Re: [Wicket-user] Protecting Bookmarkable Pages
On 8/30/06, Igor Vaynberg <[EMAIL PROTECTED]> wrote: > exactly. iauthstrategy is geared more towards declarative security and more > towards components not pages. if your usecase does not match then doing the > check in the base page's constructor is the way to go - clean and simple. > thats why we have all those RestartResponseAtFoo exceptions :) Well the confusion started because all the sample code that does PAGE authorization is build on top of IAuthStrat. Wicket is pretty flexible and there are fortunately always multiple ways to do things :-) S. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Protecting Bookmarkable Pages
exactly. iauthstrategy is geared more towards declarative security and more towards components not pages. if your usecase does not match then doing the check in the base page's constructor is the way to go - clean and simple. thats why we have all those RestartResponseAtFoo exceptions :) -IgorOn 8/30/06, Stefan Arentz <[EMAIL PROTECTED]> wrote: On 8/30/06, [EMAIL PROTECTED] Imam <[EMAIL PROTECTED]> wrote:> Why dont you forward all these requests to a dummy page where > you can take your decision making rather than depending on the> authorization strategy solely.>> Inside the page you can handle requests such that the user is forwarded to a> sign in page and after successful sign in he is taken to the original page > he wanted to see.>> I had a similar problem I solved using a sign in form inside whose on-submit> i did the validation and forwarded to the requested pageThanks for the hints Shams. I ended up with something like this: public abstract class MyAbstractAuthenticatedPage extends MyAbstractPage{protected MyAbstractAuthenticatedPage(){super();if (getBeepSession() == null || getBeepSession().getUser() == null) { throw new RestartResponseAtInterceptPageException(new LogInPage());}}}public class MyProfilePage extends MyAbstractAuthenticatedPage{public MyProfilePage(){ super();... do usual work here ...}}and then in LogInPage:onSubmit(){// Go back to where we came from or to the user's home pageif (continueToOriginalDestination() == false) { setResponsePage(MyHomePage.class);}}Works excellent. I simply got rid of the whole IAuthorizationStrategycode since that is not needed anymore for simple page protection likethis. S.-Using Tomcat but need to do more? Need to support web services, security?Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimohttp://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___Wicket-user mailing listWicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Protecting Bookmarkable Pages
On 8/30/06, [EMAIL PROTECTED] Imam <[EMAIL PROTECTED]> wrote: > Why dont you forward all these requests to a dummy page where > you can take your decision making rather than depending on the > authorization strategy solely. > > Inside the page you can handle requests such that the user is forwarded to a > sign in page and after successful sign in he is taken to the original page > he wanted to see. > > I had a similar problem I solved using a sign in form inside whose on-submit > i did the validation and forwarded to the requested page Thanks for the hints Shams. I ended up with something like this: public abstract class MyAbstractAuthenticatedPage extends MyAbstractPage { protected MyAbstractAuthenticatedPage() { super(); if (getBeepSession() == null || getBeepSession().getUser() == null) { throw new RestartResponseAtInterceptPageException(new LogInPage()); } } } public class MyProfilePage extends MyAbstractAuthenticatedPage { public MyProfilePage() { super(); ... do usual work here ... } } and then in LogInPage: onSubmit() { // Go back to where we came from or to the user's home page if (continueToOriginalDestination() == false) { setResponsePage(MyHomePage.class); } } Works excellent. I simply got rid of the whole IAuthorizationStrategy code since that is not needed anymore for simple page protection like this. S. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Protecting Bookmarkable Pages
Why dont you forward all these requests to a dummy page where you can take your decision making rather than depending on the authorization strategy solely.Inside the page you can handle requests such that the user is forwarded to a sign in page and after successful sign in he is taken to the original page he wanted to see.I had a similar problem I solved using a sign in form inside whose on-submiti did the validation and forwarded to the requested page -- Shams - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
[Wicket-user] Protecting Bookmarkable Pages
I have a bunch of pages that I have mounted so that they are reachable as /Foo.html?id=123. No big deal and works fine. But, I need to protect these pages; I need people to bookmark them and return to them, showing a login box in between if no session is active. The usual recipe for protecting pages is to use a custom IAuthorizationStrategy but that will not work here since the PageParameters are not kept around by the AuthorizationStrategy code and there is also no way to easily access them. Is there another way to do this? S. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user