On Fri, Dec 24, 2010 at 1:39 PM, James Carman <[email protected]> wrote: >> Doing it with intercept URLs might work for a few pages that you have >> mounted in Wicket, but in the end, every new page is going to have to be set >> up perfectly. It's not worth it go go that route. >> > > It will work fine for "mounted" bookmarkable pages, but it will get a > little crazy once you start getting into listeners and stuff. You > could use AspectJ to weave your classes so that they have the security > stuff baked in. Then, they'll throw the proper exceptions and if you > use the request cycle trick I showed you, it will forward to the login > page.
This is the key that most people miss. You can *only* secure the *initial view* of a bookmarkable / mounted page through URL-based security. As soon as I submit a form, click a link, or use an AJAX behavior, I go to a non-bookmarkable URL that is session dependent and you *can not* use URL based security for this. Even with the hybrid strategy. See [1] for more information about how URLs work. [1] http://apache-wicket.1842946.n4.nabble.com/urls-after-a-form-submission-tp2965981p2966109.html -- Jeremy Thomerson http://wickettraining.com Need a CMS for Wicket? Use Brix! http://brixcms.org --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
