You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by jd17 <jo...@gmx.de> on 2008/06/02 10:22:40 UTC
setPageExpiredErrorPage(PageExpired.class) -> Login page loaded
instead of PageExpired page
Hi,
in my Wicket application (using Wicket 1.3.3) I have a Login page. In case
of a session timeout, the user is supposed to be sent back to something
looking like the login page with an additional text "Your session has timed
out".
So I thought the best way to deal with this would be to create a PageExpired
class derived from the Login class and use markup inheritance to add the
"Your session has timed out" text, so there is no duplication and there are
just a few lines to add. In the init() method of my WebApplication subclass
I say
getApplicationSettings().setPageExpiredErrorPage(PageExpired.class);
But, unfortunately, on session expiry in most cases the Login Page is loaded
instead of the PageExpired page. I could not find out conditions under which
the Login page is being loaded instead of the PageExpired page. I tried to
debug the Wicket code itself but got lost somewhere and did not find the
point where the original target (before the timeout) gets replaced by the
Login page. Also, I noticed that in no case the getPageExpiredErrorPage()
Method of the Settings class was called.
Do you have any ideas or maybe an alternative approach?
José
--
View this message in context: http://www.nabble.com/setPageExpiredErrorPage%28PageExpired.class%29--%3E-Login-page-loaded-instead-of-PageExpired-page-tp17596262p17596262.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: setPageExpiredErrorPage(PageExpired.class) -> Login page loaded
instead of PageExpired page
Posted by mfs <fa...@gmail.com>.
sure will take a look...thanks
Mr Mean wrote:
>
> I thought it better to reply here, so everyone can find it back later :)
>
> As said before by default any self especting authorization strategy
> will redirect to a login page if it detects that the user is not
> authorized for the page / component currently being created. So the
> trick is to make sure that error pages like PageExpiredErrorPage are
> always authorized, how to do that depends on the framework of your
> choice.
>
> In the case of wicket-auth-roles there are potentially 2 places this
> happens:
> AnnotationsRoleAuthorizationStrategy#isInstantiationAuthorized
> MetaDataRoleAuthorizationStrategy#isInstantiationAuthorized
>
> I suggest placing a breakpoint in both places and step through to see
> what is denying the pageexpiredpage to instantiate.
>
> Also if you are building custom errorpages it always is a good idea to
> override isErrorPage to return true. (could not tell if that is what
> you are doing, but just in case)
>
> As for documentation for wicket-auth-roles: i am only aware of
> http://cwiki.apache.org/WICKET/acegi-and-wicket-auth-roles.html which
> has a slightly different focus then what you need :)
> of course you could always check the examples.
>
> Maurice
>
> On Wed, Jun 4, 2008 at 1:50 AM, mfs <fa...@gmail.com> wrote:
>>
>> I am facing a similar issue, can someone direct me to right
>> documentation, as
>> to how to redirect to sessionExpiredPage instead of login page if session
>> has expired..
>>
>>
>>
>> jd17 wrote:
>>>
>>> Hi Maurice,
>>> thanks for your quick response. I have tested quite a bit this morning
>>> and
>>> in most cases, the PageExpired page is being instantiated and redirected
>>> to on timeouts, but in other cases, it is not. I do not understand the
>>> exact circumstances, but I don't think the security strategy settings
>>> play
>>> a role because otherwise, I would not see the PageExpired page at all.
>>> José
>>>
>>>
>>> Mr Mean wrote:
>>>>
>>>> Looks like your security strategy is not allowing your pageexpired
>>>> page to be instantiated.
>>>>
>>>
>>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/setPageExpiredErrorPage%28PageExpired.class%29--%3E-Login-page-loaded-instead-of-PageExpired-page-tp17596262p17636338.html
>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/setPageExpiredErrorPage%28PageExpired.class%29--%3E-Login-page-loaded-instead-of-PageExpired-page-tp17596262p17641471.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: setPageExpiredErrorPage(PageExpired.class) -> Login page loaded instead of PageExpired page
Posted by Maurice Marrink <ma...@gmail.com>.
I thought it better to reply here, so everyone can find it back later :)
As said before by default any self especting authorization strategy
will redirect to a login page if it detects that the user is not
authorized for the page / component currently being created. So the
trick is to make sure that error pages like PageExpiredErrorPage are
always authorized, how to do that depends on the framework of your
choice.
In the case of wicket-auth-roles there are potentially 2 places this happens:
AnnotationsRoleAuthorizationStrategy#isInstantiationAuthorized
MetaDataRoleAuthorizationStrategy#isInstantiationAuthorized
I suggest placing a breakpoint in both places and step through to see
what is denying the pageexpiredpage to instantiate.
Also if you are building custom errorpages it always is a good idea to
override isErrorPage to return true. (could not tell if that is what
you are doing, but just in case)
As for documentation for wicket-auth-roles: i am only aware of
http://cwiki.apache.org/WICKET/acegi-and-wicket-auth-roles.html which
has a slightly different focus then what you need :)
of course you could always check the examples.
Maurice
On Wed, Jun 4, 2008 at 1:50 AM, mfs <fa...@gmail.com> wrote:
>
> I am facing a similar issue, can someone direct me to right documentation, as
> to how to redirect to sessionExpiredPage instead of login page if session
> has expired..
>
>
>
> jd17 wrote:
>>
>> Hi Maurice,
>> thanks for your quick response. I have tested quite a bit this morning and
>> in most cases, the PageExpired page is being instantiated and redirected
>> to on timeouts, but in other cases, it is not. I do not understand the
>> exact circumstances, but I don't think the security strategy settings play
>> a role because otherwise, I would not see the PageExpired page at all.
>> José
>>
>>
>> Mr Mean wrote:
>>>
>>> Looks like your security strategy is not allowing your pageexpired
>>> page to be instantiated.
>>>
>>
>>
>
> --
> View this message in context: http://www.nabble.com/setPageExpiredErrorPage%28PageExpired.class%29--%3E-Login-page-loaded-instead-of-PageExpired-page-tp17596262p17636338.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: setPageExpiredErrorPage(PageExpired.class) -> Login page loaded
instead of PageExpired page
Posted by mfs <fa...@gmail.com>.
I am facing a similar issue, can someone direct me to right documentation, as
to how to redirect to sessionExpiredPage instead of login page if session
has expired..
jd17 wrote:
>
> Hi Maurice,
> thanks for your quick response. I have tested quite a bit this morning and
> in most cases, the PageExpired page is being instantiated and redirected
> to on timeouts, but in other cases, it is not. I do not understand the
> exact circumstances, but I don't think the security strategy settings play
> a role because otherwise, I would not see the PageExpired page at all.
> José
>
>
> Mr Mean wrote:
>>
>> Looks like your security strategy is not allowing your pageexpired
>> page to be instantiated.
>>
>
>
--
View this message in context: http://www.nabble.com/setPageExpiredErrorPage%28PageExpired.class%29--%3E-Login-page-loaded-instead-of-PageExpired-page-tp17596262p17636338.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: setPageExpiredErrorPage(PageExpired.class) -> Login page loaded
instead of PageExpired page
Posted by jd17 <jo...@gmx.de>.
Maurice,
you were on the right track, thanks a lot! Some time ago I had defined the
authorization strategy as follows:
getSecuritySettings().setAuthorizationStrategy(new IAuthorizationStrategy()
{
...
public boolean isInstantiationAuthorized(Class componentClass) {
if (SecureStyledPage.class.isAssignableFrom(componentClass)) {
if (!((MWSession) Session.get()).isUserLoggedIn()) {
// Force sign in
throw new RestartResponseAtInterceptPageException(Login.class);
}
else {
return true;
}
}
return true;
}
and forgotten about it. So this was the reason why it went wrong and this is
the place to correct things.
Cheers
José
--
View this message in context: http://www.nabble.com/setPageExpiredErrorPage%28PageExpired.class%29--%3E-Login-page-loaded-instead-of-PageExpired-page-tp17596262p17597602.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: setPageExpiredErrorPage(PageExpired.class) -> Login page loaded
instead of PageExpired page
Posted by jd17 <jo...@gmx.de>.
Hi Maurice,
thanks for your quick response. I have tested quite a bit this morning and
in most cases, the PageExpired page is being instantiated and redirected to
on timeouts, but in other cases, it is not. I do not understand the exact
circumstances, but I don't think the security strategy settings play a role
because otherwise, I would not see the PageExpired page at all.
José
Mr Mean wrote:
>
> Looks like your security strategy is not allowing your pageexpired
> page to be instantiated.
>
--
View this message in context: http://www.nabble.com/setPageExpiredErrorPage%28PageExpired.class%29--%3E-Login-page-loaded-instead-of-PageExpired-page-tp17596262p17597039.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: setPageExpiredErrorPage(PageExpired.class) -> Login page loaded instead of PageExpired page
Posted by Maurice Marrink <ma...@gmail.com>.
Looks like your security strategy is not allowing your pageexpired
page to be instantiated. in that case it will try to render the login
page.
Note that this is default behavior both in wicket-auth-roles and swarm.
Check the documentation for how to set your security strategy to allow
wicket to create an instance of the page.
Maurice
On Mon, Jun 2, 2008 at 10:22 AM, jd17 <jo...@gmx.de> wrote:
>
> Hi,
>
> in my Wicket application (using Wicket 1.3.3) I have a Login page. In case
> of a session timeout, the user is supposed to be sent back to something
> looking like the login page with an additional text "Your session has timed
> out".
>
> So I thought the best way to deal with this would be to create a PageExpired
> class derived from the Login class and use markup inheritance to add the
> "Your session has timed out" text, so there is no duplication and there are
> just a few lines to add. In the init() method of my WebApplication subclass
> I say
>
> getApplicationSettings().setPageExpiredErrorPage(PageExpired.class);
>
> But, unfortunately, on session expiry in most cases the Login Page is loaded
> instead of the PageExpired page. I could not find out conditions under which
> the Login page is being loaded instead of the PageExpired page. I tried to
> debug the Wicket code itself but got lost somewhere and did not find the
> point where the original target (before the timeout) gets replaced by the
> Login page. Also, I noticed that in no case the getPageExpiredErrorPage()
> Method of the Settings class was called.
>
> Do you have any ideas or maybe an alternative approach?
>
> José
> --
> View this message in context: http://www.nabble.com/setPageExpiredErrorPage%28PageExpired.class%29--%3E-Login-page-loaded-instead-of-PageExpired-page-tp17596262p17596262.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org