Re: IP Authentication
On Wed, Apr 11, 2018 at 7:53 PM, Lon Varscsak wrote: > Perfect, this is what I was looking for. So if I wanted to hijack the > whole response (for other purposes), I would do the same thing, but with a > custom request handler? > Yes! > > On Tue, Apr 10, 2018 at 11:24 PM, Martin Grigorov > wrote: > > > Hi, > > > > On Tue, Apr 10, 2018 at 11:49 PM, Lon Varscsak > > wrote: > > > > > I have a need to build some apps (or mount points) to check if the > source > > > is coming from an internal IP and if not, present the user with an > > > "unauthorized" request. I know how to check client IP and what not, > but > > > I'm not sure how to generate programmatically a simple WebResponse that > > is > > > just some text with a status code. > > > > > > 1) I'm currently using IRequestCycleListener to listen and then hijack > > the > > > response. Not sure if this is the appropriate place. > > > > > > > This is the Wicket way. > > You can also use plain Servlet Filter to do it even before Wicket has a > > chance to see the request. > > > > > > > 2) How do you programmatically generate a response without implementing > > all > > > the methods of WebResponse. At the point that the > IRequestCycleListener > > > the response that is in the cycle already has content. Basically I > want > > to > > > throw that away and return "Unauthorized"/401. > > > > > > > requestCycle.replaceAllRequestHandlers(new ErrorCodeRequestHandler(401, > > "Unauthorized")) > > > > > > > > > > Any thoughts or suggestions? > > > > > > Thanks! > > > > > > Lon > > > > > >
Re: IP Authentication
Perfect, this is what I was looking for. So if I wanted to hijack the whole response (for other purposes), I would do the same thing, but with a custom request handler? On Tue, Apr 10, 2018 at 11:24 PM, Martin Grigorov wrote: > Hi, > > On Tue, Apr 10, 2018 at 11:49 PM, Lon Varscsak > wrote: > > > I have a need to build some apps (or mount points) to check if the source > > is coming from an internal IP and if not, present the user with an > > "unauthorized" request. I know how to check client IP and what not, but > > I'm not sure how to generate programmatically a simple WebResponse that > is > > just some text with a status code. > > > > 1) I'm currently using IRequestCycleListener to listen and then hijack > the > > response. Not sure if this is the appropriate place. > > > > This is the Wicket way. > You can also use plain Servlet Filter to do it even before Wicket has a > chance to see the request. > > > > 2) How do you programmatically generate a response without implementing > all > > the methods of WebResponse. At the point that the IRequestCycleListener > > the response that is in the cycle already has content. Basically I want > to > > throw that away and return "Unauthorized"/401. > > > > requestCycle.replaceAllRequestHandlers(new ErrorCodeRequestHandler(401, > "Unauthorized")) > > > > > > Any thoughts or suggestions? > > > > Thanks! > > > > Lon > > >
Re: IP Authentication
On Wed, Apr 11, 2018 at 9:26 AM, Maxim Solodovnik wrote: > Martin, > > Will > throw new AbortWithHttpErrorCodeException(410, "Unauthorized"); > also do the job? > Probably. But I remember a ticket saying that throwing (WicketRuntime?!)Exception doesn't work well in IRequestCycleListener#onBeginRequest > > On Wed, Apr 11, 2018 at 1:24 PM, Martin Grigorov > wrote: > > > Hi, > > > > On Tue, Apr 10, 2018 at 11:49 PM, Lon Varscsak > > wrote: > > > > > I have a need to build some apps (or mount points) to check if the > source > > > is coming from an internal IP and if not, present the user with an > > > "unauthorized" request. I know how to check client IP and what not, > but > > > I'm not sure how to generate programmatically a simple WebResponse that > > is > > > just some text with a status code. > > > > > > 1) I'm currently using IRequestCycleListener to listen and then hijack > > the > > > response. Not sure if this is the appropriate place. > > > > > > > This is the Wicket way. > > You can also use plain Servlet Filter to do it even before Wicket has a > > chance to see the request. > > > > > > > 2) How do you programmatically generate a response without implementing > > all > > > the methods of WebResponse. At the point that the > IRequestCycleListener > > > the response that is in the cycle already has content. Basically I > want > > to > > > throw that away and return "Unauthorized"/401. > > > > > > > requestCycle.replaceAllRequestHandlers(new ErrorCodeRequestHandler(401, > > "Unauthorized")) > > > > > > > > > > Any thoughts or suggestions? > > > > > > Thanks! > > > > > > Lon > > > > > > > > > -- > WBR > Maxim aka solomax >
Re: IP Authentication
Martin, Will throw new AbortWithHttpErrorCodeException(410, "Unauthorized"); also do the job? On Wed, Apr 11, 2018 at 1:24 PM, Martin Grigorov wrote: > Hi, > > On Tue, Apr 10, 2018 at 11:49 PM, Lon Varscsak > wrote: > > > I have a need to build some apps (or mount points) to check if the source > > is coming from an internal IP and if not, present the user with an > > "unauthorized" request. I know how to check client IP and what not, but > > I'm not sure how to generate programmatically a simple WebResponse that > is > > just some text with a status code. > > > > 1) I'm currently using IRequestCycleListener to listen and then hijack > the > > response. Not sure if this is the appropriate place. > > > > This is the Wicket way. > You can also use plain Servlet Filter to do it even before Wicket has a > chance to see the request. > > > > 2) How do you programmatically generate a response without implementing > all > > the methods of WebResponse. At the point that the IRequestCycleListener > > the response that is in the cycle already has content. Basically I want > to > > throw that away and return "Unauthorized"/401. > > > > requestCycle.replaceAllRequestHandlers(new ErrorCodeRequestHandler(401, > "Unauthorized")) > > > > > > Any thoughts or suggestions? > > > > Thanks! > > > > Lon > > > -- WBR Maxim aka solomax
Re: IP Authentication
Hi, On Tue, Apr 10, 2018 at 11:49 PM, Lon Varscsak wrote: > I have a need to build some apps (or mount points) to check if the source > is coming from an internal IP and if not, present the user with an > "unauthorized" request. I know how to check client IP and what not, but > I'm not sure how to generate programmatically a simple WebResponse that is > just some text with a status code. > > 1) I'm currently using IRequestCycleListener to listen and then hijack the > response. Not sure if this is the appropriate place. > This is the Wicket way. You can also use plain Servlet Filter to do it even before Wicket has a chance to see the request. > 2) How do you programmatically generate a response without implementing all > the methods of WebResponse. At the point that the IRequestCycleListener > the response that is in the cycle already has content. Basically I want to > throw that away and return "Unauthorized"/401. > requestCycle.replaceAllRequestHandlers(new ErrorCodeRequestHandler(401, "Unauthorized")) > > Any thoughts or suggestions? > > Thanks! > > Lon >