THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Code Block |
---|
public final class LoginPage extends BasePage { public LoginPage() { if( ( ( MySession )getSession() ).isUserLoggedIn()) { // redirect to hide username and password from URL after user is logged in setRedirect( true ); setResponsePage( SamplePage.class ); } else { redirectToSecurityCheck(); } } /** * Common servlet login workaround */ private void redirectToSecurityCheck() { final Map parametersMap = ( ( WebRequestCycle )RequestCycle.get() ).getWebRequest().getHttpServletRequest().getParameterMap(); if( parametersMap.containsKey( "username" ) && parametersMap.containsKey( "password" ) ) { // getting parameters from POST request final String userName = ( ( String[] )parametersMap.get( "username" ) )[ 0 ]; final String userPassword = ( ( String[] )parametersMap.get( "password" ) )[ 0 ]; // if POST parameters are ok, redirect them to j_security_check if( ( userName != null ) && ( userPassword != null ) ) { getRequestCycle().setRedirect( false ); getRequestCycle().setRequestTarget( EmptyRequestTarget.getInstance() ); // NOTE: Posting username and password to j_security_check like this will // display username finaland Stringpassword contextPathin =access getApplication().getApplicationSettings().getContextPath(); logs. Be careful! getResponse().redirect( contextPath + "/j_security_check?j_username=" + userName + "&j_password=" + userPassword ); } } } } care |
And the main advice on this kind of integration is to avoid it if you can. Wicket authentication is much nicer , especially because posting to j_security_check directly like above will result in the username and password being displayed in the access logs. You should use wicket authentication or write the form that post directly to j_security_check.