tags:

views:

95

answers:

1
+1  Q: 

How to you password protect a page with Wicket?

I want to password protect a webpage in Wicket so the user may only access it if he/she has logged in.

I'd also like the page to show the login page, and then after logging in the original page the user was trying to get to.

How is this done with wicket? I've already created a login page and extended the session class.

+3  A: 

The framework-supplied way is to provide an IAuthorizationStrategy instance for your application, e.g., by adding to your Application init() method:

init() {
    ...
    getSecuritySettings().setAuthorizationStrategy(...)
}

A working example of Wickets authorization functionality is on Wicket Stuff here, which demonstrates some reasonably complex stuff. For really simple cases, have a look at the SimplePageAuthorizationStrategy. At a very basic level, this could be used like so (taken from the linked Javadoc):

SimplePageAuthorizationStrategy authorizationStrategy = new SimplePageAuthorizationStrategy(
    MySecureWebPage.class, MySignInPage.class)
 {
        protected boolean isAuthorized()
        {
            // Authorize access based on user authentication in the session
            return (((MySession)Session.get()).isSignedIn());
        }
 };
 getSecuritySettings().setAuthorizationStrategy(authorizationStrategy);

Edit in response to comment

I think the best way forward, if you're just going to use something like SimplePageAuthorizationStrategy rather than that class itself. I did something like this to capture pages that are annotated with a custom annotation:

IAuthorizationStrategy authorizationStrategy = new AbstractPageAuthorizationStrategy()
 {
        protected boolean isPageAuthorized(java.lang.Class<Page.class> pageClass)
        {
            if (pageClass.getAnnotation(Protected.class) != null) {
                return (((MySession)Session.get()).isSignedIn());
            } else {
                return true;
            }
        }
 };

Then you'd need to register an IUnauthorizedComponentInstantiationListener similar to what is done in SimplePageAuthorizationStrategy (link is to the source code), which should be something like:

new IUnauthorizedComponentInstantiationListener()
{
    public void onUnauthorizedInstantiation(final Component component)
    {
    if (component instanceof Page)
    {
        throw new RestartResponseAtInterceptPageException(MySignInPage.class);
    }
    else
    {
        throw new UnauthorizedInstantiationException(component.getClass());
    }
    }
});
ig0774  2010-05-25 00:54:14
how do you use SimplePageAuthorizationStrategy with more than one page? I'd prefer not to use the base class of my webpages as the first parameter.
Kane  2010-05-25 19:06:44

related questions

Embeddable messaging component for Java web application
Programmatic use of Spring Security
Wicket on self written java based server
Can anyone show me a good tutorial of Apache Wicket ?
Which framework should I choose - Seam, Wicket, JSF or GWT?
Does it make sense to use Google Web Toolkit (GWT) as a full-blown Java web framework?
What is the best java web application framework that goes well with xml+xslt?
Difference between Apache Tapestry and Apache Wicket
What is the preferred way to do site templates and themes with Wicket?
Wicket Dependency Injection
Wicket PropertyModel strangeness?
What are the advantages of Apache Wicket?
Three tier layered application using Wicket + Spring + Hibernate. How would you handle transactions?
What java web framework best accomodates web ui designers?
Wicket: How to implement an IDataProvider/LoadableDetachableModel for indexed lists
Project layout using Wicket
Wicket, page stack, and memory usage
With wicket where does hibernate.cfg.xml file go?
Should I put html and java files in the same package (folder) in Apache Wicket ?
Wicket + Javascript
Wicket and JSPs
Minimal Java web app struture / ant build file
How do I call Java code from JavaScript code in Wicket?
visually customize autocomplete in Wicket
What Web Application Framework for Java is Recommended?