You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by ChambreNoire <aw...@tentelemed.com> on 2014/12/10 10:22:36 UTC
Stateless login page with auth-roles
Hi,
I've followed the Wicket guide's chapter on security in order to implement
authorization. Amongst other bits it advises using the following code in the
AuthenticatedPage :
@Override
protected void onConfigure() {
super.onConfigure();
AuthenticatedWebApplication app =
(AuthenticatedWebApplication)Application.get();
//if user is not signed in, redirect him to sign in page
if(!AuthenticatedWebSession.get().isSignedIn())
app.restartResponseAtSignInPage();
}
The problem is that restartResponseAtSignInPage() binds a new session so I
end up with a session despite redirecting to the stateless login page.
Any ideas?
CN
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Stateless-login-page-with-auth-roles-tp4668706.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Stateless login page with auth-roles
Posted by ChambreNoire <aw...@tentelemed.com>.
Yes I thought of that but it doesn't redirect to the loginpage (and results
in WicketRuntimeExceptions - Error attaching this container for rendering -
possibly because of a resulting page missmatch). I'm obviously missing
something...
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Stateless-login-page-with-auth-roles-tp4668706p4668712.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Stateless login page with auth-roles
Posted by Martin Grigorov <mg...@apache.org>.
OK.
Then instead of using restartResponseAtSignInPage() just do:
setResponsePage(getSignInPage())
Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov
On Wed, Dec 10, 2014 at 11:46 AM, ChambreNoire <aw...@tentelemed.com> wrote:
> No, not directly, but it leads to the set() method of
> RestartResponseAtInterceptPageException's inner InterceptData class which
> calls bind();
>
>
> https://github.com/apache/wicket/blob/master/wicket-core/src/main/java/org/apache/wicket/RestartResponseAtInterceptPageException.java#L141
>
> CN
>
> --
> View this message in context:
> http://apache-wicket.1842946.n4.nabble.com/Stateless-login-page-with-auth-roles-tp4668706p4668709.html
> Sent from the Users forum mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
Re: Stateless login page with auth-roles
Posted by ChambreNoire <aw...@tentelemed.com>.
No, not directly, but it leads to the set() method of
RestartResponseAtInterceptPageException's inner InterceptData class which
calls bind();
https://github.com/apache/wicket/blob/master/wicket-core/src/main/java/org/apache/wicket/RestartResponseAtInterceptPageException.java#L141
CN
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Stateless-login-page-with-auth-roles-tp4668706p4668709.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Stateless login page with auth-roles
Posted by Martin Grigorov <mg...@apache.org>.
Hi,
https://github.com/apache/wicket/blob/master/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebApplication.java#L101
There is no code that binds the session.
Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov
On Wed, Dec 10, 2014 at 11:22 AM, ChambreNoire <aw...@tentelemed.com> wrote:
> Hi,
>
> I've followed the Wicket guide's chapter on security in order to implement
> authorization. Amongst other bits it advises using the following code in
> the
> AuthenticatedPage :
>
> @Override
> protected void onConfigure() {
> super.onConfigure();
>
> AuthenticatedWebApplication app =
> (AuthenticatedWebApplication)Application.get();
> //if user is not signed in, redirect him to sign in page
> if(!AuthenticatedWebSession.get().isSignedIn())
> app.restartResponseAtSignInPage();
> }
>
> The problem is that restartResponseAtSignInPage() binds a new session so I
> end up with a session despite redirecting to the stateless login page.
>
> Any ideas?
>
> CN
>
> --
> View this message in context:
> http://apache-wicket.1842946.n4.nabble.com/Stateless-login-page-with-auth-roles-tp4668706.html
> Sent from the Users forum mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>