You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@wicket.apache.org by Mark Lichtenberg <ml...@machenergy.com> on 2008/06/10 00:08:20 UTC

Detect LoginPage redirection with swarm

Hi - We have a fairly straightforward app in which each page extends  
SecureWebPage such that if a user attempts to directly land on a  
mounted page, they will be redirected to our login page (as supplied  
in our Application.getLoginpage() method). After logging in, the user  
is directed to the originally requested page.

We have a requirement to alert a user that they will be redirected on  
the login page - but I can not find a way to detect this in our Login  
page class. I've tried getRequestCycle().isRedirect(), but this  
returns false whether the page is loaded directly or as an intercept  
page. Anyone know how I should approach this? Thanks.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org

Re: Detect LoginPage redirection with swarm

Posted by Mark Lichtenberg <ml...@machenergy.com>.

That worked perfectly. Thanks!

Mark


On [Jun 10], at 2:59 AM, Maurice Marrink wrote:

> It should be fairly simple to show a message on the login page stating
> the user will be redirected to whichever page they were trying to
> visit.
> It would be a lot more difficult i think to show a warning prior to
> redirecting to the login paging. But as i understand it that is
> fortunately not what you want :)
>
> Swarm uses ISecurityChecks to solve authorization and authentication,
> only a few checks should ever have to worry about redirecting to the
> login page. The most prominent place this happens is during the
> instantiation check in the ClassSecurityCheck By default this is used
> on every page implementing ISecurePage interface. The interface is
> customizable but it is also possible to override this per page.
> So what you could do is extend ClassSecurityCheck to store the page in
> the session you came from and then in the login page check for that
> and display an appropriate message. There might be other ways but i am
> not aware of them. :)
>
> public class LoggingClasssecurityCheck extends ClassSecurityCheck
> {
> 	public boolean isActionAuthorized(WaspAction action)
> 	{
> 		if (getClazz() == getLoginPage())
> 			return true;
> 		if (isAuthenticated())
> 			return getStrategy().isClassAuthorized(getClazz(), action);
> 		//not authenticated, log and redirect
> 		((MySession)Session.get()).logRedirect(getClazz());
> 		throw new RestartResponseAtInterceptPageException(getLoginPage());
> 	}
> }
>
> To use this check instead of the default just add a static final field
> containing an instance of the check to your page. The entire class
> hierarchy is searched so you could put it on your basepage to affect
> every page. If multiple static final fields containing ISecurityChecks
> are found in a class hierarchy all of them have to validate. Ofcourse
> annotations would be much nicer for this but swarm is still using java
> 1.4.
>
> Maurice
>
> On Tue, Jun 10, 2008 at 12:08 AM, Mark Lichtenberg
> <ml...@machenergy.com> wrote:
>> Hi - We have a fairly straightforward app in which each page extends
>> SecureWebPage such that if a user attempts to directly land on a  
>> mounted
>> page, they will be redirected to our login page (as supplied in our
>> Application.getLoginpage() method). After logging in, the user is  
>> directed
>> to the originally requested page.
>>
>> We have a requirement to alert a user that they will be redirected  
>> on the
>> login page - but I can not find a way to detect this in our Login  
>> page
>> class. I've tried getRequestCycle().isRedirect(), but this returns  
>> false
>> whether the page is loaded directly or as an intercept page. Anyone  
>> know how
>> I should approach this? Thanks.
>>
>> Mark
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org

Re: Detect LoginPage redirection with swarm

Posted by Maurice Marrink <ma...@gmail.com>.

It should be fairly simple to show a message on the login page stating
the user will be redirected to whichever page they were trying to
visit.
It would be a lot more difficult i think to show a warning prior to
redirecting to the login paging. But as i understand it that is
fortunately not what you want :)

Swarm uses ISecurityChecks to solve authorization and authentication,
only a few checks should ever have to worry about redirecting to the
login page. The most prominent place this happens is during the
instantiation check in the ClassSecurityCheck By default this is used
on every page implementing ISecurePage interface. The interface is
customizable but it is also possible to override this per page.
So what you could do is extend ClassSecurityCheck to store the page in
the session you came from and then in the login page check for that
and display an appropriate message. There might be other ways but i am
not aware of them. :)

public class LoggingClasssecurityCheck extends ClassSecurityCheck
{
	public boolean isActionAuthorized(WaspAction action)
	{
		if (getClazz() == getLoginPage())
			return true;
		if (isAuthenticated())
			return getStrategy().isClassAuthorized(getClazz(), action);
		//not authenticated, log and redirect
		((MySession)Session.get()).logRedirect(getClazz());
		throw new RestartResponseAtInterceptPageException(getLoginPage());
	}
}

To use this check instead of the default just add a static final field
containing an instance of the check to your page. The entire class
hierarchy is searched so you could put it on your basepage to affect
every page. If multiple static final fields containing ISecurityChecks
are found in a class hierarchy all of them have to validate. Ofcourse
annotations would be much nicer for this but swarm is still using java
1.4.

Maurice

On Tue, Jun 10, 2008 at 12:08 AM, Mark Lichtenberg
<ml...@machenergy.com> wrote:
> Hi - We have a fairly straightforward app in which each page extends
> SecureWebPage such that if a user attempts to directly land on a mounted
> page, they will be redirected to our login page (as supplied in our
> Application.getLoginpage() method). After logging in, the user is directed
> to the originally requested page.
>
> We have a requirement to alert a user that they will be redirected on the
> login page - but I can not find a way to detect this in our Login page
> class. I've tried getRequestCycle().isRedirect(), but this returns false
> whether the page is loaded directly or as an intercept page. Anyone know how
> I should approach this? Thanks.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org