizationStrategy(
new ZeuzSecurity(ZeuzAuthorizedPage.class,
LoginPage.class) {
@Override
protected boolean isAuthorized(Class pageClass) {
return (((ZeuzSession)
Session.get()).isAuthorized());
}
});
...
Bruce Petro wrote:
Thanks to the replies I received... yeah I didn't say it well, but I
assumed the user would be kept in the session and that seems to fit
everyone's reply. On top of that, I think I'm hearing I can use
inheritance and have every page utilize ISecurityStrategy to then
control access to the page.
I'll check into it and see if I've got that all correct. Thanks again.
-Original Message-
From: Nino Saturnino Martinez Vazquez Wael
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 01, 2008 1:49 PM
To: users@wicket.apache.org
Subject: Re: Question on page inheritance...
True, as Igor wrote this is meant to be in conjuction with at
ISecurityStrategy.
Nino Saturnino Martinez Vazquez Wael wrote:
You could actually also do this another way... Im using markup
inheritance alot, but I stuff user object into the session like this:
See a nice view here:
http://papernapkin.org/pastebin/view/281/
package zeuzgroup.application;
import javax.servlet.http.HttpSession;
import org.apache.wicket.Application;
import org.apache.wicket.Request;
import org.apache.wicket.protocol.http.WebRequest;
import org.apache.wicket.protocol.http.WebSession;
import zeuzgroup.core.Person;
import zeuzgroup.core.user.UserType;
public class ZeuzSession extends WebSession {
private boolean authorized = false;
private Person person;
private HttpSession httpSession;
protected ZeuzSession(Application application, Request request) {
super(application, request);
httpSession = ((WebRequest) request).getHttpServletRequest()
.getSession();
}
public boolean isAuthorized() {
return authorized;
}
public void setAuthorized(boolean authorized) {
this.authorized = authorized;
if (authorized) {
httpSession.setAttribute(sso.password.attribute, person
.getPassword());
httpSession.setAttribute(sso.email.attribute,
person.getEmail());
httpSession.setAttribute(password, person.getPassword());
httpSession.setAttribute(email, person.getEmail());
} else {
httpSession.setAttribute(sso.password.attribute, null);
httpSession.setAttribute(sso.email.attribute, null);
}
}
public Person getPerson() {
if (person != null) {
return person;
} else {
Person person = new Person();
person.setUserType(UserType.Guest);
return person;
}
}
public void setPerson(Person person) {
this.person = person;
}
}
Bruce Petro wrote:
I'm just getting started in wicket, so forgive me if this is a
too-dumb
question...
I know wicket can check the session for a user to ask a user object
if
it is logged in.
However, you don't really want to paste code on every page.
What is the best way, to have each page inherit the base security
check routine?
Would you create a BasePage extends WebPage and put the logic there
and
have all other pages extend BasePage?
Or would you attach some sort of a command object to each page and
put
the logic in that?
Anyone have a reference to an example of code to do this?
THANKS!
--
-Wicket for love
Nino Martinez Wael
Java Specialist @ Jayway DK
http://www.jayway.dk
+45 2936 7684
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Question on page inheritance...
Or Session. Session.getAuthorizationStrategy().
Maurice
On Tue, Apr 1, 2008 at 8:51 PM, Nino Saturnino Martinez Vazquez Wael
[EMAIL PROTECTED] wrote:
It's your webapplication that takes the ISecurityStrategy..
public class ZeuzGroupApplication extends WebApplication {
private SpringComponentInjector springComponentInjector;
@Override
protected void init() {
super.init();
//getSecuritySettings().setAuthorizationStrategy(
//new RoleAuthorizationStrategy(new UserRolesAuthorizer()));
getSecuritySettings().setAuthorizationStrategy(
new ZeuzSecurity(ZeuzAuthorizedPage.class,
LoginPage.class) {
@Override
protected boolean isAuthorized(Class pageClass) {
return (((ZeuzSession)
Session.get()).isAuthorized());
}
});
...
Bruce Petro wrote:
Thanks to the replies I received... yeah I didn't say it well, but I
assumed the user would be kept in the session and that seems to fit
everyone's reply. On top of that, I think I'm hearing I can use
inheritance and have every page utilize ISecurityStrategy to then
control access to the page.
I'll check into it and see if I've got that all correct. Thanks again.
-Original Message-
From: Nino Saturnino Martinez Vazquez Wael
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 01, 2008 1:49 PM
To: users@wicket.apache.org
Subject: Re: Question on page inheritance...
True, as Igor wrote this is meant to be in conjuction with at
ISecurityStrategy.
Nino Saturnino Martinez Vazquez Wael wrote:
You could actually also do this another way... Im using markup
inheritance alot, but I stuff user object into the session like this:
See a nice view here:
http://papernapkin.org/pastebin/view/281/
package zeuzgroup.application;
import javax.servlet.http.HttpSession;
import org.apache.wicket.Application;
import org.apache.wicket.Request;
import org.apache.wicket.protocol.http.WebRequest;
import org.apache.wicket.protocol.http.WebSession;
import zeuzgroup.core.Person;
import zeuzgroup.core.user.UserType;
public class ZeuzSession extends WebSession {
private boolean authorized = false;
private Person person;
private HttpSession httpSession;
protected ZeuzSession(Application application, Request request) {
super(application, request);
httpSession = ((WebRequest) request).getHttpServletRequest()
.getSession();
}
public boolean isAuthorized() {
return authorized;
}
public void setAuthorized(boolean authorized) {
this.authorized = authorized;
if (authorized) {
httpSession.setAttribute(sso.password.attribute, person
.getPassword());
httpSession.setAttribute(sso.email.attribute,
person.getEmail());
httpSession.setAttribute(password, person.getPassword());
httpSession.setAttribute(email, person.getEmail());
} else {
httpSession.setAttribute(sso.password.attribute, null);
httpSession.setAttribute(sso.email.attribute, null);
}
}
public Person getPerson() {
if (person != null) {
return person;
} else {
Person person = new Person();
person.setUserType(UserType.Guest);
return person;
}
}
public void setPerson(Person person) {
this.person = person;
}
}
Bruce Petro wrote:
I'm just getting started in wicket, so forgive me if this is a
too-dumb
question...
I know wicket can check the session for a user to ask a user object
if
it is logged in.
However, you don't really want to paste code on every page.
What is the best way, to have each page inherit the base security
check routine?
Would you create a BasePage extends WebPage and put the logic there
and
have all other pages extend BasePage?
Or would you attach some sort of a command object to each page and
put
the logic in that?
Anyone have a reference to an example of code to do this?
THANKS!
--
-Wicket for love
Nino Martinez Wael
Java Specialist @ Jayway DK
http://www.jayway.dk
+45 2936 7684
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
