[CONF] Apache Wicket: Servlet container authentication (page edited)

[confluence]

Page Edited : WICKET : Servlet container authentication Servlet container authentication has been edited by syl (Nov 14, 2006). (View changes) Content: Integrating servlet container authentication with Wicket First of all the difference between authentication and authorization should be mentioned. It is that authentication determines who is currently using software and authorization determines if user has access to certain resource. In the case of integrating servlet container authentication with Wicket, servlet container will authenticate user and Wicket will authorize him. There might be several ways to do it, but I found the following most convenient. It is to define security constraint for the login page only while using Wicket authorization to redirect user to that login page. So when user goes to page that requires authorization Wicket redirects user to login page which activates servlet container authentication. After user is logged in, he`s name and roles are available from HttpServletRequest and can be put to Wicket session to use them for Wicket authorization. To make it more concrete here is some code. MyApplication.java public final class MyApplication extends WebApplication { ... @Override protected void init() { // setting page that Wicket will display if user has no rights to access a page getApplicationSettings().setAccessDeniedPage( LoginPage.class ); // setting authorization strategy (you can use any strategy you like) getSecuritySettings().setAuthorizationStrategy( new RoleAuthorizationStrategy( new MyRoleCheckingStrategy() ) ); // mounting login page so that it can be referred to in the security constraint mountBookmarkablePage( "/login", LoginPage.class ); } /** * Overriding newWebRequest so that to store take user information from * servletRequest and put it into wicket session. */ @Override protected WebRequest newWebRequest( final HttpServletRequest servletRequest ) { final WebRequest webRequest = super.newWebRequest( servletRequest ); final Session session = getSessionStore().lookup( webRequest ); if( session != null ) { /* Save user info into session. */ ( ( MySession )session ).takeUserFromRequest( servletRequest ); } return webRequest; } ... }

Powered by Atlassian Confluence (Version: 2.2.9 Build:#527 Sep 07, 2006) - Bug/feature request

Unsubscribe or edit your notifications preferences