[Noob] can login& create session, but dont know how to protect pages.

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[Noob] can login& create session, but dont know how to protect pages.

mrblobby
I have a login page, and the user can login which creates a session.  However, I cant find how to protect say a myaccount page in an elegant way.

I could hard code some logic at the beginning of every page which requires authentication to manually check the session, e.g. with:

if (!isUserLoggedIn()) {
  throw new RestartResponseAtInterceptPageException(Login.class)}
}

Is this the recommended solution?

I looked briefly at (dont know what its called):

    org.apache.wicket.authorization.strategies.role.annotations.AuthorizeInstantiation;

But this is way too complex, I just need user logged in or out, no roles.

Any tips?
Reply | Threaded
Open this post in threaded view
|

Re: [Noob] can login& create session, but dont know how to protect pages.

jcgarciam
Check this:

  http://spatula.net/blog/2006/11/adding-generic-authorization-to-wicket.html


On Tue, Dec 28, 2010 at 2:56 PM, mrblobby [via Apache Wicket] <[hidden email]> wrote:
I have a login page, and the user can login which creates a session.  However, I cant find how to protect say a myaccount page in an elegant way.

I could hard code some logic at the beginning of every page which requires authentication to manually check the session, e.g. with:

if (!isUserLoggedIn()) {
  throw new RestartResponseAtInterceptPageException(Login.class)}
}

Is this the recommended solution?

I looked briefly at (dont know what its called):

    org.apache.wicket.authorization.strategies.role.annotations.AuthorizeInstantiation;

But this is way too complex, I just need user logged in or out, no roles.

Any tips?


View message @ http://apache-wicket.1842946.n4.nabble.com/Noob-can-login-create-session-but-dont-know-how-to-protect-pages-tp3166330p3166330.html
To start a new topic under Apache Wicket, email [hidden email]
To unsubscribe from Apache Wicket, click here.



--
Sincerely,
JC (http://www.linkedin.com/in/jcgarciam)
--Anyone who has never made a mistake has never tried anything new.--