In Wicket when you want to require user login for some pages, you typically inherit the pages from a superclass called say ProtectedPage and then use a wicket SimplePageAuthorizationStrategy to protect these pages as follows: [sourcecode language=”java”] getSecuritySettings().setAuthorizationStrategy(new SimplePageAuthorizationStrategy(ProtectedPage.class, LoginPage.class) { @Override protected boolean isAuthorized() { return ((ApplicationSession) Session.get()).getLoggedInUser() != null; } }); [/sourcecode] This will cause any access to a protected page by a non-logged-in user to be redirected to the login page first. In the real world, its likely however, that your application will also require administrator privileges for access to certain pages. To do this, you need to use a wicket CompoundAuthorizationStrategy as follows: [sourcecode language=”java”] CompoundAuthorizationStrategy pageAuthorizationStrategy = new CompoundAuthorizationStrategy(); pageAuthorizationStrategy.add(new SimplePageAuthorizationStrategy(AdminPage.class, AccessDeniedPage.class) { @Override protected[…]

I recently used embedded Jetty for a small REST server project and it was a revelation. It took exactly no time to get it running and now I can deploy web-apps just by starting a runnable jar. That’s reason enough – no more Tomcat with all the complexity of sharing a single server amongst multiple apps, but, even more importantly, its wonderful for development. No more fooling around with Tomcat in Eclipse – just debug web-apps directly as a Java application. We run all of our apps as multiple instances behind a load-balancer (HAProxy), so its convenient to run each app on a separate port and let the load-balancer handle the forwarding from port 80.

Christoph has spent the last couple of weeks refactoring a web project to use IBATIS instead of Hibernate. I also refactored a smaller project to use IBATIS instead of JDBC. Here’s our take on the issues: If you like JDBC and PreparedStatements, you’ll feel comfortable with IBATIS. It doesn’t force any major changes on you and reduces the lines of boilerplate code you’ll need for your database access. It has other benefits as well, such as automatically handling boolean and date mappings which are tedious and error-prone in JDBC. We had successfully used Hibernate in a number of other projects, but in this particular project, Hibernate turned out to be an awkward fit. The problem was that we already had[…]

Here’s something I had to piece together myself from various code fragments. Its a class to authenticate a user in Windows Active Directory environment using LDAP. It first locates the domain controllers (DNS lookup of SRV records for _ldap._tcp.domain), parses out the server part and then tries to authenticate the user against a domain controller. [sourcecode language=”java”] import java.util.ArrayList; import java.util.Hashtable; import java.util.List; import javax.naming.AuthenticationException; import javax.naming.CommunicationException; import javax.naming.Context; import javax.naming.NamingException; import javax.naming.directory.Attribute; import javax.naming.directory.Attributes; import javax.naming.directory.DirContext; import javax.naming.directory.InitialDirContext; import com.sun.jndi.ldap.LdapCtxFactory; /** * LDAPAuthentication class for authenticating Microsoft Active Directory users * * If the user or password is wrong, you’ll get an AuthenticationException If * none of the domain controllers are reachable, you’ll get a * CommunicationException. If a[…]