Re: [Wicket-user] Authentication and page expired

[Xavier Hanin]

On 4/25/07, Xavier Hanin [EMAIL PROTECTED] wrote:
 On 4/25/07, Igor Vaynberg [EMAIL PROTECTED] wrote:
  what do you mean by once authenticated
 
  what does your loginpage code look like, eg how do you navigate back?
 My login page is really very simple, it doesn't do much except include
 a SigninPanel. So as far as I understand from the SigninPanel code,
 the navigation back is handled by
 Component#continueToOriginalDestination(). But maybe I'd need to
 implement something special in my LoginPage, and not rely on the
 SigninPanel only?

After some modifications in the code, the problem disappears if I use
a BookmarkablePageLink instead of a PageLink. But I'd still would like
to know if there is a way to avoid this problem with a simple PageLink
being intercepted by an authentication... and for the moment I still
don't know.

Xavier

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authentication and page expired

[Igor Vaynberg]

hrm. it does seem rather strange. we have a similar authenetication stuff
going on in a few projects and it works.

but i wonder

is the page being intercepted a stateless page?
is the login page a stateless page?

-igor



On 4/26/07, Xavier Hanin [EMAIL PROTECTED] wrote:


On 4/25/07, Xavier Hanin [EMAIL PROTECTED] wrote:
 On 4/25/07, Igor Vaynberg [EMAIL PROTECTED] wrote:
  what do you mean by once authenticated
 
  what does your loginpage code look like, eg how do you navigate back?
 My login page is really very simple, it doesn't do much except include
 a SigninPanel. So as far as I understand from the SigninPanel code,
 the navigation back is handled by
 Component#continueToOriginalDestination(). But maybe I'd need to
 implement something special in my LoginPage, and not rely on the
 SigninPanel only?

After some modifications in the code, the problem disappears if I use
a BookmarkablePageLink instead of a PageLink. But I'd still would like
to know if there is a way to avoid this problem with a simple PageLink
being intercepted by an authentication... and for the moment I still
don't know.

Xavier

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authentication and page expired

[Xavier Hanin]

On 4/26/07, Igor Vaynberg [EMAIL PROTECTED] wrote:
 hrm. it does seem rather strange. we have a similar authenetication stuff
 going on in a few projects and it works.

 but i wonder

 is the page being intercepted a stateless page?
 is the login page a stateless page?
I don't think so, because I haven't done anything special, but I don't
know wicket well enough to say.

But if you say it should be working, I will double check on my own,
check again the examples, and see if I can figure out what's going on,
and come back with more details if I'm really lost.

Thanks for your help.

Xavier

 -igor




 On 4/26/07, Xavier Hanin [EMAIL PROTECTED] wrote:
 
  On 4/25/07, Xavier Hanin [EMAIL PROTECTED] wrote:
   On 4/25/07, Igor Vaynberg [EMAIL PROTECTED] wrote:
what do you mean by once authenticated
   
what does your loginpage code look like, eg how do you navigate back?
   My login page is really very simple, it doesn't do much except include
   a SigninPanel. So as far as I understand from the SigninPanel code,
   the navigation back is handled by
   Component#continueToOriginalDestination(). But maybe
 I'd need to
   implement something special in my LoginPage, and not rely on the
   SigninPanel only?
 
  After some modifications in the code, the problem disappears if I use
  a BookmarkablePageLink instead of a PageLink. But I'd still would like
  to know if there is a way to avoid this problem with a simple PageLink
  being intercepted by an authentication... and for the moment I still
  don't know.
 
  Xavier
 
 
 -
  This SF.net email is sponsored by DB2 Express
  Download DB2 Express C - the FREE version of DB2 express and take
  control of your XML. No limits. Just data. Click to get it now.
  http://sourceforge.net/powerbar/db2/
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 


 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user




-- 
Learn Ivy at ApacheCon: http://www.eu.apachecon.com/
Manage your dependencies with Ivy!
http://incubator.apache.org/ivy/

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authentication and page expired

[Xavier Hanin]

I'm sorry, I've just noticed that I have an exception[1] before
getting the Page Expired message.

The exception occurs during deserialization of the page from which I
come, and is related to a field injected with via Spring using the
wicket-spring-annot. Then this exception is catched and simply output
with a e.printStackTrace() (nothing in the log, see
org.apache.wicket.util.lang.Objects.byteArrayToObject) which then
results in a NPE in FilePageStore logged at debug level, which results
in a null page in AbstractRequestCycleProcessor.resolveRenderedPage,
which throws the PageExpiredException.

So I have two questions:
- is it normal that a deserialization exception is not more verbose (a
printstacktrace + a not directly related debug message only)?
- how can I deal with my spring injected field? Do I have to write
specific serialization/deserialization code, to reinject the field at
deserialization time? Isn't this case of serializing a component with
spring injected fields pretty common?

Ok, it's more than two questions :-)

Xavier
[1]
org.apache.wicket.util.io.WicketSerializeableException: Error reading
field: projects for object class: class
org.xoocode.xooctory.web.projects.ProjectsPage
NOTE: if you feel Wicket is at fault with this exception, please
report to the mailing list. You can switch to JDK based serialization
by calling: org.apache.wicket.util.lang.Objects.setObjectStreamFactory(new
IObjectStreamFactory.DefaultObjectStreamFactory()) e.g. in the init
method of your application
at 
org.apache.wicket.util.io.ClassStreamHandler.readFields(ClassStreamHandler.java:426)
at 
org.apache.wicket.util.io.WicketObjectInputStream.readObjectOverride(WicketObjectInputStream.java:97)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:345)
at 
org.apache.wicket.util.lang.Objects.byteArrayToObject(Objects.java:397)
at 
org.apache.wicket.protocol.http.FilePageStore.getPage(FilePageStore.java:476)
at 
org.apache.wicket.protocol.http.SecondLevelCacheSessionStore$SecondLevelCachePageMap.get(SecondLevelCacheSessionStore.java:137)
at org.apache.wicket.Session.getPage(Session.java:741)
at 
org.apache.wicket.request.AbstractRequestCycleProcessor.resolveRenderedPage(AbstractRequestCycleProcessor.java:427)
at 
org.apache.wicket.protocol.http.WebRequestCycleProcessor.resolve(WebRequestCycleProcessor.java:137)
at org.apache.wicket.RequestCycle.step(RequestCycle.java:1026)
at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1127)
at org.apache.wicket.RequestCycle.request(RequestCycle.java:489)
at 
org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:248)
at 
org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:126)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:688)
at 
org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:491)
at 
org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:367)
at 
org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:185)
at 
org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
at 
org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:689)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:391)
at 
org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
at org.mortbay.jetty.Server.handle(Server.java:285)
at 
org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:457)
at 
org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:751)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:500)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:209)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:357)
at 
org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:329)
at 
org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:475)
Caused by: java.lang.NullPointerException
at 
org.apache.wicket.util.io.ClassStreamHandler.createObject(ClassStreamHandler.java:303)
at 
org.apache.wicket.util.io.WicketObjectInputStream.readObjectOverride(WicketObjectInputStream.java:92)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:345)
at 
org.apache.wicket.util.io.ClassStreamHandler$ObjectFieldAndIndex.readField(ClassStreamHandler.java:871)
at 
org.apache.wicket.util.io.ClassStreamHandler.readFields(ClassStreamHandler.java:416)
... 30 more



On 4/26/07, Xavier Hanin [EMAIL PROTECTED] wrote:
 On 4/26/07, Igor Vaynberg [EMAIL PROTECTED] wrote:
  hrm. it does seem rather strange. we have a similar authenetication stuff
  going on in a few projects and it works.
 
  but i 

Re: [Wicket-user] Authentication and page expired

[Igor Vaynberg]

ah well that explains it :)

1.3 is using our experimental serialization code to save the state which
results in a much smaller size then the default serialization. currently it
doesnt handle all cases, such as serializing proxies. that is why there are
instructions in that error message that tell you how to switch to default
serialization. once you do that everything should work.

-igor


On 4/26/07, Xavier Hanin [EMAIL PROTECTED] wrote:


I'm sorry, I've just noticed that I have an exception[1] before
getting the Page Expired message.

The exception occurs during deserialization of the page from which I
come, and is related to a field injected with via Spring using the
wicket-spring-annot. Then this exception is catched and simply output
with a e.printStackTrace() (nothing in the log, see
org.apache.wicket.util.lang.Objects.byteArrayToObject) which then
results in a NPE in FilePageStore logged at debug level, which results
in a null page in AbstractRequestCycleProcessor.resolveRenderedPage,
which throws the PageExpiredException.

So I have two questions:
- is it normal that a deserialization exception is not more verbose (a
printstacktrace + a not directly related debug message only)?
- how can I deal with my spring injected field? Do I have to write
specific serialization/deserialization code, to reinject the field at
deserialization time? Isn't this case of serializing a component with
spring injected fields pretty common?

Ok, it's more than two questions :-)

Xavier
[1]
org.apache.wicket.util.io.WicketSerializeableException: Error reading
field: projects for object class: class
org.xoocode.xooctory.web.projects.ProjectsPage
NOTE: if you feel Wicket is at fault with this exception, please
report to the mailing list. You can switch to JDK based serialization
by calling: org.apache.wicket.util.lang.Objects.setObjectStreamFactory(new
IObjectStreamFactory.DefaultObjectStreamFactory()) e.g. in the init
method of your application
at org.apache.wicket.util.io.ClassStreamHandler.readFields(
ClassStreamHandler.java:426)
at
org.apache.wicket.util.io.WicketObjectInputStream.readObjectOverride(
WicketObjectInputStream.java:97)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java
:345)
at org.apache.wicket.util.lang.Objects.byteArrayToObject(
Objects.java:397)
at org.apache.wicket.protocol.http.FilePageStore.getPage(
FilePageStore.java:476)
at
org.apache.wicket.protocol.http.SecondLevelCacheSessionStore$SecondLevelCachePageMap.get
(SecondLevelCacheSessionStore.java:137)
at org.apache.wicket.Session.getPage(Session.java:741)
at
org.apache.wicket.request.AbstractRequestCycleProcessor.resolveRenderedPage
(AbstractRequestCycleProcessor.java:427)
at
org.apache.wicket.protocol.http.WebRequestCycleProcessor.resolve(
WebRequestCycleProcessor.java:137)
at org.apache.wicket.RequestCycle.step(RequestCycle.java:1026)
at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1127)
at org.apache.wicket.RequestCycle.request(RequestCycle.java:489)
at org.apache.wicket.protocol.http.WicketFilter.doGet(
WicketFilter.java:248)
at org.apache.wicket.protocol.http.WicketServlet.doGet(
WicketServlet.java:126)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:688)
at org.mortbay.jetty.servlet.ServletHolder.handle(
ServletHolder.java:491)
at org.mortbay.jetty.servlet.ServletHandler.handle(
ServletHandler.java:367)
at org.mortbay.jetty.security.SecurityHandler.handle(
SecurityHandler.java:185)
at org.mortbay.jetty.servlet.SessionHandler.handle(
SessionHandler.java:181)
at org.mortbay.jetty.handler.ContextHandler.handle(
ContextHandler.java:689)
at org.mortbay.jetty.webapp.WebAppContext.handle(
WebAppContext.java:391)
at org.mortbay.jetty.handler.HandlerWrapper.handle(
HandlerWrapper.java:139)
at org.mortbay.jetty.Server.handle(Server.java:285)
at org.mortbay.jetty.HttpConnection.handleRequest(
HttpConnection.java:457)
at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(
HttpConnection.java:751)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:500)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java
:209)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java
:357)
at org.mortbay.io.nio.SelectChannelEndPoint.run(
SelectChannelEndPoint.java:329)
at org.mortbay.thread.BoundedThreadPool$PoolThread.run(
BoundedThreadPool.java:475)
Caused by: java.lang.NullPointerException
at org.apache.wicket.util.io.ClassStreamHandler.createObject(
ClassStreamHandler.java:303)
at
org.apache.wicket.util.io.WicketObjectInputStream.readObjectOverride(
WicketObjectInputStream.java:92)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java
:345)
at

Re: [Wicket-user] Authentication and page expired

[Xavier Hanin]

On 4/26/07, Igor Vaynberg [EMAIL PROTECTED] wrote:
 ah well that explains it :)

 1.3 is using our experimental serialization code to save the state which
 results in a much smaller size then the default serialization. currently it
 doesnt handle all cases, such as serializing proxies. that is why there are
 instructions in that error message that tell you how to switch to default
 serialization. once you do that everything should work.
Indeed, everything works now :-)

I guess it's only because you are in development on this feature, but
I think that this kind of problem is important enough to deserve
either an exception going higher on the method call stack (maybe
wrapping the IOException in a RuntimeException) or at least use the
logging mechanism at warn or error level, instead of calling a simple
printStackTrace, because it's not straightforward to figure out the
cause of this Page Expired message.

Anyway, thanks a lot for your help and your time.

Xavier



 -igor


 On 4/26/07, Xavier Hanin [EMAIL PROTECTED] wrote:
  I'm sorry, I've just noticed that I have an exception[1] before
  getting the Page Expired message.
 
  The exception occurs during deserialization of the page from which I
  come, and is related to a field injected with via Spring using the
  wicket-spring-annot. Then this exception is catched and simply output
  with a e.printStackTrace() (nothing in the log, see
  org.apache.wicket.util.lang.Objects.byteArrayToObject)
 which then
  results in a NPE in FilePageStore logged at debug level, which results
  in a null page in
 AbstractRequestCycleProcessor.resolveRenderedPage,
  which throws the PageExpiredException.
 
  So I have two questions:
  - is it normal that a deserialization exception is not more verbose (a
  printstacktrace + a not directly related debug message only)?
  - how can I deal with my spring injected field? Do I have to write
  specific serialization/deserialization code, to reinject the field at
  deserialization time? Isn't this case of serializing a component with
  spring injected fields pretty common?
 
  Ok, it's more than two questions :-)
 
  Xavier
  [1]
  org.apache.wicket.util.io.WicketSerializeableException:
 Error reading
  field: projects for object class: class
  org.xoocode.xooctory.web.projects.ProjectsPage
  NOTE: if you feel Wicket is at fault with this exception, please
  report to the mailing list. You can switch to JDK based serialization
  by calling:
 org.apache.wicket.util.lang.Objects.setObjectStreamFactory
 (new
  IObjectStreamFactory.DefaultObjectStreamFactory()) e.g.
 in the init
  method of your application
  at
 org.apache.wicket.util.io.ClassStreamHandler.readFields(ClassStreamHandler.java:426)
  at
 org.apache.wicket.util.io.WicketObjectInputStream.readObjectOverride
 (WicketObjectInputStream.java:97)
  at
 java.io.ObjectInputStream.readObject(ObjectInputStream.java:345)
  at
 org.apache.wicket.util.lang.Objects.byteArrayToObject(Objects.java:397)
  at
 org.apache.wicket.protocol.http.FilePageStore.getPage
 (FilePageStore.java:476)
  at
 org.apache.wicket.protocol.http.SecondLevelCacheSessionStore$SecondLevelCachePageMap.get(SecondLevelCacheSessionStore.java:137)
  at org.apache.wicket.Session.getPage(Session.java
 :741)
  at
 org.apache.wicket.request.AbstractRequestCycleProcessor.resolveRenderedPage(AbstractRequestCycleProcessor.java:427)
  at
 org.apache.wicket.protocol.http.WebRequestCycleProcessor.resolve(WebRequestCycleProcessor.java
 :137)
  at
 org.apache.wicket.RequestCycle.step(RequestCycle.java:1026)
  at
 org.apache.wicket.RequestCycle.steps(RequestCycle.java:1127)
  at
 org.apache.wicket.RequestCycle.request(RequestCycle.java
 :489)
  at
 org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:248)
  at
 org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:126)
  at javax.servlet.http.HttpServlet.service
 (HttpServlet.java:595)
  at
 javax.servlet.http.HttpServlet.service(HttpServlet.java:688)
  at
 org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:491)
  at
 org.mortbay.jetty.servlet.ServletHandler.handle
 (ServletHandler.java:367)
  at
 org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:185)
  at
 org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
  at
 org.mortbay.jetty.handler.ContextHandler.handle
 (ContextHandler.java:689)
  at
 org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:391)
  at
 org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
  at org.mortbay.jetty.Server.handle (Server.java:285)
  at
 org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:457)
  at
 org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:751)
  at 

Re: [Wicket-user] Authentication and page expired

[Igor Vaynberg]

well, at first i didnt want to believe we had a printstacktrace() somewhere.
but yeah i found it. i changed it to throw an rte, hopefully there was a
very good reason for swallowing it like that and someone will revert my
change with an explanation.

-igor


On 4/26/07, Xavier Hanin [EMAIL PROTECTED] wrote:


On 4/26/07, Igor Vaynberg [EMAIL PROTECTED] wrote:
 ah well that explains it :)

 1.3 is using our experimental serialization code to save the state which
 results in a much smaller size then the default serialization. currently
it
 doesnt handle all cases, such as serializing proxies. that is why there
are
 instructions in that error message that tell you how to switch to
default
 serialization. once you do that everything should work.
Indeed, everything works now :-)

I guess it's only because you are in development on this feature, but
I think that this kind of problem is important enough to deserve
either an exception going higher on the method call stack (maybe
wrapping the IOException in a RuntimeException) or at least use the
logging mechanism at warn or error level, instead of calling a simple
printStackTrace, because it's not straightforward to figure out the
cause of this Page Expired message.

Anyway, thanks a lot for your help and your time.

Xavier



 -igor


 On 4/26/07, Xavier Hanin [EMAIL PROTECTED] wrote:
  I'm sorry, I've just noticed that I have an exception[1] before
  getting the Page Expired message.
 
  The exception occurs during deserialization of the page from which I
  come, and is related to a field injected with via Spring using the
  wicket-spring-annot. Then this exception is catched and simply output
  with a e.printStackTrace() (nothing in the log, see
  org.apache.wicket.util.lang.Objects.byteArrayToObject)
 which then
  results in a NPE in FilePageStore logged at debug level, which results
  in a null page in
 AbstractRequestCycleProcessor.resolveRenderedPage,
  which throws the PageExpiredException.
 
  So I have two questions:
  - is it normal that a deserialization exception is not more verbose (a
  printstacktrace + a not directly related debug message only)?
  - how can I deal with my spring injected field? Do I have to write
  specific serialization/deserialization code, to reinject the field at
  deserialization time? Isn't this case of serializing a component with
  spring injected fields pretty common?
 
  Ok, it's more than two questions :-)
 
  Xavier
  [1]
  org.apache.wicket.util.io.WicketSerializeableException:
 Error reading
  field: projects for object class: class
  org.xoocode.xooctory.web.projects.ProjectsPage
  NOTE: if you feel Wicket is at fault with this exception, please
  report to the mailing list. You can switch to JDK based serialization
  by calling:
 org.apache.wicket.util.lang.Objects.setObjectStreamFactory
 (new
  IObjectStreamFactory.DefaultObjectStreamFactory()) e.g.
 in the init
  method of your application
  at
 org.apache.wicket.util.io.ClassStreamHandler.readFields(
ClassStreamHandler.java:426)
  at
 org.apache.wicket.util.io.WicketObjectInputStream.readObjectOverride
 (WicketObjectInputStream.java:97)
  at
 java.io.ObjectInputStream.readObject(ObjectInputStream.java:345)
  at
 org.apache.wicket.util.lang.Objects.byteArrayToObject(Objects.java:397)
  at
 org.apache.wicket.protocol.http.FilePageStore.getPage
 (FilePageStore.java:476)
  at

org.apache.wicket.protocol.http.SecondLevelCacheSessionStore$SecondLevelCachePageMap.get
(SecondLevelCacheSessionStore.java:137)
  at org.apache.wicket.Session.getPage(Session.java
 :741)
  at

org.apache.wicket.request.AbstractRequestCycleProcessor.resolveRenderedPage
(AbstractRequestCycleProcessor.java:427)
  at
 org.apache.wicket.protocol.http.WebRequestCycleProcessor.resolve(
WebRequestCycleProcessor.java
 :137)
  at
 org.apache.wicket.RequestCycle.step(RequestCycle.java:1026)
  at
 org.apache.wicket.RequestCycle.steps(RequestCycle.java:1127)
  at
 org.apache.wicket.RequestCycle.request(RequestCycle.java
 :489)
  at
 org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java
:248)
  at
 org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java
:126)
  at javax.servlet.http.HttpServlet.service
 (HttpServlet.java:595)
  at
 javax.servlet.http.HttpServlet.service(HttpServlet.java:688)
  at
 org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:491)
  at
 org.mortbay.jetty.servlet.ServletHandler.handle
 (ServletHandler.java:367)
  at
 org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java
:185)
  at
 org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
  at
 org.mortbay.jetty.handler.ContextHandler.handle
 (ContextHandler.java:689)
  at
 org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:391)
  at
 

[Wicket-user] Authentication and page expired

[Xavier Hanin]

Hi,

I'm trying to implement authentication using wicket and I get some trouble...

My problem is that when I try to access a page requiring
authentication, I get redirected to a login page. Fine. But then, once
authenticated, I get a Page expired message, and I don't find how to
get rid of it instead of going to the page requiring authentication.

Here is some detail on what I've done:
- I use the not yet released wicket 1.3.0-incubating-beta1 [1]

- I use wicket-auth-roles, with an AuthenticatedWebApplication,
AuthenticatedWebSession, and RoleAuthorizationStrategy

- my link to the role protected page is created like this:
new PageLink(project, new IPageLink() {
public Class getPageIdentity() {
return ProjectPage.class;
}

public Page getPage() {
return new ProjectPage(project);
}

}

- my page is protected with an annotation:
@AuthorizeInstantiation(Roles.USER)
public class ProjectCreationPage extends WebPage {

- my signin page is a very simple page using a panel including the
SignInPanel from wicket-auth-roles

Any idea?

Xavier

[1] 
http://people.apache.org/~dashorst/releases/apache-wicket-1.3.0-incubating-beta1/m2-repo/
-- 
Learn Ivy at ApacheCon: http://www.eu.apachecon.com/
Manage your dependencies with Ivy!
http://incubator.apache.org/ivy/

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authentication and page expired

[Igor Vaynberg]

what do you mean by once authenticated

what does your loginpage code look like, eg how do you navigate back?

-igor


On 4/25/07, Xavier Hanin [EMAIL PROTECTED] wrote:


Hi,

I'm trying to implement authentication using wicket and I get some
trouble...

My problem is that when I try to access a page requiring
authentication, I get redirected to a login page. Fine. But then, once
authenticated, I get a Page expired message, and I don't find how to
get rid of it instead of going to the page requiring authentication.

Here is some detail on what I've done:
- I use the not yet released wicket 1.3.0-incubating-beta1 [1]

- I use wicket-auth-roles, with an AuthenticatedWebApplication,
AuthenticatedWebSession, and RoleAuthorizationStrategy

- my link to the role protected page is created like this:
new PageLink(project, new IPageLink() {
public Class getPageIdentity() {
return ProjectPage.class;
}

public Page getPage() {
return new ProjectPage(project);
}

}

- my page is protected with an annotation:
@AuthorizeInstantiation(Roles.USER)
public class ProjectCreationPage extends WebPage {

- my signin page is a very simple page using a panel including the
SignInPanel from wicket-auth-roles

Any idea?

Xavier

[1]
http://people.apache.org/~dashorst/releases/apache-wicket-1.3.0-incubating-beta1/m2-repo/
--
Learn Ivy at ApacheCon: http://www.eu.apachecon.com/
Manage your dependencies with Ivy!
http://incubator.apache.org/ivy/

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authentication and page expired

[Xavier Hanin]

On 4/25/07, Igor Vaynberg [EMAIL PROTECTED] wrote:
 what do you mean by once authenticated

 what does your loginpage code look like, eg how do you navigate back?
My login page is really very simple, it doesn't do much except include
a SigninPanel. So as far as I understand from the SigninPanel code,
the navigation back is handled by
Component#continueToOriginalDestination(). But maybe I'd need to
implement something special in my LoginPage, and not rely on the
SigninPanel only?

Xavier


 -igor



 On 4/25/07, Xavier Hanin [EMAIL PROTECTED] wrote:
 
  Hi,
 
  I'm trying to implement authentication using wicket and I get some
 trouble...
 
  My problem is that when I try to access a page requiring
  authentication, I get redirected to a login page. Fine. But then, once
  authenticated, I get a Page expired message, and I don't find how to
  get rid of it instead of going to the page requiring authentication.
 
  Here is some detail on what I've done:
  - I use the not yet released wicket 1.3.0-incubating-beta1 [1]
 
  - I use wicket-auth-roles, with an AuthenticatedWebApplication,
  AuthenticatedWebSession, and RoleAuthorizationStrategy
 
  - my link to the role protected page is created like this:
  new PageLink(project, new IPageLink() {
  public Class getPageIdentity() {
  return ProjectPage.class;
  }
 
  public Page getPage() {
  return new ProjectPage(project);
  }
 
  }
 
  - my page is protected with an annotation:
  @AuthorizeInstantiation(Roles.USER)
  public class ProjectCreationPage extends WebPage {
 
  - my signin page is a very simple page using a panel including the
  SignInPanel from wicket-auth-roles
 
  Any idea?
 
  Xavier
 
  [1]
 http://people.apache.org/~dashorst/releases/apache-wicket-1.3.0-incubating-beta1/m2-repo/
  --
  Learn Ivy at ApacheCon: http://www.eu.apachecon.com/
  Manage your dependencies with Ivy!
  http://incubator.apache.org/ivy/
 
 
 -
  This SF.net email is sponsored by DB2 Express
  Download DB2 Express C - the FREE version of DB2 express and take
  control of your XML. No limits. Just data. Click to get it now.
  http://sourceforge.net/powerbar/db2/
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 


 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user




-- 
Learn Ivy at ApacheCon: http://www.eu.apachecon.com/
Manage your dependencies with Ivy!
http://incubator.apache.org/ivy/

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

[Wicket-user] authentication depending on parameters

[Flemming Seerup]

When using the AuthenticatedWebApplication and AuthenticatedWebSession, how do
you implement authentication for MyPage, where MyPage/page/1 is allowed for
UserX, but not MyPage/page/2.

The page is right now protected, so only users with role USER is allowed, but
how/where should I implement the database lookup to verify that page=x is
allowed for the current user, and display either the homepage or SignIn page if
not authorized ?

Regards,
Flemming


This message was sent using IMP, the Internet Messaging Program.

-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authentication Tomcat - Wicket

[Erik van Oosten]

Hello Rik,
 Questions;
 Do you use a normal login form according to Acegi or do you use a  
 Wicket login form?
   
We use a signin page that is derived from the example in 
wicket-auth-roles-example. So it's a Wicket login form.
 Where do you put your authorization settings?
   
The complete authorization picture in my current application is as follows:
- We use our wicket-auth-roles port to java 1.4 (took about 15 minutes 
to make) with just one change so that we can do authorization based on 
the base class of a component (see 
https://issues.apache.org/jira/browse/WICKET-21).

- MyApplication#init() contains the following code:
   getSecuritySettings().setAuthorizationStrategy(new 
MetaDataRoleAuthorizationStrategy(this));
   MetaDataRoleAuthorizationStrategy.authorize(SecurePage.class, 
role_viewer role_administrator);
   MetaDataRoleAuthorizationStrategy.authorize(AdminPage.class, 
role_administrator);
   MetaDataRoleAuthorizationStrategy.authorize(SecurePopupPage.class, 
role_viewer role_administrator);
   All pages that need a login extend either SecurePage or SecurePopupPage.

- The base class for all pages constructs a menu with links to all pages 
in the application. If the linked page requires authorization, during 
construction of the menu 
MetaDataRoleAuthorizationStrategy.authorize(link, Component.RENDER, 
roles) is called, where link is a Link instance and roles is derived 
from the metadata of the linked class. (Though I did not yet write the 
automatic role derivation, it should be easy to do so.)

 If desired we
 could have easily read that information from an ACL file.
 
 What do you have in mind as content for the ACL file. I understand  
 from the Acegi reference guide that you can set authorization on  
 domain objects. But what for example if the case is that a delete  
 button may only be visible for administrators?
   
As I said, we don't use ACL files, but it could be as simple as:
com.example.app.SecurePage role_viewer role_administrator
com.example.app.AdminPage role_administrator

How do this for buttons depend on the structure of your application. 
You'll have to devise a way to identify the button (or better, the 
function it will perform), and call a 
MetaDataRoleAuthorizationStrategy.authorize... before the button 
component is used.

 Erik.

-- 
Erik van Oosten
http://day-to-day-stuff.blogspot.com/


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authentication Tomcat - Wicket

[Rik van der Kleij]

Hi Erik,

Thanks for your reply.

First I will arrange authentication with Acegi in mine application  
and then I will take a good look to the  
MetaDataRoleAuthorizationStrategy.

Regards,
Rik

On 12-nov-2006, at 13:47, Erik van Oosten wrote:

 Hello Rik,
 Questions;
 Do you use a normal login form according to Acegi or do you use a
 Wicket login form?

 We use a signin page that is derived from the example in
 wicket-auth-roles-example. So it's a Wicket login form.
 Where do you put your authorization settings?

 The complete authorization picture in my current application is as  
 follows:
 - We use our wicket-auth-roles port to java 1.4 (took about 15 minutes
 to make) with just one change so that we can do authorization based on
 the base class of a component (see
 https://issues.apache.org/jira/browse/WICKET-21).

 - MyApplication#init() contains the following code:
getSecuritySettings().setAuthorizationStrategy(new
 MetaDataRoleAuthorizationStrategy(this));
MetaDataRoleAuthorizationStrategy.authorize(SecurePage.class,
 role_viewer role_administrator);
MetaDataRoleAuthorizationStrategy.authorize(AdminPage.class,
 role_administrator);
MetaDataRoleAuthorizationStrategy.authorize(SecurePopupPage.class,
 role_viewer role_administrator);
All pages that need a login extend either SecurePage or  
 SecurePopupPage.

 - The base class for all pages constructs a menu with links to all  
 pages
 in the application. If the linked page requires authorization, during
 construction of the menu
 MetaDataRoleAuthorizationStrategy.authorize(link, Component.RENDER,
 roles) is called, where link is a Link instance and roles is derived
 from the metadata of the linked class. (Though I did not yet write the
 automatic role derivation, it should be easy to do so.)

 If desired we
 could have easily read that information from an ACL file.

 What do you have in mind as content for the ACL file. I understand
 from the Acegi reference guide that you can set authorization on
 domain objects. But what for example if the case is that a delete
 button may only be visible for administrators?

 As I said, we don't use ACL files, but it could be as simple as:
 com.example.app.SecurePage role_viewer role_administrator
 com.example.app.AdminPage role_administrator

 How do this for buttons depend on the structure of your application.
 You'll have to devise a way to identify the button (or better, the
 function it will perform), and call a
 MetaDataRoleAuthorizationStrategy.authorize... before the button
 component is used.

  Erik.

 -- 
 Erik van Oosten
 http://day-to-day-stuff.blogspot.com/


 -- 
 ---
 Using Tomcat but need to do more? Need to support web services,  
 security?
 Get stuff done quickly with pre-integrated technology to make your  
 job easier
 Download IBM WebSphere Application Server v.1.0.1 based on Apache  
 Geronimo
 http://sel.as-us.falkag.net/sel? 
 cmd=lnkkid=120709bid=263057dat=121642
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authentication Tomcat - Wicket

[Dmitry Kandalov]

Eelco Hillenius wrote:
 
 But as you got from the answers on this thread, URL based
 authorization schemes in not something we recommend for Wicket. It'll
 basically bring you back to page-level development again, whereas the
 whole point of Wicket is to provide a component based paradigm.
 

Thank you all for help. The most helpful was the idea to put behind security
constrains the login page only and use wicket authorization, that's what I
did. 

Will it be ok if I try to write something to wiki?
-- 
View this message in context: 
http://www.nabble.com/Authentication-Tomcat-%3C-%3E-Wicket-tf2588672.html#a7283196
Sent from the Wicket - User mailing list archive at Nabble.com.


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authentication Tomcat - Wicket

[Eelco Hillenius]

Yeah. There are just multiple problems with URL based authorization.
It works fine for document-oriented sites, but how long ago was it
when we were building those :)

Take for example the use case that you want to hide a panel - but show
the rest of the page - when a user is not authorized for that panel.
This is very easy to do with Wicket, either by building it in in the
component, or by using an authorization strategy. An URL based
approach doesn't help you here. And URL approach basically forces you
to bring everything back to the URL level, including your refactoring
options etc.

But... like said before, it can be done if you really want it, by
using page mounting or even a custom IRequestCodingStrategy and some
smart thinking. Just don't expect it to be pretty :)

Eelco



On 11/10/06, Rik van der Kleij [EMAIL PROTECTED] wrote:
 Hi,

 That is also the reason why Acegi and Wicket don't integrate well.
 Till now I have not found a good way to secure Wicket components by
 Acegi. Acegi is based on URL requests, method intercepting and
 securing domain objects by ACL's. According to me you want to set
 authorization on component level. Annotations is a way but I prefer
 security by configuration. Maybe the only good solution is to build a
 Wicket specific solution.

 Regards,
 Rik


 On 9-nov-2006, at 18:53, Eelco Hillenius wrote:

  And if you use 2.0, you can set
  getSecuritySettings().setEnforceMounts(true), so that these mounted
  pages are only reachable using these paths.
 
  But as you got from the answers on this thread, URL based
  authorization schemes in not something we recommend for Wicket. It'll
  basically bring you back to page-level development again, whereas the
  whole point of Wicket is to provide a component based paradigm.
 
  Eelco
 
 
  On 11/9/06, Igor Vaynberg [EMAIL PROTECTED] wrote:
  you can use package mounting to mount all pages in your admin
  package to a
  path, depends on how your classes are stored
 
  -igor
 
 
 
  On 11/9/06, Dmitry Kandalov [EMAIL PROTECTED] wrote:
 
 
  Erik van Oosten wrote:
 
  Wicket supports per component authorisation. You could take a
  look at
  wicket-auth-roles-example (a small project available through svn).
  In this project some components (pages) are marked. The mark
  indicates
  which roles are required for the component. As long as the user
  does not
  hit those components the application runs fine. As soon as the
  user does
  hit such a component, the sign-in page is displayed.
 
   Erik.
 
 
  Thanks for advice, example is good. But I have to use tomcat
  authentication
  (not authorization). To make it work I have to declare
  security-constraint.
  --
  View this message in context:
  http://www.nabble.com/Authentication-Tomcat-%3C-%3E-Wicket-
  tf2588672.html#a7254648
  Sent from the Wicket - User mailing list archive at Nabble.com.
 
 
 
  -
  
  Using Tomcat but need to do more? Need to support web services,
  security?
  Get stuff done quickly with pre-integrated technology to make
  your job
  easier
  Download IBM WebSphere Application Server v.1.0.1 based on Apache
  Geronimo
 
  http://sel.as-us.falkag.net/sel?
  cmd=lnkkid=120709bid=263057dat=121642
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 
 
 
  -
  
  Using Tomcat but need to do more? Need to support web services,
  security?
  Get stuff done quickly with pre-integrated technology to make your
  job
  easier
  Download IBM WebSphere Application Server v.1.0.1 based on Apache
  Geronimo
  http://sel.as-us.falkag.net/sel?
  cmd=lnkkid=120709bid=263057dat=121642
 
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 
 
 
 
  --
  ---
  Using Tomcat but need to do more? Need to support web services,
  security?
  Get stuff done quickly with pre-integrated technology to make your
  job easier
  Download IBM WebSphere Application Server v.1.0.1 based on Apache
  Geronimo
  http://sel.as-us.falkag.net/sel?
  cmd=lnkkid=120709bid=263057dat=121642
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user


 -
 Using Tomcat but need to do more? Need to support web services, security?
 Get stuff done quickly with pre-integrated technology to make your job easier
 Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
 http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
 

Re: [Wicket-user] Authentication Tomcat - Wicket

[Erik van Oosten]

Hi Rik,

We use Acegi because of its excellent backend features. We do not use 
Acegi to do authorization in the frontend, we just give a 
username/pasword and ask it for the roles. Acegi gets it out of LDAP for 
us, wicket-auth-roles does the authorization. The Acegi filter sets the 
authenticated user on a tread-local, but that is the only involvement of 
Acegi in the front-end. However, having the thread-local Acegi can be 
still for used for securing the spring configured services.

The authorization settings are set by our application and stored in the 
Wicket metadata facility (again using wicket-auth-roles). If desired we 
could have easily read that information from an ACL file.

Would this be an acceptable solution?

 Erik.


Rik van der Kleij schreef:
 Hi,

 That is also the reason why Acegi and Wicket don't integrate well.  
 Till now I have not found a good way to secure Wicket components by  
 Acegi. Acegi is based on URL requests, method intercepting and  
 securing domain objects by ACL's. According to me you want to set  
 authorization on component level. Annotations is a way but I prefer  
 security by configuration. Maybe the only good solution is to build a  
 Wicket specific solution.

 Regards,
 Rik
   

-- 
Erik van Oosten
http://day-to-day-stuff.blogspot.com/


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authentication Tomcat - Wicket

[Rik van der Kleij]

Hi Erik,

Yes. So you mean in short: use Acegi for authentication and use  
wicket-auth-roles for authorization. That is a good compromise  
because you get some of the features of Acegi out-of-the-box, like a  
LDAP-server authentication as you mention.

Questions;
Do you use a normal login form according to Acegi or do you use a  
Wicket login form?
Where do you put your authorization settings?

 If desired we
 could have easily read that information from an ACL file.

What do you have in mind as content for the ACL file. I understand  
from the Acegi reference guide that you can set authorization on  
domain objects. But what for example if the case is that a delete  
button may only be visible for administrators?

Regards,
Rik


On 10-nov-2006, at 22:17, Erik van Oosten wrote:

 Hi Rik,

 We use Acegi because of its excellent backend features. We do not use
 Acegi to do authorization in the frontend, we just give a
 username/pasword and ask it for the roles. Acegi gets it out of  
 LDAP for
 us, wicket-auth-roles does the authorization. The Acegi filter sets  
 the
 authenticated user on a tread-local, but that is the only  
 involvement of
 Acegi in the front-end. However, having the thread-local Acegi can be
 still for used for securing the spring configured services.

 The authorization settings are set by our application and stored in  
 the
 Wicket metadata facility (again using wicket-auth-roles). If  
 desired we
 could have easily read that information from an ACL file.

 Would this be an acceptable solution?

  Erik.


 Rik van der Kleij schreef:
 Hi,

 That is also the reason why Acegi and Wicket don't integrate well.
 Till now I have not found a good way to secure Wicket components by
 Acegi. Acegi is based on URL requests, method intercepting and
 securing domain objects by ACL's. According to me you want to set
 authorization on component level. Annotations is a way but I prefer
 security by configuration. Maybe the only good solution is to build a
 Wicket specific solution.

 Regards,
 Rik


 -- 
 Erik van Oosten
 http://day-to-day-stuff.blogspot.com/


 -- 
 ---
 Using Tomcat but need to do more? Need to support web services,  
 security?
 Get stuff done quickly with pre-integrated technology to make your  
 job easier
 Download IBM WebSphere Application Server v.1.0.1 based on Apache  
 Geronimo
 http://sel.as-us.falkag.net/sel? 
 cmd=lnkkid=120709bid=263057dat=121642
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authentication Tomcat - Wicket

[Dmitry Kandalov]

Erik van Oosten wrote:
 
 Wicket supports per component authorisation. You could take a look at 
 wicket-auth-roles-example (a small project available through svn).
 In this project some components (pages) are marked. The mark indicates 
 which roles are required for the component. As long as the user does not 
 hit those components the application runs fine. As soon as the user does 
 hit such a component, the sign-in page is displayed.
 
  Erik.
 

Thanks for advice, example is good. But I have to use tomcat authentication
(not authorization). To make it work I have to declare
security-constraint.
-- 
View this message in context: 
http://www.nabble.com/Authentication-Tomcat-%3C-%3E-Wicket-tf2588672.html#a7254648
Sent from the Wicket - User mailing list archive at Nabble.com.


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authentication Tomcat - Wicket

[Erik van Oosten]

Here is a rough outline. You'll need to study wicket-auth-roles-example 
to see how you can integrate this.

You can put the the Wicket servlet behind 2 different url patterns. In 
your own session implementation you can access the http session and read 
the authenticated user and/or roles as was set by Tomcat.
When authorisation is required and no user in the session, you can 
forward to a secured url with a RestartResponseAtInterceptPageException. 
Note that in this setup only the login page needs to be behind the 
secured url.

 Erik.

Dmitry Kandalov schreef:
 Erik van Oosten wrote:
   
 Wicket supports per component authorisation. You could take a look at 
 wicket-auth-roles-example (a small project available through svn).
 In this project some components (pages) are marked. The mark indicates 
 which roles are required for the component. As long as the user does not 
 hit those components the application runs fine. As soon as the user does 
 hit such a component, the sign-in page is displayed.

  Erik.

 

 Thanks for advice, example is good. But I have to use tomcat authentication
 (not authorization). To make it work I have to declare
 security-constraint.
   

-- 
Erik van Oosten
http://www.day-to-day-stuff.blogspot.com/


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authentication Tomcat - Wicket

[Igor Vaynberg]

you can use package mounting to mount all pages in your admin package to a path, depends on how your classes are stored-igorOn 11/9/06, Dmitry Kandalov
 [EMAIL PROTECTED] wrote:Erik van Oosten wrote:
 Wicket supports per component authorisation. You could take a look at wicket-auth-roles-example (a small project available through svn). In this project some components (pages) are marked. The mark indicates
 which roles are required for the component. As long as the user does not hit those components the application runs fine. As soon as the user does hit such a component, the sign-in page is displayed.
Erik.Thanks for advice, example is good. But I have to use tomcat authentication(not authorization). To make it work I have to declaresecurity-constraint.--View this message in context: 
http://www.nabble.com/Authentication-Tomcat-%3C-%3E-Wicket-tf2588672.html#a7254648Sent from the Wicket - User mailing list archive at 
Nabble.com.-Using Tomcat but need to do more? Need to support web services, security?Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimohttp://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___Wicket-user mailing listWicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authentication Tomcat - Wicket

[Eelco Hillenius]

And if you use 2.0, you can set
getSecuritySettings().setEnforceMounts(true), so that these mounted
pages are only reachable using these paths.

But as you got from the answers on this thread, URL based
authorization schemes in not something we recommend for Wicket. It'll
basically bring you back to page-level development again, whereas the
whole point of Wicket is to provide a component based paradigm.

Eelco


On 11/9/06, Igor Vaynberg [EMAIL PROTECTED] wrote:
 you can use package mounting to mount all pages in your admin package to a
 path, depends on how your classes are stored

 -igor



 On 11/9/06, Dmitry Kandalov [EMAIL PROTECTED] wrote:
 
 
  Erik van Oosten wrote:
  
   Wicket supports per component authorisation. You could take a look at
   wicket-auth-roles-example (a small project available through svn).
   In this project some components (pages) are marked. The mark indicates
   which roles are required for the component. As long as the user does not
   hit those components the application runs fine. As soon as the user does
   hit such a component, the sign-in page is displayed.
  
Erik.
  
 
  Thanks for advice, example is good. But I have to use tomcat
 authentication
  (not authorization). To make it work I have to declare
  security-constraint.
  --
  View this message in context:
 http://www.nabble.com/Authentication-Tomcat-%3C-%3E-Wicket-tf2588672.html#a7254648
  Sent from the Wicket - User mailing list archive at Nabble.com.
 
 
 
 -
  Using Tomcat but need to do more? Need to support web services, security?
  Get stuff done quickly with pre-integrated technology to make your job
 easier
  Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
 
 http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 


 -
 Using Tomcat but need to do more? Need to support web services, security?
 Get stuff done quickly with pre-integrated technology to make your job
 easier
 Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
 http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user




-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authentication Tomcat - Wicket

[Dmitry Kandalov]

I want to define security constraints for tomcat authentication so that one
part of my wicket application would be anonymously available and another
not. So I guess I need different url's. What is the best way to do this?
Should I make two different WebApplication's and map them to different url's
or should I implement IRequestCodingStrategy?
-- 
View this message in context: 
http://www.nabble.com/Authentication-Tomcat-%3C-%3E-Wicket-tf2588672.html#a7252917
Sent from the Wicket - User mailing list archive at Nabble.com.


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authentication Tomcat - Wicket

[Erik van Oosten]

Wicket supports per component authorisation. You could take a look at 
wicket-auth-roles-example (a small project available through svn).
In this project some components (pages) are marked. The mark indicates 
which roles are required for the component. As long as the user does not 
hit those components the application runs fine. As soon as the user does 
hit such a component, the sign-in page is displayed.

 Erik.


Dmitry Kandalov schreef:
 I want to define security constraints for tomcat authentication so that one
 part of my wicket application would be anonymously available and another
 not. So I guess I need different url's. What is the best way to do this?
 Should I make two different WebApplication's and map them to different url's
 or should I implement IRequestCodingStrategy?
   

-- 
Erik van Oosten
http://www.day-to-day-stuff.blogspot.com/


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authentication Tomcat - Wicket

[Martijn Dashorst]

On 11/9/06, Erik van Oosten [EMAIL PROTECTED] wrote:
 Wicket supports per component authorisation. You could take a look at
 wicket-auth-roles-example (a small project available through svn).

You can also download the auth-roles-examples project from sourceforge
for Wicket 1.2(.3). Look under 'examples'.

http://sourceforge.net/project/showfiles.php?group_id=119783package_id=138752

Martijn

-- 
a href=http://www.thebeststuffintheworld.com/vote_for/wicket;Vote/a
for a href=http://www.thebeststuffintheworld.com/stuff/wicket;Wicket/a
at the a href=http://www.thebeststuffintheworld.com/;Best Stuff in
the World!/a

-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

[Wicket-user] Authentication Tomcat - Wicket

[Vincent Renaville]

Dear,

I search to implements security on my wicket Application.
I plan to use Tomcat 5.X for Authentication, So I search a simple
Authentication page to use it (Email,Password,Role), do you know how to
implement this in Wicket.





-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authentication Tomcat - Wicket

[Eelco Hillenius]

 I search to implements security on my wicket Application.
 I plan to use Tomcat 5.X for Authentication, So I search a simple
 Authentication page to use it (Email,Password,Role), do you know how to
 implement this in Wicket.

If you want to use a login page that is used by the container to
authenticate, you're better off just using some default login page:

form method=POST action=j_security_check
input type=text name=j_username
input type=password name=j_password
/form

It's outlined here: http://www.onjava.com/pub/a/onjava/2002/06/12/form.html

Once authenticated, you can pull the Principal by doing
((WebRequestCycle)(RequestCycle.get()).getWebRequest().getHttpServletRequest().getUserPrincipal();

How you use that is up to you. Look at wicket-auth-roles for ideas.

Eelco

-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

[Wicket-user] Authentication and redirectToInterceptPage

[Andrew Berman]

I'm currently migrating over to the new Authentication stuff in Wicket 1.2. My current code in my Application class is:getSecuritySettings().setAuthorizationStrategy( new SimplePageAuthorizationStrategy(
ISecurePage.class) { @Override protected boolean isAuthorized() {  return MySession.get().isUserAuthenticated(); }
 });So, with this code, it redirects to the AccessDenied page. How can I have it do a redirectToInterceptPage instead?--Andrew

Re: [Wicket-user] Authentication and redirectToInterceptPage

[Johan Compagner]

see the LibraryExample:getSecuritySettings().setUnauthorizedComponentInstantiationListener(new IUnauthorizedComponentInstantiationListener()  {   public void onUnauthorizedInstantiation(final Component component)
   {// If there is a sign in page class declared, and the unauthorized// component is a page, but it's not the sign in pageif (component instanceof Page)
{ // Redirect to intercept page to let the user sign in throw new RestartResponseAtInterceptPageException(SignIn.class);}else
{ // The component was not a page, so throw an exception throw new UnauthorizedInstantiationException(component.getClass());}   }
  });  // Create a simple authorization strategy, that checks all pages of type  // Authenticated web page.  SimplePageAuthorizationStrategy authorizationStrategy = new SimplePageAuthorizationStrategy(
AuthenticatedWebPage.class)  {   protected boolean isAuthorized()   {// check whether the user is logged onreturn (((LibrarySession)Session.get()).isSignedIn());
   }  };i guess to make it even simpler SimplePageAuthorizationStrategy should also implement  IUnauthorizedComponentInstantiationListenerand have the above default behaviour. I think this is the default behaviour most people want/expect.
johanOn 3/17/06, Andrew Berman [EMAIL PROTECTED] wrote:
I'm currently migrating over to the new Authentication stuff in Wicket 1.2. My current code in my Application class is:getSecuritySettings().setAuthorizationStrategy(
 new SimplePageAuthorizationStrategy(
ISecurePage.class) { @Override protected boolean isAuthorized() {  return MySession.get().isUserAuthenticated(); }
 });So, with this code, it redirects to the AccessDenied page. How can I have it do a redirectToInterceptPage instead?--Andrew

Re: [Wicket-user] Authentication

[Mats Norén]

Thanks. We made a utility function in the our session. Works great.

On 3/14/06, Eelco Hillenius [EMAIL PROTECTED] wrote:
 There is no build in function for that. If you want to shorten that,
 just provide your own request cycle that passes this function through,
 or make it a utility function somewhere.

 Eelco

 On 3/14/06, Mats Norén [EMAIL PROTECTED] wrote:
  Mmm...ok, I'll rephrase. Is there a way within wicket to obtain the
  logged in user if the user is authenticated by the container with
  basic authentication and writing the user to a wicket session?
 
  Without having to do this:
 
  ((WebRequest)getRequest()).getHttpServletRequest().getUserPrincipal()
 
 
  ---
  This SF.Net email is sponsored by xPML, a groundbreaking scripting language
  that extends applications into web and mobile media. Attend the live webcast
  and join the prime developer group breaking into this new coding territory!
  http://sel.as-us.falkag.net/sel?cmdlnkkid0944bid$1720dat1642
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 


 ---
 This SF.Net email is sponsored by xPML, a groundbreaking scripting language
 that extends applications into web and mobile media. Attend the live webcast
 and join the prime developer group breaking into this new coding territory!
 http://sel.as-us.falkag.net/sel?cmdlnkkid0944bid$1720dat1642
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user



---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

[Wicket-user] Authentication

[Steve Thompson]

I'm trying to understand authentication in the new version of Wicket, but am 
not having a great deal of success so far.  My dilemna is a simple one - I 
have a lot of static pages that I would like to allow people who are logged 
in access to.  I do not want to create programmatic links for every page in 
this area of my site, nor do I want these pages bookmarkable.

I've been looking into the different RealmBase derived authentication classes, 
but would rather use something within Wicket if similar functionality can be 
derived.  Is there a way to, on a global basis, enact this type of security?

Let me know and best regards,


Steve

-- 


---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authentication

[Johan Compagner]

are these static pages just in the webroot?if so then you can just have links to them in youre dynamic/wicket pagesAnd through a Filter you test if they are also logged in (puur for those static pages)
On 3/14/06, Steve Thompson [EMAIL PROTECTED] wrote:
I'm trying to understand authentication in the new version of Wicket, but amnot having a great deal of success so far.My dilemna is a simple one - Ihave a lot of static pages that I would like to allow people who are logged
in access to.I do not want to create programmatic links for every page inthis area of my site, nor do I want these pages bookmarkable.I've been looking into the different RealmBase derived authentication classes,
but would rather use something within Wicket if similar functionality can bederived.Is there a way to, on a global basis, enact this type of security?Let me know and best regards,Steve
-This SF.Net email is sponsored by xPML, a groundbreaking scripting languagethat extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642
___Wicket-user mailing listWicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authentication

[Mats Norén]

Can I add a stupid question? :)
Is there wicket way tm on how to get the logged in user and put it
in a Wicket Session-object?

Mats

On 3/14/06, Johan Compagner [EMAIL PROTECTED] wrote:
 are these static pages just in the webroot?
 if so then you can just have links to them in youre dynamic/wicket pages
 And through a Filter you test if they are also logged in (puur for those
 static pages)



  On 3/14/06, Steve Thompson [EMAIL PROTECTED] wrote:
  I'm trying to understand authentication in the new version of Wicket, but
 am
  not having a great deal of success so far.  My dilemna is a simple one - I
  have a lot of static pages that I would like to allow people who are
 logged
  in access to.  I do not want to create programmatic links for every page
 in
  this area of my site, nor do I want these pages bookmarkable.
 
  I've been looking into the different RealmBase derived authentication
 classes,
  but would rather use something within Wicket if similar functionality can
 be
  derived.  Is there a way to, on a global basis, enact this type of
 security?
 
  Let me know and best regards,
 
 
  Steve
 
  --
 
 
  ---
  This SF.Net email is sponsored by xPML, a groundbreaking scripting
 language
  that extends applications into web and mobile media. Attend the live
 webcast
  and join the prime developer group breaking into this new coding
 territory!
 
 http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 




---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authentication

[Igor Vaynberg]

there is no wicket tm way to do it because every application will probably be different. there is an example implementation in wicket-auth-roles-examples project, and a shallow implementation in wicket signin examples.
-IgorOn 3/14/06, Mats Norén [EMAIL PROTECTED] wrote:
Can I add a stupid question? :)Is there wicket way tm on how to get the logged in user and put itin a Wicket Session-object?MatsOn 3/14/06, Johan Compagner 
[EMAIL PROTECTED] wrote: are these static pages just in the webroot? if so then you can just have links to them in youre dynamic/wicket pages And through a Filter you test if they are also logged in (puur for those
 static pages)On 3/14/06, Steve Thompson [EMAIL PROTECTED] wrote:  I'm trying to understand authentication in the new version of Wicket, but
 am  not having a great deal of success so far.My dilemna is a simple one - I  have a lot of static pages that I would like to allow people who are logged  in access to.I do not want to create programmatic links for every page
 in  this area of my site, nor do I want these pages bookmarkable.   I've been looking into the different RealmBase derived authentication classes,  but would rather use something within Wicket if similar functionality can
 be  derived.Is there a way to, on a global basis, enact this type of security?   Let me know and best regards,Steve 
  -----  This SF.Net email is sponsored by xPML, a groundbreaking scripting language  that extends applications into web and mobile media. Attend the live
 webcast  and join the prime developer group breaking into this new coding territory!  
http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642  ___  Wicket-user mailing list  
Wicket-user@lists.sourceforge.net  https://lists.sourceforge.net/lists/listinfo/wicket-user ---
This SF.Net email is sponsored by xPML, a groundbreaking scripting languagethat extends applications into web and mobile media. Attend the live webcastand join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmdlnkkid0944bid$1720dat1642___
Wicket-user mailing listWicket-user@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authentication

[Mats Norén]

Mmm...ok, I'll rephrase. Is there a way within wicket to obtain the
logged in user if the user is authenticated by the container with
basic authentication and writing the user to a wicket session?

Without having to do this:

((WebRequest)getRequest()).getHttpServletRequest().getUserPrincipal()


---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authentication

[Igor Vaynberg]

afaik basic authentication doesnt have an event handler you can register to know when the user has been authenticated.if you want you can wrap that call into your session subclassPrincipal MySessionSubclass.getLoggedinUser
() { return RequestCycle.get().getRequest().-IgorOn 3/14/06, Mats Norén [EMAIL PROTECTED]
 wrote:Mmm...ok, I'll rephrase. Is there a way within wicket to obtain the
logged in user if the user is authenticated by the container withbasic authentication and writing the user to a wicket session?Without having to do this:((WebRequest)getRequest()).getHttpServletRequest().getUserPrincipal()
---This SF.Net email is sponsored by xPML, a groundbreaking scripting languagethat extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!http://sel.as-us.falkag.net/sel?cmdlnkkid0944bid$1720dat1642
___Wicket-user mailing listWicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authentication

[Eelco Hillenius]

There is no build in function for that. If you want to shorten that,
just provide your own request cycle that passes this function through,
or make it a utility function somewhere.

Eelco

On 3/14/06, Mats Norén [EMAIL PROTECTED] wrote:
 Mmm...ok, I'll rephrase. Is there a way within wicket to obtain the
 logged in user if the user is authenticated by the container with
 basic authentication and writing the user to a wicket session?

 Without having to do this:

 ((WebRequest)getRequest()).getHttpServletRequest().getUserPrincipal()


 ---
 This SF.Net email is sponsored by xPML, a groundbreaking scripting language
 that extends applications into web and mobile media. Attend the live webcast
 and join the prime developer group breaking into this new coding territory!
 http://sel.as-us.falkag.net/sel?cmdlnkkid0944bid$1720dat1642
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user



---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

[Wicket-user] Authentication

[Steve_Thompson]

I'm trying to understand authentication in the new version of Wicket, but am 
not having a great deal of success so far.  My dilemna is a simple one - I 
have a lot of static pages that I would like to allow people who are logged 
in access to.  I do not want to create programmatic links for every page in 
this area of my site, nor do I want these pages bookmarkable.

I've been looking into the different RealmBase derived authentication classes, 
but would rather use something within Wicket if similar functionality can be 
derived.  Is there a way to, on a global basis, enact this type of security?

Let me know and best regards,


Steve

-- 


---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user