/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.wicket.security.examples.httplogin.basic.pages;
import org.apache.wicket.markup.html.link.Link;
import org.apache.wicket.markup.html.panel.FeedbackPanel;
import org.apache.wicket.protocol.http.WebRequest;
import org.apache.wicket.protocol.http.WebResponse;
import org.apache.wicket.security.examples.httplogin.basic.authentication.MyLoginContext;
import org.apache.wicket.security.login.http.HttpAuthenticationLoginPage;
/**
* The login page. compared to login pages from the other examples it is a bit different
* because there is no login form. Using http authentication the browser is going to take
* care of that for us. In order to display a little message to the user this page is
* rendered normally and the authentication is only requested after the login button is
* pushed. If you do not want a login button you can request authentication immediately by
* calling the {@link #doAuthentication()} directly in the constructor instead of when the
* button is clicked.
*
* @author marrink
*/
public class LoginPage extends HttpAuthenticationLoginPage
{
/**
*
*/
private static final long serialVersionUID = 1L;
/**
* Construct.
*/
public LoginPage()
{
// http://localhost:8080/examples/basichttp/?wicket:bookmarkablePage=%3Aorg.apache.wicket.security.examples.httplogin.basic.pages.LoginPage
// stateless so the login page will not throw a timeout exception
setStatelessHint(true);
// I have added a nice feedbackpanel but this is not going to help us to
// show messages to the user because as soon as doAuthentication has
// been called the browser will not show this page anymore.
add(new FeedbackPanel("feedback")
{
private static final long serialVersionUID = 1L;
/**
* @see org.apache.wicket.Component#isVisible()
*/
@Override
public boolean isVisible()
{
return anyMessage();
}
});
// either allow the user to postpone logging in until the button has
// been pushed
add(new Link<Void>("link")
{
private static final long serialVersionUID = 1L;
@Override
public void onClick()
{
doAuthentication();
}
});
// or ask them for their username and password immediately
// doAuthentication();
// remember this page will not be shown by the browser because of the
// 401 header after using doAuthentication
}
/**
* @see org.apache.wicket.security.login.http.HttpAuthenticationLoginPage#getBasicLoginContext(java.lang.String,
* java.lang.String)
*/
@Override
protected Object getBasicLoginContext(String username, String password)
{
return new MyLoginContext(username, password);
}
/**
* @see org.apache.wicket.security.login.http.HttpAuthenticationLoginPage#getRealm(org.apache.wicket.protocol.http.WebRequest,
* org.apache.wicket.protocol.http.WebResponse)
*/
@Override
public String getRealm(WebRequest request, WebResponse response)
{
return "examples-basic"; // could be anything according to the http
// spec
}
}