Thanks to the replies I received... yeah I didn't say it well, but I assumed the user would be kept in the session and that seems to fit everyone's reply. On top of that, I think I'm hearing I can use inheritance and have every page utilize ISecurityStrategy to then control access to the page.
I'll check into it and see if I've got that all correct. Thanks again. -----Original Message----- From: Nino Saturnino Martinez Vazquez Wael [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2008 1:49 PM To: [email protected] Subject: Re: Question on page inheritance... True, as Igor wrote this is meant to be in conjuction with at ISecurityStrategy. Nino Saturnino Martinez Vazquez Wael wrote: > You could actually also do this another way... Im using markup > inheritance alot, but I stuff user object into the session like this: > > See a nice view here: > http://papernapkin.org/pastebin/view/281/ > > package zeuzgroup.application; > > import javax.servlet.http.HttpSession; > > import org.apache.wicket.Application; > import org.apache.wicket.Request; > import org.apache.wicket.protocol.http.WebRequest; > import org.apache.wicket.protocol.http.WebSession; > > import zeuzgroup.core.Person; > import zeuzgroup.core.user.UserType; > > public class ZeuzSession extends WebSession { > > private boolean authorized = false; > > private Person person; > > private HttpSession httpSession; > > protected ZeuzSession(Application application, Request request) { > super(application, request); > httpSession = ((WebRequest) request).getHttpServletRequest() > .getSession(); > > } > > public boolean isAuthorized() { > return authorized; > } > > public void setAuthorized(boolean authorized) { > > this.authorized = authorized; > if (authorized) { > > httpSession.setAttribute("sso.password.attribute", person > .getPassword()); > httpSession.setAttribute("sso.email.attribute", > person.getEmail()); > httpSession.setAttribute("password", person.getPassword()); > httpSession.setAttribute("email", person.getEmail()); > > } else { > httpSession.setAttribute("sso.password.attribute", null); > httpSession.setAttribute("sso.email.attribute", null); > } > } > > public Person getPerson() { > if (person != null) { > return person; > } else { > Person person = new Person(); > person.setUserType(UserType.Guest); > return person; > } > } > > public void setPerson(Person person) { > this.person = person; > } > > } > > > Bruce Petro wrote: >> I'm just getting started in wicket, so forgive me if this is a too-dumb >> question... >> >> >> >> I know wicket can check the session for a user to ask a "user" object if >> it is logged in. >> >> However, you don't really want to paste code on every page. >> >> What is the best way, to have each page inherit the base "security >> check" routine? >> >> >> >> Would you create a BasePage extends WebPage and put the logic there and >> have all other pages extend BasePage? >> >> Or would you attach some sort of a command object to each page and put >> the logic in that? >> >> >> >> Anyone have a reference to an example of code to do this? >> >> >> >> THANKS! >> >> >> >> >> >> >> >> >> > -- -Wicket for love Nino Martinez Wael Java Specialist @ Jayway DK http://www.jayway.dk +45 2936 7684 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
