Re: Wicket and HttpServletRequestWrapper
Hi Martin, In regards to my post: http://apache-wicket.1842946.n4.nabble.com/Wicket-and-HttpServletRequestWrapper-tc2930919.html#a2930919 It seems that the HttpServletRequest is always preserved as a member, however WebRequestCycleProcessor{ resolve{ ... // See whether this request points to a bookmarkable page if (requestParameters.getBookmarkablePageClass() != null) { target = resolveBookmarkablePage(requestCycle, requestParameters); } } Always return null and resolve falls back on the HomePage. Thanks -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Re-Wicket-and-HttpServletRequestWrapper-tp2917025p2954232.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Wicket and HttpServletRequestWrapper
I made a post then deleted it, and reposted with different update -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Re-Wicket-and-HttpServletRequestWrapper-tp2917025p2954276.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Wicket and HttpServletRequestWrapper
Hi, I am trying to implement Wicket1.4.10 + Wicket-Auth-role + Spring Security + SSO (SiteMinder).. I am mocking siteMinder by using a Filter that is invoked first after each request, this filter wraps the original HttpServletRequest by my MockRequest. MockRequest adds 2 headers SM_USER and SM_ROLE. In a debug mode, I can see the MockRequest passed through 2 Spring Security filters (SecurityContextPersistenceFilter and preauth.RequestHeaderAuthenticationFilter)..and all the request headers set: Get which points to my next page and 2 SiteMinder headers. However, the third filter in the chain, WicketFilter, creates a new request and I loose my Get next page and my 2 siteMinder headers WicketFilter doFilter(){ ... if (lastModified == -1){ boolean requestHandledByWicket = doGet(httpServletRequest, httpServletResponse); if (requestHandledByWicket == false){ chain.doFilter(request, response); } } } doGet(){ .. // Create a new webrequest to wrap the request final WebRequest request = webApplication.newWebRequest(servletRequest); } Any request will bring me to the home page Thanks -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Wicket-and-HttpServletRequestWrapper-tp2910960p2910960.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Wicket and HttpServletRequestWrapper
Hi, I am trying to implement Wicket1.4.10 + Wicket-Auth-role + Spring Security + SSO (SiteMinder).. I am mocking siteMinder by using a Filter that is invoked first after each request, this filter wraps the original HttpServletRequest by my MockRequest. MockRequest adds 2 headers SM_USER and SM_ROLE. In a debug mode, I can see the MockRequest passed through 2 Spring Security filters (SecurityContextPersistenceFilter and preauth.RequestHeaderAuthenticationFilter) and then to WicketFilter. The problem is that WebRequestCycleProcessor always picks up the Home page as the requested page. The process flow is: WicketFilter { doFilter(){ ... doGet() } doGet(){ .. RequestCycle.request() } } RequestCycle { request(){ step() } step(){ ... case RESOLVE_TARGET : { // resolve the target of the request using the request parameters final IRequestTarget target = processor.resolve(this, request.getRequestParameters()); } } WebRequestCycleProcessor{ resolve{ ... // See whether this request points to a bookmarkable page if (requestParameters.getBookmarkablePageClass() != null) { target = resolveBookmarkablePage(requestCycle, requestParameters); } .. // See whether this request points to the home page else if (Strings.isEmpty(path) || (/.equals(path))){ target = resolveHomePageTarget(requestCycle, requestParameters); } } } The call requestParameters.getBookmarkablePageClass always return null. In requestParameters object I can see the para: queryString set to my requested page: wicket:bookmarkablePage=:wicket.story9.page.Home The resole method always ends up at target = resolveHomePageTarget(requestCycle, requestParameters); A partial dump of request object: GET /1WicketExample/?wicket:bookmarkablePage=:web.wicket.story9.page.Home HTTP/1.1 Accept: image/gif, Referer: http://localhost:8080/1WicketExample/ I appreciate any help -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Wicket-and-HttpServletRequestWrapper-tp2930919p2930919.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
wicket-auth-roles and SSO
Hi, Our application relies on Wicket-auth-roles, Spring Security 3 and SSO (SiteMinder); The login page (login mechanism) is outside of the application. Our WebApplication must extend AuthenticatedWebapplication and thus implement getSignInPageClass(); What should we return ? Thanks -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/wicket-auth-roles-and-SSO-tp2754607p2754607.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: wicket-auth-roles and spring security 3.x
Hi James, I am trying to migrate your Wicket-advanced example to use Spring Security 3 and the Pre-authentication scheme (Letting SiteMinder do the authentication). Since it is in development mode, I configured a filter to mock siteMinder by setting some headers (SM_User, SM_Role).. I have changed the security context xml file as follow: When I execute the application, I can see the spring security in action (getting headers from SiteMinder -filter- and authentication,) I get to the home page file. However, any link I click on from the home page will take me back to the home page.. Appreciate any insights thanks Youcef context:annotation-config / context:spring-configured / bean id=springSecurityFilterChain class=org.springframework.security.web.FilterChainProxy security:filter-chain-map path-type=ant security:filter-chain pattern=/** filters=scpf,siteminderFilter / /security:filter-chain-map /bean bean id=scpf class=org.springframework.security.web.context.SecurityContextPersistenceFilter property name=forceEagerSessionCreation value=true / /bean security:global-method-security secured-annotations=enabled / bean id=siteminderFilter class=org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter property name=principalRequestHeader value=SM_USER / property name=authenticationManager ref=authenticationManager / property name=authenticationDetailsSource ref=MyWebAuthenticationDetailsSource / !-- the filter chain will not proceed when an authentication attempt fails -- property name=continueFilterChainOnUnsuccessfulAuthentication value=false / /bean security:authentication-manager alias=authenticationManager security:authentication-provider ref=preAuthenticatedAuthenticationProvider / /security:authentication-manager bean id=preAuthenticatedAuthenticationProvider class=org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider property name=preAuthenticatedUserDetailsService ref=preAuthenticatedUserDetailsService / /bean bean id=preAuthenticatedUserDetailsService class=org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService / bean id=MyWebAuthenticationDetailsSource class=org.springframework.security.web.authentication.WebAuthenticationDetailsSource property name=clazz value=wicket.common.security.siteminder.MyPreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails / /bean /beans -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/wicket-auth-roles-and-spring-security-2-x-tp1844462p2719180.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org