Hi all,
I am using wicket 1.4.7.
I have problems getting a security certificate into the session object.
Doing it the wicket way would be to do it in the newSession method of
the Application - I think:
@Override
public Session newSession(Request request, Response response) {
MySession newSession = new MySession(request);
WebRequest webRequest = (WebRequest) request;
HttpServletRequest httpRequest = webRequest.getHttpServletRequest();
_log.info(httpRequest.toString());
Object object =
httpRequest.getAttribute(X509_CERTIFICATE_ATTRIBUTE);
X509Certificate[] certificates = (X509Certificate[]) object;
newSession.setCertificates(certificates);
return newSession;
}
The problem is that the
httpRequest.getAttribute(X509_CERTIFICATE_ATTRIBUTE); returns null. When
I do the evil not so wicket way later in the logIn-Page after a Click on
a "Cert-SignIn" Button it works fine:
@Override
public void onSubmit() {
ServletWebRequest servletWebRequest =
(ServletWebRequest) getRequest();
HttpServletRequest request =
servletWebRequest.getHttpServletRequest();
certificates = (X509Certificate[])
request.getAttribute(X509_CERTIFICATE_ATTRIBUTE);
getLogInService().authenticate(certificates);
}
It seems that the first request to the application of a user does
trigger the newSession method, but it is before the user was redirected
to the https-login-page which requests the certificate...Can someone
tell me the proper way to do this or is this even a wicket bug? I think
it should be a common problem to get certificates into your web session?
My webapp runs in a Jetty Server.
Thanks in advance,
Jan
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
