I want to be able to have a nice, clean implementation of one authorization strategy for all of my applications such that once I've signed in for one application, I'm signed in for all of them.
My rough plan was to create a concrete class implementing IAuthorizationStrategy, a SignIn.java and corresponding SignIn.html. Then in any application that needed authorization, I'd call setAuthorizationStrategy and pass in an instance of my SignInAuthorizationStrategy. The problem is that I *don't* want to have to force all of my applications to override getSessionFactory to provide a session for authorization; This is both because the applications may want to put something else in the session for their own use, and because this wouldn't solve my sign-in problem anyway. I'd still end up having to sign in once per application. The only way I can think to do it is a fairly gross-looking hack to get at the HttpSession object and put my authorization-related objects in the user's HTTP session diroctly. This strikes me as inelegant, since it steps outside the framework to perform tasks inside the framework. It also doesn't look like I can make SignIn its own WebApplication, since RestartResponseAtInterceptPageException takes a Page, not an Application. And if I call getSession on the SignIn page component, I'm going to get the Application's session, which again won't be shared across all applications. I don't want to jam anything into a cookie and rely on that, since this would open up a vulnerability to xss-style attacks. Is there a "right" way to do this in Wicket? Nick -- When you're a kid, they tell you it's all grow up, get a job, get married, get a house, have a kid, and that's it. No, the truth is the world is so much stranger than that. It's so much darker, and so much madder. And so much better. -- Elton, Doctor Who, "Love and Monsters" This message has been brought to you by Nick Johnson 2.1 and the number 6. http://healerNick.com/ http://morons.org/ http://spatula.net/ ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user