Re: Servlet container authentication in Wicket
Here's what I use with wicket 1.3/1.4 and Tomcat using LDAP realm.
I use AuthenticatedWebApplication and AuthenticatedWebSession.
public class MySession extends AuthenticatedWebSession {
/** Name. */
private final String userName;
/** Roles. */
private final Roles roles;
public MySession(final Request varRequest) {
super(varRequest);
roles = new Roles();
//authentification from container (tomcat)
HttpServletRequest servletRequest = ((WebRequestCycle)
RequestCycle.get()).getWebRequest()
.getHttpServletRequest();
Principal principal = servletRequest.getUserPrincipal();
if (principal == null) { //user not authentificated by tomcat!
//handle error as you want!
userName = null;
return;
} else {
// username
userName = principal.getName();
// get the roles you need
if (servletRequest.isUserInRole("yourRole1")) {
roles.add("yourRole1");
}
if (servletRequest.isUserInRole("yourRole2")) {
roles.add("yourRole2");
}
...
//simulate signin
signIn("ok", "ok");
}
}
public final boolean authenticate(final String varUsername, final String
varPassword) {
return userName != null;
}
public final Roles getRoles() {
if (isSignedIn()) {
return roles;
}
return null;
}
public final String getUserName() {
return userName;
}
}
The "MySignIngPage.html" contains window.location="/"
Gabriel.
Philipp Daumke-2 wrote:
>
> Hi,
>
> I had a look at that specification but it doesn't give any more hints
> how to use it. Does somebody have any more working examples? Or is there
> a tutorial how to connect wicket to the local LDAP?
>
>
--
View this message in context:
http://old.nabble.com/Servlet-container-authentication-in-Wicket-tp21780995p26599795.html
Sent from the Wicket - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
Re: Servlet container authentication in Wicket
> > I had a look at that specification but it doesn't give any more hints how > to use it. Does somebody have any more working examples? Or is there a > tutorial how to connect wicket to the local LDAP? > I often skip the container and initiate a direct connection to LDAP (usually AD) via JNDI (this is useful if you need additional information from your users like company e-mail address, extendion, mobile phone, office, etc). Here's a tutorial on how to do it (it's not wicket related): http://java.sun.com/products/jndi/tutorial/ldap/security/ldap.html BTW, j_security_check is only available as a resource if you redirect (or post) to it from a secured url. Did you setup your web.xml to guard the login page url from unauthorized access? -- Janos
Re: Servlet container authentication in Wicket
Hi,
I had a look at that specification but it doesn't give any more hints
how to use it. Does somebody have any more working examples? Or is there
a tutorial how to connect wicket to the local LDAP?
Thanks for your help.
Philipp
j_security_check is part of the Servlet Specification section
"SRV.12.5.3.1 Login Form Notes" (at least for version 2.5). It did
exist in earlier versions but I've only quoted the latest.
On Sun, Feb 1, 2009 at 5:03 PM, Philipp Daumke wrote:
Hi all,
I followed the Servlet Container authentication as described in
http://cwiki.apache.org/WICKET/servlet-container-authentication.html, but I
do not get it working.
At the moment I get an error in firefox when invoking the
redirectToSecurityCheck() method:
http://localhost:5080/j_security_check?j_username=test&j_password=test
_The requested resource () is not available.
_I don't even know exactly what "j_security_check" is and don't find too
much on the web. Do I have to configure Tomcat properly?
Below is my full src. MyApp.java and web.xml look like in the example (see
link aboe). Thank you for your help!
Philipp
public final class LoginPage extends WebPage
{
private String username;
private String password;
public LoginPage()
{
redirectToSecurityCheck();
/*if( ( ( MySession )getSession() ).isUserLoggedIn())
{
// redirect to hide username and password from URL after user is
logged in
setRedirect( true );
setResponsePage( Index.class );
}
else
{
redirectToSecurityCheck();
}*/
}
/**
* Common servlet login workaround
*/
private void redirectToSecurityCheck()
{
final Map parametersMap = ( ( WebRequestCycle )RequestCycle.get()
).getWebRequest().getHttpServletRequest().getParameterMap();
if( parametersMap.containsKey( "username" ) &&
parametersMap.containsKey( "password" ) )
{
// getting parameters from POST request
final String userName = ( ( String[] )parametersMap.get(
"username" ) )[ 0 ];
final String userPassword = ( ( String[] )parametersMap.get(
"password" ) )[ 0 ];
// if POST parameters are ok, redirect them to j_security_check
if( ( userName != null ) && ( userPassword != null ) )
{
getRequestCycle().setRedirect( false );
getRequestCycle().setRequestTarget(
EmptyRequestTarget.getInstance() );
getResponse().redirect(
"/j_security_check?j_username=" + userName +
"&j_password=" + userPassword );
}
}
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
--
Averbis GmbH
c/o Klinikum der Albert-Ludwigs-Universität
Stefan-Meier-Strasse 26
D-79104 Freiburg
Fon: +49 (0) 761 - 203 6707
Fax: +49 (0) 761 - 203 6800
E-Mail: dau...@averbis.de
Geschäftsführer: Dr. med. Philipp Daumke, Kornél Markó
Sitz der Gesellschaft: Freiburg i. Br.
AG Freiburg i. Br., HRB 701080
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
--
Averbis GmbH
c/o Klinikum der Albert-Ludwigs-Universität
Stefan-Meier-Strasse 26
D-79104 Freiburg
Fon: +49 (0) 761 - 203 6707
Fax: +49 (0) 761 - 203 6800
E-Mail: dau...@averbis.de
Geschäftsführer: Dr. med. Philipp Daumke, Kornél Markó
Sitz der Gesellschaft: Freiburg i. Br.
AG Freiburg i. Br., HRB 701080
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
Re: Servlet container authentication in Wicket
j_security_check is part of the Servlet Specification section
"SRV.12.5.3.1 Login Form Notes" (at least for version 2.5). It did
exist in earlier versions but I've only quoted the latest.
On Sun, Feb 1, 2009 at 5:03 PM, Philipp Daumke wrote:
> Hi all,
>
> I followed the Servlet Container authentication as described in
> http://cwiki.apache.org/WICKET/servlet-container-authentication.html, but I
> do not get it working.
>
> At the moment I get an error in firefox when invoking the
> redirectToSecurityCheck() method:
>
> http://localhost:5080/j_security_check?j_username=test&j_password=test
> _The requested resource () is not available.
>
> _I don't even know exactly what "j_security_check" is and don't find too
> much on the web. Do I have to configure Tomcat properly?
>
> Below is my full src. MyApp.java and web.xml look like in the example (see
> link aboe). Thank you for your help!
> Philipp
>
>
> public final class LoginPage extends WebPage
> {
> private String username;
> private String password;
> public LoginPage()
> {
> redirectToSecurityCheck();
> /*if( ( ( MySession )getSession() ).isUserLoggedIn())
> {
> // redirect to hide username and password from URL after user is
> logged in
> setRedirect( true );
> setResponsePage( Index.class );
> }
> else
> {
> redirectToSecurityCheck();
> }*/
> }
>
> /**
>* Common servlet login workaround
>*/
> private void redirectToSecurityCheck()
> {
> final Map parametersMap = ( ( WebRequestCycle )RequestCycle.get()
> ).getWebRequest().getHttpServletRequest().getParameterMap();
> if( parametersMap.containsKey( "username" ) &&
> parametersMap.containsKey( "password" ) )
> {
> // getting parameters from POST request
> final String userName = ( ( String[] )parametersMap.get(
> "username" ) )[ 0 ];
> final String userPassword = ( ( String[] )parametersMap.get(
> "password" ) )[ 0 ];
>
> // if POST parameters are ok, redirect them to j_security_check
> if( ( userName != null ) && ( userPassword != null ) )
> {
> getRequestCycle().setRedirect( false );
> getRequestCycle().setRequestTarget(
> EmptyRequestTarget.getInstance() );
>
> getResponse().redirect(
> "/j_security_check?j_username=" + userName +
> "&j_password=" + userPassword );
> }
> }
> }
>
> public String getUsername() {
> return username;
> }
>
> public void setUsername(String username) {
> this.username = username;
> }
>
> public String getPassword() {
> return password;
> }
>
> public void setPassword(String password) {
> this.password = password;
> }
> }
> --
>
> Averbis GmbH
> c/o Klinikum der Albert-Ludwigs-Universität
> Stefan-Meier-Strasse 26
> D-79104 Freiburg
>
> Fon: +49 (0) 761 - 203 6707
> Fax: +49 (0) 761 - 203 6800
> E-Mail: dau...@averbis.de
>
> Geschäftsführer: Dr. med. Philipp Daumke, Kornél Markó
> Sitz der Gesellschaft: Freiburg i. Br.
> AG Freiburg i. Br., HRB 701080
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
Re: Servlet container authentication in Wicket
Hi all,
just as a last reminder (before the article is archived;-), is there
anybody who yould provide me with an example how to user Servlect
container authentication in Wicket? I followed the example in
http://cwiki.apache.org/WICKET/servlet-container-authentication.html but
I get the error mentioned below. Maybe some more configuration in tomcat?
Thank you for your help
Philipp
Hi Timm,
I also tried to add my application name in it (like you proposed), but
no difference, still doesn't work.
Philipp
http://localhost:5080/j_security_check?j_username=test&j_password=test
Shouldn't there be an application named?
http://localhost:5080/MYAPP/j_security_check?j_username=test&j_password=test
Regards,
Timm
Am Sonntag, 1. Februar 2009 23:03:50 schrieb Philipp Daumke:
Hi all,
I followed the Servlet Container authentication as described in
http://cwiki.apache.org/WICKET/servlet-container-authentication.html,
but I do not get it working.
At the moment I get an error in firefox when invoking the
redirectToSecurityCheck() method:
http://localhost:5080/j_security_check?j_username=test&j_password=test
_The requested resource () is not available.
_I don't even know exactly what "j_security_check" is and don't find
too
much on the web. Do I have to configure Tomcat properly?
Below is my full src. MyApp.java and web.xml look like in the example
(see link aboe). Thank you for your help!
Philipp
public final class LoginPage extends WebPage
{
private String username;
private String password;
public LoginPage()
{
redirectToSecurityCheck();
/*if( ( ( MySession )getSession() ).isUserLoggedIn())
{
// redirect to hide username and password from URL after
user is logged in
setRedirect( true );
setResponsePage( Index.class );
}
else
{
redirectToSecurityCheck();
}*/
}
/**
* Common servlet login workaround
*/
private void redirectToSecurityCheck()
{
final Map parametersMap = ( ( WebRequestCycle
)RequestCycle.get()
).getWebRequest().getHttpServletRequest().getParameterMap();
if( parametersMap.containsKey( "username" ) &&
parametersMap.containsKey( "password" ) )
{
// getting parameters from POST request
final String userName = ( ( String[] )parametersMap.get(
"username" ) )[ 0 ];
final String userPassword = ( ( String[]
)parametersMap.get(
"password" ) )[ 0 ];
// if POST parameters are ok, redirect them to
j_security_check
if( ( userName != null ) && ( userPassword != null ) )
{
getRequestCycle().setRedirect( false );
getRequestCycle().setRequestTarget(
EmptyRequestTarget.getInstance() );
getResponse().redirect(
"/j_security_check?j_username=" + userName +
"&j_password=" + userPassword );
}
}
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
--
Averbis GmbH
c/o Klinikum der Albert-Ludwigs-Universität
Stefan-Meier-Strasse 26
D-79104 Freiburg
Fon: +49 (0) 761 - 203 6707
Fax: +49 (0) 761 - 203 6800
E-Mail: dau...@averbis.de
Geschäftsführer: Dr. med. Philipp Daumke, Kornél Markó
Sitz der Gesellschaft: Freiburg i. Br.
AG Freiburg i. Br., HRB 701080
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
Re: Servlet container authentication in Wicket
Hi Timm,
I also tried to add my application name in it (like you proposed), but
no difference, still doesn't work.
Philipp
http://localhost:5080/j_security_check?j_username=test&j_password=test
Shouldn't there be an application named?
http://localhost:5080/MYAPP/j_security_check?j_username=test&j_password=test
Regards,
Timm
Am Sonntag, 1. Februar 2009 23:03:50 schrieb Philipp Daumke:
Hi all,
I followed the Servlet Container authentication as described in
http://cwiki.apache.org/WICKET/servlet-container-authentication.html,
but I do not get it working.
At the moment I get an error in firefox when invoking the
redirectToSecurityCheck() method:
http://localhost:5080/j_security_check?j_username=test&j_password=test
_The requested resource () is not available.
_I don't even know exactly what "j_security_check" is and don't find too
much on the web. Do I have to configure Tomcat properly?
Below is my full src. MyApp.java and web.xml look like in the example
(see link aboe). Thank you for your help!
Philipp
public final class LoginPage extends WebPage
{
private String username;
private String password;
public LoginPage()
{
redirectToSecurityCheck();
/*if( ( ( MySession )getSession() ).isUserLoggedIn())
{
// redirect to hide username and password from URL after
user is logged in
setRedirect( true );
setResponsePage( Index.class );
}
else
{
redirectToSecurityCheck();
}*/
}
/**
* Common servlet login workaround
*/
private void redirectToSecurityCheck()
{
final Map parametersMap = ( ( WebRequestCycle
)RequestCycle.get()
).getWebRequest().getHttpServletRequest().getParameterMap();
if( parametersMap.containsKey( "username" ) &&
parametersMap.containsKey( "password" ) )
{
// getting parameters from POST request
final String userName = ( ( String[] )parametersMap.get(
"username" ) )[ 0 ];
final String userPassword = ( ( String[] )parametersMap.get(
"password" ) )[ 0 ];
// if POST parameters are ok, redirect them to j_security_check
if( ( userName != null ) && ( userPassword != null ) )
{
getRequestCycle().setRedirect( false );
getRequestCycle().setRequestTarget(
EmptyRequestTarget.getInstance() );
getResponse().redirect(
"/j_security_check?j_username=" + userName +
"&j_password=" + userPassword );
}
}
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
--
Averbis GmbH
c/o Klinikum der Albert-Ludwigs-Universität
Stefan-Meier-Strasse 26
D-79104 Freiburg
Fon: +49 (0) 761 - 203 6707
Fax: +49 (0) 761 - 203 6800
E-Mail: dau...@averbis.de
Geschäftsführer: Dr. med. Philipp Daumke, Kornél Markó
Sitz der Gesellschaft: Freiburg i. Br.
AG Freiburg i. Br., HRB 701080
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
Re: Servlet container authentication in Wicket
> http://localhost:5080/j_security_check?j_username=test&j_password=test
Shouldn't there be an application named?
http://localhost:5080/MYAPP/j_security_check?j_username=test&j_password=test
Regards,
Timm
Am Sonntag, 1. Februar 2009 23:03:50 schrieb Philipp Daumke:
> Hi all,
>
> I followed the Servlet Container authentication as described in
> http://cwiki.apache.org/WICKET/servlet-container-authentication.html,
> but I do not get it working.
>
> At the moment I get an error in firefox when invoking the
> redirectToSecurityCheck() method:
>
> http://localhost:5080/j_security_check?j_username=test&j_password=test
> _The requested resource () is not available.
>
> _I don't even know exactly what "j_security_check" is and don't find too
> much on the web. Do I have to configure Tomcat properly?
>
> Below is my full src. MyApp.java and web.xml look like in the example
> (see link aboe). Thank you for your help!
> Philipp
>
>
> public final class LoginPage extends WebPage
> {
> private String username;
> private String password;
> public LoginPage()
> {
> redirectToSecurityCheck();
> /*if( ( ( MySession )getSession() ).isUserLoggedIn())
> {
> // redirect to hide username and password from URL after
> user is logged in
> setRedirect( true );
> setResponsePage( Index.class );
> }
> else
> {
> redirectToSecurityCheck();
> }*/
> }
>
> /**
> * Common servlet login workaround
> */
> private void redirectToSecurityCheck()
> {
> final Map parametersMap = ( ( WebRequestCycle
> )RequestCycle.get()
> ).getWebRequest().getHttpServletRequest().getParameterMap();
> if( parametersMap.containsKey( "username" ) &&
> parametersMap.containsKey( "password" ) )
> {
> // getting parameters from POST request
> final String userName = ( ( String[] )parametersMap.get(
> "username" ) )[ 0 ];
> final String userPassword = ( ( String[] )parametersMap.get(
> "password" ) )[ 0 ];
>
> // if POST parameters are ok, redirect them to j_security_check
> if( ( userName != null ) && ( userPassword != null ) )
> {
> getRequestCycle().setRedirect( false );
> getRequestCycle().setRequestTarget(
> EmptyRequestTarget.getInstance() );
>
> getResponse().redirect(
> "/j_security_check?j_username=" + userName +
> "&j_password=" + userPassword );
> }
> }
> }
>
> public String getUsername() {
> return username;
> }
>
> public void setUsername(String username) {
> this.username = username;
> }
>
> public String getPassword() {
> return password;
> }
>
> public void setPassword(String password) {
> this.password = password;
> }
> }
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
Servlet container authentication in Wicket
Hi all,
I followed the Servlet Container authentication as described in
http://cwiki.apache.org/WICKET/servlet-container-authentication.html,
but I do not get it working.
At the moment I get an error in firefox when invoking the
redirectToSecurityCheck() method:
http://localhost:5080/j_security_check?j_username=test&j_password=test
_The requested resource () is not available.
_I don't even know exactly what "j_security_check" is and don't find too
much on the web. Do I have to configure Tomcat properly?
Below is my full src. MyApp.java and web.xml look like in the example
(see link aboe). Thank you for your help!
Philipp
public final class LoginPage extends WebPage
{
private String username;
private String password;
public LoginPage()
{
redirectToSecurityCheck();
/*if( ( ( MySession )getSession() ).isUserLoggedIn())
{
// redirect to hide username and password from URL after
user is logged in
setRedirect( true );
setResponsePage( Index.class );
}
else
{
redirectToSecurityCheck();
}*/
}
/**
* Common servlet login workaround
*/
private void redirectToSecurityCheck()
{
final Map parametersMap = ( ( WebRequestCycle
)RequestCycle.get()
).getWebRequest().getHttpServletRequest().getParameterMap();
if( parametersMap.containsKey( "username" ) &&
parametersMap.containsKey( "password" ) )
{
// getting parameters from POST request
final String userName = ( ( String[] )parametersMap.get(
"username" ) )[ 0 ];
final String userPassword = ( ( String[] )parametersMap.get(
"password" ) )[ 0 ];
// if POST parameters are ok, redirect them to j_security_check
if( ( userName != null ) && ( userPassword != null ) )
{
getRequestCycle().setRedirect( false );
getRequestCycle().setRequestTarget(
EmptyRequestTarget.getInstance() );
getResponse().redirect(
"/j_security_check?j_username=" + userName +
"&j_password=" + userPassword );
}
}
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
--
Averbis GmbH
c/o Klinikum der Albert-Ludwigs-Universität
Stefan-Meier-Strasse 26
D-79104 Freiburg
Fon: +49 (0) 761 - 203 6707
Fax: +49 (0) 761 - 203 6800
E-Mail: dau...@averbis.de
Geschäftsführer: Dr. med. Philipp Daumke, Kornél Markó
Sitz der Gesellschaft: Freiburg i. Br.
AG Freiburg i. Br., HRB 701080
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
