Hi, i am trying to customize the behavior, when in a page a component is
found, that the current user is not authorized to while he is authorized
to the page. This by default throws an exception and i want to change it
so, that the component is simply not displayed. So i did this: in my web
application, that is subclass of AuthenticatedWebApplication i have this
init() method:
@Override
protected void init() {
super.init();
// we customize the default behavior, when there is an
component in page, that
// this user can't access. Default is an exception thrown, we
just set the
// component not visible
getSecuritySettings().setUnauthorizedComponentInstantiationListener(
new IUnauthorizedComponentInstantiationListener() {
@Override
public void onUnauthorizedInstantiation(Component
component) {
if (component instanceof Page) {
onUnauthorizedPage((Page) component);
} else {
component.detach();
}
}
});
}
as i can see, if the unauthorized object is a page, than i call
onUnauthorizedPage((Page) component) which redirects to login page, else
i destroy the component.
What comes out as result is that the user after accessing protected page
is redirected to login page, logs in and is authentificated but than
somehow the session is destroyed and new is created for some reason
which results in loosing the authentication and login page is displayed
again. So the user actually can't log in and always ends only in the
login page.
thanks for help in advance, Juraj
__________________________________________________
Do You Yahoo!?
Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails.
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
