Geek Answers Handbook

How to emulate gates setResponsePage () in spring security

Situation : the user is forced to change the password when clicking the "Change password" button. This click calls the form of the overridden onSubmit () (Wicket) method. In this method:

protected void onSubmit() { //changing password by updating it in DB // autologin user with changed password in system //set response page (wicket style) setResponsePage(RestorePasswordPage.class); }

In fact, call setResponsePage (...) is a call to Wicket Component.setResponsePage ()

 public final <C extends Page> void setResponsePage(final Class<C> cls) { getRequestCycle().setResponsePage(cls); }

My task was to replace the gate with Spring security, and it was solved - I intercepted the call of this method in the Spring Filter Protection Chain (the class below is one of the components of this chaing). And it can do everything from the code snippet above, except for one thing - I donโ€™t know how to redirect to RestorePasswordPage

 public class ForgotPasswordForcePasswordChangeEventHandler implements CustomEventHandler { public void handle(HttpServletRequest request, HttpServletResponse response) { // 1. Extract current customer // 2. Extract changed password // 3. Updates user through external web service // 4. Prepares data for authentication // 5. Clears security context to remove current authentication //redirect to the same page as in wicket HOW??? } }

Questions :

  • Is it possible to access the Wicket RequestCycle if I received only the HttpServletRequest request as input.
  • Any other way to solve this problem?
+4
source share
2 answers

Wicket supports page bookmarks โ€” page classes that have a constructor without parameters, or simply accept a PageParameters object. (PageParameters is an abstraction of query string parameters, etc.)

If you donโ€™t need to configure the page instance redirected to code, you can use WebApplication#mountPage in your WebApplication#init to mount this to a โ€œgoodโ€ static URL. Then you configure Spring Security to redirect to this URL. IIRC, Spring Security intercepts the request before turning on the Wicket, so there is no need and probably no reasonable way to access the processing of the Wicket request.

If you need parameters on the page that you are redirected to, see the documentation for processing requests . Essentially, you give the page a constructor with the PageParameters argument. Using PageParameters , you can always access any parameters specified in the standard query string and positional parameters (without using additional URL components) without any configuration. When setting up the page, you can also define "named" parameters (additional URL components that are placed on the PageParameters map under the predefined names) and something else.

+3
source

You can redirect by throwing a RestartResponseException .

 throw new RestartResponseException(RestorePasswordPage.class, somePageParameters);

or

 throw new RestartResponseException(new RestorePasswordPage(Object parameters));

RequestCycle , and other elements, such as Session , are automatically stored by Wicket in ThreadLocal variables, so you can get them whenever you want using static methods: RequestCycle.get()

By the way, here's a question about RestartResponseException : Wicket: how to redirect to another page?

+2
source

More articles:


All Articles