Hello,
I am using JAAS to secure my EJB layer in JBoss AS7,
which is called from wicket 6, by adding a
org.jboss.security.ClientLoginModule for every request.
This works nicely for page requests, I have built a setupJAAS()
method that is called from my BasePage.
However the wicket callbacks, onClick() et all, do of
course not go through the basepage constructor, and thus
fail the JAAS check.
What would be the best place to plug my setupJAAS()
into EVERY request, be it a page request, callback or
AJAX request (and what else there might be ;-) ?
I tried
@Override
public WebRequest newWebRequest(HttpServletRequest servletRequest, final
String filterPath)
but at that point, the Session is not yet set up, and my
Session.get() complains
org.apache.wicket.util.lang.Args.notNull(Args.java:41)
org.apache.wicket.Application.fetchCreateAndSetSession(Application.java:1552)
org.apache.wicket.Session.get(Session.java:152)
I do however need the Session() to retrieve the user and his/her
roles, so I can set up the JAAS.
There must be many ways to do this, most of them probably wrong, so
I thought I'd better ask here. ;-)
Please note that I want to setup JAAS only once per request, since I
need to perform a lookup and a database query for it...
Input mostly appreciated...
Cheers, Tom.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
