Its very similar to my solution number 1. Instead of executing
setRedirect(true) and setResponsePage(somePage) you propose to throw
RestartResponseAtInterceptPageException.
Could you explain why its better to throw this exception rather then
redirect to resposne page ?
If I understand RestartResponseAtInterceptPageException class it is usefull
when we would like to come back to the page where this exception was thrown
(to MyBookmarkableSimpleSignOnPage in your example) I think this is not a
case in this situtation. However your solution is similar to main so its
make me sure to choose solution number 1.
According to security concerns, I know that passing username and password in
'plain' link its not the most secure way but I wanted to keep my example
simple (witout any tokens etc), but thanks for your comment.
Regards Daniel
Jeremy Thomerson-5 wrote:
>
> How about something like:
>
> public MyBookmarkableSimpleSignOnPage(PageParameters parameters) {
> super(parameters);
> String username = parameters.getString("un");
> String password = parameters.getString("pw");
> signIn(username, password);
> throw new
> RestartResponseAtInterceptPageException(DestinationPage.class);
> }
>
> Of course, there are security concerns with having URLs with username and
> password in it. But, that wasn't what you asked. You asked specifically
> how to pull username and password from the request, authenticate, and
> redirect to authenticated page.
>
> Depending on use case, you might think about having a single-use token
> that
> is in the URL instead, or a time-restricted token, and in your DB you
> store
> a reference that relates that token, an expiration, and the user it works
> for. This could easily be adapted for that.
>
>
> --
> Jeremy Thomerson
> http://www.wickettraining.com
>
>
> On Tue, Sep 9, 2008 at 2:43 PM, dlipski <[EMAIL PROTECTED]>
> wrote:
>
>>
>> Hi
>>
>> It's some idea but I think that its a little bit of hacking (sending GET
>> request to formSubmitListener). I found other (are they better ?)
>> solutions:
>> 1)Use usual WebPage and in constructor of this page write code to execute
>> and then at the end call setRedirect(true) and setResponsePage(somePage)
>> 2)Use Statless page and statless link, write code in link onclick method.
>>
>> Both solutions assume that acces to this page is done through
>> 'bookmarkable'
>> URL.
>>
>> None of these two solutions satisfy me completly because each of them is
>> some kind of hacking for me.
>> In first aproach we use Page constructor to execute some code/action not
>> to
>> display page, this page even doesnt need any markup file (it will never
>> be
>> rendered), whats more, replacing responsePage in constructor of another
>> page
>> looks strange - for me it is breaking of contract(or maybe my
>> understanding)
>> of WebPage.
>>
>> In second solution we use statless page and statless link not to display
>> link to the user but just to allow call any code/action throught
>> 'bookmarkable url'. For me this is also breaking of statless page and
>> statless link contracts.
>>
>> Because both of this solutions work, I probably choose one of them but Im
>> curious why there is no support in wicket for such (simple in action
>> based
>> framework) cases (or maybe there is but I cant find it ?).
>>
>> For me it will be great if I could create 'action' like class and call it
>> from wicket (inside request cycle) and forward/redirect to some page. I
>> think it could be done by extending RequestCycleProcessor (to accept
>> wicket:action url) and write new base class for ActionRequestTargets.
>>
>> I know that Wicket is page oriented framework but wouldnt be great if it
>> could also support some simple 'ations' ? As I said Im new to Wicket and
>> maybe it is impossible or its breaking some of wicket vision/assumptions
>> ?
>> What do you think about such feature ?
>>
>> Of course when nature of web application is rather action then page
>> oriented
>> we should use some of existing action based frameworks, but I think (as
>> newbie) there are scenarios where in page oriented application such
>> feature
>> (call some code inside request cycle and redirect to page) will be very
>> helpfull.
>>
>> Waiting for your opinions.
>> Reagrds, Daniel
>>
>>
>> Wayne Pope wrote:
>> >
>> > Hi,
>> >
>> > I've only been using Wicket a very short time, but why don;t you just
>> > create
>> > a simple login form page.
>> > Then look at the source and you'll see something like:
>> > <form
>> >
>> action="?wicket:bookmarkablePage=:com.youpackage.LoginPage&wicket:interface=:0:signInPanel:signInForm::IFormSubmitListener::"
>> > wicket:id="signInForm" id="signInForm" method="post">
>> >
>> >
>> > Then you need to just to POST the username and password parameters to
>> the
>> > above URL , and it'll log you in.
>> >
>> > I not sure how you set to us GET in wicket which would be more easy for
>> > you.
>> > But I''m sure someone get tell you how to set that up for a form.
>> >
>> > cheers
>> > Wayne
>> >
>> > On Mon, Sep 8, 2008 at 9:59 PM, dlipski <[EMAIL PROTECTED]>
>> > wrote:
>> >
>> >>
>> >> Hi
>> >>
>> >> Im developing with Wicket for short time so forgive me if I
>> misanderstood
>> >> some Wicket concepts.
>> >> Recently I was asked for develop SSO-like feature for Wicket powered
>> web
>> >> application.
>> >> Application uses wicket-auth-roles + Acegi for securing wicket pages.
>> >> What I have to do is to let authenticate users to this web app only by
>> >> typing URL in their web browsers (or clicking some prepared link).
>> >> This URL will contain username and password but user will not be
>> forced
>> >> to
>> >> fill in any form or press any button - just typing url or cliciking
>> some
>> >> prepared link.
>> >> Actual way of uthentication (via Wicket page) must remain, so there
>> will
>> >> be
>> >> two ways to login to application: either by filling in form or typing
>> url
>> >> in
>> >> web browser.
>> >> Because this application is using wicket-auth-roles what I have to do
>> is
>> >> to
>> >> retrive from request user login and password and call signIn(username,
>> >> password) on Session object.
>> >> This is the moment where problem begins (for me).
>> >> I've tried to write simple servlet to do this but when I've accessed
>> >> Wicket
>> >> session by: Session.get() runtime exception was thrown because Wicket
>> >> session cant be created outside request cycle...
>> >> ...so I decided to do this inside request cycle, but actually I dont
>> know
>> >> any simple solution to execute some code (after sending bookmarkable
>> >> request) and redirect to some WicketPage.
>> >> What I need is something like BookmarkablePage but dont displaying any
>> >> page,
>> >> only redirecting to other page (after executing autentication,or some
>> >> other
>> >> code), something which might be called BookmarkableAction ;).
>> >> Probably it is possible to write custom request target and extend
>> request
>> >> target processor (to create such target) but it looks too complicated
>> for
>> >> me
>> >> to perform some simple task.
>> >> In action oriented frameworks (Struts/SpringMVC/...) its trivial, I
>> know
>> >> that Wicket is page oriented framework but Im wondering if there is
>> any
>> >> support for such 'actions'.
>> >>
>> >> Maybe there is some other way to achive such SSO-like feature ?
>> >>
>> >> Regards
>> >> Daniel
>> >> --
>> >> View this message in context:
>> >>
>> http://www.nabble.com/newbie-problem-witch-wicket...-tp19379967p19379967.html
>> >> Sent from the Wicket - User mailing list archive at Nabble.com.
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> >> For additional commands, e-mail: [EMAIL PROTECTED]
>> >>
>> >>
>> >
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/newbie-problem-witch-wicket...-tp19379967p19399735.html
>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
--
View this message in context:
http://www.nabble.com/newbie-problem-witch-wicket...-tp19379967p19408934.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
