Solution found.
Within the newRequestCycleProcessor() method of the
MyAuthenticatedWebApplication class I caught the exception thrown by the
IRequestTarget respond method.
protected IRequestCycleProcessor newRequestCycleProcessor()
{
return new DefaultWebRequestCycleProcessor() {
protected IResponseStrategy newResponseStrategy()
{
return new IResponseStrategy() {
public void respond(RequestCycle requestCycle)
{
IRequestTarget requestTarget =
requestCycle.getRequestTarget();
if(requestTarget != null)
{
Application.get().logResponseTarget(requestTarget);
WebRequest webRequest =
(WebRequest)requestCycle.getRequest();
WebResponse webResponse =
(WebResponse)requestCycle.getResponse();
HttpServletRequest httpServletRequest =
webRequest.getHttpServletRequest();
Class pageClass = null;
if(requestTarget instanceof IPageRequestTarget)
{
IPageRequestTarget pageTarget =
(IPageRequestTarget)requestTarget;
pageClass = pageTarget.getPage().getClass();
} else
if(requestTarget instanceof
IBookmarkablePageRequestTarget)
{
IBookmarkablePageRequestTarget
bookmarkableTarget = (IBookmarkablePageRequestTarget)requestTarget;
pageClass =
bookmarkableTarget.getPageClass();
}
if(pageClass != null &&
!httpServletRequest.isSecure() &&
pageClass.isAnnotationPresent(RequiredSSL.class))
{
StringBuffer url = new StringBuffer((new
StringBuilder()).append("https://";).append(httpServletRequest.getServerName()).toString());
url.append(":8443");
String q =
RequestCycle.get().urlFor(requestTarget).toString();
url.append(q);
webResponse.redirect(url.toString());
} else
if(pageClass != null &&
httpServletRequest.isSecure() &&
!pageClass.isAnnotationPresent(RequiredSSL.class))
{
StringBuffer url = new StringBuffer((new
StringBuilder()).append("http://";).append(httpServletRequest.getServerName()).toString());
String q =
RequestCycle.get().urlFor(requestTarget).toString();
url.append(q);
webResponse.redirect(url.toString());
}
try{
requestTarget.respond(requestCycle);
}catch(Exception e){
logger.debug("Error caught: "+e);
}
}
}
};
}
};
}
}
It's more of a hack than an elegant solution. It would be nice for the
designers to release a robust example of SSL working with roles and
authorization.
wired wrote:
>
> Hi
>
> I'm trying to mix authentication using annotations and SSL, but I'm having
> problems.
>
> I am simply using the code found in the auth-roles-examples (1.2.1) and I
> have made some changes using the "Switch to SSL" example
> (http://www.wicket-wiki.org.uk/wiki/index.php/Switch_to_SSL_mode)
>
> If I try to access a page that requires me to sign in, and I am redirected
> to the MySignInPage to which I have added the annotation @RequiredSSL, an
> exception is thrown which is caused by:
>
> wicket.WicketRuntimeException: Already redirecting to
> 'https://localhost:8443/wirap/authentication?wicket:interface=:1::'.
> Cannot redirect more than once
>
> Now I have verified that the @RequiredSSL annotation works. It only fails
> when I try to access a page that requires authorization and I'm redirected
> to the login page over SSL.
>
> Does anyone have any solutions?
>
> Many thanks in advance!
>
--
View this message in context:
http://www.nabble.com/ssl%2C-roles-and-authorization-tf2087198.html#a5762945
Sent from the Wicket - User forum at Nabble.com.
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Wicket-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/wicket-user
