THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
| Code Block |
|---|
public final class LoginPage extends BasePage
{
public LoginPage()
{
if( ( ( MySession )getSession() ).isUserLoggedIn())
{
// redirect to hide username and password from URL after user is logged in
setRedirect( true );
setResponsePage( SamplePage.class );
}
else
{
redirectToSecurityCheck();
}
}
/**
* Common servlet login workaround
*/
private void redirectToSecurityCheck()
{
final Map parametersMap = ( ( WebRequestCycle )RequestCycle.get() ).getWebRequest().getHttpServletRequest().getParameterMap();
if( parametersMap.containsKey( "username" ) && parametersMap.containsKey( "password" ) )
{
// getting parameters from POST request
final String userName = ( ( String[] )parametersMap.get( "username" ) )[ 0 ];
final String userPassword = ( ( String[] )parametersMap.get( "password" ) )[ 0 ];
// if POST parameters are ok, redirect them to j_security_check
if( ( userName != null ) && ( userPassword != null ) )
{
getRequestCycle().setRedirect( false );
getRequestCycle().setRequestTarget( EmptyRequestTarget.getInstance() );
// NOTE: Posting username and password to j_security_check like this will
// display username and password in access logs. Be careful!
getResponse().redirect(
"/j_security_check?j_username=" + userName + "&j_password=" + userPassword );
}
}
}
} care
|
And the main advice on this kind of integration is to avoid it if you can. Wicket authentication is much nicer 
, especially because posting to j_security_check directly like above will result in the username and password being displayed in the access logs. You should use wicket authentication or write the form that post directly to j_security_check.