Thanks for your response Martin, and sorry for my delayed reply!
I added the breakpoint (it's line 210 in my 1.5-SNAPSHOT). I also put one at
line 197, at the start of the mapRequest method, to see if it was getting into
the method and finding a null value for the data variable. But neither
breakpoint gets reached so the method is not being called. Does this mean that
something is wrong with my wicket/shiro integration code, regarding the wicket
request processing not being used correctly? I should add that I'm using a
library from this "fifyfive-wicket" project (see
https://github.com/55minutes/fiftyfive-wicket#readme) that pretty much sets up
the wicket/shiro integration for me. Does it sound like the problem is most
likely coming from there, or might something else be going on?
Thanks again,
-Evan
-Original Message-
From: Martin Grigorov [mailto:mgrigo...@apache.org]
Sent: Thursday, February 09, 2012 3:12 AM
To: users@wicket.apache.org
Subject: Re: continueToOriginalDestination seems to be incorrectly retaining
destination across multiple logins
Hi,
The intercept data should be cleaned at
org.apache.wicket.RestartResponseAtInterceptPageException, line 211 -
InterceptData.clear(); Put a breakpoint there and see what happens.
On Wed, Feb 8, 2012 at 7:55 PM, Evan Sable wrote:
> Hi,
>
>
>
> I'm using wicket 1.5-SNAPSHOT along with Shiro for
> authentication/authorization security, and when an unauthorized user
> tries to go to a page, Shiro calls redirectToInterceptPage behind the
> scenes, and during the login process, after a successful login, there is code
> that says:
>
> if (!continueToOriginalDestination()) {
>
> setResponsePage(getApplication().getHomePage());
>
> }
>
>
>
> It is working in the sense that if a user gets redirected to login,
> they are taken to the correct destination afterwards, and if a user
> just clicks the login link in a new browser they are redirected to the
> homepage after login.
>
>
>
> BUT, the problem is, if an initial user tries to go to a protected
> page, gets redirected to the login, logs in, and then logs out, and
> then, without closing the browser, clicks the login link and logs in
> with the same user again or even another user, it still redirects to the
> prior "original"
> destination, which should no longer take effect. I would think that
> this should be forgotten upon logging out, which replaces the wicket
> session
> with:
>
> Session session = Session.get();
>
> session.replaceSession();
>
>
>
> I think I must be misunderstanding how continueToOriginalDestination
> is working - I thought it was placing the original destination url
> into the users session, which is why I figured that after the login
> which redirects, followed by the logout which replaces the session, it would
> be gone.
>
>
>
> Can someone please explain what I'm thinking about wrongly here and
> why the destination is being retained across multiple logins. Also,
> how can I avoid this so that the original destination is only used the
> first time?Btw, just to be clear, if I logout and then click to a
> new protected url, the "original destination" value is properly
> replaced with the new protected destination which redirects back to
> the intercept page. The problem is only if I click directly to the
> login page without a new intercept, but after having previously
> utilized the continueToOriginalDestination in the prior login.
>
> Thanks very much for any help!
>
> -Evan
>
--
Martin Grigorov
jWeekend
Training, Consulting, Development
http://jWeekend.com
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org