well that's not quite what hugues wants to achieve, I think that roles
returns null should _not_ give the current user any roles, sothat the admin
page is _not_ accessible
from my point of view, you should go for wicket-security too (yepp that's
shameless maurice-promoting :-)). or at least you should have a look at it
to decide what suites you better.
I think I had a similar problem when I first tried wicket-auth-roles and had
to use SignInPage in the getHomePage method too ... which seemed quite weird
to me.
Ayodeji Aladejebi wrote:
>
> you have not used it correctly
>
> return a Roles object and not null
> @Override
> public Roles getRoles() {
> return new Roles("ADMIN");
> }
>
> @AuthorizeInstantiation("ADMIN")
> public class AdminPage extends WebPage {
> }
>
>
> On 11/6/07, Maurice Marrink <[EMAIL PROTECTED]> wrote:
>>
>> You are using the wrong authorization framework!
>>
>> :) No seriously now. I don't know what is wrong with your code,
>> although the authenticate method might give some useful debugging
>> info.
>> There is however a second authorization framework for wicket called
>> Swarm. you might want to check it out.
>> http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security
>>
>> Maurice
>>
>> P.S. warning: shameless self-promoting :)
>>
>>
>> On Nov 5, 2007 2:32 PM, Hugues Pichereau <[EMAIL PROTECTED]> wrote:
>> > Hi,
>> >
>> > I would like to use Wicket authentication, as in the examples.
>> > So I modified the Wicket QuickStart project to use authentication, like
>> this:
>> >
>> > public class WicketApplication extends AuthenticatedWebApplication {
>> >
>> > public WicketApplication() {
>> > }
>> >
>> > public Class getHomePage() {
>> > return HomePage.class;
>> > }
>> >
>> > @Override
>> > protected Class<? extends WebPage> getSignInPageClass() {
>> > return LoginPage.class;
>> > }
>> >
>> > @Override
>> > protected Class<? extends AuthenticatedWebSession>
>> getWebSessionClass() {
>> > return WicketSession.class;
>> > }
>> > }
>> >
>> >
>> > public class WicketSession extends AuthenticatedWebSession {
>> >
>> > public WicketSession(AuthenticatedWebApplication application,
>> Request
>> request) {
>> > super(application, request);
>> > }
>> >
>> > @Override
>> > public boolean authenticate(String arg0, String arg1) {
>> > return false; // should block everybody
>> > }
>> >
>> > @Override
>> > public Roles getRoles() {
>> > return null;
>> > }
>> > }
>> >
>> >
>> > HomePage.html has:
>> > # Admin page
>> >
>> > public class HomePage extends WebPage {
>> >
>> > public HomePage(final PageParameters parameters) {
>> > add(new PageLink("goto-admin", AdminPage.class));
>> > }
>> > }
>> >
>> >
>> > LoginPage.html has:
>> >
>> >
>> > public final class LoginPage extends SignInPage {
>> > }
>> >
>> >
>> > And finally, the admin page to protect:
>> >
>> > @AuthorizeInstantiation("USER")
>> > public class AdminPage extends WebPage {
>> > }
>> >
>> > The problem is that a click from the HomePage always brings the
>> AdminPage, without any
>> > LoginPage displayed.
>> >
>> > I used Wicket 1.3 beta4.
>> >
>> > After reading the Wicket example and 2 tutorials on authentication, I
>> really can't see what I'm missing.
>> > Any idea ?
>> >
>> > Hugues
>> >
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
-----
Michael Sparer
http://talk-on-tech.blogspot.com
--
View this message in context:
http://www.nabble.com/Problem-with-wicket-authentication-tf4751663.html#a13602398
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
