您如何使用 Wicket 密码保护页面? [英] How do you password protect a page with Wicket?

问题描述

我想用密码保护 Wicket 中的网页，以便用户只有在他/她登录后才能访问它.

I want to password protect a webpage in Wicket so the user may only access it if he/she has logged in.

我还希望该页面显示登录页面，然后在登录用户试图访问的原始页面后.

I'd also like the page to show the login page, and then after logging in the original page the user was trying to get to.

这是如何用 wicket 完成的?我已经创建了一个登录页面并扩展了会话类.

How is this done with wicket? I've already created a login page and extended the session class.

推荐答案

框架提供的方式是提供一个 IAuthorizationStrategy 实例为您的应用程序，例如，通过添加到您的应用程序 init() 方法:

The framework-supplied way is to provide an IAuthorizationStrategy instance for your application, e.g., by adding to your Application init() method:

init() {
    ...
    getSecuritySettings().setAuthorizationStrategy(...)
}

Wickets 授权功能的一个工作示例在 Wicket Stuff 这里，它演示了一些相当复杂的东西.对于非常简单的情况，请查看 SimplePageAuthorizationStrategy.在非常基本的层面上，这可以像这样使用(取自链接的 Javadoc):

A working example of Wickets authorization functionality is on Wicket Stuff here, which demonstrates some reasonably complex stuff. For really simple cases, have a look at the SimplePageAuthorizationStrategy. At a very basic level, this could be used like so (taken from the linked Javadoc):

SimplePageAuthorizationStrategy authorizationStrategy = new SimplePageAuthorizationStrategy(
    MySecureWebPage.class, MySignInPage.class)
 {
        protected boolean isAuthorized()
        {
            // Authorize access based on user authentication in the session
            return (((MySession)Session.get()).isSignedIn());
        }
 };
 getSecuritySettings().setAuthorizationStrategy(authorizationStrategy);

根据评论进行编辑

我认为最好的方法是，如果您只想使用诸如 SimplePageAuthorizationStrategy 之类的东西而不是该类本身.我做了这样的事情来捕获使用自定义注释注释的页面:

I think the best way forward, if you're just going to use something like SimplePageAuthorizationStrategy rather than that class itself. I did something like this to capture pages that are annotated with a custom annotation:

IAuthorizationStrategy authorizationStrategy = new AbstractPageAuthorizationStrategy()
 {
        protected boolean isPageAuthorized(java.lang.Class<Page.class> pageClass)
        {
            if (pageClass.getAnnotation(Protected.class) != null) {
                return (((MySession)Session.get()).isSignedIn());
            } else {
                return true;
            }
        }
 };

然后你需要注册一个IUnauthorizedComponentInstantiationListener 类似于 SimplePageAuthorizationStrategy(链接到源代码)，应该是这样的:

Then you'd need to register an IUnauthorizedComponentInstantiationListener similar to what is done in SimplePageAuthorizationStrategy (link is to the source code), which should be something like:

new IUnauthorizedComponentInstantiationListener()
{
    public void onUnauthorizedInstantiation(final Component component)
    {
    if (component instanceof Page)
    {
        throw new RestartResponseAtInterceptPageException(MySignInPage.class);
    }
    else
    {
        throw new UnauthorizedInstantiationException(component.getClass());
    }
    }
});

这篇关于您如何使用 Wicket 密码保护页面?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！