Hi Taneli, I think you need to add a filter to your application (JSecurityFilter or a subclass of it). Also you should set the session mode for your security manager to http, this way the session/subject is "bound" to the http session. Not sure whether it will still be bound to the current thread as well but I suppose not. All I am telling you is from what's in my mind ( I am a beginner with JSecurity ) ... i don't have the JSecurity code in front of me and also I am not an authority in JSecurity and I might be wrong. If I'm wrong, please correct me.
Regards, Razvan On Tue, Feb 17, 2009 at 11:58 AM, Taneli Korri <[email protected]> wrote: > Hello, > > I'm trying to get JSecurity to work with Wicket, but I ran into a odd > problem. I have a very simple web application with SimpleAccountRealm and > DefaultWebSecurityManager. The project contains only one page with a login > form. The form (well it's only one button), handles the login procedure > (calls Subject.login(AuthenticationToken) method). If the user has logged > in, the login form isn't rendered at all (visibility tested with > SecurityUtils.getSubject().isAuthenticated()). > > The problem is that with Tomcat the user is logged in succesfully only to > the thread which handled the login. So when I refresh the page, the login > form is sometimes visible and sometimes not, depending on which thread > handles the request. > > With Resin the rendering is more bizarre. After login the form is rendered > sometimes, I'm not seeing any pattern on when the form is shown and when > it's not. > > Has anybody stumbled on anything like this before? What am I doing wrong? > > My test application is available from > http://temp.korri.net/WicketJSecurity.war sources are included. > > > Regards, > > Taneli Korri >
