Re: custom expired page
there is no way in j2ee spec to determine if a previous session existed. page expiration is an artifact of using wicket and if you use stateful links you can determine it. if you use bookmarkable links then you cannot. -igor On Mon, Apr 27, 2009 at 1:34 PM, alec wrote: > maybe i should move away from the notion of a page. is there some way to > determine if the session expired then? replacing all those > BookmarkablePageLink's with normal links isn't an ideal solution. it'd be > enough if at the login page there was something i could check that would > tell me the session had expired. > > Matej Knopp wrote: >> >> If you use bookmarkable link then it's proper behavior. >> >> Bookmarkable link creates new page instance. It will never give you >> expired error. >> >> -Matej >> >> On Mon, Apr 27, 2009 at 9:50 PM, alec wrote: >> >>> >>> are you referring to the java code i write for the link? >>> >>> it'd be something like: >>> add(new BookmarkablePageLink("home", Application.get().getHomePage()); >>> >>> it's not something special about the link which causes it to redirect to >>> the >>> login page, it's that the homepage class (and several others) requires >>> the >>> user to have a certain role to instantiate it. >>> >>> >>> Matej Knopp wrote: >>> can you paste here a link that redirects to login page? -Matej On Mon, Apr 27, 2009 at 9:39 PM, alec wrote: > > sorry if that sounded confusing, but it's not the expiredpage that > requires > authorization, it's the destination of the link that was clicked. > > e.g. the user clicks the link to home (which requires authorization) > and > instead of getting the expired page they get the login page. > > Igor Vaynberg wrote: > > >> >> make your ExpiredPage not require authorization/authentication >> >> -igor >> >> On Mon, Apr 27, 2009 at 12:32 PM, alec >> wrote: >> >> >> >>> >>> We have a wicket 1.3.5 application and are having trouble redirecting >>> to >>> an >>> expired page if the user clicks on a link after the session expired. >>> in >>> our >>> application's init method we have the call >>> getApplicationSettings().setPageExpiredErrorPage(ExpiredPage.class); >>> and this works if they click on a normal link after the session has >>> been >>> expired, but we're also using the AuthorizeInstantiation annotations >>> (from >>> wicket-auth-roles) on several pages that forces a logged in user to >>> have >>> a >>> certain role to access the page or be redirected to the login page. >>> Our >>> problem is that if the session expired then the user gets redirected >>> to >>> the >>> login page because of an unauthorized instantiation instead of being >>> redirected to the expired page. >>> Is there some way to work around this, or is there a way to determine >>> if >>> the >>> session had expired on the login page so we could display a message >>> there? >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>> For additional commands, e-mail: users-h...@wicket.apache.org >>> >>> >>> >>> >>> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> >> >> > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > > > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>> For additional commands, e-mail: users-h...@wicket.apache.org >>> >>> >>> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> > > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: custom expired page
maybe i should move away from the notion of a page. is there some way to determine if the session expired then? replacing all those BookmarkablePageLink's with normal links isn't an ideal solution. it'd be enough if at the login page there was something i could check that would tell me the session had expired. Matej Knopp wrote: If you use bookmarkable link then it's proper behavior. Bookmarkable link creates new page instance. It will never give you expired error. -Matej On Mon, Apr 27, 2009 at 9:50 PM, alec wrote: are you referring to the java code i write for the link? it'd be something like: add(new BookmarkablePageLink("home", Application.get().getHomePage()); it's not something special about the link which causes it to redirect to the login page, it's that the homepage class (and several others) requires the user to have a certain role to instantiate it. Matej Knopp wrote: can you paste here a link that redirects to login page? -Matej On Mon, Apr 27, 2009 at 9:39 PM, alec wrote: sorry if that sounded confusing, but it's not the expiredpage that requires authorization, it's the destination of the link that was clicked. e.g. the user clicks the link to home (which requires authorization) and instead of getting the expired page they get the login page. Igor Vaynberg wrote: make your ExpiredPage not require authorization/authentication -igor On Mon, Apr 27, 2009 at 12:32 PM, alec wrote: We have a wicket 1.3.5 application and are having trouble redirecting to an expired page if the user clicks on a link after the session expired. in our application's init method we have the call getApplicationSettings().setPageExpiredErrorPage(ExpiredPage.class); and this works if they click on a normal link after the session has been expired, but we're also using the AuthorizeInstantiation annotations (from wicket-auth-roles) on several pages that forces a logged in user to have a certain role to access the page or be redirected to the login page. Our problem is that if the session expired then the user gets redirected to the login page because of an unauthorized instantiation instead of being redirected to the expired page. Is there some way to work around this, or is there a way to determine if the session had expired on the login page so we could display a message there? - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: custom expired page
Like because your expired page requires the role. Remove the role annotation. - Brill Pappin On 27-Apr-09, at 3:32 PM, alec wrote: We have a wicket 1.3.5 application and are having trouble redirecting to an expired page if the user clicks on a link after the session expired. in our application's init method we have the call getApplicationSettings().setPageExpiredErrorPage(ExpiredPage.class); and this works if they click on a normal link after the session has been expired, but we're also using the AuthorizeInstantiation annotations (from wicket-auth-roles) on several pages that forces a logged in user to have a certain role to access the page or be redirected to the login page. Our problem is that if the session expired then the user gets redirected to the login page because of an unauthorized instantiation instead of being redirected to the expired page. Is there some way to work around this, or is there a way to determine if the session had expired on the login page so we could display a message there? - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: custom expired page
If you use bookmarkable link then it's proper behavior. Bookmarkable link creates new page instance. It will never give you expired error. -Matej On Mon, Apr 27, 2009 at 9:50 PM, alec wrote: > are you referring to the java code i write for the link? > > it'd be something like: > add(new BookmarkablePageLink("home", Application.get().getHomePage()); > > it's not something special about the link which causes it to redirect to the > login page, it's that the homepage class (and several others) requires the > user to have a certain role to instantiate it. > > > Matej Knopp wrote: >> >> can you paste here a link that redirects to login page? >> >> -Matej >> >> On Mon, Apr 27, 2009 at 9:39 PM, alec wrote: >> >>> >>> sorry if that sounded confusing, but it's not the expiredpage that >>> requires >>> authorization, it's the destination of the link that was clicked. >>> >>> e.g. the user clicks the link to home (which requires authorization) and >>> instead of getting the expired page they get the login page. >>> >>> Igor Vaynberg wrote: >>> make your ExpiredPage not require authorization/authentication -igor On Mon, Apr 27, 2009 at 12:32 PM, alec wrote: > > We have a wicket 1.3.5 application and are having trouble redirecting > to > an > expired page if the user clicks on a link after the session expired. > in > our > application's init method we have the call > getApplicationSettings().setPageExpiredErrorPage(ExpiredPage.class); > and this works if they click on a normal link after the session has > been > expired, but we're also using the AuthorizeInstantiation annotations > (from > wicket-auth-roles) on several pages that forces a logged in user to > have > a > certain role to access the page or be redirected to the login page. > Our > problem is that if the session expired then the user gets redirected to > the > login page because of an unauthorized instantiation instead of being > redirected to the expired page. > Is there some way to work around this, or is there a way to determine > if > the > session had expired on the login page so we could display a message > there? > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > > > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>> For additional commands, e-mail: users-h...@wicket.apache.org >>> >>> >>> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> > > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: custom expired page
are you referring to the java code i write for the link? it'd be something like: add(new BookmarkablePageLink("home", Application.get().getHomePage()); it's not something special about the link which causes it to redirect to the login page, it's that the homepage class (and several others) requires the user to have a certain role to instantiate it. Matej Knopp wrote: can you paste here a link that redirects to login page? -Matej On Mon, Apr 27, 2009 at 9:39 PM, alec wrote: sorry if that sounded confusing, but it's not the expiredpage that requires authorization, it's the destination of the link that was clicked. e.g. the user clicks the link to home (which requires authorization) and instead of getting the expired page they get the login page. Igor Vaynberg wrote: make your ExpiredPage not require authorization/authentication -igor On Mon, Apr 27, 2009 at 12:32 PM, alec wrote: We have a wicket 1.3.5 application and are having trouble redirecting to an expired page if the user clicks on a link after the session expired. in our application's init method we have the call getApplicationSettings().setPageExpiredErrorPage(ExpiredPage.class); and this works if they click on a normal link after the session has been expired, but we're also using the AuthorizeInstantiation annotations (from wicket-auth-roles) on several pages that forces a logged in user to have a certain role to access the page or be redirected to the login page. Our problem is that if the session expired then the user gets redirected to the login page because of an unauthorized instantiation instead of being redirected to the expired page. Is there some way to work around this, or is there a way to determine if the session had expired on the login page so we could display a message there? - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: custom expired page
can you paste here a link that redirects to login page? -Matej On Mon, Apr 27, 2009 at 9:39 PM, alec wrote: > sorry if that sounded confusing, but it's not the expiredpage that requires > authorization, it's the destination of the link that was clicked. > > e.g. the user clicks the link to home (which requires authorization) and > instead of getting the expired page they get the login page. > > Igor Vaynberg wrote: >> >> make your ExpiredPage not require authorization/authentication >> >> -igor >> >> On Mon, Apr 27, 2009 at 12:32 PM, alec wrote: >> >>> >>> We have a wicket 1.3.5 application and are having trouble redirecting to >>> an >>> expired page if the user clicks on a link after the session expired. in >>> our >>> application's init method we have the call >>> getApplicationSettings().setPageExpiredErrorPage(ExpiredPage.class); >>> and this works if they click on a normal link after the session has been >>> expired, but we're also using the AuthorizeInstantiation annotations >>> (from >>> wicket-auth-roles) on several pages that forces a logged in user to have >>> a >>> certain role to access the page or be redirected to the login page. Our >>> problem is that if the session expired then the user gets redirected to >>> the >>> login page because of an unauthorized instantiation instead of being >>> redirected to the expired page. >>> Is there some way to work around this, or is there a way to determine if >>> the >>> session had expired on the login page so we could display a message >>> there? >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>> For additional commands, e-mail: users-h...@wicket.apache.org >>> >>> >>> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> > > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: custom expired page
sorry if that sounded confusing, but it's not the expiredpage that requires authorization, it's the destination of the link that was clicked. e.g. the user clicks the link to home (which requires authorization) and instead of getting the expired page they get the login page. Igor Vaynberg wrote: make your ExpiredPage not require authorization/authentication -igor On Mon, Apr 27, 2009 at 12:32 PM, alec wrote: We have a wicket 1.3.5 application and are having trouble redirecting to an expired page if the user clicks on a link after the session expired. in our application's init method we have the call getApplicationSettings().setPageExpiredErrorPage(ExpiredPage.class); and this works if they click on a normal link after the session has been expired, but we're also using the AuthorizeInstantiation annotations (from wicket-auth-roles) on several pages that forces a logged in user to have a certain role to access the page or be redirected to the login page. Our problem is that if the session expired then the user gets redirected to the login page because of an unauthorized instantiation instead of being redirected to the expired page. Is there some way to work around this, or is there a way to determine if the session had expired on the login page so we could display a message there? - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: custom expired page
make your ExpiredPage not require authorization/authentication -igor On Mon, Apr 27, 2009 at 12:32 PM, alec wrote: > We have a wicket 1.3.5 application and are having trouble redirecting to an > expired page if the user clicks on a link after the session expired. in our > application's init method we have the call > getApplicationSettings().setPageExpiredErrorPage(ExpiredPage.class); > and this works if they click on a normal link after the session has been > expired, but we're also using the AuthorizeInstantiation annotations (from > wicket-auth-roles) on several pages that forces a logged in user to have a > certain role to access the page or be redirected to the login page. Our > problem is that if the session expired then the user gets redirected to the > login page because of an unauthorized instantiation instead of being > redirected to the expired page. > Is there some way to work around this, or is there a way to determine if the > session had expired on the login page so we could display a message there? > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
custom expired page
We have a wicket 1.3.5 application and are having trouble redirecting to an expired page if the user clicks on a link after the session expired. in our application's init method we have the call getApplicationSettings().setPageExpiredErrorPage(ExpiredPage.class); and this works if they click on a normal link after the session has been expired, but we're also using the AuthorizeInstantiation annotations (from wicket-auth-roles) on several pages that forces a logged in user to have a certain role to access the page or be redirected to the login page. Our problem is that if the session expired then the user gets redirected to the login page because of an unauthorized instantiation instead of being redirected to the expired page. Is there some way to work around this, or is there a way to determine if the session had expired on the login page so we could display a message there? - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org