Reputation: 1734
How to emulate wicket setResponsePage() in spring security
Situation: user is forced to change password when button "Change password" is clicked. This click fires form overridden method onSubmit() (Wicket). In this method:
protected void onSubmit() {
//changing password by updating it in DB
// autologin user with changed password in system
//set response page (wicket style)
setResponsePage(RestorePasswordPage.class);
}
Actually call setResponsePage(...) is the call to Wicket Component.setResponsePage()
public final <C extends Page> void setResponsePage(final Class<C> cls)
{
getRequestCycle().setResponsePage(cls);
}
My task was to substitute wicket on Spring security and it was solved - I intercept call to this method in Spring Filter Security Chain (class below is one of the components of this chaing). And can do all the things from code snippet above except one - I don't know how to make redirection to RestorePasswordPage
public class ForgotPasswordForcePasswordChangeEventHandler implements CustomEventHandler {
public void handle(HttpServletRequest request, HttpServletResponse response) {
// 1. Extract current customer
// 2. Extract changed password
// 3. Updates user through external web service
// 4. Prepares data for authentication
// 5. Clears security context to remove current authentication
//redirect to the same page as in wicket
HOW???
}
}
Questions:
- Is it any way to get access to Wicket RequestCycle if I got only HttpServletRequest request as input.
- Any other way to solve this problem?
Upvotes: 4
Views: 1468
Answers (2)
Reputation: 39990
Wicket supports "bookmarkable" pages – Page classes that have a no-parameter constructor, or just accept a PageParameters object. (PageParameters is an abstraction over query string parameters et al.)
If you do not need customise the page instance being redirected to in code, you can use WebApplication#mountPage inside your WebApplication#init to mount it at a "nice" static URL. You then configure Spring Security to redirect to that URL. IIRC, Spring Security intercepts the request before Wicket gets involved, so there is no need and likely no sane way to access Wicket's request processing.
If you do need parameters in the page you're redirecting to, take a look at the request mapping documentation. Essentially, you give the page a constructor with a PageParameters argument. Using PageParameters, you can always access any paramaters given in a standard query string, and "positional parameters" (unmapped extra URL components) without any configuration. When mounting the page, you can also define "named" parameters (extra URL components that are put into the PageParameters map under predefined names) and whatnot.
Upvotes: 3
Reputation: 27880
You could perform redirection by throwing a RestartResponseException.
throw new RestartResponseException(RestorePasswordPage.class, somePageParameters);
or
throw new RestartResponseException(new RestorePasswordPage(Object parameters));
RequestCycle, and other elements such as Session are automatically stored by Wicket in ThreadLocal variables, so you can get them whenever you want through static methods:
RequestCycle.get()
By the way, here's a question elaborating on RestartResponseException: Wicket: how to redirect to another page?
Upvotes: 2
Related Questions
- Wicket error pages not working
- How to prevent reaching wicket page per url
- how to use setResponsePage() in wicket?
- Wicket setResponsePage() inside onBeforeRender()
- How intercept page creation in wicket?
- SetResponsePage in Wicket
- Wicket setPageExpiredErrorPage only for specific page?
- How to call wicket page from servlet
- How does Wicket setResponsePage() method work?
- Wicket: redirecting to wicket page using setResponsePage