Solution found. 

Within the newRequestCycleProcessor() method of the
MyAuthenticatedWebApplication class I caught the exception thrown by the
IRequestTarget respond method.


protected IRequestCycleProcessor newRequestCycleProcessor()
    {
        return new DefaultWebRequestCycleProcessor() {

            protected IResponseStrategy newResponseStrategy()
            {
                return new IResponseStrategy() {

                    public void respond(RequestCycle requestCycle)
                    {
                        IRequestTarget requestTarget =
requestCycle.getRequestTarget();
                        if(requestTarget != null)
                        {
                           
Application.get().logResponseTarget(requestTarget);
                            WebRequest webRequest =
(WebRequest)requestCycle.getRequest();
                            WebResponse webResponse =
(WebResponse)requestCycle.getResponse();
                            HttpServletRequest httpServletRequest =
webRequest.getHttpServletRequest();
                            Class pageClass = null;
                            if(requestTarget instanceof IPageRequestTarget)
                            {
                                IPageRequestTarget pageTarget =
(IPageRequestTarget)requestTarget;
                                pageClass = pageTarget.getPage().getClass();
                            } else
                            if(requestTarget instanceof
IBookmarkablePageRequestTarget)
                            {
                                IBookmarkablePageRequestTarget
bookmarkableTarget = (IBookmarkablePageRequestTarget)requestTarget;
                                pageClass =
bookmarkableTarget.getPageClass();
                            }
                            if(pageClass != null &&
!httpServletRequest.isSecure() &&
pageClass.isAnnotationPresent(RequiredSSL.class))
                            {
                                
                                StringBuffer url = new StringBuffer((new
StringBuilder()).append("https://";).append(httpServletRequest.getServerName()).toString());
                                url.append(":8443");
                                String q =
RequestCycle.get().urlFor(requestTarget).toString();
                                url.append(q);
                                webResponse.redirect(url.toString());
                            } else
                            if(pageClass != null &&
httpServletRequest.isSecure() &&
!pageClass.isAnnotationPresent(RequiredSSL.class))
                            {
                                StringBuffer url = new StringBuffer((new
StringBuilder()).append("http://";).append(httpServletRequest.getServerName()).toString());
                                String q =
RequestCycle.get().urlFor(requestTarget).toString();
                                url.append(q);
                                webResponse.redirect(url.toString());
                            } 
                            try{
                              requestTarget.respond(requestCycle);
                             }catch(Exception e){
                              logger.debug("Error caught:  "+e);
                             }
                        }
                    }
                };
            }

        };
    }
}


It's more of a hack than an elegant solution. It would be nice for the
designers to release a robust example of SSL working with roles and
authorization.


wired wrote:
> 
> Hi
> 
> I'm trying to mix authentication using annotations and SSL, but I'm having
> problems.
> 
> I am simply using the code found in the auth-roles-examples (1.2.1) and I
> have made some changes using the "Switch to SSL" example
> (http://www.wicket-wiki.org.uk/wiki/index.php/Switch_to_SSL_mode)
> 
> If I try to access a page that requires me to sign in, and I am redirected
> to the MySignInPage to which I have added the annotation @RequiredSSL, an
> exception is thrown which is caused by:
> 
>  wicket.WicketRuntimeException: Already redirecting to
> 'https://localhost:8443/wirap/authentication?wicket:interface=:1::'.
> Cannot redirect more than once
> 
> Now I have verified that the @RequiredSSL annotation works. It only fails
> when I try to access a page that requires authorization and I'm redirected
> to the login page over SSL.
> 
> Does anyone have any solutions?
> 
> Many thanks in advance!
> 

-- 
View this message in context: 
http://www.nabble.com/ssl%2C-roles-and-authorization-tf2087198.html#a5762945
Sent from the Wicket - User forum at Nabble.com.


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Reply via email to