Wicket allows you to customize how authentication works via the IAuthenticationStrategy interface. I have created an implementation that reads a user and password system property and logs you in only if the Application is in development mode.
The nice thing here is that it's not enabling a "magical" username and password back door. The credentials you specify MUST be valid credentials and the application must be in development mode so there is no risk of you creating a security hole by using this.
To configure your application to use this you must set this as your authentication strategy in your Application.init method(which is stated in the javadoc of the code snippet). It should look like this:
getSecuritySettings().setAuthenticationStrategy(new DeveloperAutologinAuthenticationStrategy());
If you are using eclipse then it's easy to specify these in your run configuration. Below I have included a screenshot of what mine looks like. Notice the yellow highlighted area.
Now when you start your app and navigate to the home page you will be automatically logged in!
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.