Re: setPageExpiredErrorPage(PageExpired.class) -> Login page loaded instead of PageExpired page
sure will take a look...thanks Mr Mean wrote: > > I thought it better to reply here, so everyone can find it back later :) > > As said before by default any self especting authorization strategy > will redirect to a login page if it detects that the user is not > authorized for the page / component currently being created. So the > trick is to make sure that error pages like PageExpiredErrorPage are > always authorized, how to do that depends on the framework of your > choice. > > In the case of wicket-auth-roles there are potentially 2 places this > happens: > AnnotationsRoleAuthorizationStrategy#isInstantiationAuthorized > MetaDataRoleAuthorizationStrategy#isInstantiationAuthorized > > I suggest placing a breakpoint in both places and step through to see > what is denying the pageexpiredpage to instantiate. > > Also if you are building custom errorpages it always is a good idea to > override isErrorPage to return true. (could not tell if that is what > you are doing, but just in case) > > As for documentation for wicket-auth-roles: i am only aware of > http://cwiki.apache.org/WICKET/acegi-and-wicket-auth-roles.html which > has a slightly different focus then what you need :) > of course you could always check the examples. > > Maurice > > On Wed, Jun 4, 2008 at 1:50 AM, mfs <[EMAIL PROTECTED]> wrote: >> >> I am facing a similar issue, can someone direct me to right >> documentation, as >> to how to redirect to sessionExpiredPage instead of login page if session >> has expired.. >> >> >> >> jd17 wrote: >>> >>> Hi Maurice, >>> thanks for your quick response. I have tested quite a bit this morning >>> and >>> in most cases, the PageExpired page is being instantiated and redirected >>> to on timeouts, but in other cases, it is not. I do not understand the >>> exact circumstances, but I don't think the security strategy settings >>> play >>> a role because otherwise, I would not see the PageExpired page at all. >>> José >>> >>> >>> Mr Mean wrote: Looks like your security strategy is not allowing your pageexpired page to be instantiated. >>> >>> >> >> -- >> View this message in context: >> http://www.nabble.com/setPageExpiredErrorPage%28PageExpired.class%29--%3E-Login-page-loaded-instead-of-PageExpired-page-tp17596262p17636338.html >> Sent from the Wicket - User mailing list archive at Nabble.com. >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/setPageExpiredErrorPage%28PageExpired.class%29--%3E-Login-page-loaded-instead-of-PageExpired-page-tp17596262p17641471.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: setPageExpiredErrorPage(PageExpired.class) -> Login page loaded instead of PageExpired page
I thought it better to reply here, so everyone can find it back later :) As said before by default any self especting authorization strategy will redirect to a login page if it detects that the user is not authorized for the page / component currently being created. So the trick is to make sure that error pages like PageExpiredErrorPage are always authorized, how to do that depends on the framework of your choice. In the case of wicket-auth-roles there are potentially 2 places this happens: AnnotationsRoleAuthorizationStrategy#isInstantiationAuthorized MetaDataRoleAuthorizationStrategy#isInstantiationAuthorized I suggest placing a breakpoint in both places and step through to see what is denying the pageexpiredpage to instantiate. Also if you are building custom errorpages it always is a good idea to override isErrorPage to return true. (could not tell if that is what you are doing, but just in case) As for documentation for wicket-auth-roles: i am only aware of http://cwiki.apache.org/WICKET/acegi-and-wicket-auth-roles.html which has a slightly different focus then what you need :) of course you could always check the examples. Maurice On Wed, Jun 4, 2008 at 1:50 AM, mfs <[EMAIL PROTECTED]> wrote: > > I am facing a similar issue, can someone direct me to right documentation, as > to how to redirect to sessionExpiredPage instead of login page if session > has expired.. > > > > jd17 wrote: >> >> Hi Maurice, >> thanks for your quick response. I have tested quite a bit this morning and >> in most cases, the PageExpired page is being instantiated and redirected >> to on timeouts, but in other cases, it is not. I do not understand the >> exact circumstances, but I don't think the security strategy settings play >> a role because otherwise, I would not see the PageExpired page at all. >> José >> >> >> Mr Mean wrote: >>> >>> Looks like your security strategy is not allowing your pageexpired >>> page to be instantiated. >>> >> >> > > -- > View this message in context: > http://www.nabble.com/setPageExpiredErrorPage%28PageExpired.class%29--%3E-Login-page-loaded-instead-of-PageExpired-page-tp17596262p17636338.html > Sent from the Wicket - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: setPageExpiredErrorPage(PageExpired.class) -> Login page loaded instead of PageExpired page
I am facing a similar issue, can someone direct me to right documentation, as to how to redirect to sessionExpiredPage instead of login page if session has expired.. jd17 wrote: > > Hi Maurice, > thanks for your quick response. I have tested quite a bit this morning and > in most cases, the PageExpired page is being instantiated and redirected > to on timeouts, but in other cases, it is not. I do not understand the > exact circumstances, but I don't think the security strategy settings play > a role because otherwise, I would not see the PageExpired page at all. > José > > > Mr Mean wrote: >> >> Looks like your security strategy is not allowing your pageexpired >> page to be instantiated. >> > > -- View this message in context: http://www.nabble.com/setPageExpiredErrorPage%28PageExpired.class%29--%3E-Login-page-loaded-instead-of-PageExpired-page-tp17596262p17636338.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: setPageExpiredErrorPage(PageExpired.class) -> Login page loaded instead of PageExpired page
Maurice, you were on the right track, thanks a lot! Some time ago I had defined the authorization strategy as follows: getSecuritySettings().setAuthorizationStrategy(new IAuthorizationStrategy() { ... public boolean isInstantiationAuthorized(Class componentClass) { if (SecureStyledPage.class.isAssignableFrom(componentClass)) { if (!((MWSession) Session.get()).isUserLoggedIn()) { // Force sign in throw new RestartResponseAtInterceptPageException(Login.class); } else { return true; } } return true; } and forgotten about it. So this was the reason why it went wrong and this is the place to correct things. Cheers José -- View this message in context: http://www.nabble.com/setPageExpiredErrorPage%28PageExpired.class%29--%3E-Login-page-loaded-instead-of-PageExpired-page-tp17596262p17597602.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: setPageExpiredErrorPage(PageExpired.class) -> Login page loaded instead of PageExpired page
Hi Maurice, thanks for your quick response. I have tested quite a bit this morning and in most cases, the PageExpired page is being instantiated and redirected to on timeouts, but in other cases, it is not. I do not understand the exact circumstances, but I don't think the security strategy settings play a role because otherwise, I would not see the PageExpired page at all. José Mr Mean wrote: > > Looks like your security strategy is not allowing your pageexpired > page to be instantiated. > -- View this message in context: http://www.nabble.com/setPageExpiredErrorPage%28PageExpired.class%29--%3E-Login-page-loaded-instead-of-PageExpired-page-tp17596262p17597039.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: setPageExpiredErrorPage(PageExpired.class) -> Login page loaded instead of PageExpired page
Looks like your security strategy is not allowing your pageexpired page to be instantiated. in that case it will try to render the login page. Note that this is default behavior both in wicket-auth-roles and swarm. Check the documentation for how to set your security strategy to allow wicket to create an instance of the page. Maurice On Mon, Jun 2, 2008 at 10:22 AM, jd17 <[EMAIL PROTECTED]> wrote: > > Hi, > > in my Wicket application (using Wicket 1.3.3) I have a Login page. In case > of a session timeout, the user is supposed to be sent back to something > looking like the login page with an additional text "Your session has timed > out". > > So I thought the best way to deal with this would be to create a PageExpired > class derived from the Login class and use markup inheritance to add the > "Your session has timed out" text, so there is no duplication and there are > just a few lines to add. In the init() method of my WebApplication subclass > I say > > getApplicationSettings().setPageExpiredErrorPage(PageExpired.class); > > But, unfortunately, on session expiry in most cases the Login Page is loaded > instead of the PageExpired page. I could not find out conditions under which > the Login page is being loaded instead of the PageExpired page. I tried to > debug the Wicket code itself but got lost somewhere and did not find the > point where the original target (before the timeout) gets replaced by the > Login page. Also, I noticed that in no case the getPageExpiredErrorPage() > Method of the Settings class was called. > > Do you have any ideas or maybe an alternative approach? > > José > -- > View this message in context: > http://www.nabble.com/setPageExpiredErrorPage%28PageExpired.class%29--%3E-Login-page-loaded-instead-of-PageExpired-page-tp17596262p17596262.html > Sent from the Wicket - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
setPageExpiredErrorPage(PageExpired.class) -> Login page loaded instead of PageExpired page
Hi, in my Wicket application (using Wicket 1.3.3) I have a Login page. In case of a session timeout, the user is supposed to be sent back to something looking like the login page with an additional text "Your session has timed out". So I thought the best way to deal with this would be to create a PageExpired class derived from the Login class and use markup inheritance to add the "Your session has timed out" text, so there is no duplication and there are just a few lines to add. In the init() method of my WebApplication subclass I say getApplicationSettings().setPageExpiredErrorPage(PageExpired.class); But, unfortunately, on session expiry in most cases the Login Page is loaded instead of the PageExpired page. I could not find out conditions under which the Login page is being loaded instead of the PageExpired page. I tried to debug the Wicket code itself but got lost somewhere and did not find the point where the original target (before the timeout) gets replaced by the Login page. Also, I noticed that in no case the getPageExpiredErrorPage() Method of the Settings class was called. Do you have any ideas or maybe an alternative approach? José -- View this message in context: http://www.nabble.com/setPageExpiredErrorPage%28PageExpired.class%29--%3E-Login-page-loaded-instead-of-PageExpired-page-tp17596262p17596262.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]