On Mon, May 19, 2008 at 6:08 AM, Lauri Lehtinen <[EMAIL PROTECTED]> wrote: > Hello - > > I am in the process of porting a Struts application into Wicket, and would > appreciate some insights regarding an upcoming task: > > I need to implement automatic sign-on based on the value of a custom HTTP > header in the request, if the request is coming from a specific IP range. > > For those familiar with Struts - previously this has been handled using > custom RequestProcessors, where you have access to the HttpServletRequest > object. > > I have taken a look at the Wicket API, and ended up obeying the advice to > mail this list before depending on WebRequest's getHttpServletRequest() > method directly. > > So, my main questions: > > - Does Wicket provide access to custom HTTP headers in a request via other > means than getHttpServletRequest()?
i dont see why not, you know you are running in a webapp... > - Where in the Wicket land would YOU place the code responsible for > automatic sign-on (every request that needs sign-on should go through that > code before sending to a login page)? the code should go into IAuthorizationStrategy implementation, probably on isInstantiationAuthorized. IAuthorizationStrategy is your single point for security-related things. -igor > > Thank you in advance for any comments on this. > > Best regards, > Lauri Lehtinen > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
