Re: [Wicket-user] AuthenticatedWebApplication - Component Level Authentication
Please do, yesterday i checked in some changes that should redirect you to the login page if you place secure components on a non secure page. All the documentation and examples are still work in progress but you could check out the junit tests and the documentation here http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm and here http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security Maurice On 6/3/07, mchack <[EMAIL PROTECTED]> wrote: > > The override of onUnauthorizedPage didn't work because the framework was > throwing the UnauthorizedInstantiationException because the page itself was > not secure, but the component was. I was able to handle this by overriding > the WebRequestCycle to handle exceptions explicitly as indicated in the > previous post: > > http://www.nabble.com/Exception-Strategy-in-1.3-tf3793570.html#a10790773 > > My reason for doing this is that I have a fairly generic bookmarkable page > (single class) that will serve up varied content (markup) depending upon the > URL. I also have a dynamic mechanism using resolve() to detect wicket:id's > that have behavior of my choosing. So, my motivation is that while the pages > themselves are not declared "secure", the HTML developer could inadvertantly > reference a secured component. Hence my desire to trap instantiation issues > at the component level and then do proper redirection to either the login > page or error page. > > While not a classic use of the framework, I think it has some merit. I will > also check out the WASP and SWARM projects. > > > > Eelco Hillenius wrote: > > > > Hi, > > > > On 6/3/07, Maurice Marrink <[EMAIL PROTECTED]> wrote: > >> Not sure if it is the preferred way of doing things (since this is > >> Eelco's framework) > > > > That part is actually Jonathan's > > > >> but you could override the init() method and set up > >> a different authorizationstrategy and or instantiationlistener, all > >> you have to do for that is skip the call to super and do something > >> similar yourself. > > > > Imho, that class is better viewed as an example. > > > >> Or you can ask Eelco nice and maybe he will remove the final :) > > > > I don't think that's needed though. How about overriding > > onUnauthorizedPage? As long as a user isn't logged in, the strategy > > will redirect to the page that is returned by getSignInPageClass. > > After that, onUnauthorizedPage is called when a user tries to access a > > page he/ she isn't authorized for. > > > > Eelco > > > > - > > This SF.net email is sponsored by DB2 Express > > Download DB2 Express C - the FREE version of DB2 express and take > > control of your XML. No limits. Just data. Click to get it now. > > http://sourceforge.net/powerbar/db2/ > > ___ > > Wicket-user mailing list > > Wicket-user@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/wicket-user > > > > > > -- > View this message in context: > http://www.nabble.com/AuthenticatedWebApplication---Component-Level-Authentication-tf3854757.html#a10939875 > Sent from the Wicket - User mailing list archive at Nabble.com. > > > - > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > ___ > Wicket-user mailing list > Wicket-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wicket-user > - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] AuthenticatedWebApplication - Component Level Authentication
The override of onUnauthorizedPage didn't work because the framework was throwing the UnauthorizedInstantiationException because the page itself was not secure, but the component was. I was able to handle this by overriding the WebRequestCycle to handle exceptions explicitly as indicated in the previous post: http://www.nabble.com/Exception-Strategy-in-1.3-tf3793570.html#a10790773 My reason for doing this is that I have a fairly generic bookmarkable page (single class) that will serve up varied content (markup) depending upon the URL. I also have a dynamic mechanism using resolve() to detect wicket:id's that have behavior of my choosing. So, my motivation is that while the pages themselves are not declared "secure", the HTML developer could inadvertantly reference a secured component. Hence my desire to trap instantiation issues at the component level and then do proper redirection to either the login page or error page. While not a classic use of the framework, I think it has some merit. I will also check out the WASP and SWARM projects. Eelco Hillenius wrote: > > Hi, > > On 6/3/07, Maurice Marrink <[EMAIL PROTECTED]> wrote: >> Not sure if it is the preferred way of doing things (since this is >> Eelco's framework) > > That part is actually Jonathan's > >> but you could override the init() method and set up >> a different authorizationstrategy and or instantiationlistener, all >> you have to do for that is skip the call to super and do something >> similar yourself. > > Imho, that class is better viewed as an example. > >> Or you can ask Eelco nice and maybe he will remove the final :) > > I don't think that's needed though. How about overriding > onUnauthorizedPage? As long as a user isn't logged in, the strategy > will redirect to the page that is returned by getSignInPageClass. > After that, onUnauthorizedPage is called when a user tries to access a > page he/ she isn't authorized for. > > Eelco > > - > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > ___ > Wicket-user mailing list > Wicket-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wicket-user > > -- View this message in context: http://www.nabble.com/AuthenticatedWebApplication---Component-Level-Authentication-tf3854757.html#a10939875 Sent from the Wicket - User mailing list archive at Nabble.com. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] AuthenticatedWebApplication - Component Level Authentication
Hi, On 6/3/07, Maurice Marrink <[EMAIL PROTECTED]> wrote: > Not sure if it is the preferred way of doing things (since this is > Eelco's framework) That part is actually Jonathan's > but you could override the init() method and set up > a different authorizationstrategy and or instantiationlistener, all > you have to do for that is skip the call to super and do something > similar yourself. Imho, that class is better viewed as an example. > Or you can ask Eelco nice and maybe he will remove the final :) I don't think that's needed though. How about overriding onUnauthorizedPage? As long as a user isn't logged in, the strategy will redirect to the page that is returned by getSignInPageClass. After that, onUnauthorizedPage is called when a user tries to access a page he/ she isn't authorized for. Eelco - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] AuthenticatedWebApplication - Component Level Authentication
Not sure if it is the preferred way of doing things (since this is Eelco's framework) but you could override the init() method and set up a different authorizationstrategy and or instantiationlistener, all you have to do for that is skip the call to super and do something similar yourself. Or you can ask Eelco nice and maybe he will remove the final :) Maurice On 6/2/07, mchack <[EMAIL PROTECTED]> wrote: > > I am using the AuthenticatedWebApplication package. I would like to do > component level authorization. The framework generates an exception for this > that I can't see how I can override. Basic behavior is to be redirected back > to Home Page. My reason for doing this at the component level is to make > sure that a developer does not include an authorized component in a page, > but I would like to direct the conversation back to the login page. > > Is this not supported or am I missing the way to capture the exception and > provide my own handling. onUnauthorizedInstantiation is final so i can't > override that. > > Thanks > -- > View this message in context: > http://www.nabble.com/AuthenticatedWebApplication---Component-Level-Authentication-tf3854757.html#a10921366 > Sent from the Wicket - User mailing list archive at Nabble.com. > > > - > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > ___ > Wicket-user mailing list > Wicket-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wicket-user > - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
[Wicket-user] AuthenticatedWebApplication - Component Level Authentication
I am using the AuthenticatedWebApplication package. I would like to do component level authorization. The framework generates an exception for this that I can't see how I can override. Basic behavior is to be redirected back to Home Page. My reason for doing this at the component level is to make sure that a developer does not include an authorized component in a page, but I would like to direct the conversation back to the login page. Is this not supported or am I missing the way to capture the exception and provide my own handling. onUnauthorizedInstantiation is final so i can't override that. Thanks -- View this message in context: http://www.nabble.com/AuthenticatedWebApplication---Component-Level-Authentication-tf3854757.html#a10921366 Sent from the Wicket - User mailing list archive at Nabble.com. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
