Thank you John, that's exactly what I was looking for!
John Ray wrote:
I think what you are looking for are the following steps
1) When a user first comes to the site check if they have a cookie from a
prior visit and automatically log them in.
2) If they don't have a cookie then redirect them to the login page
3) As they log in set a cookie on their browser so the next time they visit
they will be automatically logged in during step 1 above. The cookie will
need to contain the the user name and password to authenticate them. It
would probably be best for added security to do a one way hash (such as SHA)
on the password though and not store the actually password in the cookie.
To do steps 1 and 2 you need your own AuthorizationStrategy for your
application. Look at the wicket example to do this
http://wicketstuff.org/wicket13/signin/
Don't forget there is a link to view the source code in the top right of the
page. You need to modify the AuthorizationStrategy to something like this
public class MyAuthorizationStrategy implements IAuthorizationStrategy {
public boolean isInstantiationAuthorized(Class componentClass) {
if (AuthenticatedWebPage.class.isAssignableFrom(componentClass)) {
// Is user signed in?
if (((SignInSession)Session.get()).isSignedIn()) {
// okay to proceed
return true;
}
// Look at cookies to determine if the user should be logged in
automatically
Cookie[] cookies = ((WebRequest)
RequestCycle.get().getRequest()).getCookies();
... iterate through each cookie for our magic login cookie
... If a cookie is found then log the user in
// Redirect user to login page if there was no cookie
throw new RestartResponseAtInterceptPageException(SignIn.class);
}
...
}
For step 3 you'll need to modify the onSubmit() method in the login page so
that it sets a cookie on the browser when the user is logged in.
Cookie loginCookie = new Cookie(...);
... Also set the cookie MaxAge so that the browser will remeber it even if
the browser is closed
getWebRequestCycle().getWebResponse().addCookie(loginCookie);
The Cookies are just standard J2EE cookies from the servlet API so look at
the J2EE docs for more info on them.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]