The order of setting mountPage and cryptoMapper changes behavior.

Tue, 16 Sep 2014 13:08:00 -0700 

Hello,

Assuming we have 2 applications

One application providing authentication and second application configured 
to be redirected to the first application for authentication.

Lets call page in the second application which does the redirection to 
first application as SignInPage. 

Below is the code in SignInPage which sets a cookie to redirect to the url 
that was requested after login.

// The following lines ensure redirection back to the second application 
page that was requested.
 Response resp = getRequestCycle().getResponse();
 if (resp instanceof WebResponse)
 {
 WebResponse webResp = (WebResponse) resp; 
 Cookie cookie = 
WicketApplication.get().getIamHelper().getIamSecurityHelper().getRedirectURLCookie(second
 
app url);
 webResp.addCookie(cookie);
 }
 
 // The following line redirects to first application for login.
 getRequestCycle().scheduleRequestHandlerAfterCurrent(new 
RedirectRequestHandler("../firstApplcation/login"));

Now mounting SignInPage class in 
org.apache.wicket.protocol.http.WebApplication#init() in the following 
order
 
 getSecuritySettings().setCryptFactory(new 
KeyInSessionSunJceCryptFactory());
 
 setRootRequestMapper(new CryptoMapper(getRootRequestMapperAsCompound(), 
this));
 
 mountPage("/login", SignInPage.class);

The above setting works fine where the user is correctly redirected to 
../firstApplcation/login to login, 
however swapping CryptoMapper and mountPage as follows breaks and the user 
is not redirected to First app for authentication, 
url seen in the browser is "secondApplication/xxxxxxxxxxx" versus 
../firstApplcation/login
 
 getSecuritySettings().setCryptFactory(new 
KeyInSessionSunJceCryptFactory()); 
 
 mountPage("/login", SignInPage.class); 

 setRootRequestMapper(new CryptoMapper(getRootRequestMapperAsCompound(), 
this));
 
Why does the order of mountPage and CryptoMapper change behavior ?


Thanks & Regards
Satish Gutta



Notice: This communication, including any attachments, is intended solely 
for the use of the individual or entity to which it is addressed. This 
communication may contain information that is protected from disclosure 
under State and/or Federal law. Please notify the sender immediately if 
you have received this communication in error and delete this email from 
your system. If you are not the intended recipient, you are requested not 
to disclose, copy, distribute or take any action in reliance on the 
contents of this information.

Reply via email to