Hi Martijn,
Martijn Dashorst wrote: > > Take a look at wicket-auth-roles. This provides the usual security stuff, > and you can easily also check for a set cookie. Just implement your own > authorisation scheme. > Thanks, this was exactly the pointer I was looking for (i.e. the hook via IUnauthorizedComponentInstantiationListener as used in AuthenticatedWebApplication) However, there is a slight glitch. There is not way to provide a automatic sign in since this can be only be done via signIn(username,password) on AuthenticatedWebSession. It would be possible if AWS.isSignedIn() wouldn't be final, so one could dynamically check for the cookie (and not only for a previous occured manual authentication). The solution I've chosen right now is to set an own UnauthorizedComponentInstantiationListener in my AuthenticatedWebApplication which copies over 90% of the existing functionality. This is certainly not an ideal solution. In general, I'm a fan of final methods, too in order to restrict unwanted extension points, but for AWS.isSignedIn() it would be probably a good idea to allow overriding or at least to provide and additional hook to relax the restriction to work with manual authentication via AWS.signIn() only. If you don't mind, I would like to open a JIRA issue for an RFE (with some more code examples). Thanx again for the hint (and for this great framework in general ;-) ... ... roland -- View this message in context: http://www.nabble.com/Hook-into-RequestCycle---tp15428634p15435618.html Sent from the Wicket - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
