Hook into RequestCycle ?

[Roland Huss <na...@tichny.org>]

Hi,

what is the best place to hook into the request cycle 
before a page gets processed ? I looked through 
http://cwiki.apache.org/WICKET/lifecycle-of-a-wicket-application.html but
the 
information there seems to be a bit outdated ("the Session returned by the
Application 
is asked  to create a RequestCycle object using the Session's request cycle
factory", 
but there's nothing like a request cycle factory which can be obtained from
a Session in 1.3)

Is there a more accurate documentation of a request's lifecycle somewhere
else ? 

My use case is as follows: Before any page is processed I want to look up in
the Session,
whether a user is authenticated. If not, it is checked wheter a certain hash
stored in a Cookie 
(if any) is stored in the DB and the associated user then is put into the
session, providing some sort 
of 'keep me logged in' functionality. (The 'remember me' feature of the
SignInPanel is not enough for
me, since I want a transparent login without moving over the login page). Of
course, if there is already
support for this kind of feature out of the box somewhere, I would be happy
for getting a pointer, too.

thanx ...

... roland
-- 
View this message in context: http://www.nabble.com/Hook-into-RequestCycle---tp15428634p15428634.html
Sent from the Wicket - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org

Re: Hook into RequestCycle ?

[Roland Huss <na...@tichny.org>]

Martijn Dashorst wrote:
> 
> The auth-roles project is basically an example, so the fact that you
> copied
> it, is a good thing (tm). Even though it is sufficient for a lot of
> projects, if you need anything beyond the current capabilities, then
> rolling
> your own is the way to go. Or use Swarm/Wasp from Wicket Stuff
> 

Well, auth-roles meets nearly perfectly my current needs and I use it, but
had to 
*duplicate* quite some code in a subclass (i.e. overriding a method, 
copying the original code except one line or so). That's a bad thing IMO. 

I agree that auth-role is an add on and I could do it my own way. 
The core wicket extensions points are more than sufficient for that.
But even a good example like auth-roles could be improved sometimes ;-)
 
Don't get me wrong, the current situation is ok for me because it works.

bye ...

...roland
  

-- 
View this message in context: http://www.nabble.com/Hook-into-RequestCycle---tp15428634p15439750.html
Sent from the Wicket - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org

Re: Hook into RequestCycle ?

[Martijn Dashorst <ma...@gmail.com>]

The auth-roles project is basically an example, so the fact that you copied
it, is a good thing (tm). Even though it is sufficient for a lot of
projects, if you need anything beyond the current capabilities, then rolling
your own is the way to go. Or use Swarm/Wasp from Wicket Stuff.
Martijn

On 2/12/08, Roland Huss <na...@tichny.org> wrote:
>
>
> Hi Martijn,
>
>
> Martijn Dashorst wrote:
> >
> > Take a look at wicket-auth-roles. This provides the usual security
> stuff,
> > and you can easily also check for a set cookie. Just implement your own
> > authorisation scheme.
> >
>
> Thanks, this was exactly the pointer I was looking for
> (i.e. the hook via IUnauthorizedComponentInstantiationListener as used in
> AuthenticatedWebApplication)
>
> However, there is a slight glitch.  There is not way to provide a
> automatic sign in since this can be only be done via
> signIn(username,password) on AuthenticatedWebSession. It would be
> possible if AWS.isSignedIn() wouldn't be final, so one could
> dynamically check for the cookie (and not only for a previous occured
> manual authentication).
>
> The solution I've chosen right now is to set an own
> UnauthorizedComponentInstantiationListener in my
> AuthenticatedWebApplication which copies over 90% of the existing
> functionality. This is certainly not an ideal solution.
>
> In general, I'm a fan of final methods, too in order to restrict
> unwanted extension points, but for AWS.isSignedIn() it would be
> probably a good idea to allow overriding or at least to provide and
> additional hook to relax the restriction to work with manual
> authentication via AWS.signIn() only.
>
> If you don't mind, I would like to open a JIRA issue for an RFE
> (with some more code examples).
>
> Thanx again for the hint (and for this great framework in general ;-) ...
>
> ... roland
>
>
> --
> View this message in context:
> http://www.nabble.com/Hook-into-RequestCycle---tp15428634p15435618.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>


-- 
Buy Wicket in Action: http://manning.com/dashorst
Apache Wicket 1.3.1 is released
Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.1

Re: Hook into RequestCycle ?

[Roland Huss <na...@tichny.org>]

Hi Martijn,


Martijn Dashorst wrote:
> 
> Take a look at wicket-auth-roles. This provides the usual security stuff,
> and you can easily also check for a set cookie. Just implement your own
> authorisation scheme.
> 

Thanks, this was exactly the pointer I was looking for 
(i.e. the hook via IUnauthorizedComponentInstantiationListener as used in 
AuthenticatedWebApplication)

However, there is a slight glitch.  There is not way to provide a
automatic sign in since this can be only be done via
signIn(username,password) on AuthenticatedWebSession. It would be
possible if AWS.isSignedIn() wouldn't be final, so one could
dynamically check for the cookie (and not only for a previous occured
manual authentication).

The solution I've chosen right now is to set an own
UnauthorizedComponentInstantiationListener in my
AuthenticatedWebApplication which copies over 90% of the existing
functionality. This is certainly not an ideal solution.

In general, I'm a fan of final methods, too in order to restrict
unwanted extension points, but for AWS.isSignedIn() it would be
probably a good idea to allow overriding or at least to provide and
additional hook to relax the restriction to work with manual
authentication via AWS.signIn() only.

If you don't mind, I would like to open a JIRA issue for an RFE 
(with some more code examples).

Thanx again for the hint (and for this great framework in general ;-) ...

... roland


-- 
View this message in context: http://www.nabble.com/Hook-into-RequestCycle---tp15428634p15435618.html
Sent from the Wicket - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org

Re: Hook into RequestCycle ?

[Martijn Dashorst <ma...@gmail.com>]

Take a look at wicket-auth-roles. This provides the usual security stuff,
and you can easily also check for a set cookie. Just implement your own
authorisation scheme.
Martijn

On 2/12/08, Roland Huss <na...@tichny.org> wrote:
>
>
> Hi,
>
> what is the best place to hook into the request cycle
> before a page gets processed ? I looked through
> http://cwiki.apache.org/WICKET/lifecycle-of-a-wicket-application.html but
> the
> information there seems to be a bit outdated ("the Session returned by the
> Application
> is asked  to create a RequestCycle object using the Session's request
> cycle
> factory",
> but there's nothing like a request cycle factory which can be obtained
> from
> a Session in 1.3)
>
> Is there a more accurate documentation of a request's lifecycle somewhere
> else ?
>
> My use case is as follows: Before any page is processed I want to look up
> in
> the Session,
> whether a user is authenticated. If not, it is checked wheter a certain
> hash
> stored in a Cookie
> (if any) is stored in the DB and the associated user then is put into the
> session, providing some sort
> of 'keep me logged in' functionality. (The 'remember me' feature of the
> SignInPanel is not enough for
> me, since I want a transparent login without moving over the login page).
> Of
> course, if there is already
> support for this kind of feature out of the box somewhere, I would be
> happy
> for getting a pointer, too.
>
> thanx ...
>
> ... roland
> --
> View this message in context:
> http://www.nabble.com/Hook-into-RequestCycle---tp15428634p15428634.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>


-- 
Buy Wicket in Action: http://manning.com/dashorst
Apache Wicket 1.3.1 is released
Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.1

Re: Hook into RequestCycle ?

[Timo Rantalaiho <Ti...@ri.fi>]

On Tue, 12 Feb 2008, Roland Huss wrote:
> what is the best place to hook into the request cycle 
> before a page gets processed ? I looked through 
> http://cwiki.apache.org/WICKET/lifecycle-of-a-wicket-application.html but
> the 
> information there seems to be a bit outdated ("the Session returned by the
> Application 
> is asked  to create a RequestCycle object using the Session's request cycle
> factory", 
> but there's nothing like a request cycle factory which can be obtained from
> a Session in 1.3)

Application.newRequestCycle() ?

Quite easily found by searching references to RequestCycle.

Best wishes,
Timo

-- 
Timo Rantalaiho           
Reaktor Innovations Oy    <URL: http://www.ri.fi/ >

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org