[photos] / src / main / webapp / WEB-INF / web.xml

<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
         version="3.0">

    <display-name>cdi</display-name>

    <!--
          There are three means to configure Wickets configuration mode and they are
          tested in the order given.
          1) A system property: -Dwicket.configuration
          2) servlet specific <init-param>
          3) context specific <context-param>
          The value might be either "development" (reloading when templates change)
          or "deployment". If no configuration is found, "development" is the default.
    -->

    <filter>
        <filter-name>authentication</filter-name>
        <filter-class>org.wamblee.photos.security.AuthenticationFilter</filter-class>
        <init-param>
            <param-name>loginpage</param-name>
            <param-value>/login.jsp</param-value>
        </init-param>
        <!-- each authenticated user is assigned to the gruop ALL in the security realm configuration -->
        <init-param>
            <param-name>role</param-name>
            <param-value>ALL</param-value>
        </init-param>
        <!-- defines the resource URLs for which no authentication is required -->
        <init-param>
            <param-name>resources</param-name>
            <param-value>/resources</param-value>
        </init-param>
    </filter>

    <filter>
        <filter-name>photos</filter-name>
        <filter-class>org.apache.wicket.protocol.http.WicketFilter</filter-class>
        <init-param>
            <param-name>applicationClassName</param-name>
            <param-value>org.wamblee.photos.wicket.WicketApplication</param-value>
        </init-param>
        <init-param>
            <param-name>configuration</param-name>
            <param-value>development</param-value>
        </init-param>
    </filter>

    <filter-mapping>
        <filter-name>authentication</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>photos</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>resources</web-resource-name>
            <url-pattern>/resources/*</url-pattern>
        </web-resource-collection>
    </security-constraint>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>securedaccess</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>ALL</role-name>
            <role-name>users</role-name>
        </auth-constraint>
    </security-constraint>

    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>PhotoXChangeRealm</realm-name>
        <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/loginError.jsp</form-error-page>
        </form-login-config>
    </login-config>

    <error-page>
        <error-code>404</error-code>
        <!-- view will redirect to login if the user is not logged in -->
        <location>/404.jsp</location>
    </error-page>

    <session-config>
        <session-timeout>10</session-timeout>
    </session-config>

    <welcome-file-list>
        <welcome-file>login.jsp</welcome-file>
    </welcome-file-list>

    <security-role>
        <role-name>ALL</role-name>
    </security-role>

</web-app>