Re: Question on page inheritance...
Session could provide that too? Cool:) Maurice Marrink wrote: Or Session. Session.getAuthorizationStrategy(). Maurice On Tue, Apr 1, 2008 at 8:51 PM, Nino Saturnino Martinez Vazquez Wael [EMAIL PROTECTED] wrote: It's your webapplication that takes the ISecurityStrategy.. public class ZeuzGroupApplication extends WebApplication { private SpringComponentInjector springComponentInjector; @Override protected void init() { super.init(); //getSecuritySettings().setAuthorizationStrategy( //new RoleAuthorizationStrategy(new UserRolesAuthorizer())); getSecuritySettings().setAuthorizationStrategy( new ZeuzSecurity(ZeuzAuthorizedPage.class, LoginPage.class) { @Override protected boolean isAuthorized(Class pageClass) { return (((ZeuzSession) Session.get()).isAuthorized()); } }); ... Bruce Petro wrote: Thanks to the replies I received... yeah I didn't say it well, but I assumed the user would be kept in the session and that seems to fit everyone's reply. On top of that, I think I'm hearing I can use inheritance and have every page utilize ISecurityStrategy to then control access to the page. I'll check into it and see if I've got that all correct. Thanks again. -Original Message- From: Nino Saturnino Martinez Vazquez Wael [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2008 1:49 PM To: users@wicket.apache.org Subject: Re: Question on page inheritance... True, as Igor wrote this is meant to be in conjuction with at ISecurityStrategy. Nino Saturnino Martinez Vazquez Wael wrote: You could actually also do this another way... Im using markup inheritance alot, but I stuff user object into the session like this: See a nice view here: http://papernapkin.org/pastebin/view/281/ package zeuzgroup.application; import javax.servlet.http.HttpSession; import org.apache.wicket.Application; import org.apache.wicket.Request; import org.apache.wicket.protocol.http.WebRequest; import org.apache.wicket.protocol.http.WebSession; import zeuzgroup.core.Person; import zeuzgroup.core.user.UserType; public class ZeuzSession extends WebSession { private boolean authorized = false; private Person person; private HttpSession httpSession; protected ZeuzSession(Application application, Request request) { super(application, request); httpSession = ((WebRequest) request).getHttpServletRequest() .getSession(); } public boolean isAuthorized() { return authorized; } public void setAuthorized(boolean authorized) { this.authorized = authorized; if (authorized) { httpSession.setAttribute(sso.password.attribute, person .getPassword()); httpSession.setAttribute(sso.email.attribute, person.getEmail()); httpSession.setAttribute(password, person.getPassword()); httpSession.setAttribute(email, person.getEmail()); } else { httpSession.setAttribute(sso.password.attribute, null); httpSession.setAttribute(sso.email.attribute, null); } } public Person getPerson() { if (person != null) { return person; } else { Person person = new Person(); person.setUserType(UserType.Guest); return person; } } public void setPerson(Person person) { this.person = person; } } Bruce Petro wrote: I'm just getting started in wicket, so forgive me if this is a too-dumb question... I know wicket can check the session for a user to ask a user object if it is logged in. However, you don't really want to paste code on every page. What is the best way, to have each page inherit the base security check routine? Would you create a BasePage extends WebPage and put the logic there and have all other pages extend BasePage? Or would you attach some sort of a command object to each page and put the logic in that? Anyone have a reference to an example of code to do this? THANKS! -- -Wicket for love Nino Martinez Wael Java Specialist @ Jayway DK http://www.jayway.dk +45 2936 7684 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- -Wicket for love Nino Martinez Wael Java Specialist @ Jayway DK http://www.jayway.dk +45 2936 7684
Re: Question on page inheritance...
Yep that way you can switch between an application scoped strategy (like wicket-auth-roles) and a session scoped strategy (like swarm) Anyway the default is for the session to ask the application to return the strategy. On Wed, Apr 2, 2008 at 8:18 AM, Nino Saturnino Martinez Vazquez Wael [EMAIL PROTECTED] wrote: Session could provide that too? Cool:) Maurice Marrink wrote: Or Session. Session.getAuthorizationStrategy(). Maurice On Tue, Apr 1, 2008 at 8:51 PM, Nino Saturnino Martinez Vazquez Wael [EMAIL PROTECTED] wrote: It's your webapplication that takes the ISecurityStrategy.. public class ZeuzGroupApplication extends WebApplication { private SpringComponentInjector springComponentInjector; @Override protected void init() { super.init(); //getSecuritySettings().setAuthorizationStrategy( //new RoleAuthorizationStrategy(new UserRolesAuthorizer())); getSecuritySettings().setAuthorizationStrategy( new ZeuzSecurity(ZeuzAuthorizedPage.class, LoginPage.class) { @Override protected boolean isAuthorized(Class pageClass) { return (((ZeuzSession) Session.get()).isAuthorized()); } }); ... Bruce Petro wrote: Thanks to the replies I received... yeah I didn't say it well, but I assumed the user would be kept in the session and that seems to fit everyone's reply. On top of that, I think I'm hearing I can use inheritance and have every page utilize ISecurityStrategy to then control access to the page. I'll check into it and see if I've got that all correct. Thanks again. -Original Message- From: Nino Saturnino Martinez Vazquez Wael [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2008 1:49 PM To: users@wicket.apache.org Subject: Re: Question on page inheritance... True, as Igor wrote this is meant to be in conjuction with at ISecurityStrategy. Nino Saturnino Martinez Vazquez Wael wrote: You could actually also do this another way... Im using markup inheritance alot, but I stuff user object into the session like this: See a nice view here: http://papernapkin.org/pastebin/view/281/ package zeuzgroup.application; import javax.servlet.http.HttpSession; import org.apache.wicket.Application; import org.apache.wicket.Request; import org.apache.wicket.protocol.http.WebRequest; import org.apache.wicket.protocol.http.WebSession; import zeuzgroup.core.Person; import zeuzgroup.core.user.UserType; public class ZeuzSession extends WebSession { private boolean authorized = false; private Person person; private HttpSession httpSession; protected ZeuzSession(Application application, Request request) { super(application, request); httpSession = ((WebRequest) request).getHttpServletRequest() .getSession(); } public boolean isAuthorized() { return authorized; } public void setAuthorized(boolean authorized) { this.authorized = authorized; if (authorized) { httpSession.setAttribute(sso.password.attribute, person .getPassword()); httpSession.setAttribute(sso.email.attribute, person.getEmail()); httpSession.setAttribute(password, person.getPassword()); httpSession.setAttribute(email, person.getEmail()); } else { httpSession.setAttribute(sso.password.attribute, null); httpSession.setAttribute(sso.email.attribute, null); } } public Person getPerson() { if (person != null) { return person; } else { Person person = new Person(); person.setUserType(UserType.Guest); return person; } } public void setPerson(Person person) { this.person = person; } } Bruce Petro wrote: I'm just getting started in wicket, so forgive me if this is a too-dumb question... I know wicket can check the session for a user to ask a user object if it is logged in. However, you don't really want to paste code on every page. What is the best way, to have each page inherit the base security check routine? Would you create a BasePage extends WebPage and put the logic there and have all other pages extend BasePage? Or would you attach some sort
Re: Question on page inheritance...
Ahh, I need to look into swarm. Currently im using my own homebrewn solution, auth roles was almost okay, but were missing the ability to use enums in it's annotations:/ And swarm seems to be a bit overcomplicated if I just need some base authentication + maybe some component auth, please correct me if Im wrong? regards Nino Maurice Marrink wrote: Yep that way you can switch between an application scoped strategy (like wicket-auth-roles) and a session scoped strategy (like swarm) Anyway the default is for the session to ask the application to return the strategy. On Wed, Apr 2, 2008 at 8:18 AM, Nino Saturnino Martinez Vazquez Wael [EMAIL PROTECTED] wrote: Session could provide that too? Cool:) Maurice Marrink wrote: Or Session. Session.getAuthorizationStrategy(). Maurice On Tue, Apr 1, 2008 at 8:51 PM, Nino Saturnino Martinez Vazquez Wael [EMAIL PROTECTED] wrote: It's your webapplication that takes the ISecurityStrategy.. public class ZeuzGroupApplication extends WebApplication { private SpringComponentInjector springComponentInjector; @Override protected void init() { super.init(); //getSecuritySettings().setAuthorizationStrategy( //new RoleAuthorizationStrategy(new UserRolesAuthorizer())); getSecuritySettings().setAuthorizationStrategy( new ZeuzSecurity(ZeuzAuthorizedPage.class, LoginPage.class) { @Override protected boolean isAuthorized(Class pageClass) { return (((ZeuzSession) Session.get()).isAuthorized()); } }); ... Bruce Petro wrote: Thanks to the replies I received... yeah I didn't say it well, but I assumed the user would be kept in the session and that seems to fit everyone's reply. On top of that, I think I'm hearing I can use inheritance and have every page utilize ISecurityStrategy to then control access to the page. I'll check into it and see if I've got that all correct. Thanks again. -Original Message- From: Nino Saturnino Martinez Vazquez Wael [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2008 1:49 PM To: users@wicket.apache.org Subject: Re: Question on page inheritance... True, as Igor wrote this is meant to be in conjuction with at ISecurityStrategy. Nino Saturnino Martinez Vazquez Wael wrote: You could actually also do this another way... Im using markup inheritance alot, but I stuff user object into the session like this: See a nice view here: http://papernapkin.org/pastebin/view/281/ package zeuzgroup.application; import javax.servlet.http.HttpSession; import org.apache.wicket.Application; import org.apache.wicket.Request; import org.apache.wicket.protocol.http.WebRequest; import org.apache.wicket.protocol.http.WebSession; import zeuzgroup.core.Person; import zeuzgroup.core.user.UserType; public class ZeuzSession extends WebSession { private boolean authorized = false; private Person person; private HttpSession httpSession; protected ZeuzSession(Application application, Request request) { super(application, request); httpSession = ((WebRequest) request).getHttpServletRequest() .getSession(); } public boolean isAuthorized() { return authorized; } public void setAuthorized(boolean authorized) { this.authorized = authorized; if (authorized) { httpSession.setAttribute(sso.password.attribute, person .getPassword()); httpSession.setAttribute(sso.email.attribute, person.getEmail()); httpSession.setAttribute(password, person.getPassword()); httpSession.setAttribute(email, person.getEmail()); } else { httpSession.setAttribute(sso.password.attribute, null); httpSession.setAttribute(sso.email.attribute, null); } } public Person getPerson() { if (person != null) { return person; } else { Person person = new Person(); person.setUserType(UserType.Guest); return person; } } public void setPerson(Person person) { this.person = person; } } Bruce Petro wrote: I'm just getting started in wicket, so forgive me if this is a too-dumb question... I know wicket can check the session for a user to ask a user object if it is logged in. However, you don't really want to paste code on every page. What is the best way, to have each page inherit the base security check routine? Would you create a BasePage extends WebPage and put the logic there and have all other pages extend BasePage? Or would you attach some sort
Re: Question on page inheritance...
Well my view is a bit biased :) swarm aims to be easy to use and flexible but i admit it can look a bit intimidating at first. But don't take my word for it, ask some of the other people that actually use swarm what they think of it. There is a number of them floating around on the mailing list. As for your usecase for authentication and just a little bit of authorization (you are not giving me much to work with here) You can continue using the current authentication but you need to provide a mapping between your current roles/permissions to the authorization mechanism of swarm. This should not be that hard. Then you apply the ISecurePage interface to all the page you want to protected. Even without using roles/permissions or whatever else authorization you already accomplished that for those pages you need to be logged in to the application before you can access them Add more security to components / pages that require special permission (all this just in a nutshell :)) Maurice P.S. sorry for hijacking the thread :) On Wed, Apr 2, 2008 at 9:10 AM, Nino Saturnino Martinez Vazquez Wael [EMAIL PROTECTED] wrote: Ahh, I need to look into swarm. Currently im using my own homebrewn solution, auth roles was almost okay, but were missing the ability to use enums in it's annotations:/ And swarm seems to be a bit overcomplicated if I just need some base authentication + maybe some component auth, please correct me if Im wrong? regards Nino Maurice Marrink wrote: Yep that way you can switch between an application scoped strategy (like wicket-auth-roles) and a session scoped strategy (like swarm) Anyway the default is for the session to ask the application to return the strategy. On Wed, Apr 2, 2008 at 8:18 AM, Nino Saturnino Martinez Vazquez Wael [EMAIL PROTECTED] wrote: Session could provide that too? Cool:) Maurice Marrink wrote: Or Session. Session.getAuthorizationStrategy(). Maurice On Tue, Apr 1, 2008 at 8:51 PM, Nino Saturnino Martinez Vazquez Wael [EMAIL PROTECTED] wrote: It's your webapplication that takes the ISecurityStrategy.. public class ZeuzGroupApplication extends WebApplication { private SpringComponentInjector springComponentInjector; @Override protected void init() { super.init(); //getSecuritySettings().setAuthorizationStrategy( //new RoleAuthorizationStrategy(new UserRolesAuthorizer())); getSecuritySettings().setAuthorizationStrategy( new ZeuzSecurity(ZeuzAuthorizedPage.class, LoginPage.class) { @Override protected boolean isAuthorized(Class pageClass) { return (((ZeuzSession) Session.get()).isAuthorized()); } }); ... Bruce Petro wrote: Thanks to the replies I received... yeah I didn't say it well, but I assumed the user would be kept in the session and that seems to fit everyone's reply. On top of that, I think I'm hearing I can use inheritance and have every page utilize ISecurityStrategy to then control access to the page. I'll check into it and see if I've got that all correct. Thanks again. -Original Message- From: Nino Saturnino Martinez Vazquez Wael [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2008 1:49 PM To: users@wicket.apache.org Subject: Re: Question on page inheritance... True, as Igor wrote this is meant to be in conjuction with at ISecurityStrategy. Nino Saturnino Martinez Vazquez Wael wrote: You could actually also do this another way... Im using markup inheritance alot, but I stuff user object into the session like this: See a nice view here: http://papernapkin.org/pastebin/view/281/ package zeuzgroup.application; import javax.servlet.http.HttpSession; import org.apache.wicket.Application; import org.apache.wicket.Request; import org.apache.wicket.protocol.http.WebRequest; import org.apache.wicket.protocol.http.WebSession; import zeuzgroup.core.Person; import zeuzgroup.core.user.UserType; public class ZeuzSession extends WebSession { private boolean authorized = false; private Person person; private HttpSession httpSession; protected ZeuzSession(Application application, Request request) { super(application, request); httpSession = ((WebRequest) request).getHttpServletRequest() .getSession
Re: Question on page inheritance...
Annotations are planned for swarm 1.4 (should come out shortly after wicket 1.4) . Maurice On Wed, Apr 2, 2008 at 11:14 AM, Nino Saturnino Martinez Vazquez Wael [EMAIL PROTECTED] wrote: Maurice Marrink wrote: Well my view is a bit biased :) I know..:) swarm aims to be easy to use and flexible but i admit it can look a bit intimidating at first. But don't take my word for it, ask some of the other people that actually use swarm what they think of it. There is a number of them floating around on the mailing list. As for your usecase for authentication and just a little bit of authorization (you are not giving me much to work with here) I also know. Basically, I have 5 roles depending on roles there are some pages they cant see, and of course the bookmarkable links should'nt work for those without proper rights. But I really liked auth-roles way with annotations, there arent such a thing for swarm or is it planned? You can continue using the current authentication but you need to provide a mapping between your current roles/permissions to the authorization mechanism of swarm. This should not be that hard. Then you apply the ISecurePage interface to all the page you want to protected. I've actually used markupinheritance /pageinheritance for this part, so it should be really easy todo.. Even without using roles/permissions or whatever else authorization you already accomplished that for those pages you need to be logged in to the application before you can access them Add more security to components / pages that require special permission (all this just in a nutshell :)) Maurice P.S. sorry for hijacking the thread :) I believe I did it when asking:) On Wed, Apr 2, 2008 at 9:10 AM, Nino Saturnino Martinez Vazquez Wael [EMAIL PROTECTED] wrote: Ahh, I need to look into swarm. Currently im using my own homebrewn solution, auth roles was almost okay, but were missing the ability to use enums in it's annotations:/ And swarm seems to be a bit overcomplicated if I just need some base authentication + maybe some component auth, please correct me if Im wrong? regards Nino Maurice Marrink wrote: Yep that way you can switch between an application scoped strategy (like wicket-auth-roles) and a session scoped strategy (like swarm) Anyway the default is for the session to ask the application to return the strategy. On Wed, Apr 2, 2008 at 8:18 AM, Nino Saturnino Martinez Vazquez Wael [EMAIL PROTECTED] wrote: Session could provide that too? Cool:) Maurice Marrink wrote: Or Session. Session.getAuthorizationStrategy(). Maurice On Tue, Apr 1, 2008 at 8:51 PM, Nino Saturnino Martinez Vazquez Wael [EMAIL PROTECTED] wrote: It's your webapplication that takes the ISecurityStrategy.. public class ZeuzGroupApplication extends WebApplication { private SpringComponentInjector springComponentInjector; @Override protected void init() { super.init(); //getSecuritySettings().setAuthorizationStrategy( //new RoleAuthorizationStrategy(new UserRolesAuthorizer())); getSecuritySettings().setAuthorizationStrategy( new ZeuzSecurity(ZeuzAuthorizedPage.class, LoginPage.class) { @Override protected boolean isAuthorized(Class pageClass) { return (((ZeuzSession) Session.get()).isAuthorized()); } }); ... Bruce Petro wrote: Thanks to the replies I received... yeah I didn't say it well, but I assumed the user would be kept in the session and that seems to fit everyone's reply. On top of that, I think I'm hearing I can use inheritance and have every page utilize ISecurityStrategy to then control access to the page. I'll check into it and see if I've got that all correct. Thanks again. -Original Message- From: Nino Saturnino Martinez Vazquez Wael [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2008 1:49 PM To: users@wicket.apache.org Subject: Re: Question on page inheritance... True, as Igor wrote this is meant to be in conjuction with at ISecurityStrategy. Nino Saturnino Martinez Vazquez Wael wrote
Re: Question on page inheritance...
I cant wait:) Say if you need some help with them.. I've dabbled a little with it in the JPA-translator project. So i'll wait upgrading my app until then.. Maurice Marrink wrote: Annotations are planned for swarm 1.4 (should come out shortly after wicket 1.4) . Maurice On Wed, Apr 2, 2008 at 11:14 AM, Nino Saturnino Martinez Vazquez Wael [EMAIL PROTECTED] wrote: Maurice Marrink wrote: Well my view is a bit biased :) I know..:) swarm aims to be easy to use and flexible but i admit it can look a bit intimidating at first. But don't take my word for it, ask some of the other people that actually use swarm what they think of it. There is a number of them floating around on the mailing list. As for your usecase for authentication and just a little bit of authorization (you are not giving me much to work with here) I also know. Basically, I have 5 roles depending on roles there are some pages they cant see, and of course the bookmarkable links should'nt work for those without proper rights. But I really liked auth-roles way with annotations, there arent such a thing for swarm or is it planned? You can continue using the current authentication but you need to provide a mapping between your current roles/permissions to the authorization mechanism of swarm. This should not be that hard. Then you apply the ISecurePage interface to all the page you want to protected. I've actually used markupinheritance /pageinheritance for this part, so it should be really easy todo.. Even without using roles/permissions or whatever else authorization you already accomplished that for those pages you need to be logged in to the application before you can access them Add more security to components / pages that require special permission (all this just in a nutshell :)) Maurice P.S. sorry for hijacking the thread :) I believe I did it when asking:) On Wed, Apr 2, 2008 at 9:10 AM, Nino Saturnino Martinez Vazquez Wael [EMAIL PROTECTED] wrote: Ahh, I need to look into swarm. Currently im using my own homebrewn solution, auth roles was almost okay, but were missing the ability to use enums in it's annotations:/ And swarm seems to be a bit overcomplicated if I just need some base authentication + maybe some component auth, please correct me if Im wrong? regards Nino Maurice Marrink wrote: Yep that way you can switch between an application scoped strategy (like wicket-auth-roles) and a session scoped strategy (like swarm) Anyway the default is for the session to ask the application to return the strategy. On Wed, Apr 2, 2008 at 8:18 AM, Nino Saturnino Martinez Vazquez Wael [EMAIL PROTECTED] wrote: Session could provide that too? Cool:) Maurice Marrink wrote: Or Session. Session.getAuthorizationStrategy(). Maurice On Tue, Apr 1, 2008 at 8:51 PM, Nino Saturnino Martinez Vazquez Wael [EMAIL PROTECTED] wrote: It's your webapplication that takes the ISecurityStrategy.. public class ZeuzGroupApplication extends WebApplication { private SpringComponentInjector springComponentInjector; @Override protected void init() { super.init(); //getSecuritySettings().setAuthorizationStrategy( //new RoleAuthorizationStrategy(new UserRolesAuthorizer())); getSecuritySettings().setAuthorizationStrategy( new ZeuzSecurity(ZeuzAuthorizedPage.class, LoginPage.class) { @Override protected boolean isAuthorized(Class pageClass) { return (((ZeuzSession) Session.get()).isAuthorized()); } }); ... Bruce Petro wrote: Thanks to the replies I received... yeah I didn't say it well, but I assumed the user would be kept in the session and that seems to fit everyone's reply. On top of that, I think I'm hearing I can use inheritance and have every page utilize ISecurityStrategy to then control access to the page. I'll check into it and see if I've got that all correct. Thanks again. -Original Message- From: Nino Saturnino Martinez Vazquez Wael [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2008 1:49 PM To: users@wicket.apache.org Subject: Re: Question on page inheritance... True, as Igor wrote this is meant to be in conjuction with at ISecurityStrategy. Nino Saturnino Martinez Vazquez Wael wrote: You could actually also do this another way... Im using markup inheritance alot, but I stuff user object
Re: Question on page inheritance...
Maurice Marrink wrote: Well my view is a bit biased :) I know..:) swarm aims to be easy to use and flexible but i admit it can look a bit intimidating at first. But don't take my word for it, ask some of the other people that actually use swarm what they think of it. There is a number of them floating around on the mailing list. As for your usecase for authentication and just a little bit of authorization (you are not giving me much to work with here) I also know. Basically, I have 5 roles depending on roles there are some pages they cant see, and of course the bookmarkable links should'nt work for those without proper rights. But I really liked auth-roles way with annotations, there arent such a thing for swarm or is it planned? You can continue using the current authentication but you need to provide a mapping between your current roles/permissions to the authorization mechanism of swarm. This should not be that hard. Then you apply the ISecurePage interface to all the page you want to protected. I've actually used markupinheritance /pageinheritance for this part, so it should be really easy todo.. Even without using roles/permissions or whatever else authorization you already accomplished that for those pages you need to be logged in to the application before you can access them Add more security to components / pages that require special permission (all this just in a nutshell :)) Maurice P.S. sorry for hijacking the thread :) I believe I did it when asking:) On Wed, Apr 2, 2008 at 9:10 AM, Nino Saturnino Martinez Vazquez Wael [EMAIL PROTECTED] wrote: Ahh, I need to look into swarm. Currently im using my own homebrewn solution, auth roles was almost okay, but were missing the ability to use enums in it's annotations:/ And swarm seems to be a bit overcomplicated if I just need some base authentication + maybe some component auth, please correct me if Im wrong? regards Nino Maurice Marrink wrote: Yep that way you can switch between an application scoped strategy (like wicket-auth-roles) and a session scoped strategy (like swarm) Anyway the default is for the session to ask the application to return the strategy. On Wed, Apr 2, 2008 at 8:18 AM, Nino Saturnino Martinez Vazquez Wael [EMAIL PROTECTED] wrote: Session could provide that too? Cool:) Maurice Marrink wrote: Or Session. Session.getAuthorizationStrategy(). Maurice On Tue, Apr 1, 2008 at 8:51 PM, Nino Saturnino Martinez Vazquez Wael [EMAIL PROTECTED] wrote: It's your webapplication that takes the ISecurityStrategy.. public class ZeuzGroupApplication extends WebApplication { private SpringComponentInjector springComponentInjector; @Override protected void init() { super.init(); //getSecuritySettings().setAuthorizationStrategy( //new RoleAuthorizationStrategy(new UserRolesAuthorizer())); getSecuritySettings().setAuthorizationStrategy( new ZeuzSecurity(ZeuzAuthorizedPage.class, LoginPage.class) { @Override protected boolean isAuthorized(Class pageClass) { return (((ZeuzSession) Session.get()).isAuthorized()); } }); ... Bruce Petro wrote: Thanks to the replies I received... yeah I didn't say it well, but I assumed the user would be kept in the session and that seems to fit everyone's reply. On top of that, I think I'm hearing I can use inheritance and have every page utilize ISecurityStrategy to then control access to the page. I'll check into it and see if I've got that all correct. Thanks again. -Original Message- From: Nino Saturnino Martinez Vazquez Wael [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2008 1:49 PM To: users@wicket.apache.org Subject: Re: Question on page inheritance... True, as Igor wrote this is meant to be in conjuction with at ISecurityStrategy. Nino Saturnino Martinez Vazquez Wael wrote: You could actually also do this another way... Im using markup inheritance alot, but I stuff user object into the session like this: See a nice view here: http://papernapkin.org/pastebin/view/281/ package zeuzgroup.application; import javax.servlet.http.HttpSession; import org.apache.wicket.Application; import org.apache.wicket.Request; import org.apache.wicket.protocol.http.WebRequest; import org.apache.wicket.protocol.http.WebSession; import zeuzgroup.core.Person; import zeuzgroup.core.user.UserType; public class ZeuzSession extends WebSession { private boolean authorized = false; private Person person; private HttpSession httpSession; protected ZeuzSession(Application application, Request request) { super(application
Re: Question on page inheritance...
Creating a BasePage and have every other page extend from it it the preferred way. Your BasePage can but is not required to provide a base markup. See http://wicket.apache.org/examplemarkupinheritance.html Maurice On Tue, Apr 1, 2008 at 7:28 PM, Bruce Petro [EMAIL PROTECTED] wrote: I'm just getting started in wicket, so forgive me if this is a too-dumb question... I know wicket can check the session for a user to ask a user object if it is logged in. However, you don't really want to paste code on every page. What is the best way, to have each page inherit the base security check routine? Would you create a BasePage extends WebPage and put the logic there and have all other pages extend BasePage? Or would you attach some sort of a command object to each page and put the logic in that? Anyone have a reference to an example of code to do this? THANKS! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Question on page inheritance...
such a check belongs in ISecurityStrategy and not really in your page hierarchy. see wicket-auth-roles for examples. -igor On Tue, Apr 1, 2008 at 10:28 AM, Bruce Petro [EMAIL PROTECTED] wrote: I'm just getting started in wicket, so forgive me if this is a too-dumb question... I know wicket can check the session for a user to ask a user object if it is logged in. However, you don't really want to paste code on every page. What is the best way, to have each page inherit the base security check routine? Would you create a BasePage extends WebPage and put the logic there and have all other pages extend BasePage? Or would you attach some sort of a command object to each page and put the logic in that? Anyone have a reference to an example of code to do this? THANKS! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Question on page inheritance...
Can you check the mailing-list by search the following topic Where to apply a general security policy - there much strategies are explained (or links can be found). Cheers Per - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Question on page inheritance...
Thanks to the replies I received... yeah I didn't say it well, but I assumed the user would be kept in the session and that seems to fit everyone's reply. On top of that, I think I'm hearing I can use inheritance and have every page utilize ISecurityStrategy to then control access to the page. I'll check into it and see if I've got that all correct. Thanks again. -Original Message- From: Nino Saturnino Martinez Vazquez Wael [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2008 1:49 PM To: users@wicket.apache.org Subject: Re: Question on page inheritance... True, as Igor wrote this is meant to be in conjuction with at ISecurityStrategy. Nino Saturnino Martinez Vazquez Wael wrote: You could actually also do this another way... Im using markup inheritance alot, but I stuff user object into the session like this: See a nice view here: http://papernapkin.org/pastebin/view/281/ package zeuzgroup.application; import javax.servlet.http.HttpSession; import org.apache.wicket.Application; import org.apache.wicket.Request; import org.apache.wicket.protocol.http.WebRequest; import org.apache.wicket.protocol.http.WebSession; import zeuzgroup.core.Person; import zeuzgroup.core.user.UserType; public class ZeuzSession extends WebSession { private boolean authorized = false; private Person person; private HttpSession httpSession; protected ZeuzSession(Application application, Request request) { super(application, request); httpSession = ((WebRequest) request).getHttpServletRequest() .getSession(); } public boolean isAuthorized() { return authorized; } public void setAuthorized(boolean authorized) { this.authorized = authorized; if (authorized) { httpSession.setAttribute(sso.password.attribute, person .getPassword()); httpSession.setAttribute(sso.email.attribute, person.getEmail()); httpSession.setAttribute(password, person.getPassword()); httpSession.setAttribute(email, person.getEmail()); } else { httpSession.setAttribute(sso.password.attribute, null); httpSession.setAttribute(sso.email.attribute, null); } } public Person getPerson() { if (person != null) { return person; } else { Person person = new Person(); person.setUserType(UserType.Guest); return person; } } public void setPerson(Person person) { this.person = person; } } Bruce Petro wrote: I'm just getting started in wicket, so forgive me if this is a too-dumb question... I know wicket can check the session for a user to ask a user object if it is logged in. However, you don't really want to paste code on every page. What is the best way, to have each page inherit the base security check routine? Would you create a BasePage extends WebPage and put the logic there and have all other pages extend BasePage? Or would you attach some sort of a command object to each page and put the logic in that? Anyone have a reference to an example of code to do this? THANKS! -- -Wicket for love Nino Martinez Wael Java Specialist @ Jayway DK http://www.jayway.dk +45 2936 7684 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Question on page inheritance...
It's your webapplication that takes the ISecurityStrategy.. public class ZeuzGroupApplication extends WebApplication { private SpringComponentInjector springComponentInjector; @Override protected void init() { super.init(); //getSecuritySettings().setAuthorizationStrategy( //new RoleAuthorizationStrategy(new UserRolesAuthorizer())); getSecuritySettings().setAuthorizationStrategy( new ZeuzSecurity(ZeuzAuthorizedPage.class, LoginPage.class) { @Override protected boolean isAuthorized(Class pageClass) { return (((ZeuzSession) Session.get()).isAuthorized()); } }); ... Bruce Petro wrote: Thanks to the replies I received... yeah I didn't say it well, but I assumed the user would be kept in the session and that seems to fit everyone's reply. On top of that, I think I'm hearing I can use inheritance and have every page utilize ISecurityStrategy to then control access to the page. I'll check into it and see if I've got that all correct. Thanks again. -Original Message- From: Nino Saturnino Martinez Vazquez Wael [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2008 1:49 PM To: users@wicket.apache.org Subject: Re: Question on page inheritance... True, as Igor wrote this is meant to be in conjuction with at ISecurityStrategy. Nino Saturnino Martinez Vazquez Wael wrote: You could actually also do this another way... Im using markup inheritance alot, but I stuff user object into the session like this: See a nice view here: http://papernapkin.org/pastebin/view/281/ package zeuzgroup.application; import javax.servlet.http.HttpSession; import org.apache.wicket.Application; import org.apache.wicket.Request; import org.apache.wicket.protocol.http.WebRequest; import org.apache.wicket.protocol.http.WebSession; import zeuzgroup.core.Person; import zeuzgroup.core.user.UserType; public class ZeuzSession extends WebSession { private boolean authorized = false; private Person person; private HttpSession httpSession; protected ZeuzSession(Application application, Request request) { super(application, request); httpSession = ((WebRequest) request).getHttpServletRequest() .getSession(); } public boolean isAuthorized() { return authorized; } public void setAuthorized(boolean authorized) { this.authorized = authorized; if (authorized) { httpSession.setAttribute(sso.password.attribute, person .getPassword()); httpSession.setAttribute(sso.email.attribute, person.getEmail()); httpSession.setAttribute(password, person.getPassword()); httpSession.setAttribute(email, person.getEmail()); } else { httpSession.setAttribute(sso.password.attribute, null); httpSession.setAttribute(sso.email.attribute, null); } } public Person getPerson() { if (person != null) { return person; } else { Person person = new Person(); person.setUserType(UserType.Guest); return person; } } public void setPerson(Person person) { this.person = person; } } Bruce Petro wrote: I'm just getting started in wicket, so forgive me if this is a too-dumb question... I know wicket can check the session for a user to ask a user object if it is logged in. However, you don't really want to paste code on every page. What is the best way, to have each page inherit the base security check routine? Would you create a BasePage extends WebPage and put the logic there and have all other pages extend BasePage? Or would you attach some sort of a command object to each page and put the logic in that? Anyone have a reference to an example of code to do this? THANKS! -- -Wicket for love Nino Martinez Wael Java Specialist @ Jayway DK http://www.jayway.dk +45 2936 7684 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Question on page inheritance...
Or Session. Session.getAuthorizationStrategy(). Maurice On Tue, Apr 1, 2008 at 8:51 PM, Nino Saturnino Martinez Vazquez Wael [EMAIL PROTECTED] wrote: It's your webapplication that takes the ISecurityStrategy.. public class ZeuzGroupApplication extends WebApplication { private SpringComponentInjector springComponentInjector; @Override protected void init() { super.init(); //getSecuritySettings().setAuthorizationStrategy( //new RoleAuthorizationStrategy(new UserRolesAuthorizer())); getSecuritySettings().setAuthorizationStrategy( new ZeuzSecurity(ZeuzAuthorizedPage.class, LoginPage.class) { @Override protected boolean isAuthorized(Class pageClass) { return (((ZeuzSession) Session.get()).isAuthorized()); } }); ... Bruce Petro wrote: Thanks to the replies I received... yeah I didn't say it well, but I assumed the user would be kept in the session and that seems to fit everyone's reply. On top of that, I think I'm hearing I can use inheritance and have every page utilize ISecurityStrategy to then control access to the page. I'll check into it and see if I've got that all correct. Thanks again. -Original Message- From: Nino Saturnino Martinez Vazquez Wael [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2008 1:49 PM To: users@wicket.apache.org Subject: Re: Question on page inheritance... True, as Igor wrote this is meant to be in conjuction with at ISecurityStrategy. Nino Saturnino Martinez Vazquez Wael wrote: You could actually also do this another way... Im using markup inheritance alot, but I stuff user object into the session like this: See a nice view here: http://papernapkin.org/pastebin/view/281/ package zeuzgroup.application; import javax.servlet.http.HttpSession; import org.apache.wicket.Application; import org.apache.wicket.Request; import org.apache.wicket.protocol.http.WebRequest; import org.apache.wicket.protocol.http.WebSession; import zeuzgroup.core.Person; import zeuzgroup.core.user.UserType; public class ZeuzSession extends WebSession { private boolean authorized = false; private Person person; private HttpSession httpSession; protected ZeuzSession(Application application, Request request) { super(application, request); httpSession = ((WebRequest) request).getHttpServletRequest() .getSession(); } public boolean isAuthorized() { return authorized; } public void setAuthorized(boolean authorized) { this.authorized = authorized; if (authorized) { httpSession.setAttribute(sso.password.attribute, person .getPassword()); httpSession.setAttribute(sso.email.attribute, person.getEmail()); httpSession.setAttribute(password, person.getPassword()); httpSession.setAttribute(email, person.getEmail()); } else { httpSession.setAttribute(sso.password.attribute, null); httpSession.setAttribute(sso.email.attribute, null); } } public Person getPerson() { if (person != null) { return person; } else { Person person = new Person(); person.setUserType(UserType.Guest); return person; } } public void setPerson(Person person) { this.person = person; } } Bruce Petro wrote: I'm just getting started in wicket, so forgive me if this is a too-dumb question... I know wicket can check the session for a user to ask a user object if it is logged in. However, you don't really want to paste code on every page. What is the best way, to have each page inherit the base security check routine? Would you create a BasePage extends WebPage and put the logic there and have all other pages extend BasePage? Or would you attach some sort of a command object to each page and put the logic in that? Anyone have a reference to an example of code to do this? THANKS! -- -Wicket for love Nino Martinez Wael Java Specialist @ Jayway DK http://www.jayway.dk +45 2936 7684 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]