Looking for an example of Remember-me login functionality

[fatefree <fa...@gmail.com>]

I'm hoping to find a working example of a remember-me type login. I don't
mean that the username is stored in a cookie, but rather the user doesn't
need to go to a login page as they are authenticated through cookies
immediately.

I have struggled to try and piece together the code from this example: 
http://swik.net/User:go4info/go4blog/wicket,+acegi+and+remember+me+authentication/bmcu1
Wicket-Remember-Me-Authentication 

But i have never been able to put the fragments together to make a working
demo. Acegi and Auth Roles is the way I am currently authenticating, but I
am willing to drop the entire combo if there is an easier way. It also
worries me a little that every url is filtered through acegi when they don't
all need to be, but thats a different discussion altogether.

So if anyone has accomplished this, or knows of a place with more
information I would greatly appreciate it.
-- 
View this message in context: http://www.nabble.com/Looking-for-an-example-of-Remember-me-login-functionality-tp20334450p20334450.html
Sent from the Wicket - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org

Re: Looking for an example of Remember-me login functionality

[fatefree <fa...@gmail.com>]

Well it seems I was taking the wrong approach towards wicket auth roles.
Instead of trying to extend it, I took a step back and used the application
and the session class as a reference for how to build my own, and I was
easily able to acheive the remember me functionality.

I reused the annotation role strategy, but I dropped the dependency on
acegi's filter since that generated way more work than is needed for a
simple application. And then I was able to use the
TokenBasedRememberMeServices (slightly modified and injected into the
application) to create and expire the cookies, as well as use acegi's
authentication manager to authenticate. I also used my own credentials
object that was stored in the session instead of acegi's security context. 

One last thing to mention, I thought that the best place to auto login was
when a new session was created, rather than on an unauthorized
instantiation, since its only done once. However I noticed that two sessions
were being created at the first hit on the site, so I put in a call to
bind() in the session constructor which stopped that from happening.
-- 
View this message in context: http://www.nabble.com/Looking-for-an-example-of-Remember-me-login-functionality-tp20334450p20368700.html
Sent from the Wicket - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org

Re: Looking for an example of Remember-me login functionality

[fatefree <fa...@gmail.com>]

Thanks igor, I looked into that and unfortunately the method that controls
that is declared final in auth roles' AuthenticatedWebApplication (public
final void onUnauthorizedInstantiation(final Component component))

What I came to realize is that by configuring acegi's standard remember-me
processing filter, acegi will take care of looking for a cookie and using it
to authenticate. The problem seems to be in creating the cookie for the
first time, since I don't see how I can use acegi (which traditionally uses
authenticationProcessingFilter, that seems to be url driven) to hook into a
successful authentication and create the cookie.

So my plan to remedy that was to inject the remember me service into the
application, and create the cookie after the submission of the login form.
I'll experiment with that tomorrow and share my results. But i appreciate
the feedback


igor.vaynberg wrote:
> 
> this kind of code needs to go into your authorization strategy. there
> instead of redirecting to login page you first check for cookies and
> if the proper cookie is found simply return true instead of
> redirecting to login page. you can use
> (webrequest)requestcycle.get().getrequest() to get to cookies.
> 
> -igor
> 

-- 
View this message in context: http://www.nabble.com/Looking-for-an-example-of-Remember-me-login-functionality-tp20334450p20335335.html
Sent from the Wicket - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org

Re: Looking for an example of Remember-me login functionality

[Igor Vaynberg <ig...@gmail.com>]

this kind of code needs to go into your authorization strategy. there
instead of redirecting to login page you first check for cookies and
if the proper cookie is found simply return true instead of
redirecting to login page. you can use
(webrequest)requestcycle.get().getrequest() to get to cookies.

-igor

On Tue, Nov 4, 2008 at 4:40 PM, fatefree <fa...@gmail.com> wrote:
>
> I'm hoping to find a working example of a remember-me type login. I don't
> mean that the username is stored in a cookie, but rather the user doesn't
> need to go to a login page as they are authenticated through cookies
> immediately.
>
> I have struggled to try and piece together the code from this example:
> http://swik.net/User:go4info/go4blog/wicket,+acegi+and+remember+me+authentication/bmcu1
> Wicket-Remember-Me-Authentication
>
> But i have never been able to put the fragments together to make a working
> demo. Acegi and Auth Roles is the way I am currently authenticating, but I
> am willing to drop the entire combo if there is an easier way. It also
> worries me a little that every url is filtered through acegi when they don't
> all need to be, but thats a different discussion altogether.
>
> So if anyone has accomplished this, or knows of a place with more
> information I would greatly appreciate it.
> --
> View this message in context: http://www.nabble.com/Looking-for-an-example-of-Remember-me-login-functionality-tp20334450p20334450.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org