@Override
public void onRequestHandlerScheduled(RequestCycle cycle, IRequestHandler handler)
{
if (handler instanceof IPageClassRequestHandler)
{
final IPageClassRequestHandler classHandler = (IPageClassRequestHandler) handler;
final Class<Page> pgClass = (Class<Page>) classHandler.getPageClass();
final boolean authorized = getSecuritySettings().getAuthorizationStrategy().isInstantiationAuthorized(pgClass);
if (!authorized)
{
if (!ServletContainerAuthenticatedWebSession.get().isSignedIn())
{
// A secure Page is scheduled that is not authenticated.
// Setting the RestartResponse to the class forces a request with a URL
// that the servlet container intercepts and redirects to the login page.
// If a wicket login page is used then continueToOriginalDestination will
// redirect to the page. If a non wicket page is used then the servlet container
// will redirect to the page using its mechanism.
// If the page is not mounted to a path that matches a security-constraint in web.xml
// then unauthorized page will result.
final PageParameters pp = classHandler.getPageParameters();
throw new RestartResponseAtInterceptPageException(pgClass, pp);
}
}
}
}