You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@isis.apache.org by Kevin Meyer - KMZ <ke...@kmz.co.za> on 2011/07/05 20:27:48 UTC
Wicket Viewer's security: problem with custom authenticator
Hi Dan,
I recall you writing before that you've done something special with
Wicket - which seems to be causing me some grief. As hinted at
previously, I've written a SqlAuthenticator, which I specify via
isis.properties, and which works with the HTML viewer.
isis.authentication=objstore.dflt.saip.authentication.SqlAuthenticationManagerInstaller
But on the Wicket viewer, I get a:
"Access Denied
You do not have access to the page you requested.
Return to home page"
after a successful login.
Any advice?
Regards,
Kevin
PS:
I also notice that the (wicket form?) parser strips leading and trailing
spaces from the login details - so my passwords that stars/end with
spaces never matches.
Re: Wicket Viewer's security: problem with custom authenticator
Posted by Kevin Meyer - KMZ <ke...@kmz.co.za>.
Hi Dan,
On 7 Jul 2011 at 8:05, Dan Haywood wrote:
> On 06/07/2011 13:47, Kevin Meyer - KMZ wrote:
> >
> > Any tips on how to logout of Wicket?
> >
>
> I was about to reply that it wasn't implemented, and offer some tips on
> how to... but when I got into it there was very little to it, so I
> implemented it (ISIS-104).
>
> So, do an "svn up" and when you run your app you should now see a logout
> link at the bottom.
Thanks! I see it.
I need to do a little more investigation, but I'm finding a quirk with
logging in - I often need to login twice to actually get into the
application (using the Wicket viewer)! The first time it just takes me
back to the login page, with no error or explanation.
Regards,
Kevin
Re: Wicket Viewer's security: problem with custom authenticator
Posted by Dan Haywood <dk...@gmail.com>.
Hi Mark,
The vote is still going so far as I am concerned.
This particular thread related to a feature that wasn't implemented,
rather than something broken.
On a different thread Rob does seem to have an issue with building the
site, but I can't reproduce it, we have a workaround, and anyway the
site is only something that committers would usually build.
Thx
Dan
~~~~~~~~~~
On 07/07/2011 08:38, Mark Struberg wrote:
> Folks, since there are so many discussions about possible errors and so, please allow me if the VOTE is still going on or if it got cancelled?
>
> If it's still alive, then I'll look at it this afternoon.
>
> LieGrue,
> strub
>
> --- On Thu, 7/7/11, Dan Haywood<dk...@gmail.com> wrote:
>
>> From: Dan Haywood<dk...@gmail.com>
>> Subject: Re: Wicket Viewer's security: problem with custom authenticator
>> To: isis-dev@incubator.apache.org
>> Date: Thursday, July 7, 2011, 7:05 AM
>>
>> On 06/07/2011 13:47, Kevin Meyer - KMZ wrote:
>>> Any tips on how to logout of Wicket?
>>>
>> I was about to reply that it wasn't implemented, and offer
>> some tips on how to... but when I got into it there was very
>> little to it, so I implemented it (ISIS-104).
>>
>> So, do an "svn up" and when you run your app you should now
>> see a logout link at the bottom.
>>
>> Cheers
>> Dan
>>
>>
Re: Wicket Viewer's security: problem with custom authenticator
Posted by Mark Struberg <st...@yahoo.de>.
Folks, since there are so many discussions about possible errors and so, please allow me if the VOTE is still going on or if it got cancelled?
If it's still alive, then I'll look at it this afternoon.
LieGrue,
strub
--- On Thu, 7/7/11, Dan Haywood <dk...@gmail.com> wrote:
> From: Dan Haywood <dk...@gmail.com>
> Subject: Re: Wicket Viewer's security: problem with custom authenticator
> To: isis-dev@incubator.apache.org
> Date: Thursday, July 7, 2011, 7:05 AM
>
> On 06/07/2011 13:47, Kevin Meyer - KMZ wrote:
> >
> > Any tips on how to logout of Wicket?
> >
>
> I was about to reply that it wasn't implemented, and offer
> some tips on how to... but when I got into it there was very
> little to it, so I implemented it (ISIS-104).
>
> So, do an "svn up" and when you run your app you should now
> see a logout link at the bottom.
>
> Cheers
> Dan
>
>
Re: Wicket Viewer's security: problem with custom authenticator
Posted by Dan Haywood <dk...@gmail.com>.
On 06/07/2011 13:47, Kevin Meyer - KMZ wrote:
>
> Any tips on how to logout of Wicket?
>
I was about to reply that it wasn't implemented, and offer some tips on
how to... but when I got into it there was very little to it, so I
implemented it (ISIS-104).
So, do an "svn up" and when you run your app you should now see a logout
link at the bottom.
Cheers
Dan
Re: Wicket Viewer's security: problem with custom authenticator
Posted by Kevin Meyer - KMZ <ke...@kmz.co.za>.
On 6 Jul 2011 at 12:12, Dan Haywood wrote:
> There were a few spots you missed, so I've committed the remaining
> changes (rev 1143343).
>
Yikes, thanks - I realise I didn't run a full build to catch failing tests first.
Now that we're here, though, I've just discovered that the Wicket
viewer does not expose a "logout" action - I'm running in deployment
mode, at the moment (I had to add a sql user profile and installer - just
an empty shell, at the moment).
Any tips on how to logout of Wicket?
Regards,
Kevin
Re: Wicket Viewer's security: problem with custom authenticator
Posted by Dan Haywood <dk...@gmail.com>.
There were a few spots you missed, so I've committed the remaining
changes (rev 1143343).
On 06/07/2011 11:46, Kevin Meyer - KMZ wrote:
> Hi Dan,
>
> On 6 Jul 2011 at 9:17, Dan Haywood wrote:
>> Authorization is performed by Wicket. If you look at
>> org.apache.isis.viewer.wicket.ui.pages.entity.EntityPage you'll see it
>> protected by a role of "org.starobjects.wicket.roles.USER".
> Thanks, that did the trick. I'm just adding that role to the list of roles
> contributed by my domain rules, and now I can login - and the extra
> role doesn't affect the other viewers.
>
> I'll look into where the spaces are being stripped out, later.
>
>> NB: I'll raise a ticket to change that string literal to be
>> "org.apache.isis.viewer.wicket.roles.USER".
> Thanks - I've commited the change.
>
>
> Regards,
> Kevin
>
>
>
Re: Wicket Viewer's security: problem with custom authenticator
Posted by Kevin Meyer - KMZ <ke...@kmz.co.za>.
Hi Dan,
On 6 Jul 2011 at 9:17, Dan Haywood wrote:
> Authorization is performed by Wicket. If you look at
> org.apache.isis.viewer.wicket.ui.pages.entity.EntityPage you'll see it
> protected by a role of "org.starobjects.wicket.roles.USER".
Thanks, that did the trick. I'm just adding that role to the list of roles
contributed by my domain rules, and now I can login - and the extra
role doesn't affect the other viewers.
I'll look into where the spaces are being stripped out, later.
> NB: I'll raise a ticket to change that string literal to be
> "org.apache.isis.viewer.wicket.roles.USER".
Thanks - I've commited the change.
Regards,
Kevin
Re: Wicket Viewer's security: problem with custom authenticator
Posted by Dan Haywood <dk...@gmail.com>.
Authorization is performed by Wicket. If you look at
org.apache.isis.viewer.wicket.ui.pages.entity.EntityPage you'll see it
protected by a role of "org.starobjects.wicket.roles.USER".
Therefore your
org.apache.isis.core.commons.authentication.AuthenticationSession
returned by your authenticator must return a session with a role whose
string is that above (via #getRoles()).
NB: I'll raise a ticket to change that string literal to be
"org.apache.isis.viewer.wicket.roles.USER".
Dan
On 05/07/2011 19:27, Kevin Meyer - KMZ wrote:
> Hi Dan,
>
> I recall you writing before that you've done something special with
> Wicket - which seems to be causing me some grief. As hinted at
> previously, I've written a SqlAuthenticator, which I specify via
> isis.properties, and which works with the HTML viewer.
>
> isis.authentication=objstore.dflt.saip.authentication.SqlAuthenticationManagerInstaller
>
> But on the Wicket viewer, I get a:
>
> "Access Denied
> You do not have access to the page you requested.
> Return to home page"
>
> after a successful login.
>
> Any advice?
>
> Regards,
> Kevin
>
>
> PS:
> I also notice that the (wicket form?) parser strips leading and trailing
> spaces from the login details - so my passwords that stars/end with
> spaces never matches.
>
>
>