Maybe this helps you a bit more... I have my own CompoundAuthorizationStrategy that in turn uses a few nested IAuthorizationStrategy and one of them throws RestartResponseAtInterceptPageException depending on the condition inside isInstantiationAuthorized() similar to:
public boolean isInstantiationAuthorized(Class componentClass) { MySession session = MySession.session(); ... // Page is the parent of all protected pages if(componentClass.getAnnotation(Authenticate.class) != null) { User user = session.getUser(); if(user == null) { throw new RestartResponseAtInterceptPageException(MyApplication.myApp().getSignInPageC lass()); } } ... } For the above code I have my pages annotated with my own Authenticate but I think you should be able to check the type of the componentClass for what you want and etc. ~ Thank you, Paul Bors -----Original Message----- From: Jesse Long [mailto:j...@unknown.za.net] Sent: Tuesday, December 11, 2012 2:30 AM To: users@wicket.apache.org Subject: Re: Redirect to login page on UnauthorizedActionException(Page,RENDER) Hi Paul, Thanks for the reply. Yes, I only want to redirect to a login page on UnauthorizedActionException when the component is an instance of Page and the action as RENDER and when the session is not authenticated, so a custom access denied page is not exactly what I'm looking for, but I could probably make it work. Cheers, Jesse On 10/12/2012 19:40, Paul Bors wrote: > Do you want to redirect to the Login page for all "thrown" > AccessDenied exceptions? Or just in some situations? > > If you want to do it for all, then create your own WebPage for > AccessDeinedPage such as: > > public class AccessDeniedPage extends WebPage { > private static final long serialVersionUID = 1L; > > public AccessDeniedPage() { > Session.get().warn(ResourceModel("access.denied")); > throw new > RestartResponseException(Application.get().getLoginPage()); > } > } > > And inside your Application class in your init(): > > @Override > protected void init() { > ... > IApplicationSettings applicationSettings = getApplicationSettings(); > applicationSettings.setAccessDeniedPage(AccessDeniedPage.class); > ... > } > > There are other such exceptions which you can assign your own page > implementation, see the API for IApplicationSettings. > > As for redirecting the user to your custom AccessDeined page (the > LoginPage) only under few circumstances, I haven't run into that need > yet so someone else could help you if you really need to do that. > > ~ Thank you, > Paul Bors > > -----Original Message----- > From: Jesse Long [mailto:j...@unknown.za.net] > Sent: Monday, December 10, 2012 11:05 AM > To: users@wicket.apache.org > Subject: Redirect to login page on > UnauthorizedActionException(Page,RENDER) > > Hi All, > > I am using the authorization strategy to authorize viewing of pages by > checking if instantiation is allowed. If the session is not > authenticated, and if instantiation is not allowed, I redirect the > user to a login page using an IUnauthorizedComponentInstantiationListener. > > I also check if the RENDER action is allowed using the authorization > strategy. At the moment, if the user tries to view a Page which he is > allowed to instantiate, but where the authorization strategy denies > RENDER permission (permissions configured for render/enable, but not > for instantiation), he gets a AccessDenied page. In these situations, > I also want to redirect the user to a login page if the session is not > authenticated. > > Would IExceptionMapper be the correct place to do this? If so, could > we make DefaultExceptionMapper a bit easier to extend please? > > Thanks, > Jesse > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org