Or you could use one of the security frameworks for wicket. They will save you a lot of boilerplate coding and allow you to fix on what is really important: your login page and your authentication mechanism. The whole redirecting when a user is not logged in, checking for sufficient permissions etc is handled for you.
May i suggest Swarm (http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security) Maurice On Jan 16, 2008 6:38 AM, Martin Makundi <[EMAIL PROTECTED]> wrote: > Ok. If I understand correctly, you need to detect authentication. One > way to do this in wicket is to redirect the user to a Login page when > authentication is missing. > > So: > 1. User tries to access the secured page "StockQuote.class" > 2. Wicket detects the user is not logged in and Redirects the user to > "Login.class" > 3. User logs in properly and Wicket redirects him back to "StockQuote.class" > 4. If user fails login, something else happens.. that's up to you. > > I will copypaste here some snipplets (not all code included, only the > essentials), which should get you going: > > public class MyApplication extends WebApplication { > /** > * @see wicket.protocol.http.WebApplication#init() > */ > @Override > protected void init() { > super.init(); > > getSecuritySettings().setAuthorizationStrategy(MyAuthorizationStrategy.getInstance()); > > getSecuritySettings().setUnauthorizedComponentInstantiationListener(MyAuthorizationStrategy.getInstance()); > } > } > > ::::::::::::::::::: > > public class MyAuthorizationStrategy extends > AbstractPageAuthorizationStrategy implements > IUnauthorizedComponentInstantiationListener { > /** > * @see > wicket.authorization.strategies.page.AbstractPageAuthorizationStrategy#isPageAuthorized(java.lang.Class) > */ > @Override > protected boolean isPageAuthorized(Class pageClass) { > // Check if the page required authorized access > @SuppressWarnings("unchecked") > boolean pageRequiresAuthentication = > pageClass.isAnnotationPresent(AuthenticationRequired.class); // TODO > You must create such annotation or devise other means of classifying > pages.. it could also be simply just some kind of instanceof check if > you want to be rigid > if (pageRequiresAuthentication) { > @SuppressWarnings("unchecked") > return > MyApplication.getSession().isAuthorized(authorizationRequired.emailConfirmationRequired()); > } > return true; > } > > /** > * @see > wicket.authorization.IUnauthorizedComponentInstantiationListener#onUnauthorizedInstantiation(wicket.Component) > */ > public void onUnauthorizedInstantiation(Component component) { > throw new RestartResponseAtInterceptPageException(Login.class); // > If login fails, redirect to login > } > } > > ::::::::::::::::: > > public class Login extends WebPage { > public Login() { > final Form loginForm = new Form(LOGIN_FORM, new Model()); > final TextField userIdField; > { > userIdField = new TextField(USER_ID, new Model()); > userIdField.setRequired(true); > loginForm.add(userIdField); > } > { > rememberMe = new CheckBox("rememberMe", new Model()); > loginForm.add(rememberMe); > } > final PasswordTextField passwdField; > { > passwdField = new PasswordTextField(PASSWORD, new Model()); > passwdField.setResetPassword(false); > loginForm.add(passwdField); > } > { > SubmitLink loginButton = new SubmitLink(LOGIN_BUTTON, new Model()) { > /** > * @see org.apache.wicket.markup.html.form.SubmitLink#onSubmit() > */ > @Override > public void onSubmit() { > super.onSubmit(); > String userAlias = userIdField.getValue(); > String encryptedPassword; > { > String password = passwdField.getValue(); > encryptedPassword = > MyAuthorizationStrategy.encryptValue(PASSWORD_ENCRYPTION_KEY, > password); > } > User user = LoginTransactions.getInstance().login(userAlias, > encryptedPassword, Boolean.parseBoolean(rememberMe.getValue())); > if (user != null) { > // TODO Check if the user is allowed to login > MyApplication.getSession().setUser(user); > if (!continueToOriginalDestination()) { // This will try > to send the user to the restricted page after login (if the user was > originally going there) > setResponsePage(MembersArea.class); // Else, if there is > no default location, you need to brobably just select something.. > } > } else { > // Acknowledge wrong password > info("Wrong password."); > } > } > }; > loginForm.add(loginButton); > } > add(new FeedbackPanel("feedback")); > add(loginForm); > } > } > > :::::::::: > > That should get you kickstarted? > > ** > Martin > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
