The auth-roles project is basically an example, so the fact that you copied it, is a good thing (tm). Even though it is sufficient for a lot of projects, if you need anything beyond the current capabilities, then rolling your own is the way to go. Or use Swarm/Wasp from Wicket Stuff. Martijn
On 2/12/08, Roland Huss <[EMAIL PROTECTED]> wrote: > > > Hi Martijn, > > > Martijn Dashorst wrote: > > > > Take a look at wicket-auth-roles. This provides the usual security > stuff, > > and you can easily also check for a set cookie. Just implement your own > > authorisation scheme. > > > > Thanks, this was exactly the pointer I was looking for > (i.e. the hook via IUnauthorizedComponentInstantiationListener as used in > AuthenticatedWebApplication) > > However, there is a slight glitch. There is not way to provide a > automatic sign in since this can be only be done via > signIn(username,password) on AuthenticatedWebSession. It would be > possible if AWS.isSignedIn() wouldn't be final, so one could > dynamically check for the cookie (and not only for a previous occured > manual authentication). > > The solution I've chosen right now is to set an own > UnauthorizedComponentInstantiationListener in my > AuthenticatedWebApplication which copies over 90% of the existing > functionality. This is certainly not an ideal solution. > > In general, I'm a fan of final methods, too in order to restrict > unwanted extension points, but for AWS.isSignedIn() it would be > probably a good idea to allow overriding or at least to provide and > additional hook to relax the restriction to work with manual > authentication via AWS.signIn() only. > > If you don't mind, I would like to open a JIRA issue for an RFE > (with some more code examples). > > Thanx again for the hint (and for this great framework in general ;-) ... > > ... roland > > > -- > View this message in context: > http://www.nabble.com/Hook-into-RequestCycle---tp15428634p15435618.html > Sent from the Wicket - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Buy Wicket in Action: http://manning.com/dashorst Apache Wicket 1.3.1 is released Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.1
