1

I want make weblogic form validation in wicket but I dont know how to create login page. I followed this tutorial where is example in jsp:

http://docs.oracle.com/cd/E13222_01/wls/docs100/security/thin_client.html#wp1057581

I create similar form in wicket but I dont know what should I do when I push submit button. There is some action called "j_security_check" but i dont know how should i implement it in java and wicket

UPDATE: I am using weblogic 10.something and I cant use newest I try to create my own impelemtation but when I try to use login wicket throw exception:

java.lang.NoSuchMethodError: javax/servlet/http/HttpServletRequest.login(Ljava/lang/String;Ljava/lang/String;)V.

should I add servlet in my web.xml ?

UPDATE2:

I add form in your answer in my project and when I push submit button with incorect password there is url: http://localhost:8080/application/j_security_check with status 404 not found. when I add correct pass there is url: http://localhost:8080/application/admin with status 404 too

web.xml:

<security-constraint>

    <web-resource-collection>
        <web-resource-name>application</web-resource-name>
        <url-pattern>/admin</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>a</role-name>
    </auth-constraint>
</security-constraint>

<security-role>
    <role-name>a</role-name>
</security-role>

<login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
        <form-login-page>/login</form-login-page>
        <form-error-page>/login</form-error-page>
    </form-login-config>
</login-config>

UPDATE 3: I found this example: https://cwiki.apache.org/WICKET/servlet-container-authentication.html where is what I want but there are using wicket 1.4 but I am using wicket 1.5. and there is a lot of unknown classes but maybe someone could rewrite it to 1.5 version of wicket

hudi
  • 15,555
  • 47
  • 142
  • 246

2 Answers2

2
1. You missed security realm name in your web.xml
<login-config>
<auth-method>FORM</auth-method>
<realm-name>myrealm</realm-name>
<form-login-config>
.....
</login-config>
The realm-name must match the security realm setup in Weblogic (myrealm is the WebLogic default)

2. You missed the weblogic.xml
in your web.xml you defined one security role called <a>, you need map Weblogic Group to the role, such as 
<?xml version="1.0" encoding="UTF-8"?>
<weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/90">    
<security-role-assignment>
<role-name>a</role-name>
<principal-name>weblogic</principal-name>
</security-role-assignment>
</weblogic-web-app>
Please put webloigc.xml in WEB-INF folder
Ted Shaw
  • 2,298
  • 14
  • 8
  • sory I didint upload here weblogic.xml but I have this in my app and also I am using default name of realms. – hudi Aug 17 '12 at 12:31
1

I don't know if your project is already at an advanced stage, or if it is hard to migrate/use your code to/in another wicket project - I suggest you use an existing framework to do that, like Shiro (http://shiro.apache.org/index.html) which is very cool.

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and easily secure any application – from the smallest mobile applications to the largest web and enterprise applications.

If you want to use this in Wicket I suggest you pickup the 55minutes project (https://github.com/55minutes/fiftyfive-wicket), which works with Shiro.

The 55 Minutes Wicket project is a set of tools and libraries we use for enhancing our productivity with the Apache Wicket Java web framework. We've made our code available as open source to share with the Wicket community.

In 55minutes login screens are already built, and all you have to do is define the access configurations to the database where the login info/tables are at. Hope it helps. Regards

nuno
  • 1,771
  • 1
  • 19
  • 48