Maybe this helps you a bit more...
I have my own CompoundAuthorizationStrategy that in turn uses a few nested
IAuthorizationStrategy and one of them throws
RestartResponseAtInterceptPageException depending on the condition inside
isInstantiationAuthorized() similar to:
public boolean isInstantiationAuthorized(Class componentClass) {
MySession session = MySession.session();
...
// Page is the parent of all protected pages
if(componentClass.getAnnotation(Authenticate.class) != null) {
User user = session.getUser();
if(user == null) {
throw new
RestartResponseAtInterceptPageException(MyApplication.myApp().getSignInPageC
lass());
}
}
...
}
For the above code I have my pages annotated with my own Authenticate but I
think you should be able to check the type of the componentClass for what
you want and etc.
~ Thank you,
Paul Bors
-----Original Message-----
From: Jesse Long [mailto:j...@unknown.za.net]
Sent: Tuesday, December 11, 2012 2:30 AM
To: users@wicket.apache.org
Subject: Re: Redirect to login page on
UnauthorizedActionException(Page,RENDER)
Hi Paul,
Thanks for the reply. Yes, I only want to redirect to a login page on
UnauthorizedActionException when the component is an instance of Page and
the action as RENDER and when the session is not authenticated, so a custom
access denied page is not exactly what I'm looking for, but I could probably
make it work.
Cheers,
Jesse
On 10/12/2012 19:40, Paul Bors wrote:
> Do you want to redirect to the Login page for all "thrown"
> AccessDenied exceptions? Or just in some situations?
>
> If you want to do it for all, then create your own WebPage for
> AccessDeinedPage such as:
>
> public class AccessDeniedPage extends WebPage {
> private static final long serialVersionUID = 1L;
>
> public AccessDeniedPage() {
> Session.get().warn(ResourceModel("access.denied"));
> throw new
> RestartResponseException(Application.get().getLoginPage());
> }
> }
>
> And inside your Application class in your init():
>
> @Override
> protected void init() {
> ...
> IApplicationSettings applicationSettings = getApplicationSettings();
> applicationSettings.setAccessDeniedPage(AccessDeniedPage.class);
> ...
> }
>
> There are other such exceptions which you can assign your own page
> implementation, see the API for IApplicationSettings.
>
> As for redirecting the user to your custom AccessDeined page (the
> LoginPage) only under few circumstances, I haven't run into that need
> yet so someone else could help you if you really need to do that.
>
> ~ Thank you,
> Paul Bors
>
> -----Original Message-----
> From: Jesse Long [mailto:j...@unknown.za.net]
> Sent: Monday, December 10, 2012 11:05 AM
> To: users@wicket.apache.org
> Subject: Redirect to login page on
> UnauthorizedActionException(Page,RENDER)
>
> Hi All,
>
> I am using the authorization strategy to authorize viewing of pages by
> checking if instantiation is allowed. If the session is not
> authenticated, and if instantiation is not allowed, I redirect the
> user to a login page using an IUnauthorizedComponentInstantiationListener.
>
> I also check if the RENDER action is allowed using the authorization
> strategy. At the moment, if the user tries to view a Page which he is
> allowed to instantiate, but where the authorization strategy denies
> RENDER permission (permissions configured for render/enable, but not
> for instantiation), he gets a AccessDenied page. In these situations,
> I also want to redirect the user to a login page if the session is not
> authenticated.
>
> Would IExceptionMapper be the correct place to do this? If so, could
> we make DefaultExceptionMapper a bit easier to extend please?
>
> Thanks,
> Jesse
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
