Default unauthorized access handling
I am using wicket-auth and it gets me just about everything I need. I would like the default handling of an unauthenticated user. When a page is accessed by someone who is not logged in, I'd like them directed to the login page, BUT I'd like a message to appear stating that their session has timed out or they need to log in. The default behavior of AuthenticatedWebApplication redirects the user to the sign-in page if they are not logged in. Can that behavior be modified easily (to pass info to the sign-in page) so the sign-in page could show an extra message like for security reasons your session has timed out? The handling of an unauthorized user is shown below (taken from AuthenticatedWebApplication). I would simply like to override this method, BUT it is FINAL. I guess I could just duplicate the AuthenticatedWebApplication class, modify the onUnauthorizedInstantiation() method, and inherit from it. But hoping one of the Wicket-heads out there has an easier way to do this. Also, why is the method FINAL? public final void onUnauthorizedInstantiation(final Component component) { // If there is a sign in page class declared, and the unauthorized // component is a page, but it's not the sign in page if (component instanceof Page) { if (!AuthenticatedWebSession.get().isSignedIn()) { // Redirect to intercept page to let the user sign in throw new RestartResponseAtInterceptPageException(getSignInPageClass()); } else { onUnauthorizedPage((Page)component); } } else { // The component was not a page, so throw an exception throw new UnauthorizedInstantiationException(component.getClass()); } } -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Default-unauthorized-access-handling-tp2549533p2549533.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Default unauthorized access handling
Hi! I think you can use interface IUnauthorizedComponentInstantiationListener and push necessary information message to Session object. On SignInPage - check the session and render the message. -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Default-unauthorized-access-handling-tp2549533p2549690.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Default unauthorized access handling
wicket auth roles is meant as an example, not as a library for you to use. feel free to copy/paste the code into your codebase and hack away as needed. -igor On Tue, Sep 21, 2010 at 4:09 PM, Mike Dee mdichiapp...@cardeatech.com wrote: I am using wicket-auth and it gets me just about everything I need. I would like the default handling of an unauthenticated user. When a page is accessed by someone who is not logged in, I'd like them directed to the login page, BUT I'd like a message to appear stating that their session has timed out or they need to log in. The default behavior of AuthenticatedWebApplication redirects the user to the sign-in page if they are not logged in. Can that behavior be modified easily (to pass info to the sign-in page) so the sign-in page could show an extra message like for security reasons your session has timed out? The handling of an unauthorized user is shown below (taken from AuthenticatedWebApplication). I would simply like to override this method, BUT it is FINAL. I guess I could just duplicate the AuthenticatedWebApplication class, modify the onUnauthorizedInstantiation() method, and inherit from it. But hoping one of the Wicket-heads out there has an easier way to do this. Also, why is the method FINAL? public final void onUnauthorizedInstantiation(final Component component) { // If there is a sign in page class declared, and the unauthorized // component is a page, but it's not the sign in page if (component instanceof Page) { if (!AuthenticatedWebSession.get().isSignedIn()) { // Redirect to intercept page to let the user sign in throw new RestartResponseAtInterceptPageException(getSignInPageClass()); } else { onUnauthorizedPage((Page)component); } } else { // The component was not a page, so throw an exception throw new UnauthorizedInstantiationException(component.getClass()); } } -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Default-unauthorized-access-handling-tp2549533p2549533.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org