How to implement session validation?

2009-10-08 Thread Haulyn R. Jason
Hi,
I read some articles to find how to use session validation to protect my
application. When the Admin Login, some pages are protected by session with
attribute admin_id, and when the common user login, some other pages are
protected by cookie with attribute user_id. I do not want to add code to
all pages and panels I created to validate session and cookie. Then I find a
way: use IAuthorizationStrategy. But I just want to validate admin by
session, and validate common user by cookie.

I am not sure is there a good way to implement this. I read some articles,
something mentions about WebApplication Inheritance, but I can not
understand this.

Who can help me about this problem, or give me some urls as reference.

Thanks!

-- 
Many thanks!

Haulyn Microproduction

You can access me via the following ways:
Location: Shandong Jinan Shumagang 6H-8, 25
Mobile: +086-15864011231
email: saharab...@gmail.com, hmp.hau...@foxmail.com
website: http://haulynjason.net
gtalk: saharab...@gmail.com
skype: saharabear
QQ: 378606292
persional Twitter: http://twitter.com/saharabear
persional Linkedin: http://www.linkedin.com/in/haulyn
Haulyn Microproduction Twitter: http://twitter.com/haulynmp


Haulyn Jason


Re: How to implement session validation?

2009-10-08 Thread Adrian Merrall
Haulyn,

The wicket in action book has all the explanations and code you need for
this.

Dealing with cookies is an implementation detail that wicket and the servlet
container take care of for you.  From your perspective, all you need to
worry about is whether the session is authenticated or not, and whether a
particular page or component requires either signed in, or admin only
access.  You could look at the javadoc for authorisedwebapplication but I
can't recommend the book highly enough.  Martijn and Eelco seem to have
anticipated all the common questions people would ask.

There are also a couple of wicketstuff projects that provide security
frameworks for wicket.

HTH

Adrian

On Thu, Oct 8, 2009 at 7:19 PM, Haulyn R. Jason saharab...@gmail.comwrote:

 Hi,
 I read some articles to find how to use session validation to protect my
 application.