Or Session. Session.getAuthorizationStrategy().
Maurice
On Tue, Apr 1, 2008 at 8:51 PM, Nino Saturnino Martinez Vazquez Wael
<[EMAIL PROTECTED]> wrote:
> It's your webapplication that takes the ISecurityStrategy..
>
> public class ZeuzGroupApplication extends WebApplication {
>
> private SpringComponentInjector springComponentInjector;
>
> @Override
> protected void init() {
> super.init();
> // getSecuritySettings().setAuthorizationStrategy(
> // new RoleAuthorizationStrategy(new UserRolesAuthorizer()));
> getSecuritySettings().setAuthorizationStrategy(
> new ZeuzSecurity(ZeuzAuthorizedPage.class,
> LoginPage.class) {
> @Override
> protected boolean isAuthorized(Class pageClass) {
> return (((ZeuzSession)
> Session.get()).isAuthorized());
> }
> });
> ...
>
>
>
> Bruce Petro wrote:
> > Thanks to the replies I received... yeah I didn't say it well, but I
> > assumed the user would be kept in the session and that seems to fit
> > everyone's reply. On top of that, I think I'm hearing I can use
> > inheritance and have every page utilize ISecurityStrategy to then
> > control access to the page.
> >
> > I'll check into it and see if I've got that all correct. Thanks again.
> >
> >
> > -----Original Message-----
> > From: Nino Saturnino Martinez Vazquez Wael
> > [mailto:[EMAIL PROTECTED]
> > Sent: Tuesday, April 01, 2008 1:49 PM
> > To: users@wicket.apache.org
> > Subject: Re: Question on page inheritance...
> >
> > True, as Igor wrote this is meant to be in conjuction with at
> > ISecurityStrategy.
> >
> > Nino Saturnino Martinez Vazquez Wael wrote:
> >
> >> You could actually also do this another way... Im using markup
> >> inheritance alot, but I stuff user object into the session like this:
> >>
> >> See a nice view here:
> >> http://papernapkin.org/pastebin/view/281/
> >>
> >> package zeuzgroup.application;
> >>
> >> import javax.servlet.http.HttpSession;
> >>
> >> import org.apache.wicket.Application;
> >> import org.apache.wicket.Request;
> >> import org.apache.wicket.protocol.http.WebRequest;
> >> import org.apache.wicket.protocol.http.WebSession;
> >>
> >> import zeuzgroup.core.Person;
> >> import zeuzgroup.core.user.UserType;
> >>
> >> public class ZeuzSession extends WebSession {
> >>
> >> private boolean authorized = false;
> >>
> >> private Person person;
> >>
> >> private HttpSession httpSession;
> >>
> >> protected ZeuzSession(Application application, Request request) {
> >> super(application, request);
> >> httpSession = ((WebRequest) request).getHttpServletRequest()
> >> .getSession();
> >>
> >> }
> >>
> >> public boolean isAuthorized() {
> >> return authorized;
> >> }
> >>
> >> public void setAuthorized(boolean authorized) {
> >>
> >> this.authorized = authorized;
> >> if (authorized) {
> >>
> >> httpSession.setAttribute("sso.password.attribute", person
> >> .getPassword());
> >> httpSession.setAttribute("sso.email.attribute",
> >> person.getEmail());
> >> httpSession.setAttribute("password", person.getPassword());
> >> httpSession.setAttribute("email", person.getEmail());
> >>
> >> } else {
> >> httpSession.setAttribute("sso.password.attribute", null);
> >> httpSession.setAttribute("sso.email.attribute", null);
> >> }
> >> }
> >>
> >> public Person getPerson() {
> >> if (person != null) {
> >> return person;
> >> } else {
> >> Person person = new Person();
> >> person.setUserType(UserType.Guest);
> >> return person;
> >> }
> >> }
> >>
> >> public void setPerson(Person person) {
> >> this.person = person;
> >> }
> >>
> >> }
> >>
> >>
> >> Bruce Petro wrote:
> >>
> >>> I'm just getting started in wicket, so forgive me if this is a
> >>>
> > too-dumb
> >
> >>> question...
> >>>
> >>>
> >>>
> >>> I know wicket can check the session for a user to ask a "user" object
> >>>
> > if
> >
> >>> it is logged in.
> >>>
> >>> However, you don't really want to paste code on every page.
> >>>
> >>> What is the best way, to have each page inherit the base "security
> >>> check" routine?
> >>>
> >>>
> >>>
> >>> Would you create a BasePage extends WebPage and put the logic there
> >>>
> > and
> >
> >>> have all other pages extend BasePage?
> >>>
> >>> Or would you attach some sort of a command object to each page and
> >>>
> > put
> >
> >>> the logic in that?
> >>>
> >>>
> >>>
> >>> Anyone have a reference to an example of code to do this?
> >>>
> >>>
> >>>
> >>> THANKS!
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >
> >
>
> --
> -Wicket for love
>
> Nino Martinez Wael
> Java Specialist @ Jayway DK
> http://www.jayway.dk
> +45 2936 7684
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
