Re: Servlet container authentication in Wicket
Here's what I use with wicket 1.3/1.4 and Tomcat using LDAP realm. I use AuthenticatedWebApplication and AuthenticatedWebSession. public class MySession extends AuthenticatedWebSession { /** Name. */ private final String userName; /** Roles. */ private final Roles roles; public MySession(final Request varRequest) { super(varRequest); roles = new Roles(); //authentification from container (tomcat) HttpServletRequest servletRequest = ((WebRequestCycle) RequestCycle.get()).getWebRequest() .getHttpServletRequest(); Principal principal = servletRequest.getUserPrincipal(); if (principal == null) { //user not authentificated by tomcat! //handle error as you want! userName = null; return; } else { // username userName = principal.getName(); // get the roles you need if (servletRequest.isUserInRole("yourRole1")) { roles.add("yourRole1"); } if (servletRequest.isUserInRole("yourRole2")) { roles.add("yourRole2"); } ... //simulate signin signIn("ok", "ok"); } } public final boolean authenticate(final String varUsername, final String varPassword) { return userName != null; } public final Roles getRoles() { if (isSignedIn()) { return roles; } return null; } public final String getUserName() { return userName; } } The "MySignIngPage.html" contains window.location="/" Gabriel. Philipp Daumke-2 wrote: > > Hi, > > I had a look at that specification but it doesn't give any more hints > how to use it. Does somebody have any more working examples? Or is there > a tutorial how to connect wicket to the local LDAP? > > -- View this message in context: http://old.nabble.com/Servlet-container-authentication-in-Wicket-tp21780995p26599795.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Servlet container authentication in Wicket
> > I had a look at that specification but it doesn't give any more hints how > to use it. Does somebody have any more working examples? Or is there a > tutorial how to connect wicket to the local LDAP? > I often skip the container and initiate a direct connection to LDAP (usually AD) via JNDI (this is useful if you need additional information from your users like company e-mail address, extendion, mobile phone, office, etc). Here's a tutorial on how to do it (it's not wicket related): http://java.sun.com/products/jndi/tutorial/ldap/security/ldap.html BTW, j_security_check is only available as a resource if you redirect (or post) to it from a secured url. Did you setup your web.xml to guard the login page url from unauthorized access? -- Janos
Re: Servlet container authentication in Wicket
Hi, I had a look at that specification but it doesn't give any more hints how to use it. Does somebody have any more working examples? Or is there a tutorial how to connect wicket to the local LDAP? Thanks for your help. Philipp j_security_check is part of the Servlet Specification section "SRV.12.5.3.1 Login Form Notes" (at least for version 2.5). It did exist in earlier versions but I've only quoted the latest. On Sun, Feb 1, 2009 at 5:03 PM, Philipp Daumke wrote: Hi all, I followed the Servlet Container authentication as described in http://cwiki.apache.org/WICKET/servlet-container-authentication.html, but I do not get it working. At the moment I get an error in firefox when invoking the redirectToSecurityCheck() method: http://localhost:5080/j_security_check?j_username=test&j_password=test _The requested resource () is not available. _I don't even know exactly what "j_security_check" is and don't find too much on the web. Do I have to configure Tomcat properly? Below is my full src. MyApp.java and web.xml look like in the example (see link aboe). Thank you for your help! Philipp public final class LoginPage extends WebPage { private String username; private String password; public LoginPage() { redirectToSecurityCheck(); /*if( ( ( MySession )getSession() ).isUserLoggedIn()) { // redirect to hide username and password from URL after user is logged in setRedirect( true ); setResponsePage( Index.class ); } else { redirectToSecurityCheck(); }*/ } /** * Common servlet login workaround */ private void redirectToSecurityCheck() { final Map parametersMap = ( ( WebRequestCycle )RequestCycle.get() ).getWebRequest().getHttpServletRequest().getParameterMap(); if( parametersMap.containsKey( "username" ) && parametersMap.containsKey( "password" ) ) { // getting parameters from POST request final String userName = ( ( String[] )parametersMap.get( "username" ) )[ 0 ]; final String userPassword = ( ( String[] )parametersMap.get( "password" ) )[ 0 ]; // if POST parameters are ok, redirect them to j_security_check if( ( userName != null ) && ( userPassword != null ) ) { getRequestCycle().setRedirect( false ); getRequestCycle().setRequestTarget( EmptyRequestTarget.getInstance() ); getResponse().redirect( "/j_security_check?j_username=" + userName + "&j_password=" + userPassword ); } } } public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } } -- Averbis GmbH c/o Klinikum der Albert-Ludwigs-Universität Stefan-Meier-Strasse 26 D-79104 Freiburg Fon: +49 (0) 761 - 203 6707 Fax: +49 (0) 761 - 203 6800 E-Mail: dau...@averbis.de Geschäftsführer: Dr. med. Philipp Daumke, Kornél Markó Sitz der Gesellschaft: Freiburg i. Br. AG Freiburg i. Br., HRB 701080 - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Averbis GmbH c/o Klinikum der Albert-Ludwigs-Universität Stefan-Meier-Strasse 26 D-79104 Freiburg Fon: +49 (0) 761 - 203 6707 Fax: +49 (0) 761 - 203 6800 E-Mail: dau...@averbis.de Geschäftsführer: Dr. med. Philipp Daumke, Kornél Markó Sitz der Gesellschaft: Freiburg i. Br. AG Freiburg i. Br., HRB 701080 - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Servlet container authentication in Wicket
j_security_check is part of the Servlet Specification section "SRV.12.5.3.1 Login Form Notes" (at least for version 2.5). It did exist in earlier versions but I've only quoted the latest. On Sun, Feb 1, 2009 at 5:03 PM, Philipp Daumke wrote: > Hi all, > > I followed the Servlet Container authentication as described in > http://cwiki.apache.org/WICKET/servlet-container-authentication.html, but I > do not get it working. > > At the moment I get an error in firefox when invoking the > redirectToSecurityCheck() method: > > http://localhost:5080/j_security_check?j_username=test&j_password=test > _The requested resource () is not available. > > _I don't even know exactly what "j_security_check" is and don't find too > much on the web. Do I have to configure Tomcat properly? > > Below is my full src. MyApp.java and web.xml look like in the example (see > link aboe). Thank you for your help! > Philipp > > > public final class LoginPage extends WebPage > { > private String username; > private String password; > public LoginPage() > { > redirectToSecurityCheck(); > /*if( ( ( MySession )getSession() ).isUserLoggedIn()) > { > // redirect to hide username and password from URL after user is > logged in > setRedirect( true ); > setResponsePage( Index.class ); > } > else > { > redirectToSecurityCheck(); > }*/ > } > > /** >* Common servlet login workaround >*/ > private void redirectToSecurityCheck() > { > final Map parametersMap = ( ( WebRequestCycle )RequestCycle.get() > ).getWebRequest().getHttpServletRequest().getParameterMap(); > if( parametersMap.containsKey( "username" ) && > parametersMap.containsKey( "password" ) ) > { > // getting parameters from POST request > final String userName = ( ( String[] )parametersMap.get( > "username" ) )[ 0 ]; > final String userPassword = ( ( String[] )parametersMap.get( > "password" ) )[ 0 ]; > > // if POST parameters are ok, redirect them to j_security_check > if( ( userName != null ) && ( userPassword != null ) ) > { > getRequestCycle().setRedirect( false ); > getRequestCycle().setRequestTarget( > EmptyRequestTarget.getInstance() ); > > getResponse().redirect( > "/j_security_check?j_username=" + userName + > "&j_password=" + userPassword ); > } > } > } > > public String getUsername() { > return username; > } > > public void setUsername(String username) { > this.username = username; > } > > public String getPassword() { > return password; > } > > public void setPassword(String password) { > this.password = password; > } > } > -- > > Averbis GmbH > c/o Klinikum der Albert-Ludwigs-Universität > Stefan-Meier-Strasse 26 > D-79104 Freiburg > > Fon: +49 (0) 761 - 203 6707 > Fax: +49 (0) 761 - 203 6800 > E-Mail: dau...@averbis.de > > Geschäftsführer: Dr. med. Philipp Daumke, Kornél Markó > Sitz der Gesellschaft: Freiburg i. Br. > AG Freiburg i. Br., HRB 701080 > > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Servlet container authentication in Wicket
Hi all, just as a last reminder (before the article is archived;-), is there anybody who yould provide me with an example how to user Servlect container authentication in Wicket? I followed the example in http://cwiki.apache.org/WICKET/servlet-container-authentication.html but I get the error mentioned below. Maybe some more configuration in tomcat? Thank you for your help Philipp Hi Timm, I also tried to add my application name in it (like you proposed), but no difference, still doesn't work. Philipp http://localhost:5080/j_security_check?j_username=test&j_password=test Shouldn't there be an application named? http://localhost:5080/MYAPP/j_security_check?j_username=test&j_password=test Regards, Timm Am Sonntag, 1. Februar 2009 23:03:50 schrieb Philipp Daumke: Hi all, I followed the Servlet Container authentication as described in http://cwiki.apache.org/WICKET/servlet-container-authentication.html, but I do not get it working. At the moment I get an error in firefox when invoking the redirectToSecurityCheck() method: http://localhost:5080/j_security_check?j_username=test&j_password=test _The requested resource () is not available. _I don't even know exactly what "j_security_check" is and don't find too much on the web. Do I have to configure Tomcat properly? Below is my full src. MyApp.java and web.xml look like in the example (see link aboe). Thank you for your help! Philipp public final class LoginPage extends WebPage { private String username; private String password; public LoginPage() { redirectToSecurityCheck(); /*if( ( ( MySession )getSession() ).isUserLoggedIn()) { // redirect to hide username and password from URL after user is logged in setRedirect( true ); setResponsePage( Index.class ); } else { redirectToSecurityCheck(); }*/ } /** * Common servlet login workaround */ private void redirectToSecurityCheck() { final Map parametersMap = ( ( WebRequestCycle )RequestCycle.get() ).getWebRequest().getHttpServletRequest().getParameterMap(); if( parametersMap.containsKey( "username" ) && parametersMap.containsKey( "password" ) ) { // getting parameters from POST request final String userName = ( ( String[] )parametersMap.get( "username" ) )[ 0 ]; final String userPassword = ( ( String[] )parametersMap.get( "password" ) )[ 0 ]; // if POST parameters are ok, redirect them to j_security_check if( ( userName != null ) && ( userPassword != null ) ) { getRequestCycle().setRedirect( false ); getRequestCycle().setRequestTarget( EmptyRequestTarget.getInstance() ); getResponse().redirect( "/j_security_check?j_username=" + userName + "&j_password=" + userPassword ); } } } public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } } - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Averbis GmbH c/o Klinikum der Albert-Ludwigs-Universität Stefan-Meier-Strasse 26 D-79104 Freiburg Fon: +49 (0) 761 - 203 6707 Fax: +49 (0) 761 - 203 6800 E-Mail: dau...@averbis.de Geschäftsführer: Dr. med. Philipp Daumke, Kornél Markó Sitz der Gesellschaft: Freiburg i. Br. AG Freiburg i. Br., HRB 701080 - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Servlet container authentication in Wicket
Hi Timm, I also tried to add my application name in it (like you proposed), but no difference, still doesn't work. Philipp http://localhost:5080/j_security_check?j_username=test&j_password=test Shouldn't there be an application named? http://localhost:5080/MYAPP/j_security_check?j_username=test&j_password=test Regards, Timm Am Sonntag, 1. Februar 2009 23:03:50 schrieb Philipp Daumke: Hi all, I followed the Servlet Container authentication as described in http://cwiki.apache.org/WICKET/servlet-container-authentication.html, but I do not get it working. At the moment I get an error in firefox when invoking the redirectToSecurityCheck() method: http://localhost:5080/j_security_check?j_username=test&j_password=test _The requested resource () is not available. _I don't even know exactly what "j_security_check" is and don't find too much on the web. Do I have to configure Tomcat properly? Below is my full src. MyApp.java and web.xml look like in the example (see link aboe). Thank you for your help! Philipp public final class LoginPage extends WebPage { private String username; private String password; public LoginPage() { redirectToSecurityCheck(); /*if( ( ( MySession )getSession() ).isUserLoggedIn()) { // redirect to hide username and password from URL after user is logged in setRedirect( true ); setResponsePage( Index.class ); } else { redirectToSecurityCheck(); }*/ } /** * Common servlet login workaround */ private void redirectToSecurityCheck() { final Map parametersMap = ( ( WebRequestCycle )RequestCycle.get() ).getWebRequest().getHttpServletRequest().getParameterMap(); if( parametersMap.containsKey( "username" ) && parametersMap.containsKey( "password" ) ) { // getting parameters from POST request final String userName = ( ( String[] )parametersMap.get( "username" ) )[ 0 ]; final String userPassword = ( ( String[] )parametersMap.get( "password" ) )[ 0 ]; // if POST parameters are ok, redirect them to j_security_check if( ( userName != null ) && ( userPassword != null ) ) { getRequestCycle().setRedirect( false ); getRequestCycle().setRequestTarget( EmptyRequestTarget.getInstance() ); getResponse().redirect( "/j_security_check?j_username=" + userName + "&j_password=" + userPassword ); } } } public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } } - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Averbis GmbH c/o Klinikum der Albert-Ludwigs-Universität Stefan-Meier-Strasse 26 D-79104 Freiburg Fon: +49 (0) 761 - 203 6707 Fax: +49 (0) 761 - 203 6800 E-Mail: dau...@averbis.de Geschäftsführer: Dr. med. Philipp Daumke, Kornél Markó Sitz der Gesellschaft: Freiburg i. Br. AG Freiburg i. Br., HRB 701080 - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Servlet container authentication in Wicket
> http://localhost:5080/j_security_check?j_username=test&j_password=test Shouldn't there be an application named? http://localhost:5080/MYAPP/j_security_check?j_username=test&j_password=test Regards, Timm Am Sonntag, 1. Februar 2009 23:03:50 schrieb Philipp Daumke: > Hi all, > > I followed the Servlet Container authentication as described in > http://cwiki.apache.org/WICKET/servlet-container-authentication.html, > but I do not get it working. > > At the moment I get an error in firefox when invoking the > redirectToSecurityCheck() method: > > http://localhost:5080/j_security_check?j_username=test&j_password=test > _The requested resource () is not available. > > _I don't even know exactly what "j_security_check" is and don't find too > much on the web. Do I have to configure Tomcat properly? > > Below is my full src. MyApp.java and web.xml look like in the example > (see link aboe). Thank you for your help! > Philipp > > > public final class LoginPage extends WebPage > { > private String username; > private String password; > public LoginPage() > { > redirectToSecurityCheck(); > /*if( ( ( MySession )getSession() ).isUserLoggedIn()) > { > // redirect to hide username and password from URL after > user is logged in > setRedirect( true ); > setResponsePage( Index.class ); > } > else > { > redirectToSecurityCheck(); > }*/ > } > > /** > * Common servlet login workaround > */ > private void redirectToSecurityCheck() > { > final Map parametersMap = ( ( WebRequestCycle > )RequestCycle.get() > ).getWebRequest().getHttpServletRequest().getParameterMap(); > if( parametersMap.containsKey( "username" ) && > parametersMap.containsKey( "password" ) ) > { > // getting parameters from POST request > final String userName = ( ( String[] )parametersMap.get( > "username" ) )[ 0 ]; > final String userPassword = ( ( String[] )parametersMap.get( > "password" ) )[ 0 ]; > > // if POST parameters are ok, redirect them to j_security_check > if( ( userName != null ) && ( userPassword != null ) ) > { > getRequestCycle().setRedirect( false ); > getRequestCycle().setRequestTarget( > EmptyRequestTarget.getInstance() ); > > getResponse().redirect( > "/j_security_check?j_username=" + userName + > "&j_password=" + userPassword ); > } > } > } > > public String getUsername() { > return username; > } > > public void setUsername(String username) { > this.username = username; > } > > public String getPassword() { > return password; > } > > public void setPassword(String password) { > this.password = password; > } > } - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Servlet container authentication in Wicket
Hi all, I followed the Servlet Container authentication as described in http://cwiki.apache.org/WICKET/servlet-container-authentication.html, but I do not get it working. At the moment I get an error in firefox when invoking the redirectToSecurityCheck() method: http://localhost:5080/j_security_check?j_username=test&j_password=test _The requested resource () is not available. _I don't even know exactly what "j_security_check" is and don't find too much on the web. Do I have to configure Tomcat properly? Below is my full src. MyApp.java and web.xml look like in the example (see link aboe). Thank you for your help! Philipp public final class LoginPage extends WebPage { private String username; private String password; public LoginPage() { redirectToSecurityCheck(); /*if( ( ( MySession )getSession() ).isUserLoggedIn()) { // redirect to hide username and password from URL after user is logged in setRedirect( true ); setResponsePage( Index.class ); } else { redirectToSecurityCheck(); }*/ } /** * Common servlet login workaround */ private void redirectToSecurityCheck() { final Map parametersMap = ( ( WebRequestCycle )RequestCycle.get() ).getWebRequest().getHttpServletRequest().getParameterMap(); if( parametersMap.containsKey( "username" ) && parametersMap.containsKey( "password" ) ) { // getting parameters from POST request final String userName = ( ( String[] )parametersMap.get( "username" ) )[ 0 ]; final String userPassword = ( ( String[] )parametersMap.get( "password" ) )[ 0 ]; // if POST parameters are ok, redirect them to j_security_check if( ( userName != null ) && ( userPassword != null ) ) { getRequestCycle().setRedirect( false ); getRequestCycle().setRequestTarget( EmptyRequestTarget.getInstance() ); getResponse().redirect( "/j_security_check?j_username=" + userName + "&j_password=" + userPassword ); } } } public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } } -- Averbis GmbH c/o Klinikum der Albert-Ludwigs-Universität Stefan-Meier-Strasse 26 D-79104 Freiburg Fon: +49 (0) 761 - 203 6707 Fax: +49 (0) 761 - 203 6800 E-Mail: dau...@averbis.de Geschäftsführer: Dr. med. Philipp Daumke, Kornél Markó Sitz der Gesellschaft: Freiburg i. Br. AG Freiburg i. Br., HRB 701080 - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org