Hi all,
I've setup my container-authentication (form based) using a simple
SigninPage (mounted on /login) and a dummy protected url "/protected",
here is the web.xml relevant code:
<security-constraint>
<web-resource-collection>w
<web-resource-name>myapp</web-resource-name>
<url-pattern>/protected</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login</form-login-page>
<form-error-page>/error</form-error-page>
</form-login-config>
</login-config>
I've extended AbstractPageAuthorizationStrategy to redirect all
protected pages access to the container-protected url (/protected) and
activate the container authentication.
When the user request a protected page, for example "GET /app/protected
HTTP/1.1" all works good: the configured <form-login-page> is returned
as response and the requested url will not change as expected.
The login page contains a form with two input (username/password) and a
combo for user profiles, so I need to post to the sign in page to load
available user profiles.
The problem is that the form action attribute created by wicket is
something like
"?wicket:interface=:0:privateLogin::IFormSubmitListener::" that produce
a POST to "/app/protected?wicket:interface=:0:privateLogin:ajaxButton::"
INSTEAD OF "/app/login".
This cause a new sign in page instantiation discarding user input. How
can I obtain to POST to the sign in page instead of the requested url
(/app/protected) ?
I don't want to do a redirect to login page (that trick works) because I
would like to avoid the user bookmark the login page that prevent to
activate the container-based authentication.
Thank you
alf
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
