You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Sergey Podatelev <br...@gmail.com> on 2008/06/24 14:14:20 UTC
Wicket-Security: What is the easiest way to switch user's principal behind the scenes?
Hello,
I'm wondering, how can I remove current Principals/Subject stored in
LoginContext and put another Subject/Principle without making user re-login
and without invalidation session (if that's even possible)?
Just a brief description would be enough (:
--
sp
Re: Wicket-Security: What is the easiest way to switch user's principal behind the scenes?
Posted by Sergey Podatelev <br...@gmail.com>.
Thanks a lot, I'll give it a try.
On Tue, Jun 24, 2008 at 5:54 PM, Maurice Marrink <ma...@gmail.com> wrote:
> First login with the second context, then log off with the first
> context. swarm will invalidate the session after the last subject has
> logged off. which is what is happening in your case.
> The easiest is to use different logincontexts classes for this but you
> should also be able to use the level parameter you can pass to the
> constructor.
>
> Maurice
>
> On Tue, Jun 24, 2008 at 3:48 PM, Sergey Podatelev
> <br...@gmail.com> wrote:
> > Thanks Maurice, this is exactly what I've done so far.
> > But for some reason, session is reset.
> >
> > I'm using Acegi, and my LoginContext looks very similar to the one
> provided
> > in the example of Swarm/Acegi integration.
> > Since Authentication object containing user credentials, kept in Acegi's
> > SecurityContext is being destroyed, I save it and pass to the login
> context.
> >
> > Here's what I do:
> >
> > ReauthPage.java:
> > ...
> > Authentication authentication =
> > SecurityContextHolder.getContext().getAuthentication();
> > UsernamePasswordAuthenticationToken token =
> > (UsernamePasswordAuthenticationToken) authentication;
> >
> > ((WaspSession) getSession()).logoff(MyLoginContext());
> > ((WaspSession) getSession()).login(MyLoginContext(token));
> >
> > setResponsePage(SomePage.java);
> >
> > At this point everything seems to be okay, no exceptions are thrown that
> > would be in case of unsuccessful authentication from LoginPage.
> > However, once SomePage.java is instantiated, the newSession() method of
> > MyApplication is called, thus logging user out.
> >
> > Any clues on why could that happen?
> >
> >
> >
> > On Tue, Jun 24, 2008 at 5:32 PM, Maurice Marrink <ma...@gmail.com>
> wrote:
> >
> >> By default a logincontext only allows a single login, this can be
> >> changed by a constructor flag.
> >> To switch principals simply login a second time with the new context
> >> and logoff with the old context.
> >> the session will be preserved.
> >>
> >> Maurice
> >>
> >> On Tue, Jun 24, 2008 at 2:14 PM, Sergey Podatelev
> >> <br...@gmail.com> wrote:
> >> > Hello,
> >> >
> >> > I'm wondering, how can I remove current Principals/Subject stored in
> >> > LoginContext and put another Subject/Principle without making user
> >> re-login
> >> > and without invalidation session (if that's even possible)?
> >> > Just a brief description would be enough (:
> >> >
> >> > --
> >> > sp
> >> >
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> >> For additional commands, e-mail: users-help@wicket.apache.org
> >>
> >>
> >
> >
> > --
> > sp
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
--
sp
Re: Wicket-Security: What is the easiest way to switch user's principal behind the scenes?
Posted by Maurice Marrink <ma...@gmail.com>.
First login with the second context, then log off with the first
context. swarm will invalidate the session after the last subject has
logged off. which is what is happening in your case.
The easiest is to use different logincontexts classes for this but you
should also be able to use the level parameter you can pass to the
constructor.
Maurice
On Tue, Jun 24, 2008 at 3:48 PM, Sergey Podatelev
<br...@gmail.com> wrote:
> Thanks Maurice, this is exactly what I've done so far.
> But for some reason, session is reset.
>
> I'm using Acegi, and my LoginContext looks very similar to the one provided
> in the example of Swarm/Acegi integration.
> Since Authentication object containing user credentials, kept in Acegi's
> SecurityContext is being destroyed, I save it and pass to the login context.
>
> Here's what I do:
>
> ReauthPage.java:
> ...
> Authentication authentication =
> SecurityContextHolder.getContext().getAuthentication();
> UsernamePasswordAuthenticationToken token =
> (UsernamePasswordAuthenticationToken) authentication;
>
> ((WaspSession) getSession()).logoff(MyLoginContext());
> ((WaspSession) getSession()).login(MyLoginContext(token));
>
> setResponsePage(SomePage.java);
>
> At this point everything seems to be okay, no exceptions are thrown that
> would be in case of unsuccessful authentication from LoginPage.
> However, once SomePage.java is instantiated, the newSession() method of
> MyApplication is called, thus logging user out.
>
> Any clues on why could that happen?
>
>
>
> On Tue, Jun 24, 2008 at 5:32 PM, Maurice Marrink <ma...@gmail.com> wrote:
>
>> By default a logincontext only allows a single login, this can be
>> changed by a constructor flag.
>> To switch principals simply login a second time with the new context
>> and logoff with the old context.
>> the session will be preserved.
>>
>> Maurice
>>
>> On Tue, Jun 24, 2008 at 2:14 PM, Sergey Podatelev
>> <br...@gmail.com> wrote:
>> > Hello,
>> >
>> > I'm wondering, how can I remove current Principals/Subject stored in
>> > LoginContext and put another Subject/Principle without making user
>> re-login
>> > and without invalidation session (if that's even possible)?
>> > Just a brief description would be enough (:
>> >
>> > --
>> > sp
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>
>
> --
> sp
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Wicket-Security: What is the easiest way to switch user's principal behind the scenes?
Posted by Sergey Podatelev <br...@gmail.com>.
Thanks Maurice, this is exactly what I've done so far.
But for some reason, session is reset.
I'm using Acegi, and my LoginContext looks very similar to the one provided
in the example of Swarm/Acegi integration.
Since Authentication object containing user credentials, kept in Acegi's
SecurityContext is being destroyed, I save it and pass to the login context.
Here's what I do:
ReauthPage.java:
...
Authentication authentication =
SecurityContextHolder.getContext().getAuthentication();
UsernamePasswordAuthenticationToken token =
(UsernamePasswordAuthenticationToken) authentication;
((WaspSession) getSession()).logoff(MyLoginContext());
((WaspSession) getSession()).login(MyLoginContext(token));
setResponsePage(SomePage.java);
At this point everything seems to be okay, no exceptions are thrown that
would be in case of unsuccessful authentication from LoginPage.
However, once SomePage.java is instantiated, the newSession() method of
MyApplication is called, thus logging user out.
Any clues on why could that happen?
On Tue, Jun 24, 2008 at 5:32 PM, Maurice Marrink <ma...@gmail.com> wrote:
> By default a logincontext only allows a single login, this can be
> changed by a constructor flag.
> To switch principals simply login a second time with the new context
> and logoff with the old context.
> the session will be preserved.
>
> Maurice
>
> On Tue, Jun 24, 2008 at 2:14 PM, Sergey Podatelev
> <br...@gmail.com> wrote:
> > Hello,
> >
> > I'm wondering, how can I remove current Principals/Subject stored in
> > LoginContext and put another Subject/Principle without making user
> re-login
> > and without invalidation session (if that's even possible)?
> > Just a brief description would be enough (:
> >
> > --
> > sp
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
--
sp
Re: Wicket-Security: What is the easiest way to switch user's principal behind the scenes?
Posted by Maurice Marrink <ma...@gmail.com>.
By default a logincontext only allows a single login, this can be
changed by a constructor flag.
To switch principals simply login a second time with the new context
and logoff with the old context.
the session will be preserved.
Maurice
On Tue, Jun 24, 2008 at 2:14 PM, Sergey Podatelev
<br...@gmail.com> wrote:
> Hello,
>
> I'm wondering, how can I remove current Principals/Subject stored in
> LoginContext and put another Subject/Principle without making user re-login
> and without invalidation session (if that's even possible)?
> Just a brief description would be enough (:
>
> --
> sp
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org