I want to be able to have a nice, clean implementation of one
authorization strategy for all of my applications such that once I've
signed in for one application, I'm signed in for all of them.
My rough plan was to create a concrete class implementing
IAuthorizationStrategy, a SignIn.java and corresponding SignIn.html. Then
in any application that needed authorization, I'd call
setAuthorizationStrategy and pass in an instance of my
SignInAuthorizationStrategy.
The problem is that I *don't* want to have to force all of my applications
to override getSessionFactory to provide a session for authorization;
This is both because the applications may want to put something else in
the session for their own use, and because this wouldn't solve my sign-in
problem anyway. I'd still end up having to sign in once per application.
The only way I can think to do it is a fairly gross-looking hack to get at
the HttpSession object and put my authorization-related objects in the
user's HTTP session diroctly. This strikes me as inelegant, since it
steps outside the framework to perform tasks inside the framework.
It also doesn't look like I can make SignIn its own WebApplication, since
RestartResponseAtInterceptPageException takes a Page, not an Application.
And if I call getSession on the SignIn page component, I'm going to get
the Application's session, which again won't be shared across all
applications.
I don't want to jam anything into a cookie and rely on that, since this
would open up a vulnerability to xss-style attacks.
Is there a "right" way to do this in Wicket?
Nick
--
When you're a kid, they tell you it's all grow up, get a job, get married,
get a house, have a kid, and that's it. No, the truth is the world is so
much stranger than that. It's so much darker, and so much madder.
And so much better.
-- Elton, Doctor Who, "Love and Monsters"
This message has been brought to you by Nick Johnson 2.1 and the number 6.
http://healerNick.com/ http://morons.org/ http://spatula.net/
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
