I'm trying to get Wicket working with the method-level security support in Spring (Acegi) Security. I've got the integration working up to a point having followed these articles:
- http://forum.springsource.org/showthread.php?t=67974 - http://cwiki.apache.org/WICKET/spring-security-and-wicket-auth-roles.html However, i'm left with one remaining issue - redirecting to the correct page following a successful login. Let me explain... In my custom WebRequestCycle, I've overridden this: @Override public Page onRuntimeException( Page page, RuntimeException e ) { Page toReturn = null; if ( e.getCause() instanceof AuthenticationCredentialsNotFoundException ) { toReturn = new LoginPage(); } else { toReturn = super.onRuntimeException( page, e ); } return toReturn; } This code will be reached whenever a Page calls a Spring service layer method that has been annotated with security restrictions. The user is then redirected successfully to the LoginPage. This is where I get stuck. I've followed the code from the second article and can successfully authenticate a user within the Spring Security Context. However, at this point I then want to return to the page that generated the AuthenticationCredentialsNotFoundException, retaining any page state at the time the exception occurred. Do I need to be thinking along the lines of passing around the Page object that was passed to the onRuntimeException() method? Or any there dangers here relating to session state? When authenticating using Wicket auth-roles, the Login page is clearly being passed additional information - I guess this is somehow supported via the way the Login page is registered in the WebApplication as the official sign in page. I guess I just need to make sure the Login page that I create on catching the AuthenticationCredentialsNotFoundException is passed the same information. Any help on this will be much appreciated. I really do value the help people are giving me on this mailing list as I continue to learn (and enjoy) Wicket. Thanks everyone! Andrew
