Re: Wicket and HttpServletRequestWrapper
Hi Martin,
In regards to my post:
http://apache-wicket.1842946.n4.nabble.com/Wicket-and-HttpServletRequestWrapper-tc2930919.html#a2930919
It seems that the HttpServletRequest is always preserved as a member,
however
WebRequestCycleProcessor{
resolve{
...
// See whether this request points to a bookmarkable page
if (requestParameters.getBookmarkablePageClass() != null) {
target = resolveBookmarkablePage(requestCycle,
requestParameters);
}
}
Always return null and resolve falls back on the HomePage.
Thanks
--
View this message in context:
http://apache-wicket.1842946.n4.nabble.com/Re-Wicket-and-HttpServletRequestWrapper-tp2917025p2954232.html
Sent from the Users forum mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
Re: Wicket and HttpServletRequestWrapper
I made a post then deleted it, and reposted with different update -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Re-Wicket-and-HttpServletRequestWrapper-tp2917025p2954276.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Wicket and HttpServletRequestWrapper
Hi,
I am trying to implement Wicket1.4.10 + Wicket-Auth-role + Spring Security +
SSO (SiteMinder)..
I am mocking siteMinder by using a Filter that is invoked first after each
request, this filter wraps the original HttpServletRequest by my
MockRequest. MockRequest adds 2 headers SM_USER and SM_ROLE.
In a debug mode, I can see the MockRequest passed through 2 Spring Security
filters (SecurityContextPersistenceFilter and
preauth.RequestHeaderAuthenticationFilter)..and all the request headers set:
Get which points to my next page and 2 SiteMinder headers.
However, the third filter in the chain, WicketFilter, creates a new request
and I loose my Get next page and my 2 siteMinder headers
WicketFilter
doFilter(){
...
if (lastModified == -1){
boolean requestHandledByWicket = doGet(httpServletRequest,
httpServletResponse);
if (requestHandledByWicket == false){
chain.doFilter(request, response);
}
}
}
doGet(){
..
// Create a new webrequest to wrap the request
final WebRequest request = webApplication.newWebRequest(servletRequest);
}
Any request will bring me to the home page
Thanks
--
View this message in context:
http://apache-wicket.1842946.n4.nabble.com/Wicket-and-HttpServletRequestWrapper-tp2910960p2910960.html
Sent from the Users forum mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
Wicket and HttpServletRequestWrapper
Hi,
I am trying to implement Wicket1.4.10 + Wicket-Auth-role + Spring Security +
SSO (SiteMinder)..
I am mocking siteMinder by using a Filter that is invoked first after each
request, this filter wraps the original HttpServletRequest by my
MockRequest. MockRequest adds 2 headers SM_USER and SM_ROLE.
In a debug mode, I can see the MockRequest passed through 2 Spring Security
filters (SecurityContextPersistenceFilter and
preauth.RequestHeaderAuthenticationFilter) and then to WicketFilter.
The problem is that WebRequestCycleProcessor always picks up the Home page
as the requested page. The process flow is:
WicketFilter {
doFilter(){
...
doGet()
}
doGet(){
..
RequestCycle.request()
}
}
RequestCycle {
request(){
step()
}
step(){
...
case RESOLVE_TARGET : {
// resolve the target of the request using the request
parameters
final IRequestTarget target = processor.resolve(this,
request.getRequestParameters());
}
}
WebRequestCycleProcessor{
resolve{
...
// See whether this request points to a bookmarkable page
if (requestParameters.getBookmarkablePageClass() != null) {
target = resolveBookmarkablePage(requestCycle,
requestParameters);
}
..
// See whether this request points to the home page
else if (Strings.isEmpty(path) || (/.equals(path))){
target = resolveHomePageTarget(requestCycle,
requestParameters);
}
}
}
The call requestParameters.getBookmarkablePageClass always return null.
In requestParameters object I can see the para: queryString set to my
requested page: wicket:bookmarkablePage=:wicket.story9.page.Home
The resole method always ends up at target =
resolveHomePageTarget(requestCycle, requestParameters);
A partial dump of request object:
GET /1WicketExample/?wicket:bookmarkablePage=:web.wicket.story9.page.Home
HTTP/1.1
Accept: image/gif,
Referer: http://localhost:8080/1WicketExample/
I appreciate any help
--
View this message in context:
http://apache-wicket.1842946.n4.nabble.com/Wicket-and-HttpServletRequestWrapper-tp2930919p2930919.html
Sent from the Users forum mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
wicket-auth-roles and SSO
Hi, Our application relies on Wicket-auth-roles, Spring Security 3 and SSO (SiteMinder); The login page (login mechanism) is outside of the application. Our WebApplication must extend AuthenticatedWebapplication and thus implement getSignInPageClass(); What should we return ? Thanks -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/wicket-auth-roles-and-SSO-tp2754607p2754607.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: wicket-auth-roles and spring security 3.x
Hi James, I am trying to migrate your Wicket-advanced example to use Spring Security 3 and the Pre-authentication scheme (Letting SiteMinder do the authentication). Since it is in development mode, I configured a filter to mock siteMinder by setting some headers (SM_User, SM_Role).. I have changed the security context xml file as follow: When I execute the application, I can see the spring security in action (getting headers from SiteMinder -filter- and authentication,) I get to the home page file. However, any link I click on from the home page will take me back to the home page.. Appreciate any insights thanks Youcef context:annotation-config / context:spring-configured / bean id=springSecurityFilterChain class=org.springframework.security.web.FilterChainProxy security:filter-chain-map path-type=ant security:filter-chain pattern=/** filters=scpf,siteminderFilter / /security:filter-chain-map /bean bean id=scpf class=org.springframework.security.web.context.SecurityContextPersistenceFilter property name=forceEagerSessionCreation value=true / /bean security:global-method-security secured-annotations=enabled / bean id=siteminderFilter class=org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter property name=principalRequestHeader value=SM_USER / property name=authenticationManager ref=authenticationManager / property name=authenticationDetailsSource ref=MyWebAuthenticationDetailsSource / !-- the filter chain will not proceed when an authentication attempt fails -- property name=continueFilterChainOnUnsuccessfulAuthentication value=false / /bean security:authentication-manager alias=authenticationManager security:authentication-provider ref=preAuthenticatedAuthenticationProvider / /security:authentication-manager bean id=preAuthenticatedAuthenticationProvider class=org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider property name=preAuthenticatedUserDetailsService ref=preAuthenticatedUserDetailsService / /bean bean id=preAuthenticatedUserDetailsService class=org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService / bean id=MyWebAuthenticationDetailsSource class=org.springframework.security.web.authentication.WebAuthenticationDetailsSource property name=clazz value=wicket.common.security.siteminder.MyPreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails / /bean /beans -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/wicket-auth-roles-and-spring-security-2-x-tp1844462p2719180.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
