Our Wicket application uses Spring Security for authentication and
authorization. All service methods check that the current user (in the
Spring Security context) has the right to execute the method.
When the subscribed components are rendered for an Atmosphere broadcast,
the security context is not the right one. We call EventBus.post() in a
background (non-HTTP) thread, so there is no security context at all
(and even if it were, its user would not be the right one).
I can use ResourceRegistrationListener to keep track of the
resource-UUID-to-user assignment, but I see no way to set the user into
the security context before the subscribed components are rendered. Is
there one? If not, it is conceivable to add one, such as some sort of
hook to EventBus.post()? The security context would ideally be set
around postToSingleResource(), and it must be reset after all resources
have been handled.
Thank you,
Andrei
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org