You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Marat Radchenko (JIRA)" <ji...@apache.org> on 2009/11/30 12:50:20 UTC
[jira] Created: (WICKET-2591) Allow subclasses of
AuthenticatedWebSession to set "signedIn" field
Allow subclasses of AuthenticatedWebSession to set "signedIn" field
-------------------------------------------------------------------
Key: WICKET-2591
URL: https://issues.apache.org/jira/browse/WICKET-2591
Project: Wicket
Issue Type: Improvement
Components: wicket-auth-roles
Affects Versions: 1.4.3
Reporter: Marat Radchenko
My app implements "remember me" service by setting cookie in authenticate method of custom session that subclasses AuthenticatedWebSession.
However, in order to automatically login user if cookie present, i need to set "signedIn" field to true when session is created, however it isn't possible since "signedIn" is private and no way to set it is available.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (WICKET-2591) Allow subclasses of
AuthenticatedWebSession to set "signedIn" field
Posted by "Juergen Donnerstag (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-2591?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Juergen Donnerstag resolved WICKET-2591.
----------------------------------------
Resolution: Fixed
Fix Version/s: 1.5-M1
1.4.6
Assignee: Juergen Donnerstag
> Allow subclasses of AuthenticatedWebSession to set "signedIn" field
> -------------------------------------------------------------------
>
> Key: WICKET-2591
> URL: https://issues.apache.org/jira/browse/WICKET-2591
> Project: Wicket
> Issue Type: Improvement
> Components: wicket-auth-roles
> Affects Versions: 1.4.3
> Reporter: Marat Radchenko
> Assignee: Juergen Donnerstag
> Fix For: 1.4.6, 1.5-M1
>
>
> My app implements "remember me" service by setting cookie in authenticate method of custom session that subclasses AuthenticatedWebSession.
> In order to automatically login user if cookie present, i need to set "signedIn" field to true when session is created, however it isn't possible since "signedIn" is private and no way to set it is available.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WICKET-2591) Allow subclasses of
AuthenticatedWebSession to set "signedIn" field
Posted by "Juergen Donnerstag (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-2591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12790085#action_12790085 ]
Juergen Donnerstag commented on WICKET-2591:
--------------------------------------------
What is it what you put into your Cookie(s)? Something that allows you to identify the user. The only "issue" is the password. You might or not mangle it into the Cookie. Lets assume the password is not available, than you need to pass something as password that lets your authenticate() method recognize it's the cookie and not the password. That's not pretty but possible.
I still don't want to make signin accessible. Any sugesstion on how the signature of a 2nd authenticate() should look like?
> Allow subclasses of AuthenticatedWebSession to set "signedIn" field
> -------------------------------------------------------------------
>
> Key: WICKET-2591
> URL: https://issues.apache.org/jira/browse/WICKET-2591
> Project: Wicket
> Issue Type: Improvement
> Components: wicket-auth-roles
> Affects Versions: 1.4.3
> Reporter: Marat Radchenko
>
> My app implements "remember me" service by setting cookie in authenticate method of custom session that subclasses AuthenticatedWebSession.
> In order to automatically login user if cookie present, i need to set "signedIn" field to true when session is created, however it isn't possible since "signedIn" is private and no way to set it is available.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WICKET-2591) Allow subclasses of
AuthenticatedWebSession to set "signedIn" field
Posted by "Marat Radchenko (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-2591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12791994#action_12791994 ]
Marat Radchenko commented on WICKET-2591:
-----------------------------------------
So you expect me to use some magic values for login/password string in order to identify that other one is actually _not_ a login/password, but cookie value? That's a hack.
I don't see what's the problem with giving protected access to signedIn. After all, AuthenticatedWebSession subclass already can set it (by calling signIn on itself and returning proper value from authenticate).
> Allow subclasses of AuthenticatedWebSession to set "signedIn" field
> -------------------------------------------------------------------
>
> Key: WICKET-2591
> URL: https://issues.apache.org/jira/browse/WICKET-2591
> Project: Wicket
> Issue Type: Improvement
> Components: wicket-auth-roles
> Affects Versions: 1.4.3
> Reporter: Marat Radchenko
>
> My app implements "remember me" service by setting cookie in authenticate method of custom session that subclasses AuthenticatedWebSession.
> In order to automatically login user if cookie present, i need to set "signedIn" field to true when session is created, however it isn't possible since "signedIn" is private and no way to set it is available.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WICKET-2591) Allow subclasses of
AuthenticatedWebSession to set "signedIn" field
Posted by "Juergen Donnerstag (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-2591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12789725#action_12789725 ]
Juergen Donnerstag commented on WICKET-2591:
--------------------------------------------
That is by purpose. Without authentication no user should be signed in. Subclass authenticate, use your cookie values to validate, and return true if successful.
> Allow subclasses of AuthenticatedWebSession to set "signedIn" field
> -------------------------------------------------------------------
>
> Key: WICKET-2591
> URL: https://issues.apache.org/jira/browse/WICKET-2591
> Project: Wicket
> Issue Type: Improvement
> Components: wicket-auth-roles
> Affects Versions: 1.4.3
> Reporter: Marat Radchenko
>
> My app implements "remember me" service by setting cookie in authenticate method of custom session that subclasses AuthenticatedWebSession.
> In order to automatically login user if cookie present, i need to set "signedIn" field to true when session is created, however it isn't possible since "signedIn" is private and no way to set it is available.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WICKET-2591) Allow subclasses of
AuthenticatedWebSession to set "signedIn" field
Posted by "Marat Radchenko (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-2591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12793982#action_12793982 ]
Marat Radchenko commented on WICKET-2591:
-----------------------------------------
Err... public?! I thought protected access would be enough (and if it isn't for someone, he can always add public method to his WebSession and call signIn from it).
> Allow subclasses of AuthenticatedWebSession to set "signedIn" field
> -------------------------------------------------------------------
>
> Key: WICKET-2591
> URL: https://issues.apache.org/jira/browse/WICKET-2591
> Project: Wicket
> Issue Type: Improvement
> Components: wicket-auth-roles
> Affects Versions: 1.4.3
> Reporter: Marat Radchenko
> Assignee: Juergen Donnerstag
> Fix For: 1.4.6, 1.5-M1
>
>
> My app implements "remember me" service by setting cookie in authenticate method of custom session that subclasses AuthenticatedWebSession.
> In order to automatically login user if cookie present, i need to set "signedIn" field to true when session is created, however it isn't possible since "signedIn" is private and no way to set it is available.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WICKET-2591) Allow subclasses of
AuthenticatedWebSession to set "signedIn" field
Posted by "Juergen Donnerstag (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-2591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12793668#action_12793668 ]
Juergen Donnerstag commented on WICKET-2591:
--------------------------------------------
signin is internal and no application should be able to set it without authentication. Again, what is in your Cookie? How do you identify the user based on the Cookie?
> Allow subclasses of AuthenticatedWebSession to set "signedIn" field
> -------------------------------------------------------------------
>
> Key: WICKET-2591
> URL: https://issues.apache.org/jira/browse/WICKET-2591
> Project: Wicket
> Issue Type: Improvement
> Components: wicket-auth-roles
> Affects Versions: 1.4.3
> Reporter: Marat Radchenko
>
> My app implements "remember me" service by setting cookie in authenticate method of custom session that subclasses AuthenticatedWebSession.
> In order to automatically login user if cookie present, i need to set "signedIn" field to true when session is created, however it isn't possible since "signedIn" is private and no way to set it is available.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WICKET-2591) Allow subclasses of
AuthenticatedWebSession to set "signedIn" field
Posted by "Marat Radchenko (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-2591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12793961#action_12793961 ]
Marat Radchenko commented on WICKET-2591:
-----------------------------------------
Cookie stores pair of user login + randomly generated number.
Upon successfull authentication, I generate random number, store it in db (associated with user) and set it into cookie. Cookie maxAge is much bigger that http session age.
After that, on subsequent session creations, I check for cookie, and if it is present (and matches data that i stored in db), i automatically mark session as logged in without asking login/password.
Hey, even this jira has "remember me" feature.
> Allow subclasses of AuthenticatedWebSession to set "signedIn" field
> -------------------------------------------------------------------
>
> Key: WICKET-2591
> URL: https://issues.apache.org/jira/browse/WICKET-2591
> Project: Wicket
> Issue Type: Improvement
> Components: wicket-auth-roles
> Affects Versions: 1.4.3
> Reporter: Marat Radchenko
>
> My app implements "remember me" service by setting cookie in authenticate method of custom session that subclasses AuthenticatedWebSession.
> In order to automatically login user if cookie present, i need to set "signedIn" field to true when session is created, however it isn't possible since "signedIn" is private and no way to set it is available.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WICKET-2591) Allow subclasses of
AuthenticatedWebSession to set "signedIn" field
Posted by "Marat Radchenko (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-2591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12790037#action_12790037 ]
Marat Radchenko commented on WICKET-2591:
-----------------------------------------
Yeah, but with "remember me" cookie, there isn't any login/password. There's just auth cookie token, so using authenticate(login, password) is inappropriate.
> Allow subclasses of AuthenticatedWebSession to set "signedIn" field
> -------------------------------------------------------------------
>
> Key: WICKET-2591
> URL: https://issues.apache.org/jira/browse/WICKET-2591
> Project: Wicket
> Issue Type: Improvement
> Components: wicket-auth-roles
> Affects Versions: 1.4.3
> Reporter: Marat Radchenko
>
> My app implements "remember me" service by setting cookie in authenticate method of custom session that subclasses AuthenticatedWebSession.
> In order to automatically login user if cookie present, i need to set "signedIn" field to true when session is created, however it isn't possible since "signedIn" is private and no way to set it is available.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (WICKET-2591) Allow subclasses of
AuthenticatedWebSession to set "signedIn" field
Posted by "Marat Radchenko (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-2591?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Marat Radchenko updated WICKET-2591:
------------------------------------
Description:
My app implements "remember me" service by setting cookie in authenticate method of custom session that subclasses AuthenticatedWebSession.
In order to automatically login user if cookie present, i need to set "signedIn" field to true when session is created, however it isn't possible since "signedIn" is private and no way to set it is available.
was:
My app implements "remember me" service by setting cookie in authenticate method of custom session that subclasses AuthenticatedWebSession.
However, in order to automatically login user if cookie present, i need to set "signedIn" field to true when session is created, however it isn't possible since "signedIn" is private and no way to set it is available.
> Allow subclasses of AuthenticatedWebSession to set "signedIn" field
> -------------------------------------------------------------------
>
> Key: WICKET-2591
> URL: https://issues.apache.org/jira/browse/WICKET-2591
> Project: Wicket
> Issue Type: Improvement
> Components: wicket-auth-roles
> Affects Versions: 1.4.3
> Reporter: Marat Radchenko
>
> My app implements "remember me" service by setting cookie in authenticate method of custom session that subclasses AuthenticatedWebSession.
> In order to automatically login user if cookie present, i need to set "signedIn" field to true when session is created, however it isn't possible since "signedIn" is private and no way to set it is available.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.