Ahh, I need to look into swarm.
Currently im using my own homebrewn solution, auth roles was almost
okay, but were missing the ability to use enums in it's annotations:/
And swarm seems to be a bit overcomplicated if I just need some base
authentication + maybe some component auth, please correct me if Im wrong?
regards Nino
Maurice Marrink wrote:
Yep that way you can switch between an application scoped strategy
(like wicket-auth-roles) and a session scoped strategy (like swarm)
Anyway the default is for the session to ask the application to return
the strategy.
On Wed, Apr 2, 2008 at 8:18 AM, Nino Saturnino Martinez Vazquez Wael
<[EMAIL PROTECTED]> wrote:
Session could provide that too? Cool:)
Maurice Marrink wrote:
Or Session. Session.getAuthorizationStrategy().
Maurice
On Tue, Apr 1, 2008 at 8:51 PM, Nino Saturnino Martinez Vazquez Wael
<[EMAIL PROTECTED]> wrote:
It's your webapplication that takes the ISecurityStrategy..
public class ZeuzGroupApplication extends WebApplication {
private SpringComponentInjector springComponentInjector;
@Override
protected void init() {
super.init();
// getSecuritySettings().setAuthorizationStrategy(
// new RoleAuthorizationStrategy(new
UserRolesAuthorizer()));
getSecuritySettings().setAuthorizationStrategy(
new ZeuzSecurity(ZeuzAuthorizedPage.class,
LoginPage.class) {
@Override
protected boolean isAuthorized(Class pageClass) {
return (((ZeuzSession)
Session.get()).isAuthorized());
}
});
...
Bruce Petro wrote:
> Thanks to the replies I received... yeah I didn't say it well, but I
> assumed the user would be kept in the session and that seems to fit
> everyone's reply. On top of that, I think I'm hearing I can use
> inheritance and have every page utilize ISecurityStrategy to then
> control access to the page.
>
> I'll check into it and see if I've got that all correct. Thanks
again.
>
>
> -----Original Message-----
> From: Nino Saturnino Martinez Vazquez Wael
> [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, April 01, 2008 1:49 PM
> To: users@wicket.apache.org
> Subject: Re: Question on page inheritance...
>
> True, as Igor wrote this is meant to be in conjuction with at
> ISecurityStrategy.
>
> Nino Saturnino Martinez Vazquez Wael wrote:
>
>> You could actually also do this another way... Im using markup
>> inheritance alot, but I stuff user object into the session like
this:
>>
>> See a nice view here:
>> http://papernapkin.org/pastebin/view/281/
>>
>> package zeuzgroup.application;
>>
>> import javax.servlet.http.HttpSession;
>>
>> import org.apache.wicket.Application;
>> import org.apache.wicket.Request;
>> import org.apache.wicket.protocol.http.WebRequest;
>> import org.apache.wicket.protocol.http.WebSession;
>>
>> import zeuzgroup.core.Person;
>> import zeuzgroup.core.user.UserType;
>>
>> public class ZeuzSession extends WebSession {
>>
>> private boolean authorized = false;
>>
>> private Person person;
>>
>> private HttpSession httpSession;
>>
>> protected ZeuzSession(Application application, Request request) {
>> super(application, request);
>> httpSession = ((WebRequest) request).getHttpServletRequest()
>> .getSession();
>>
>> }
>>
>> public boolean isAuthorized() {
>> return authorized;
>> }
>>
>> public void setAuthorized(boolean authorized) {
>>
>> this.authorized = authorized;
>> if (authorized) {
>>
>> httpSession.setAttribute("sso.password.attribute", person
>> .getPassword());
>> httpSession.setAttribute("sso.email.attribute",
>> person.getEmail());
>> httpSession.setAttribute("password",
person.getPassword());
>> httpSession.setAttribute("email", person.getEmail());
>>
>> } else {
>> httpSession.setAttribute("sso.password.attribute", null);
>> httpSession.setAttribute("sso.email.attribute", null);
>> }
>> }
>>
>> public Person getPerson() {
>> if (person != null) {
>> return person;
>> } else {
>> Person person = new Person();
>> person.setUserType(UserType.Guest);
>> return person;
>> }
>> }
>>
>> public void setPerson(Person person) {
>> this.person = person;
>> }
>>
>> }
>>
>>
>> Bruce Petro wrote:
>>
>>> I'm just getting started in wicket, so forgive me if this is a
>>>
> too-dumb
>
>>> question...
>>>
>>>
>>>
>>> I know wicket can check the session for a user to ask a "user"
object
>>>
> if
>
>>> it is logged in.
>>>
>>> However, you don't really want to paste code on every page.
>>>
>>> What is the best way, to have each page inherit the base "security
>>> check" routine?
>>>
>>>
>>>
>>> Would you create a BasePage extends WebPage and put the logic there
>>>
> and
>
>>> have all other pages extend BasePage?
>>>
>>> Or would you attach some sort of a command object to each page and
>>>
> put
>
>>> the logic in that?
>>>
>>>
>>>
>>> Anyone have a reference to an example of code to do this?
>>>
>>>
>>>
>>> THANKS!
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>
>
--
-Wicket for love
Nino Martinez Wael
Java Specialist @ Jayway DK
http://www.jayway.dk
+45 2936 7684
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
-Wicket for love
Nino Martinez Wael
Java Specialist @ Jayway DK
http://www.jayway.dk
+45 2936 7684
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
-Wicket for love
Nino Martinez Wael
Java Specialist @ Jayway DK
http://www.jayway.dk
+45 2936 7684
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
