You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by mg...@apache.org on 2019/05/16 05:44:56 UTC
[wicket] branch wicket-8.x updated: WICKET-6668 Sign out the
existing session if a sign in attempt has failed
This is an automated email from the ASF dual-hosted git repository.
mgrigorov pushed a commit to branch wicket-8.x
in repository https://gitbox.apache.org/repos/asf/wicket.git
The following commit(s) were added to refs/heads/wicket-8.x by this push:
new 76e1a99 WICKET-6668 Sign out the existing session if a sign in attempt has failed
76e1a99 is described below
commit 76e1a990be57de93635d7bead97db0ef5eb72af3
Author: Martin Tzvetanov Grigorov <mg...@apache.org>
AuthorDate: Thu May 16 08:43:07 2019 +0300
WICKET-6668 Sign out the existing session if a sign in attempt has failed
(cherry picked from commit ce5a62a7a61f684f53ab43660421ce9e5c5cdfcc)
---
.../authroles/authentication/AuthenticatedWebSession.java | 8 ++++++--
.../wicket/examples/authentication1/SignInSession.java | 12 +++++-------
.../wicket/examples/authentication2/SignIn2Session.java | 12 +++++-------
.../examples/authentication3/MyAuthenticatedWebSession.java | 7 +++----
.../org/apache/wicket/examples/library/LibrarySession.java | 10 +++++-----
5 files changed, 24 insertions(+), 25 deletions(-)
diff --git a/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java b/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java
index 681236a..3fa0aad 100644
--- a/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java
+++ b/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java
@@ -65,11 +65,15 @@ public abstract class AuthenticatedWebSession extends AbstractAuthenticatedWebSe
{
boolean authenticated = authenticate(username, password);
- if (authenticated && signedIn.compareAndSet(false, true))
+ if (!authenticated && signedIn.get())
+ {
+ signOut();
+ }
+ else if (authenticated && signedIn.compareAndSet(false, true))
{
bind();
}
- return signedIn.get();
+ return authenticated;
}
/**
diff --git a/wicket-examples/src/main/java/org/apache/wicket/examples/authentication1/SignInSession.java b/wicket-examples/src/main/java/org/apache/wicket/examples/authentication1/SignInSession.java
index 9b07f4f..14db360 100644
--- a/wicket-examples/src/main/java/org/apache/wicket/examples/authentication1/SignInSession.java
+++ b/wicket-examples/src/main/java/org/apache/wicket/examples/authentication1/SignInSession.java
@@ -27,6 +27,8 @@ import org.apache.wicket.request.Request;
*/
public final class SignInSession extends AuthenticatedWebSession
{
+ private static final String USERNAME_PASSWORD = "wicket";
+
/** Trivial user representation */
private String user;
@@ -53,15 +55,11 @@ public final class SignInSession extends AuthenticatedWebSession
@Override
public final boolean authenticate(final String username, final String password)
{
- final String WICKET = "wicket";
+ user = null;
- if (user == null)
+ if (USERNAME_PASSWORD.equalsIgnoreCase(username) && USERNAME_PASSWORD.equalsIgnoreCase(password))
{
- // Trivial password "db"
- if (WICKET.equalsIgnoreCase(username) && WICKET.equalsIgnoreCase(password))
- {
- user = username;
- }
+ user = username;
}
return user != null;
diff --git a/wicket-examples/src/main/java/org/apache/wicket/examples/authentication2/SignIn2Session.java b/wicket-examples/src/main/java/org/apache/wicket/examples/authentication2/SignIn2Session.java
index ffccb17..13d1f70 100644
--- a/wicket-examples/src/main/java/org/apache/wicket/examples/authentication2/SignIn2Session.java
+++ b/wicket-examples/src/main/java/org/apache/wicket/examples/authentication2/SignIn2Session.java
@@ -27,6 +27,8 @@ import org.apache.wicket.request.Request;
*/
public final class SignIn2Session extends AuthenticatedWebSession
{
+ private static final String USERNAME_PASSWORD = "wicket";
+
/** Trivial user representation */
private String user;
@@ -55,15 +57,11 @@ public final class SignIn2Session extends AuthenticatedWebSession
@Override
public final boolean authenticate(final String username, final String password)
{
- final String WICKET = "wicket";
+ user = null;
- if (user == null)
+ if (USERNAME_PASSWORD.equalsIgnoreCase(username) && USERNAME_PASSWORD.equalsIgnoreCase(password))
{
- // Trivial password "db"
- if (WICKET.equalsIgnoreCase(username) && WICKET.equalsIgnoreCase(password))
- {
- user = username;
- }
+ user = username;
}
return user != null;
diff --git a/wicket-examples/src/main/java/org/apache/wicket/examples/authentication3/MyAuthenticatedWebSession.java b/wicket-examples/src/main/java/org/apache/wicket/examples/authentication3/MyAuthenticatedWebSession.java
index 4f54673..e473705 100644
--- a/wicket-examples/src/main/java/org/apache/wicket/examples/authentication3/MyAuthenticatedWebSession.java
+++ b/wicket-examples/src/main/java/org/apache/wicket/examples/authentication3/MyAuthenticatedWebSession.java
@@ -29,6 +29,8 @@ import org.apache.wicket.request.Request;
*/
public class MyAuthenticatedWebSession extends AuthenticatedWebSession
{
+ private static final String USERNAME_PASSWORD = "wicket";
+
/**
* Construct.
*
@@ -43,10 +45,7 @@ public class MyAuthenticatedWebSession extends AuthenticatedWebSession
@Override
public boolean authenticate(final String username, final String password)
{
- final String WICKET = "wicket";
-
- // Check username and password
- return WICKET.equals(username) && WICKET.equals(password);
+ return USERNAME_PASSWORD.equals(username) && USERNAME_PASSWORD.equals(password);
}
@Override
diff --git a/wicket-examples/src/main/java/org/apache/wicket/examples/library/LibrarySession.java b/wicket-examples/src/main/java/org/apache/wicket/examples/library/LibrarySession.java
index 2c4c475..2b28e9d 100644
--- a/wicket-examples/src/main/java/org/apache/wicket/examples/library/LibrarySession.java
+++ b/wicket-examples/src/main/java/org/apache/wicket/examples/library/LibrarySession.java
@@ -30,12 +30,14 @@ import org.apache.wicket.request.Request;
*/
public final class LibrarySession extends AuthenticatedWebSession
{
+ private static final String USERNAME_PASSWORD = "wicket";
+
// Logged in user
private User user;
/**
* Constructor
- *
+ *
* @param request
* The current request object
*/
@@ -47,7 +49,7 @@ public final class LibrarySession extends AuthenticatedWebSession
/**
* Checks the given username and password, returning a User object if if the username and
* password identify a valid user.
- *
+ *
* @param username
* The username
* @param password
@@ -57,9 +59,7 @@ public final class LibrarySession extends AuthenticatedWebSession
@Override
public final boolean authenticate(final String username, final String password)
{
- final String WICKET = "wicket";
-
- if (WICKET.equalsIgnoreCase(username) && WICKET.equalsIgnoreCase(password))
+ if (USERNAME_PASSWORD.equalsIgnoreCase(username) && USERNAME_PASSWORD.equalsIgnoreCase(password))
{
// Create User object
final User user = new User();