Yep that way you can switch between an application scoped strategy
(like wicket-auth-roles) and a session scoped strategy (like swarm)
Anyway the default is for the session to ask the application to return
the strategy.
On Wed, Apr 2, 2008 at 8:18 AM, Nino Saturnino Martinez Vazquez Wael
<[EMAIL PROTECTED]> wrote:
> Session could provide that too? Cool:)
>
>
>
> Maurice Marrink wrote:
>
> > Or Session. Session.getAuthorizationStrategy().
> >
> > Maurice
> >
> > On Tue, Apr 1, 2008 at 8:51 PM, Nino Saturnino Martinez Vazquez Wael
> > <[EMAIL PROTECTED]> wrote:
> >
> >
> > > It's your webapplication that takes the ISecurityStrategy..
> > >
> > > public class ZeuzGroupApplication extends WebApplication {
> > >
> > > private SpringComponentInjector springComponentInjector;
> > >
> > > @Override
> > > protected void init() {
> > > super.init();
> > > // getSecuritySettings().setAuthorizationStrategy(
> > > // new RoleAuthorizationStrategy(new
> UserRolesAuthorizer()));
> > > getSecuritySettings().setAuthorizationStrategy(
> > > new ZeuzSecurity(ZeuzAuthorizedPage.class,
> > > LoginPage.class) {
> > > @Override
> > > protected boolean isAuthorized(Class pageClass) {
> > > return (((ZeuzSession)
> > > Session.get()).isAuthorized());
> > > }
> > > });
> > > ...
> > >
> > >
> > >
> > > Bruce Petro wrote:
> > > > Thanks to the replies I received... yeah I didn't say it well, but I
> > > > assumed the user would be kept in the session and that seems to fit
> > > > everyone's reply. On top of that, I think I'm hearing I can use
> > > > inheritance and have every page utilize ISecurityStrategy to then
> > > > control access to the page.
> > > >
> > > > I'll check into it and see if I've got that all correct. Thanks
> again.
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Nino Saturnino Martinez Vazquez Wael
> > > > [mailto:[EMAIL PROTECTED]
> > > > Sent: Tuesday, April 01, 2008 1:49 PM
> > > > To: [email protected]
> > > > Subject: Re: Question on page inheritance...
> > > >
> > > > True, as Igor wrote this is meant to be in conjuction with at
> > > > ISecurityStrategy.
> > > >
> > > > Nino Saturnino Martinez Vazquez Wael wrote:
> > > >
> > > >> You could actually also do this another way... Im using markup
> > > >> inheritance alot, but I stuff user object into the session like
> this:
> > > >>
> > > >> See a nice view here:
> > > >> http://papernapkin.org/pastebin/view/281/
> > > >>
> > > >> package zeuzgroup.application;
> > > >>
> > > >> import javax.servlet.http.HttpSession;
> > > >>
> > > >> import org.apache.wicket.Application;
> > > >> import org.apache.wicket.Request;
> > > >> import org.apache.wicket.protocol.http.WebRequest;
> > > >> import org.apache.wicket.protocol.http.WebSession;
> > > >>
> > > >> import zeuzgroup.core.Person;
> > > >> import zeuzgroup.core.user.UserType;
> > > >>
> > > >> public class ZeuzSession extends WebSession {
> > > >>
> > > >> private boolean authorized = false;
> > > >>
> > > >> private Person person;
> > > >>
> > > >> private HttpSession httpSession;
> > > >>
> > > >> protected ZeuzSession(Application application, Request request) {
> > > >> super(application, request);
> > > >> httpSession = ((WebRequest) request).getHttpServletRequest()
> > > >> .getSession();
> > > >>
> > > >> }
> > > >>
> > > >> public boolean isAuthorized() {
> > > >> return authorized;
> > > >> }
> > > >>
> > > >> public void setAuthorized(boolean authorized) {
> > > >>
> > > >> this.authorized = authorized;
> > > >> if (authorized) {
> > > >>
> > > >> httpSession.setAttribute("sso.password.attribute", person
> > > >> .getPassword());
> > > >> httpSession.setAttribute("sso.email.attribute",
> > > >> person.getEmail());
> > > >> httpSession.setAttribute("password",
> person.getPassword());
> > > >> httpSession.setAttribute("email", person.getEmail());
> > > >>
> > > >> } else {
> > > >> httpSession.setAttribute("sso.password.attribute", null);
> > > >> httpSession.setAttribute("sso.email.attribute", null);
> > > >> }
> > > >> }
> > > >>
> > > >> public Person getPerson() {
> > > >> if (person != null) {
> > > >> return person;
> > > >> } else {
> > > >> Person person = new Person();
> > > >> person.setUserType(UserType.Guest);
> > > >> return person;
> > > >> }
> > > >> }
> > > >>
> > > >> public void setPerson(Person person) {
> > > >> this.person = person;
> > > >> }
> > > >>
> > > >> }
> > > >>
> > > >>
> > > >> Bruce Petro wrote:
> > > >>
> > > >>> I'm just getting started in wicket, so forgive me if this is a
> > > >>>
> > > > too-dumb
> > > >
> > > >>> question...
> > > >>>
> > > >>>
> > > >>>
> > > >>> I know wicket can check the session for a user to ask a "user"
> object
> > > >>>
> > > > if
> > > >
> > > >>> it is logged in.
> > > >>>
> > > >>> However, you don't really want to paste code on every page.
> > > >>>
> > > >>> What is the best way, to have each page inherit the base "security
> > > >>> check" routine?
> > > >>>
> > > >>>
> > > >>>
> > > >>> Would you create a BasePage extends WebPage and put the logic there
> > > >>>
> > > > and
> > > >
> > > >>> have all other pages extend BasePage?
> > > >>>
> > > >>> Or would you attach some sort of a command object to each page and
> > > >>>
> > > > put
> > > >
> > > >>> the logic in that?
> > > >>>
> > > >>>
> > > >>>
> > > >>> Anyone have a reference to an example of code to do this?
> > > >>>
> > > >>>
> > > >>>
> > > >>> THANKS!
> > > >>>
> > > >>>
> > > >>>
> > > >>>
> > > >>>
> > > >>>
> > > >>>
> > > >>>
> > > >>>
> > > >>>
> > > >
> > > >
> > >
> > > --
> > > -Wicket for love
> > >
> > > Nino Martinez Wael
> > > Java Specialist @ Jayway DK
> > > http://www.jayway.dk
> > > +45 2936 7684
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> >
>
> --
>
> -Wicket for love
>
> Nino Martinez Wael
> Java Specialist @ Jayway DK
> http://www.jayway.dk
> +45 2936 7684
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
