You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by David Meulemans <me...@gmail.com> on 2010/06/01 11:38:16 UTC
wicket clustering wicket-security
I want to have multiple wicket applications to be clustered. Because I'm
using ehcache it is necessary to merge the applications into one .war file
because ehcache needs to be initiated in the same scope as the other
applications.Now the session is shared among all applications.
Is there a way to avoid this?
Re: wicket clustering wicket-security
Posted by Emond Papegaaij <em...@topicus.nl>.
On Wednesday 02 June 2010 15:54:50 david_ wrote:
> Maybe someone knows who I can contact about this?
> I wicket-security developer maybe?
Unfortunately we don't use multiple applications in the same servlet
container. So, I can't really help you with this. Maurice probably would have
known how to do it, but unfortunately we can't ask him anymore. I'm almost
sure that it should be possible (wicket-security even supports multiple logins
on the same application). Perhaps some of the old documentation at
http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security can help
you, or perhaps the examples?
What I do see in WaspSession is this:
if (securityStrategy.isUserAuthenticated())
dirty();
else
invalidateNow();
I don't know what that is supposed to do, but it seems you are hitting the
wrong branch of the if statement.
Good luck with it,
Emond
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: wicket clustering wicket-security
Posted by david_ <me...@gmail.com>.
Maybe someone knows who I can contact about this?
I wicket-security developer maybe?
thanks!
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/wicket-clustering-wicket-security-tp2238257p2240161.html
Sent from the Wicket - User mailing list archive at Nabble.com.
Re: wicket clustering wicket-security
Posted by david_ <me...@gmail.com>.
The WaspSession is responsible for authorization of secured pages and
components.
For some reason if a user logs in on webapp-A and another user tries to
access a bookmarkable url in webapp-B he is granted access.
2010/6/1 Igor Vaynberg-2 [via Apache Wicket] <
ml-node+2239092-140489179-232081@n4.nabble.com<ml...@n4.nabble.com>
>
> not sure how to do it with wicket-security, but a way to do it
> generically is to simply set the userid field you keep in your session
> to null instead of invalidating the entire session
>
> -igor
>
> On Tue, Jun 1, 2010 at 11:56 AM, david_ <[hidden email]<http://user/SendEmail.jtp?type=node&node=2239092&i=0>>
> wrote:
>
> >
> > How can I logoff an individual instance without affecting the other ones?
>
> > I use the org.apache.wicket.security.WaspSession.logoff() method which
> > results in a normal invalidateNow().
> >
> >
> > 2010/6/1 Igor Vaynberg-2 [via Apache Wicket] <
> > [hidden email] <http://user/SendEmail.jtp?type=node&node=2239092&i=1><[hidden
> email] <http://user/SendEmail.jtp?type=node&node=2239092&i=2>>
> >>
> >
> >> On Tue, Jun 1, 2010 at 11:17 AM, david_ <[hidden email]<
> http://user/SendEmail.jtp?type=node&node=2239009&i=0>>
> >> wrote:
> >> >
> >> > If I call getSession().getId() in each webapp (for example at the
> >> indexpage)
> >> > I get the same sessionId's in all applications.
> >>
> >> yep, that returns the id of the underlying http session which would be
> >> the same for both wicket sessions
> >>
> >> > Another thing is, if two users are logged in in two different
> >> applications
> >> > and one of the two logs out the other one is also logged out.
> >>
> >> probably because your log out mechanism invalidates the underlying http
> >> session
> >>
> >> -igor
> >>
> >> >
> >> >
> >> >
> >> > 2010/6/1 Igor Vaynberg-2 [via Apache Wicket] <
> >> > [hidden email] <http://user/SendEmail.jtp?type=node&node=2239009&i=1><[hidden
>
> >> email] <http://user/SendEmail.jtp?type=node&node=2239009&i=2>>
> >> >>
> >> >
> >> >> each webapp has a single http session, however wicket's Session
> >> >> objects will not be shared.
> >> >>
> >> >> -igor
> >> >>
> >> >> On Tue, Jun 1, 2010 at 2:38 AM, David Meulemans
> >> >> <[hidden email] <
> http://user/SendEmail.jtp?type=node&node=2238846&i=0>>
> >>
> >> >> wrote:
> >> >> > I want to have multiple wicket applications to be clustered.
> Because
> >> I'm
> >> >> > using ehcache it is necessary to merge the applications into one
> .war
> >> >> file
> >> >> > because ehcache needs to be initiated in the same scope as the
> other
> >> >> > applications.Now the session is shared among all applications.
> >> >> > Is there a way to avoid this?
> >> >> >
> >> >>
> >> >> ---------------------------------------------------------------------
>
> >> >> To unsubscribe, e-mail: [hidden email]<
> >> http://user/SendEmail.jtp?type=node&node=2238846&i=1>
> >> >> For additional commands, e-mail: [hidden email]<
> >> http://user/SendEmail.jtp?type=node&node=2238846&i=2>
> >> >>
> >> >>
> >> >>
> >> >> ------------------------------
> >> >> View message @
> >> >>
> >>
> http://apache-wicket.1842946.n4.nabble.com/wicket-clustering-wicket-security-tp2238257p2238846.html
> >> >> To start a new topic under Wicket - User, email
> >> >> [hidden email] <http://user/SendEmail.jtp?type=node&node=2239009&i=3><[hidden
>
> >> email] <http://user/SendEmail.jtp?type=node&node=2239009&i=4>>
> >> >> To unsubscribe from Wicket - User, click here<
> >>
> http://apache-wicket.1842946.n4.nabble.com/subscriptions/Unsubscribe.jtp?code=bWV1bGVtYW5zLmRhdmlkQGdtYWlsLmNvbXwxODQyOTQ3fC0xOTcyOTcxMjQ2>.
>
> >>
> >> >>
> >> >>
> >> >>
> >> >
> >> > --
> >> > View this message in context:
> >>
> http://apache-wicket.1842946.n4.nabble.com/wicket-clustering-wicket-security-tp2238257p2238976.html
> >> > Sent from the Wicket - User mailing list archive at Nabble.com.
> >> >
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: [hidden email]<
> http://user/SendEmail.jtp?type=node&node=2239009&i=5>
> >> For additional commands, e-mail: [hidden email]<
> http://user/SendEmail.jtp?type=node&node=2239009&i=6>
> >>
> >>
> >>
> >> ------------------------------
> >> View message @
> >>
> http://apache-wicket.1842946.n4.nabble.com/wicket-clustering-wicket-security-tp2238257p2239009.html
> >> To start a new topic under Wicket - User, email
> >> [hidden email] <http://user/SendEmail.jtp?type=node&node=2239092&i=3><[hidden
> email] <http://user/SendEmail.jtp?type=node&node=2239092&i=4>>
> >> To unsubscribe from Wicket - User, click here<
> http://apache-wicket.1842946.n4.nabble.com/subscriptions/Unsubscribe.jtp?code=bWV1bGVtYW5zLmRhdmlkQGdtYWlsLmNvbXwxODQyOTQ3fC0xOTcyOTcxMjQ2>.
>
> >>
> >>
> >>
> >
> > --
> > View this message in context:
> http://apache-wicket.1842946.n4.nabble.com/wicket-clustering-wicket-security-tp2238257p2239030.html
>
> > Sent from the Wicket - User mailing list archive at Nabble.com.
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]<http://user/SendEmail.jtp?type=node&node=2239092&i=5>
> For additional commands, e-mail: [hidden email]<http://user/SendEmail.jtp?type=node&node=2239092&i=6>
>
>
>
> ------------------------------
> View message @
> http://apache-wicket.1842946.n4.nabble.com/wicket-clustering-wicket-security-tp2238257p2239092.html
> To start a new topic under Wicket - User, email
> ml-node+1842947-1066186228-232081@n4.nabble.com<ml...@n4.nabble.com>
> To unsubscribe from Wicket - User, click here<http://apache-wicket.1842946.n4.nabble.com/subscriptions/Unsubscribe.jtp?code=bWV1bGVtYW5zLmRhdmlkQGdtYWlsLmNvbXwxODQyOTQ3fC0xOTcyOTcxMjQ2>.
>
>
>
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/wicket-clustering-wicket-security-tp2238257p2239119.html
Sent from the Wicket - User mailing list archive at Nabble.com.
Re: wicket clustering wicket-security
Posted by Igor Vaynberg <ig...@gmail.com>.
not sure how to do it with wicket-security, but a way to do it
generically is to simply set the userid field you keep in your session
to null instead of invalidating the entire session
-igor
On Tue, Jun 1, 2010 at 11:56 AM, david_ <me...@gmail.com> wrote:
>
> How can I logoff an individual instance without affecting the other ones?
> I use the org.apache.wicket.security.WaspSession.logoff() method which
> results in a normal invalidateNow().
>
>
> 2010/6/1 Igor Vaynberg-2 [via Apache Wicket] <
> ml-node+2239009-1783456523-232081@n4.nabble.com<ml...@n4.nabble.com>
>>
>
>> On Tue, Jun 1, 2010 at 11:17 AM, david_ <[hidden email]<http://user/SendEmail.jtp?type=node&node=2239009&i=0>>
>> wrote:
>> >
>> > If I call getSession().getId() in each webapp (for example at the
>> indexpage)
>> > I get the same sessionId's in all applications.
>>
>> yep, that returns the id of the underlying http session which would be
>> the same for both wicket sessions
>>
>> > Another thing is, if two users are logged in in two different
>> applications
>> > and one of the two logs out the other one is also logged out.
>>
>> probably because your log out mechanism invalidates the underlying http
>> session
>>
>> -igor
>>
>> >
>> >
>> >
>> > 2010/6/1 Igor Vaynberg-2 [via Apache Wicket] <
>> > [hidden email] <http://user/SendEmail.jtp?type=node&node=2239009&i=1><[hidden
>> email] <http://user/SendEmail.jtp?type=node&node=2239009&i=2>>
>> >>
>> >
>> >> each webapp has a single http session, however wicket's Session
>> >> objects will not be shared.
>> >>
>> >> -igor
>> >>
>> >> On Tue, Jun 1, 2010 at 2:38 AM, David Meulemans
>> >> <[hidden email] <http://user/SendEmail.jtp?type=node&node=2238846&i=0>>
>>
>> >> wrote:
>> >> > I want to have multiple wicket applications to be clustered. Because
>> I'm
>> >> > using ehcache it is necessary to merge the applications into one .war
>> >> file
>> >> > because ehcache needs to be initiated in the same scope as the other
>> >> > applications.Now the session is shared among all applications.
>> >> > Is there a way to avoid this?
>> >> >
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: [hidden email]<
>> http://user/SendEmail.jtp?type=node&node=2238846&i=1>
>> >> For additional commands, e-mail: [hidden email]<
>> http://user/SendEmail.jtp?type=node&node=2238846&i=2>
>> >>
>> >>
>> >>
>> >> ------------------------------
>> >> View message @
>> >>
>> http://apache-wicket.1842946.n4.nabble.com/wicket-clustering-wicket-security-tp2238257p2238846.html
>> >> To start a new topic under Wicket - User, email
>> >> [hidden email] <http://user/SendEmail.jtp?type=node&node=2239009&i=3><[hidden
>> email] <http://user/SendEmail.jtp?type=node&node=2239009&i=4>>
>> >> To unsubscribe from Wicket - User, click here<
>> http://apache-wicket.1842946.n4.nabble.com/subscriptions/Unsubscribe.jtp?code=bWV1bGVtYW5zLmRhdmlkQGdtYWlsLmNvbXwxODQyOTQ3fC0xOTcyOTcxMjQ2>.
>>
>> >>
>> >>
>> >>
>> >
>> > --
>> > View this message in context:
>> http://apache-wicket.1842946.n4.nabble.com/wicket-clustering-wicket-security-tp2238257p2238976.html
>> > Sent from the Wicket - User mailing list archive at Nabble.com.
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]<http://user/SendEmail.jtp?type=node&node=2239009&i=5>
>> For additional commands, e-mail: [hidden email]<http://user/SendEmail.jtp?type=node&node=2239009&i=6>
>>
>>
>>
>> ------------------------------
>> View message @
>> http://apache-wicket.1842946.n4.nabble.com/wicket-clustering-wicket-security-tp2238257p2239009.html
>> To start a new topic under Wicket - User, email
>> ml-node+1842947-1066186228-232081@n4.nabble.com<ml...@n4.nabble.com>
>> To unsubscribe from Wicket - User, click here<http://apache-wicket.1842946.n4.nabble.com/subscriptions/Unsubscribe.jtp?code=bWV1bGVtYW5zLmRhdmlkQGdtYWlsLmNvbXwxODQyOTQ3fC0xOTcyOTcxMjQ2>.
>>
>>
>>
>
> --
> View this message in context: http://apache-wicket.1842946.n4.nabble.com/wicket-clustering-wicket-security-tp2238257p2239030.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: wicket clustering wicket-security
Posted by david_ <me...@gmail.com>.
How can I logoff an individual instance without affecting the other ones?
I use the org.apache.wicket.security.WaspSession.logoff() method which
results in a normal invalidateNow().
2010/6/1 Igor Vaynberg-2 [via Apache Wicket] <
ml-node+2239009-1783456523-232081@n4.nabble.com<ml...@n4.nabble.com>
>
> On Tue, Jun 1, 2010 at 11:17 AM, david_ <[hidden email]<http://user/SendEmail.jtp?type=node&node=2239009&i=0>>
> wrote:
> >
> > If I call getSession().getId() in each webapp (for example at the
> indexpage)
> > I get the same sessionId's in all applications.
>
> yep, that returns the id of the underlying http session which would be
> the same for both wicket sessions
>
> > Another thing is, if two users are logged in in two different
> applications
> > and one of the two logs out the other one is also logged out.
>
> probably because your log out mechanism invalidates the underlying http
> session
>
> -igor
>
> >
> >
> >
> > 2010/6/1 Igor Vaynberg-2 [via Apache Wicket] <
> > [hidden email] <http://user/SendEmail.jtp?type=node&node=2239009&i=1><[hidden
> email] <http://user/SendEmail.jtp?type=node&node=2239009&i=2>>
> >>
> >
> >> each webapp has a single http session, however wicket's Session
> >> objects will not be shared.
> >>
> >> -igor
> >>
> >> On Tue, Jun 1, 2010 at 2:38 AM, David Meulemans
> >> <[hidden email] <http://user/SendEmail.jtp?type=node&node=2238846&i=0>>
>
> >> wrote:
> >> > I want to have multiple wicket applications to be clustered. Because
> I'm
> >> > using ehcache it is necessary to merge the applications into one .war
> >> file
> >> > because ehcache needs to be initiated in the same scope as the other
> >> > applications.Now the session is shared among all applications.
> >> > Is there a way to avoid this?
> >> >
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: [hidden email]<
> http://user/SendEmail.jtp?type=node&node=2238846&i=1>
> >> For additional commands, e-mail: [hidden email]<
> http://user/SendEmail.jtp?type=node&node=2238846&i=2>
> >>
> >>
> >>
> >> ------------------------------
> >> View message @
> >>
> http://apache-wicket.1842946.n4.nabble.com/wicket-clustering-wicket-security-tp2238257p2238846.html
> >> To start a new topic under Wicket - User, email
> >> [hidden email] <http://user/SendEmail.jtp?type=node&node=2239009&i=3><[hidden
> email] <http://user/SendEmail.jtp?type=node&node=2239009&i=4>>
> >> To unsubscribe from Wicket - User, click here<
> http://apache-wicket.1842946.n4.nabble.com/subscriptions/Unsubscribe.jtp?code=bWV1bGVtYW5zLmRhdmlkQGdtYWlsLmNvbXwxODQyOTQ3fC0xOTcyOTcxMjQ2>.
>
> >>
> >>
> >>
> >
> > --
> > View this message in context:
> http://apache-wicket.1842946.n4.nabble.com/wicket-clustering-wicket-security-tp2238257p2238976.html
> > Sent from the Wicket - User mailing list archive at Nabble.com.
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]<http://user/SendEmail.jtp?type=node&node=2239009&i=5>
> For additional commands, e-mail: [hidden email]<http://user/SendEmail.jtp?type=node&node=2239009&i=6>
>
>
>
> ------------------------------
> View message @
> http://apache-wicket.1842946.n4.nabble.com/wicket-clustering-wicket-security-tp2238257p2239009.html
> To start a new topic under Wicket - User, email
> ml-node+1842947-1066186228-232081@n4.nabble.com<ml...@n4.nabble.com>
> To unsubscribe from Wicket - User, click here<http://apache-wicket.1842946.n4.nabble.com/subscriptions/Unsubscribe.jtp?code=bWV1bGVtYW5zLmRhdmlkQGdtYWlsLmNvbXwxODQyOTQ3fC0xOTcyOTcxMjQ2>.
>
>
>
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/wicket-clustering-wicket-security-tp2238257p2239030.html
Sent from the Wicket - User mailing list archive at Nabble.com.
Re: wicket clustering wicket-security
Posted by Igor Vaynberg <ig...@gmail.com>.
On Tue, Jun 1, 2010 at 11:17 AM, david_ <me...@gmail.com> wrote:
>
> If I call getSession().getId() in each webapp (for example at the indexpage)
> I get the same sessionId's in all applications.
yep, that returns the id of the underlying http session which would be
the same for both wicket sessions
> Another thing is, if two users are logged in in two different applications
> and one of the two logs out the other one is also logged out.
probably because your log out mechanism invalidates the underlying http session
-igor
>
>
>
> 2010/6/1 Igor Vaynberg-2 [via Apache Wicket] <
> ml-node+2238846-1446394513-232081@n4.nabble.com<ml...@n4.nabble.com>
>>
>
>> each webapp has a single http session, however wicket's Session
>> objects will not be shared.
>>
>> -igor
>>
>> On Tue, Jun 1, 2010 at 2:38 AM, David Meulemans
>> <[hidden email] <http://user/SendEmail.jtp?type=node&node=2238846&i=0>>
>> wrote:
>> > I want to have multiple wicket applications to be clustered. Because I'm
>> > using ehcache it is necessary to merge the applications into one .war
>> file
>> > because ehcache needs to be initiated in the same scope as the other
>> > applications.Now the session is shared among all applications.
>> > Is there a way to avoid this?
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]<http://user/SendEmail.jtp?type=node&node=2238846&i=1>
>> For additional commands, e-mail: [hidden email]<http://user/SendEmail.jtp?type=node&node=2238846&i=2>
>>
>>
>>
>> ------------------------------
>> View message @
>> http://apache-wicket.1842946.n4.nabble.com/wicket-clustering-wicket-security-tp2238257p2238846.html
>> To start a new topic under Wicket - User, email
>> ml-node+1842947-1066186228-232081@n4.nabble.com<ml...@n4.nabble.com>
>> To unsubscribe from Wicket - User, click here<http://apache-wicket.1842946.n4.nabble.com/subscriptions/Unsubscribe.jtp?code=bWV1bGVtYW5zLmRhdmlkQGdtYWlsLmNvbXwxODQyOTQ3fC0xOTcyOTcxMjQ2>.
>>
>>
>>
>
> --
> View this message in context: http://apache-wicket.1842946.n4.nabble.com/wicket-clustering-wicket-security-tp2238257p2238976.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: wicket clustering wicket-security
Posted by david_ <me...@gmail.com>.
If I call getSession().getId() in each webapp (for example at the indexpage)
I get the same sessionId's in all applications.
Another thing is, if two users are logged in in two different applications
and one of the two logs out the other one is also logged out.
2010/6/1 Igor Vaynberg-2 [via Apache Wicket] <
ml-node+2238846-1446394513-232081@n4.nabble.com<ml...@n4.nabble.com>
>
> each webapp has a single http session, however wicket's Session
> objects will not be shared.
>
> -igor
>
> On Tue, Jun 1, 2010 at 2:38 AM, David Meulemans
> <[hidden email] <http://user/SendEmail.jtp?type=node&node=2238846&i=0>>
> wrote:
> > I want to have multiple wicket applications to be clustered. Because I'm
> > using ehcache it is necessary to merge the applications into one .war
> file
> > because ehcache needs to be initiated in the same scope as the other
> > applications.Now the session is shared among all applications.
> > Is there a way to avoid this?
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]<http://user/SendEmail.jtp?type=node&node=2238846&i=1>
> For additional commands, e-mail: [hidden email]<http://user/SendEmail.jtp?type=node&node=2238846&i=2>
>
>
>
> ------------------------------
> View message @
> http://apache-wicket.1842946.n4.nabble.com/wicket-clustering-wicket-security-tp2238257p2238846.html
> To start a new topic under Wicket - User, email
> ml-node+1842947-1066186228-232081@n4.nabble.com<ml...@n4.nabble.com>
> To unsubscribe from Wicket - User, click here<http://apache-wicket.1842946.n4.nabble.com/subscriptions/Unsubscribe.jtp?code=bWV1bGVtYW5zLmRhdmlkQGdtYWlsLmNvbXwxODQyOTQ3fC0xOTcyOTcxMjQ2>.
>
>
>
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/wicket-clustering-wicket-security-tp2238257p2238976.html
Sent from the Wicket - User mailing list archive at Nabble.com.
Re: wicket clustering wicket-security
Posted by Igor Vaynberg <ig...@gmail.com>.
each webapp has a single http session, however wicket's Session
objects will not be shared.
-igor
On Tue, Jun 1, 2010 at 2:38 AM, David Meulemans
<me...@gmail.com> wrote:
> I want to have multiple wicket applications to be clustered. Because I'm
> using ehcache it is necessary to merge the applications into one .war file
> because ehcache needs to be initiated in the same scope as the other
> applications.Now the session is shared among all applications.
> Is there a way to avoid this?
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org