You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "Leonid Bogdanov (JIRA)" <ji...@apache.org> on 2010/08/01 21:21:22 UTC

[jira] Issue Comment Edited: (WICKET-2971) Refactor AuthenticatedWebSession class, introduce DefaultAuthenticatedWebSession class

    [ https://issues.apache.org/jira/browse/WICKET-2971?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12894414#action_12894414 ] 

Leonid Bogdanov edited comment on WICKET-2971 at 8/1/10 3:20 PM:
-----------------------------------------------------------------

Proposal as patch against wicket-1.4.x branch is attached

      was (Author: von_zeppelin):
    Proposal as patch against wicket-1.4.x branch
  
> Refactor AuthenticatedWebSession class, introduce DefaultAuthenticatedWebSession class
> --------------------------------------------------------------------------------------
>
>                 Key: WICKET-2971
>                 URL: https://issues.apache.org/jira/browse/WICKET-2971
>             Project: Wicket
>          Issue Type: Improvement
>          Components: wicket-auth-roles
>    Affects Versions: 1.4.9
>            Reporter: Leonid Bogdanov
>         Attachments: SpringSecurityWebSession.java, wicket-auth-roles.patch
>
>   Original Estimate: 2h
>  Remaining Estimate: 2h
>
> From my experience of Apache Wicket & Spring Security integration I came to the conclusion that current wicket-auth-roles implementation isn't flexible enough: with the usage of Spring Security form login or HTTP Basic Authentication mechanisms there are no definite points to call AuthenticatedWebSession.signIn() and AuthenticatedWebSession.signOut() methods, 'cause login / logout procedure is completely managed by Spring Security. I think AuthenticatedWebSession should be refactored as following:
> public abstract class AuthenticatedWebSession extends WebSession {
>     . . .
>     public  abstract Roles getRoles();
>     public abstract Object getUser();
>     public abstract boolean isSignedIn();
>     . . .
> }
> and current version of AuthenticatedWebSession class will become DefaultAuthenticatedWebSession class that extends AuthenticatedWebSession.
> The point is to have an opportunity to delegate user / roles / sign in state management to some framework (e.g. Spring Security) when it's possible or to use custom implementation (i.e. subclass DefaultAuthenticatedWebSession). At the moment isSignedIn() method is declared final, and workaround as isSignedIn(boolean)  method doesn't look pretty.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.