You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by SG...@osc.state.ny.us on 2014/09/16 22:07:15 UTC
The order of setting mountPage and cryptoMapper changes behavior.
Hello,
Assuming we have 2 applications
One application providing authentication and second application configured
to be redirected to the first application for authentication.
Lets call page in the second application which does the redirection to
first application as SignInPage.
Below is the code in SignInPage which sets a cookie to redirect to the url
that was requested after login.
// The following lines ensure redirection back to the second application
page that was requested.
Response resp = getRequestCycle().getResponse();
if (resp instanceof WebResponse)
{
WebResponse webResp = (WebResponse) resp;
Cookie cookie =
WicketApplication.get().getIamHelper().getIamSecurityHelper().getRedirectURLCookie(second
app url);
webResp.addCookie(cookie);
}
// The following line redirects to first application for login.
getRequestCycle().scheduleRequestHandlerAfterCurrent(new
RedirectRequestHandler("../firstApplcation/login"));
Now mounting SignInPage class in
org.apache.wicket.protocol.http.WebApplication#init() in the following
order
getSecuritySettings().setCryptFactory(new
KeyInSessionSunJceCryptFactory());
setRootRequestMapper(new CryptoMapper(getRootRequestMapperAsCompound(),
this));
mountPage("/login", SignInPage.class);
The above setting works fine where the user is correctly redirected to
../firstApplcation/login to login,
however swapping CryptoMapper and mountPage as follows breaks and the user
is not redirected to First app for authentication,
url seen in the browser is "secondApplication/xxxxxxxxxxx" versus
../firstApplcation/login
getSecuritySettings().setCryptFactory(new
KeyInSessionSunJceCryptFactory());
mountPage("/login", SignInPage.class);
setRootRequestMapper(new CryptoMapper(getRootRequestMapperAsCompound(),
this));
Why does the order of mountPage and CryptoMapper change behavior ?
Thanks & Regards
Satish Gutta
Notice: This communication, including any attachments, is intended solely
for the use of the individual or entity to which it is addressed. This
communication may contain information that is protected from disclosure
under State and/or Federal law. Please notify the sender immediately if
you have received this communication in error and delete this email from
your system. If you are not the intended recipient, you are requested not
to disclose, copy, distribute or take any action in reliance on the
contents of this information.
Re: The order of setting mountPage and cryptoMapper changes behavior.
Posted by Martin Grigorov <mg...@apache.org>.
Hi,
This is by design.
This way you can encrypt the urls for some pages (the ones mounted before
making CryptoMapper as the root one), and leave unencrypted the urls for
the pages mounted after the CryptoMapper.
Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov
On Tue, Sep 16, 2014 at 11:07 PM, <SG...@osc.state.ny.us> wrote:
> Hello,
>
> Assuming we have 2 applications
>
> One application providing authentication and second application configured
> to be redirected to the first application for authentication.
>
> Lets call page in the second application which does the redirection to
> first application as SignInPage.
>
> Below is the code in SignInPage which sets a cookie to redirect to the url
> that was requested after login.
>
> // The following lines ensure redirection back to the second application
> page that was requested.
> Response resp = getRequestCycle().getResponse();
> if (resp instanceof WebResponse)
> {
> WebResponse webResp = (WebResponse) resp;
> Cookie cookie =
>
> WicketApplication.get().getIamHelper().getIamSecurityHelper().getRedirectURLCookie(second
> app url);
> webResp.addCookie(cookie);
> }
>
> // The following line redirects to first application for login.
> getRequestCycle().scheduleRequestHandlerAfterCurrent(new
> RedirectRequestHandler("../firstApplcation/login"));
>
> Now mounting SignInPage class in
> org.apache.wicket.protocol.http.WebApplication#init() in the following
> order
>
> getSecuritySettings().setCryptFactory(new
> KeyInSessionSunJceCryptFactory());
>
> setRootRequestMapper(new CryptoMapper(getRootRequestMapperAsCompound(),
> this));
>
> mountPage("/login", SignInPage.class);
>
> The above setting works fine where the user is correctly redirected to
> ../firstApplcation/login to login,
> however swapping CryptoMapper and mountPage as follows breaks and the user
> is not redirected to First app for authentication,
> url seen in the browser is "secondApplication/xxxxxxxxxxx" versus
> ../firstApplcation/login
>
> getSecuritySettings().setCryptFactory(new
> KeyInSessionSunJceCryptFactory());
>
> mountPage("/login", SignInPage.class);
>
> setRootRequestMapper(new CryptoMapper(getRootRequestMapperAsCompound(),
> this));
>
> Why does the order of mountPage and CryptoMapper change behavior ?
>
>
> Thanks & Regards
> Satish Gutta
>
>
>
> Notice: This communication, including any attachments, is intended solely
> for the use of the individual or entity to which it is addressed. This
> communication may contain information that is protected from disclosure
> under State and/or Federal law. Please notify the sender immediately if
> you have received this communication in error and delete this email from
> your system. If you are not the intended recipient, you are requested not
> to disclose, copy, distribute or take any action in reliance on the
> contents of this information.