Hello, I'm trying to get JSecurity to work with Wicket, but I ran into a odd problem. I have a very simple web application with SimpleAccountRealm and DefaultWebSecurityManager. The project contains only one page with a login form. The form (well it's only one button), handles the login procedure (calls Subject.login(AuthenticationToken) method). If the user has logged in, the login form isn't rendered at all (visibility tested with SecurityUtils.getSubject().isAuthenticated()).
The problem is that with Tomcat the user is logged in succesfully only to the thread which handled the login. So when I refresh the page, the login form is sometimes visible and sometimes not, depending on which thread handles the request. With Resin the rendering is more bizarre. After login the form is rendered sometimes, I'm not seeing any pattern on when the form is shown and when it's not. Has anybody stumbled on anything like this before? What am I doing wrong? My test application is available from http://temp.korri.net/WicketJSecurity.war sources are included. Regards, Taneli Korri
