It's your webapplication that takes the ISecurityStrategy..
public class ZeuzGroupApplication extends WebApplication {
private SpringComponentInjector springComponentInjector;
@Override
protected void init() {
super.init();
// getSecuritySettings().setAuthorizationStrategy(
// new RoleAuthorizationStrategy(new UserRolesAuthorizer()));
getSecuritySettings().setAuthorizationStrategy(
new ZeuzSecurity(ZeuzAuthorizedPage.class,
LoginPage.class) {
@Override
protected boolean isAuthorized(Class pageClass) {
return (((ZeuzSession)
Session.get()).isAuthorized());
}
});
...
Bruce Petro wrote:
Thanks to the replies I received... yeah I didn't say it well, but I
assumed the user would be kept in the session and that seems to fit
everyone's reply. On top of that, I think I'm hearing I can use
inheritance and have every page utilize ISecurityStrategy to then
control access to the page.
I'll check into it and see if I've got that all correct. Thanks again.
-----Original Message-----
From: Nino Saturnino Martinez Vazquez Wael
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 01, 2008 1:49 PM
To: users@wicket.apache.org
Subject: Re: Question on page inheritance...
True, as Igor wrote this is meant to be in conjuction with at
ISecurityStrategy.
Nino Saturnino Martinez Vazquez Wael wrote:
You could actually also do this another way... Im using markup
inheritance alot, but I stuff user object into the session like this:
See a nice view here:
http://papernapkin.org/pastebin/view/281/
package zeuzgroup.application;
import javax.servlet.http.HttpSession;
import org.apache.wicket.Application;
import org.apache.wicket.Request;
import org.apache.wicket.protocol.http.WebRequest;
import org.apache.wicket.protocol.http.WebSession;
import zeuzgroup.core.Person;
import zeuzgroup.core.user.UserType;
public class ZeuzSession extends WebSession {
private boolean authorized = false;
private Person person;
private HttpSession httpSession;
protected ZeuzSession(Application application, Request request) {
super(application, request);
httpSession = ((WebRequest) request).getHttpServletRequest()
.getSession();
}
public boolean isAuthorized() {
return authorized;
}
public void setAuthorized(boolean authorized) {
this.authorized = authorized;
if (authorized) {
httpSession.setAttribute("sso.password.attribute", person
.getPassword());
httpSession.setAttribute("sso.email.attribute",
person.getEmail());
httpSession.setAttribute("password", person.getPassword());
httpSession.setAttribute("email", person.getEmail());
} else {
httpSession.setAttribute("sso.password.attribute", null);
httpSession.setAttribute("sso.email.attribute", null);
}
}
public Person getPerson() {
if (person != null) {
return person;
} else {
Person person = new Person();
person.setUserType(UserType.Guest);
return person;
}
}
public void setPerson(Person person) {
this.person = person;
}
}
Bruce Petro wrote:
I'm just getting started in wicket, so forgive me if this is a
too-dumb
question...
I know wicket can check the session for a user to ask a "user" object
if
it is logged in.
However, you don't really want to paste code on every page.
What is the best way, to have each page inherit the base "security
check" routine?
Would you create a BasePage extends WebPage and put the logic there
and
have all other pages extend BasePage?
Or would you attach some sort of a command object to each page and
put
the logic in that?
Anyone have a reference to an example of code to do this?
THANKS!
--
-Wicket for love
Nino Martinez Wael
Java Specialist @ Jayway DK
http://www.jayway.dk
+45 2936 7684
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
