RE: continueToOriginalDestination seems to be incorrectly retaining destination across multiple logins
Thanks for your response Martin, and sorry for my delayed reply!
I added the breakpoint (it's line 210 in my 1.5-SNAPSHOT). I also put one at
line 197, at the start of the mapRequest method, to see if it was getting into
the method and finding a null value for the data variable. But neither
breakpoint gets reached so the method is not being called. Does this mean that
something is wrong with my wicket/shiro integration code, regarding the wicket
request processing not being used correctly? I should add that I'm using a
library from this fifyfive-wicket project (see
https://github.com/55minutes/fiftyfive-wicket#readme) that pretty much sets up
the wicket/shiro integration for me. Does it sound like the problem is most
likely coming from there, or might something else be going on?
Thanks again,
-Evan
-Original Message-
From: Martin Grigorov [mailto:mgrigo...@apache.org]
Sent: Thursday, February 09, 2012 3:12 AM
To: users@wicket.apache.org
Subject: Re: continueToOriginalDestination seems to be incorrectly retaining
destination across multiple logins
Hi,
The intercept data should be cleaned at
org.apache.wicket.RestartResponseAtInterceptPageException, line 211 -
InterceptData.clear(); Put a breakpoint there and see what happens.
On Wed, Feb 8, 2012 at 7:55 PM, Evan Sable e...@novelution.com wrote:
Hi,
I'm using wicket 1.5-SNAPSHOT along with Shiro for
authentication/authorization security, and when an unauthorized user
tries to go to a page, Shiro calls redirectToInterceptPage behind the
scenes, and during the login process, after a successful login, there is code
that says:
if (!continueToOriginalDestination()) {
setResponsePage(getApplication().getHomePage());
}
It is working in the sense that if a user gets redirected to login,
they are taken to the correct destination afterwards, and if a user
just clicks the login link in a new browser they are redirected to the
homepage after login.
BUT, the problem is, if an initial user tries to go to a protected
page, gets redirected to the login, logs in, and then logs out, and
then, without closing the browser, clicks the login link and logs in
with the same user again or even another user, it still redirects to the
prior original
destination, which should no longer take effect. I would think that
this should be forgotten upon logging out, which replaces the wicket
session
with:
Session session = Session.get();
session.replaceSession();
I think I must be misunderstanding how continueToOriginalDestination
is working - I thought it was placing the original destination url
into the users session, which is why I figured that after the login
which redirects, followed by the logout which replaces the session, it would
be gone.
Can someone please explain what I'm thinking about wrongly here and
why the destination is being retained across multiple logins. Also,
how can I avoid this so that the original destination is only used the
first time?Btw, just to be clear, if I logout and then click to a
new protected url, the original destination value is properly
replaced with the new protected destination which redirects back to
the intercept page. The problem is only if I click directly to the
login page without a new intercept, but after having previously
utilized the continueToOriginalDestination in the prior login.
Thanks very much for any help!
-Evan
--
Martin Grigorov
jWeekend
Training, Consulting, Development
http://jWeekend.com
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
Re: continueToOriginalDestination seems to be incorrectly retaining destination across multiple logins
Hi,
The intercept data should be cleaned at
org.apache.wicket.RestartResponseAtInterceptPageException, line 211 -
InterceptData.clear();
Put a breakpoint there and see what happens.
On Wed, Feb 8, 2012 at 7:55 PM, Evan Sable e...@novelution.com wrote:
Hi,
I'm using wicket 1.5-SNAPSHOT along with Shiro for
authentication/authorization security, and when an unauthorized user tries
to go to a page, Shiro calls redirectToInterceptPage behind the scenes, and
during the login process, after a successful login, there is code that says:
if (!continueToOriginalDestination()) {
setResponsePage(getApplication().getHomePage());
}
It is working in the sense that if a user gets redirected to login, they are
taken to the correct destination afterwards, and if a user just clicks the
login link in a new browser they are redirected to the homepage after login.
BUT, the problem is, if an initial user tries to go to a protected page,
gets redirected to the login, logs in, and then logs out, and then, without
closing the browser, clicks the login link and logs in with the same user
again or even another user, it still redirects to the prior original
destination, which should no longer take effect. I would think that this
should be forgotten upon logging out, which replaces the wicket session
with:
Session session = Session.get();
session.replaceSession();
I think I must be misunderstanding how continueToOriginalDestination is
working - I thought it was placing the original destination url into the
users session, which is why I figured that after the login which redirects,
followed by the logout which replaces the session, it would be gone.
Can someone please explain what I'm thinking about wrongly here and why the
destination is being retained across multiple logins. Also, how can I avoid
this so that the original destination is only used the first time? Btw,
just to be clear, if I logout and then click to a new protected url, the
original destination value is properly replaced with the new protected
destination which redirects back to the intercept page. The problem is only
if I click directly to the login page without a new intercept, but after
having previously utilized the continueToOriginalDestination in the prior
login.
Thanks very much for any help!
-Evan
--
Martin Grigorov
jWeekend
Training, Consulting, Development
http://jWeekend.com
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
continueToOriginalDestination seems to be incorrectly retaining destination across multiple logins
Hi,
I'm using wicket 1.5-SNAPSHOT along with Shiro for
authentication/authorization security, and when an unauthorized user tries
to go to a page, Shiro calls redirectToInterceptPage behind the scenes, and
during the login process, after a successful login, there is code that says:
if (!continueToOriginalDestination()) {
setResponsePage(getApplication().getHomePage());
}
It is working in the sense that if a user gets redirected to login, they are
taken to the correct destination afterwards, and if a user just clicks the
login link in a new browser they are redirected to the homepage after login.
BUT, the problem is, if an initial user tries to go to a protected page,
gets redirected to the login, logs in, and then logs out, and then, without
closing the browser, clicks the login link and logs in with the same user
again or even another user, it still redirects to the prior original
destination, which should no longer take effect. I would think that this
should be forgotten upon logging out, which replaces the wicket session
with:
Session session = Session.get();
session.replaceSession();
I think I must be misunderstanding how continueToOriginalDestination is
working - I thought it was placing the original destination url into the
users session, which is why I figured that after the login which redirects,
followed by the logout which replaces the session, it would be gone.
Can someone please explain what I'm thinking about wrongly here and why the
destination is being retained across multiple logins. Also, how can I avoid
this so that the original destination is only used the first time?Btw,
just to be clear, if I logout and then click to a new protected url, the
original destination value is properly replaced with the new protected
destination which redirects back to the intercept page. The problem is only
if I click directly to the login page without a new intercept, but after
having previously utilized the continueToOriginalDestination in the prior
login.
Thanks very much for any help!
-Evan
