RE: Redirect to login page on UnauthorizedActionException(Page,RENDER)

Mon, 10 Dec 2012 09:40:43 -0800 

Do you want to redirect to the Login page for all "thrown" AccessDenied
exceptions? Or just in some situations?

If you want to do it for all, then create your own WebPage for
AccessDeinedPage such as:

public class AccessDeniedPage extends WebPage {
    private static final long serialVersionUID = 1L;
    
    public AccessDeniedPage() {
        Session.get().warn(ResourceModel("access.denied"));
        throw new
RestartResponseException(Application.get().getLoginPage());
    }
}

And inside your Application class in your init():

@Override
protected void init() {
    ...
    IApplicationSettings applicationSettings = getApplicationSettings();
    applicationSettings.setAccessDeniedPage(AccessDeniedPage.class);
    ...
}

There are other such exceptions which you can assign your own page
implementation, see the API for IApplicationSettings.

As for redirecting the user to your custom AccessDeined page (the LoginPage)
only under few circumstances, I haven't run into that need yet so someone
else could help you if you really need to do that.

~ Thank you,
  Paul Bors

-----Original Message-----
From: Jesse Long [mailto:j...@unknown.za.net] 
Sent: Monday, December 10, 2012 11:05 AM
To: users@wicket.apache.org
Subject: Redirect to login page on UnauthorizedActionException(Page,RENDER)

Hi All,

I am using the authorization strategy to authorize viewing of pages by
checking if instantiation is allowed. If the session is not authenticated,
and if instantiation is not allowed, I redirect the user to a login page
using an IUnauthorizedComponentInstantiationListener.

I also check if the RENDER action is allowed using the authorization
strategy. At the moment, if the user tries to view a Page which he is
allowed to instantiate, but where the authorization strategy denies RENDER
permission (permissions configured for render/enable, but not for
instantiation), he gets a AccessDenied page. In these situations, I also
want to redirect the user to a login page if the session is not
authenticated.

Would IExceptionMapper be the correct place to do this? If so, could we make
DefaultExceptionMapper a bit easier to extend please?

Thanks,
Jesse

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Reply via email to