Sean, Jean-Baptiste, Johan, Maurce, thanks for all of your help. I
ended up using a combination of all suggestions, which worked well.
Here's the final code in my Application class in case it's useful to
anybody else:
protected void init() {
super.init();
getSecuritySettings().setAuthorizationStrategy( new
IAuthorizationStrategy() {
public boolean isInstantiationAuthorized( Class
componentClass ) {
if(
componentClass.getName().startsWith("wicket") ) {
return true; //Allow wicket error
messages to be displayed
}
try {
boolean isAuthenticated = false;
HttpServletRequest request =
((WebRequest)RequestCycle.get
().getRequest()).getHttpServletRequest();
String auth =
request.getHeader("Authorization");
if (auth != null && auth.indexOf(' ')
!= -1) { // a valid auth
header will have the type of auth, then a space, then the data
auth =
auth.substring(auth.indexOf(' ') + 1);
auth = new String( new
BASE64Decoder().decodeBuffer( auth ) );
int index = auth.indexOf(':');
if (index != -1) {
String username =
auth.substring(0, index);
String password =
auth.substring(index+1);
isAuthenticated =
authenticate( username, password );
}
}
return isAuthenticated;
} catch( IOException e ) {
throw new RuntimeException( e );
}
}
private boolean authenticate( String username, String
password ) {
//Authenticate here
}
public boolean isActionAuthorized( Component component,
Action
action ) {
return true;
}
} );
getSecuritySettings().setUnauthorizedComponentInstantiationListener
( new IUnauthorizedComponentInstantiationListener() {
public void onUnauthorizedInstantiation( Component
component ) {
HttpServletResponse response =
((WebResponse)component.getResponse
()).getHttpServletResponse();
response.setHeader("WWW-Authenticate", "Basic
realm=\"" + getRealm
() + "\"");
throw new AbortWithHttpStatusException( 401,
false );
}
private String getRealm() {
return "YourSecurityRealm";
}
} );
}
--Jesse Barnum, President, 360Works
http://www.360works.com
(770) 234-9293
On Jul 7, 2007, at 12:27 AM, Sean Sullivan wrote:
>
> Have you tried:
>
> import org.apache.wicket.protocol.http.servlet.*;
>
>
> throw new AbortWithWebErrorCodeException(401)
>
> // or maybe:
>
> throw new AbortWithHttpStatusException(401, false)
>
>
>
> On 7/3/07, Maurice Marrink <[EMAIL PROTECTED] > wrote:
>
>
> I did some digging in the code and found the following: using the
> RequestCycle you can get the Response. which is most likely a
> WebResponse from there you can get the HttpServletResponse and set the
> statuscode to 401. Question remains how to tell wicket to stop
> processing and simply return the statuscode.
> ----------------------------------------------------------------------
> ---
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Wicket-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/wicket-user
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Wicket-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/wicket-user
