You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by alec <al...@distancesoftware.com> on 2009/04/27 21:32:56 UTC
custom expired page
We have a wicket 1.3.5 application and are having trouble redirecting to
an expired page if the user clicks on a link after the session expired.
in our application's init method we have the call
getApplicationSettings().setPageExpiredErrorPage(ExpiredPage.class);
and this works if they click on a normal link after the session has been
expired, but we're also using the AuthorizeInstantiation annotations
(from wicket-auth-roles) on several pages that forces a logged in user
to have a certain role to access the page or be redirected to the login
page. Our problem is that if the session expired then the user gets
redirected to the login page because of an unauthorized instantiation
instead of being redirected to the expired page.
Is there some way to work around this, or is there a way to determine if
the session had expired on the login page so we could display a message
there?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: custom expired page
Posted by Brill Pappin <br...@pappin.ca>.
Like because your expired page requires the role.
Remove the role annotation.
- Brill Pappin
On 27-Apr-09, at 3:32 PM, alec wrote:
> We have a wicket 1.3.5 application and are having trouble
> redirecting to an expired page if the user clicks on a link after
> the session expired. in our application's init method we have the
> call
> getApplicationSettings().setPageExpiredErrorPage(ExpiredPage.class);
> and this works if they click on a normal link after the session has
> been expired, but we're also using the AuthorizeInstantiation
> annotations (from wicket-auth-roles) on several pages that forces a
> logged in user to have a certain role to access the page or be
> redirected to the login page. Our problem is that if the session
> expired then the user gets redirected to the login page because of
> an unauthorized instantiation instead of being redirected to the
> expired page.
> Is there some way to work around this, or is there a way to
> determine if the session had expired on the login page so we could
> display a message there?
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: custom expired page
Posted by Igor Vaynberg <ig...@gmail.com>.
there is no way in j2ee spec to determine if a previous session
existed. page expiration is an artifact of using wicket and if you use
stateful links you can determine it. if you use bookmarkable links
then you cannot.
-igor
On Mon, Apr 27, 2009 at 1:34 PM, alec <al...@distancesoftware.com> wrote:
> maybe i should move away from the notion of a page. is there some way to
> determine if the session expired then? replacing all those
> BookmarkablePageLink's with normal links isn't an ideal solution. it'd be
> enough if at the login page there was something i could check that would
> tell me the session had expired.
>
> Matej Knopp wrote:
>>
>> If you use bookmarkable link then it's proper behavior.
>>
>> Bookmarkable link creates new page instance. It will never give you
>> expired error.
>>
>> -Matej
>>
>> On Mon, Apr 27, 2009 at 9:50 PM, alec <al...@distancesoftware.com> wrote:
>>
>>>
>>> are you referring to the java code i write for the link?
>>>
>>> it'd be something like:
>>> add(new BookmarkablePageLink("home", Application.get().getHomePage());
>>>
>>> it's not something special about the link which causes it to redirect to
>>> the
>>> login page, it's that the homepage class (and several others) requires
>>> the
>>> user to have a certain role to instantiate it.
>>>
>>>
>>> Matej Knopp wrote:
>>>
>>>>
>>>> can you paste here a link that redirects to login page?
>>>>
>>>> -Matej
>>>>
>>>> On Mon, Apr 27, 2009 at 9:39 PM, alec <al...@distancesoftware.com> wrote:
>>>>
>>>>
>>>>>
>>>>> sorry if that sounded confusing, but it's not the expiredpage that
>>>>> requires
>>>>> authorization, it's the destination of the link that was clicked.
>>>>>
>>>>> e.g. the user clicks the link to home (which requires authorization)
>>>>> and
>>>>> instead of getting the expired page they get the login page.
>>>>>
>>>>> Igor Vaynberg wrote:
>>>>>
>>>>>
>>>>>>
>>>>>> make your ExpiredPage not require authorization/authentication
>>>>>>
>>>>>> -igor
>>>>>>
>>>>>> On Mon, Apr 27, 2009 at 12:32 PM, alec <al...@distancesoftware.com>
>>>>>> wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> We have a wicket 1.3.5 application and are having trouble redirecting
>>>>>>> to
>>>>>>> an
>>>>>>> expired page if the user clicks on a link after the session expired.
>>>>>>> in
>>>>>>> our
>>>>>>> application's init method we have the call
>>>>>>> getApplicationSettings().setPageExpiredErrorPage(ExpiredPage.class);
>>>>>>> and this works if they click on a normal link after the session has
>>>>>>> been
>>>>>>> expired, but we're also using the AuthorizeInstantiation annotations
>>>>>>> (from
>>>>>>> wicket-auth-roles) on several pages that forces a logged in user to
>>>>>>> have
>>>>>>> a
>>>>>>> certain role to access the page or be redirected to the login page.
>>>>>>> Our
>>>>>>> problem is that if the session expired then the user gets redirected
>>>>>>> to
>>>>>>> the
>>>>>>> login page because of an unauthorized instantiation instead of being
>>>>>>> redirected to the expired page.
>>>>>>> Is there some way to work around this, or is there a way to determine
>>>>>>> if
>>>>>>> the
>>>>>>> session had expired on the login page so we could display a message
>>>>>>> there?
>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: custom expired page
Posted by alec <al...@distancesoftware.com>.
maybe i should move away from the notion of a page. is there some way
to determine if the session expired then? replacing all those
BookmarkablePageLink's with normal links isn't an ideal solution. it'd
be enough if at the login page there was something i could check that
would tell me the session had expired.
Matej Knopp wrote:
> If you use bookmarkable link then it's proper behavior.
>
> Bookmarkable link creates new page instance. It will never give you
> expired error.
>
> -Matej
>
> On Mon, Apr 27, 2009 at 9:50 PM, alec <al...@distancesoftware.com> wrote:
>
>> are you referring to the java code i write for the link?
>>
>> it'd be something like:
>> add(new BookmarkablePageLink("home", Application.get().getHomePage());
>>
>> it's not something special about the link which causes it to redirect to the
>> login page, it's that the homepage class (and several others) requires the
>> user to have a certain role to instantiate it.
>>
>>
>> Matej Knopp wrote:
>>
>>> can you paste here a link that redirects to login page?
>>>
>>> -Matej
>>>
>>> On Mon, Apr 27, 2009 at 9:39 PM, alec <al...@distancesoftware.com> wrote:
>>>
>>>
>>>> sorry if that sounded confusing, but it's not the expiredpage that
>>>> requires
>>>> authorization, it's the destination of the link that was clicked.
>>>>
>>>> e.g. the user clicks the link to home (which requires authorization) and
>>>> instead of getting the expired page they get the login page.
>>>>
>>>> Igor Vaynberg wrote:
>>>>
>>>>
>>>>> make your ExpiredPage not require authorization/authentication
>>>>>
>>>>> -igor
>>>>>
>>>>> On Mon, Apr 27, 2009 at 12:32 PM, alec <al...@distancesoftware.com>
>>>>> wrote:
>>>>>
>>>>>
>>>>>
>>>>>> We have a wicket 1.3.5 application and are having trouble redirecting
>>>>>> to
>>>>>> an
>>>>>> expired page if the user clicks on a link after the session expired.
>>>>>> in
>>>>>> our
>>>>>> application's init method we have the call
>>>>>> getApplicationSettings().setPageExpiredErrorPage(ExpiredPage.class);
>>>>>> and this works if they click on a normal link after the session has
>>>>>> been
>>>>>> expired, but we're also using the AuthorizeInstantiation annotations
>>>>>> (from
>>>>>> wicket-auth-roles) on several pages that forces a logged in user to
>>>>>> have
>>>>>> a
>>>>>> certain role to access the page or be redirected to the login page.
>>>>>> Our
>>>>>> problem is that if the session expired then the user gets redirected to
>>>>>> the
>>>>>> login page because of an unauthorized instantiation instead of being
>>>>>> redirected to the expired page.
>>>>>> Is there some way to work around this, or is there a way to determine
>>>>>> if
>>>>>> the
>>>>>> session had expired on the login page so we could display a message
>>>>>> there?
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>
>>>>>
>>>>>
>>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>
>>>>
>>>>
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: custom expired page
Posted by Matej Knopp <ma...@gmail.com>.
If you use bookmarkable link then it's proper behavior.
Bookmarkable link creates new page instance. It will never give you
expired error.
-Matej
On Mon, Apr 27, 2009 at 9:50 PM, alec <al...@distancesoftware.com> wrote:
> are you referring to the java code i write for the link?
>
> it'd be something like:
> add(new BookmarkablePageLink("home", Application.get().getHomePage());
>
> it's not something special about the link which causes it to redirect to the
> login page, it's that the homepage class (and several others) requires the
> user to have a certain role to instantiate it.
>
>
> Matej Knopp wrote:
>>
>> can you paste here a link that redirects to login page?
>>
>> -Matej
>>
>> On Mon, Apr 27, 2009 at 9:39 PM, alec <al...@distancesoftware.com> wrote:
>>
>>>
>>> sorry if that sounded confusing, but it's not the expiredpage that
>>> requires
>>> authorization, it's the destination of the link that was clicked.
>>>
>>> e.g. the user clicks the link to home (which requires authorization) and
>>> instead of getting the expired page they get the login page.
>>>
>>> Igor Vaynberg wrote:
>>>
>>>>
>>>> make your ExpiredPage not require authorization/authentication
>>>>
>>>> -igor
>>>>
>>>> On Mon, Apr 27, 2009 at 12:32 PM, alec <al...@distancesoftware.com>
>>>> wrote:
>>>>
>>>>
>>>>>
>>>>> We have a wicket 1.3.5 application and are having trouble redirecting
>>>>> to
>>>>> an
>>>>> expired page if the user clicks on a link after the session expired.
>>>>> in
>>>>> our
>>>>> application's init method we have the call
>>>>> getApplicationSettings().setPageExpiredErrorPage(ExpiredPage.class);
>>>>> and this works if they click on a normal link after the session has
>>>>> been
>>>>> expired, but we're also using the AuthorizeInstantiation annotations
>>>>> (from
>>>>> wicket-auth-roles) on several pages that forces a logged in user to
>>>>> have
>>>>> a
>>>>> certain role to access the page or be redirected to the login page.
>>>>> Our
>>>>> problem is that if the session expired then the user gets redirected to
>>>>> the
>>>>> login page because of an unauthorized instantiation instead of being
>>>>> redirected to the expired page.
>>>>> Is there some way to work around this, or is there a way to determine
>>>>> if
>>>>> the
>>>>> session had expired on the login page so we could display a message
>>>>> there?
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: custom expired page
Posted by alec <al...@distancesoftware.com>.
are you referring to the java code i write for the link?
it'd be something like:
add(new BookmarkablePageLink("home", Application.get().getHomePage());
it's not something special about the link which causes it to redirect to
the login page, it's that the homepage class (and several others)
requires the user to have a certain role to instantiate it.
Matej Knopp wrote:
> can you paste here a link that redirects to login page?
>
> -Matej
>
> On Mon, Apr 27, 2009 at 9:39 PM, alec <al...@distancesoftware.com> wrote:
>
>> sorry if that sounded confusing, but it's not the expiredpage that requires
>> authorization, it's the destination of the link that was clicked.
>>
>> e.g. the user clicks the link to home (which requires authorization) and
>> instead of getting the expired page they get the login page.
>>
>> Igor Vaynberg wrote:
>>
>>> make your ExpiredPage not require authorization/authentication
>>>
>>> -igor
>>>
>>> On Mon, Apr 27, 2009 at 12:32 PM, alec <al...@distancesoftware.com> wrote:
>>>
>>>
>>>> We have a wicket 1.3.5 application and are having trouble redirecting to
>>>> an
>>>> expired page if the user clicks on a link after the session expired. in
>>>> our
>>>> application's init method we have the call
>>>> getApplicationSettings().setPageExpiredErrorPage(ExpiredPage.class);
>>>> and this works if they click on a normal link after the session has been
>>>> expired, but we're also using the AuthorizeInstantiation annotations
>>>> (from
>>>> wicket-auth-roles) on several pages that forces a logged in user to have
>>>> a
>>>> certain role to access the page or be redirected to the login page. Our
>>>> problem is that if the session expired then the user gets redirected to
>>>> the
>>>> login page because of an unauthorized instantiation instead of being
>>>> redirected to the expired page.
>>>> Is there some way to work around this, or is there a way to determine if
>>>> the
>>>> session had expired on the login page so we could display a message
>>>> there?
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>
>>>>
>>>>
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: custom expired page
Posted by Matej Knopp <ma...@gmail.com>.
can you paste here a link that redirects to login page?
-Matej
On Mon, Apr 27, 2009 at 9:39 PM, alec <al...@distancesoftware.com> wrote:
> sorry if that sounded confusing, but it's not the expiredpage that requires
> authorization, it's the destination of the link that was clicked.
>
> e.g. the user clicks the link to home (which requires authorization) and
> instead of getting the expired page they get the login page.
>
> Igor Vaynberg wrote:
>>
>> make your ExpiredPage not require authorization/authentication
>>
>> -igor
>>
>> On Mon, Apr 27, 2009 at 12:32 PM, alec <al...@distancesoftware.com> wrote:
>>
>>>
>>> We have a wicket 1.3.5 application and are having trouble redirecting to
>>> an
>>> expired page if the user clicks on a link after the session expired. in
>>> our
>>> application's init method we have the call
>>> getApplicationSettings().setPageExpiredErrorPage(ExpiredPage.class);
>>> and this works if they click on a normal link after the session has been
>>> expired, but we're also using the AuthorizeInstantiation annotations
>>> (from
>>> wicket-auth-roles) on several pages that forces a logged in user to have
>>> a
>>> certain role to access the page or be redirected to the login page. Our
>>> problem is that if the session expired then the user gets redirected to
>>> the
>>> login page because of an unauthorized instantiation instead of being
>>> redirected to the expired page.
>>> Is there some way to work around this, or is there a way to determine if
>>> the
>>> session had expired on the login page so we could display a message
>>> there?
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: custom expired page
Posted by alec <al...@distancesoftware.com>.
sorry if that sounded confusing, but it's not the expiredpage that
requires authorization, it's the destination of the link that was clicked.
e.g. the user clicks the link to home (which requires authorization) and
instead of getting the expired page they get the login page.
Igor Vaynberg wrote:
> make your ExpiredPage not require authorization/authentication
>
> -igor
>
> On Mon, Apr 27, 2009 at 12:32 PM, alec <al...@distancesoftware.com> wrote:
>
>> We have a wicket 1.3.5 application and are having trouble redirecting to an
>> expired page if the user clicks on a link after the session expired. in our
>> application's init method we have the call
>> getApplicationSettings().setPageExpiredErrorPage(ExpiredPage.class);
>> and this works if they click on a normal link after the session has been
>> expired, but we're also using the AuthorizeInstantiation annotations (from
>> wicket-auth-roles) on several pages that forces a logged in user to have a
>> certain role to access the page or be redirected to the login page. Our
>> problem is that if the session expired then the user gets redirected to the
>> login page because of an unauthorized instantiation instead of being
>> redirected to the expired page.
>> Is there some way to work around this, or is there a way to determine if the
>> session had expired on the login page so we could display a message there?
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: custom expired page
Posted by Igor Vaynberg <ig...@gmail.com>.
make your ExpiredPage not require authorization/authentication
-igor
On Mon, Apr 27, 2009 at 12:32 PM, alec <al...@distancesoftware.com> wrote:
> We have a wicket 1.3.5 application and are having trouble redirecting to an
> expired page if the user clicks on a link after the session expired. in our
> application's init method we have the call
> getApplicationSettings().setPageExpiredErrorPage(ExpiredPage.class);
> and this works if they click on a normal link after the session has been
> expired, but we're also using the AuthorizeInstantiation annotations (from
> wicket-auth-roles) on several pages that forces a logged in user to have a
> certain role to access the page or be redirected to the login page. Our
> problem is that if the session expired then the user gets redirected to the
> login page because of an unauthorized instantiation instead of being
> redirected to the expired page.
> Is there some way to work around this, or is there a way to determine if the
> session had expired on the login page so we could display a message there?
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org