Default unauthorized access handling
I am using wicket-auth and it gets me just about everything I need. I would
like the default handling of an unauthenticated user. When a page is
accessed by someone who is not logged in, I'd like them directed to the
login page, BUT I'd like a message to appear stating that their session has
timed out or they need to log in.
The default behavior of AuthenticatedWebApplication redirects the user to
the sign-in page if they are not logged in. Can that behavior be modified
easily (to pass info to the sign-in page) so the sign-in page could show an
extra message like for security reasons your session has timed out?
The handling of an unauthorized user is shown below (taken from
AuthenticatedWebApplication). I would simply like to override this method,
BUT it is FINAL. I guess I could just duplicate the
AuthenticatedWebApplication class, modify the onUnauthorizedInstantiation()
method, and inherit from it. But hoping one of the Wicket-heads out there
has an easier way to do this.
Also, why is the method FINAL?
public final void onUnauthorizedInstantiation(final Component component)
{
// If there is a sign in page class declared, and the
unauthorized
// component is a page, but it's not the sign in page
if (component instanceof Page)
{
if (!AuthenticatedWebSession.get().isSignedIn())
{
// Redirect to intercept page to let the user
sign in
throw new
RestartResponseAtInterceptPageException(getSignInPageClass());
}
else
{
onUnauthorizedPage((Page)component);
}
}
else
{
// The component was not a page, so throw an exception
throw new
UnauthorizedInstantiationException(component.getClass());
}
}
--
View this message in context:
http://apache-wicket.1842946.n4.nabble.com/Default-unauthorized-access-handling-tp2549533p2549533.html
Sent from the Users forum mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
Re: Default unauthorized access handling
Hi! I think you can use interface IUnauthorizedComponentInstantiationListener and push necessary information message to Session object. On SignInPage - check the session and render the message. -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Default-unauthorized-access-handling-tp2549533p2549690.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Default unauthorized access handling
wicket auth roles is meant as an example, not as a library for you to
use. feel free to copy/paste the code into your codebase and hack away
as needed.
-igor
On Tue, Sep 21, 2010 at 4:09 PM, Mike Dee mdichiapp...@cardeatech.com wrote:
I am using wicket-auth and it gets me just about everything I need. I would
like the default handling of an unauthenticated user. When a page is
accessed by someone who is not logged in, I'd like them directed to the
login page, BUT I'd like a message to appear stating that their session has
timed out or they need to log in.
The default behavior of AuthenticatedWebApplication redirects the user to
the sign-in page if they are not logged in. Can that behavior be modified
easily (to pass info to the sign-in page) so the sign-in page could show an
extra message like for security reasons your session has timed out?
The handling of an unauthorized user is shown below (taken from
AuthenticatedWebApplication). I would simply like to override this method,
BUT it is FINAL. I guess I could just duplicate the
AuthenticatedWebApplication class, modify the onUnauthorizedInstantiation()
method, and inherit from it. But hoping one of the Wicket-heads out there
has an easier way to do this.
Also, why is the method FINAL?
public final void onUnauthorizedInstantiation(final Component
component)
{
// If there is a sign in page class declared, and the
unauthorized
// component is a page, but it's not the sign in page
if (component instanceof Page)
{
if (!AuthenticatedWebSession.get().isSignedIn())
{
// Redirect to intercept page to let the user
sign in
throw new
RestartResponseAtInterceptPageException(getSignInPageClass());
}
else
{
onUnauthorizedPage((Page)component);
}
}
else
{
// The component was not a page, so throw an exception
throw new
UnauthorizedInstantiationException(component.getClass());
}
}
--
View this message in context:
http://apache-wicket.1842946.n4.nabble.com/Default-unauthorized-access-handling-tp2549533p2549533.html
Sent from the Users forum mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
