You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@wicket.apache.org by Andrew Easter <an...@gmail.com> on 2009/08/05 18:24:25 UTC

Spring Security (method-level)

I'm trying to get Wicket working with the method-level security support in
Spring (Acegi) Security. I've got the integration working up to a point
having followed these articles:

- http://forum.springsource.org/showthread.php?t=67974
- http://cwiki.apache.org/WICKET/spring-security-and-wicket-auth-roles.html

However, i'm left with one remaining issue - redirecting to the correct page
following a successful login. Let me explain...

In my custom WebRequestCycle, I've overridden this:

   @Override
   public Page onRuntimeException( Page page, RuntimeException e )
   {
      Page toReturn = null;

      if ( e.getCause() instanceof
AuthenticationCredentialsNotFoundException )
      {
         toReturn = new LoginPage();
      }
      else
      {
         toReturn = super.onRuntimeException( page, e );
      }
      return toReturn;
   }

This code will be reached whenever a Page calls a Spring service layer
method that has been annotated with security restrictions. The user is then
redirected successfully to the LoginPage. This is where I get stuck. I've
followed the code from the second article and can successfully authenticate
a user within the Spring Security Context. However, at this point I then
want to return to the page that generated the
AuthenticationCredentialsNotFoundException, retaining any page state at the
time the exception occurred.

Do I need to be thinking along the lines of passing around the Page object
that was passed to the onRuntimeException() method? Or any there dangers
here relating to session state?

When authenticating using Wicket auth-roles, the Login page is clearly being
passed additional information - I guess this is somehow supported via the
way the Login page is registered in the WebApplication as the official sign
in page. I guess I just need to make sure the Login page that I create on
catching the AuthenticationCredentialsNotFoundException is passed the same
information.

Any help on this will be much appreciated. I really do value the help people
are giving me on this mailing list as I continue to learn (and enjoy)
Wicket. Thanks everyone!

Andrew

Re: Spring Security (method-level)

Posted by Martijn Dashorst <ma...@gmail.com>.

>From the top of my head:

throw new RedirectToInterceptPage
redirectToOriginalDestination()

Martijn

On Wed, Aug 5, 2009 at 6:24 PM, Andrew Easter<an...@gmail.com> wrote:
> I'm trying to get Wicket working with the method-level security support in
> Spring (Acegi) Security. I've got the integration working up to a point
> having followed these articles:
>
> - http://forum.springsource.org/showthread.php?t=67974
> - http://cwiki.apache.org/WICKET/spring-security-and-wicket-auth-roles.html
>
> However, i'm left with one remaining issue - redirecting to the correct page
> following a successful login. Let me explain...
>
> In my custom WebRequestCycle, I've overridden this:
>
>   @Override
>   public Page onRuntimeException( Page page, RuntimeException e )
>   {
>      Page toReturn = null;
>
>      if ( e.getCause() instanceof
> AuthenticationCredentialsNotFoundException )
>      {
>         toReturn = new LoginPage();
>      }
>      else
>      {
>         toReturn = super.onRuntimeException( page, e );
>      }
>      return toReturn;
>   }
>
> This code will be reached whenever a Page calls a Spring service layer
> method that has been annotated with security restrictions. The user is then
> redirected successfully to the LoginPage. This is where I get stuck. I've
> followed the code from the second article and can successfully authenticate
> a user within the Spring Security Context. However, at this point I then
> want to return to the page that generated the
> AuthenticationCredentialsNotFoundException, retaining any page state at the
> time the exception occurred.
>
> Do I need to be thinking along the lines of passing around the Page object
> that was passed to the onRuntimeException() method? Or any there dangers
> here relating to session state?
>
> When authenticating using Wicket auth-roles, the Login page is clearly being
> passed additional information - I guess this is somehow supported via the
> way the Login page is registered in the WebApplication as the official sign
> in page. I guess I just need to make sure the Login page that I create on
> catching the AuthenticationCredentialsNotFoundException is passed the same
> information.
>
> Any help on this will be much appreciated. I really do value the help people
> are giving me on this mailing list as I continue to learn (and enjoy)
> Wicket. Thanks everyone!
>
> Andrew
>



-- 
Become a Wicket expert, learn from the best: http://wicketinaction.com
Apache Wicket 1.4 increases type safety for web applications
Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.0

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org