I have a bunch of pages which should only be accessible when the user is logged in. So that the URLs make sense, and also so that the user may bookmark them, I have made them bookmarkable URLs in Wicket.
Now the problem occurs, that if the user comes to view these pages, but is not yet logged in. The constuctor which takes a PageParameters on my page is called.
My approach is going to be:
- For all pages which should only be available logged in, but which are bookmarkable, put an
ifstatement in this constructor to test if the user is logged in or not. - If the user is not logged in:
- Store (a) this.class (b) the PageParameters in a special place in the session
setReponsePageto be my login page- In the login page, if the login is successful, check to see if these special attributes in the session are set, and if so, then
setResponsePageto be the class/parameters of the desired bookmarkable URL
Is this approach correct? It seems to be a bit of extra/manual work (although not too much!), but Wicket provides a lot of useful stuff “out of the box”: so my question is: is this necessary or is there some Wicket facility I’m not aware of which I can take advantage of?
You should use a
IAuthorizationStrategyto protect your pages. See for example wicket-auth-roles for a simplistic roles based library.When Wicket tries to render the page that is mapped to the bookmarked URL of the user it will notice the user is not yet logged in (since the session has no user assigned to it), store the current requested URL, redirect to the login page and wait until the user correctly signs in. In the onSubmit of your login form you then call
See for an example the Authentication example in the Wicket Examples project (online demo here)
continueToOriginalDestinationwill instruct Wicket to render the original URL that the user requested, if one is stored, and otherwise returnfalse.