Stateless login page with auth-roles
Hi, I've followed the Wicket guide's chapter on security in order to implement authorization. Amongst other bits it advises using the following code in the AuthenticatedPage : @Override protected void onConfigure() { super.onConfigure(); AuthenticatedWebApplication app = (AuthenticatedWebApplication)Application.get(); //if user is not signed in, redirect him to sign in page if(!AuthenticatedWebSession.get().isSignedIn()) app.restartResponseAtSignInPage(); } The problem is that restartResponseAtSignInPage() binds a new session so I end up with a session despite redirecting to the stateless login page. Any ideas? CN -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Stateless-login-page-with-auth-roles-tp4668706.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Stateless login page with auth-roles
Hi, https://github.com/apache/wicket/blob/master/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebApplication.java#L101 There is no code that binds the session. Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Wed, Dec 10, 2014 at 11:22 AM, ChambreNoire a...@tentelemed.com wrote: Hi, I've followed the Wicket guide's chapter on security in order to implement authorization. Amongst other bits it advises using the following code in the AuthenticatedPage : @Override protected void onConfigure() { super.onConfigure(); AuthenticatedWebApplication app = (AuthenticatedWebApplication)Application.get(); //if user is not signed in, redirect him to sign in page if(!AuthenticatedWebSession.get().isSignedIn()) app.restartResponseAtSignInPage(); } The problem is that restartResponseAtSignInPage() binds a new session so I end up with a session despite redirecting to the stateless login page. Any ideas? CN -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Stateless-login-page-with-auth-roles-tp4668706.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Stateless login page with auth-roles
No, not directly, but it leads to the set() method of RestartResponseAtInterceptPageException's inner InterceptData class which calls bind(); https://github.com/apache/wicket/blob/master/wicket-core/src/main/java/org/apache/wicket/RestartResponseAtInterceptPageException.java#L141 CN -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Stateless-login-page-with-auth-roles-tp4668706p4668709.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Stateless login page with auth-roles
OK. Then instead of using restartResponseAtSignInPage() just do: setResponsePage(getSignInPage()) Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Wed, Dec 10, 2014 at 11:46 AM, ChambreNoire a...@tentelemed.com wrote: No, not directly, but it leads to the set() method of RestartResponseAtInterceptPageException's inner InterceptData class which calls bind(); https://github.com/apache/wicket/blob/master/wicket-core/src/main/java/org/apache/wicket/RestartResponseAtInterceptPageException.java#L141 CN -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Stateless-login-page-with-auth-roles-tp4668706p4668709.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Stateless login page with auth-roles
Yes I thought of that but it doesn't redirect to the loginpage (and results in WicketRuntimeExceptions - Error attaching this container for rendering - possibly because of a resulting page missmatch). I'm obviously missing something... -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Stateless-login-page-with-auth-roles-tp4668706p4668712.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: stateless Login page!!
RestartResponseAtInterceptPageException explicitly binds session may be you are not binding your session yourself and your authorization strategy were redirecting you back to login page because there was not a permanent(http) session? On Tue, Sep 11, 2012 at 8:54 PM, Alfonso Quiroga alfonsose...@gmail.com wrote: It IS calling it (I've debugged it) and nothing happens. I could make it work replacing that line with this: throw new RestartResponseAtInterceptPageException(RealHomePage.class); Is this the solution? Why setReponsePage() is not working? thanks! On Tue, Sep 11, 2012 at 12:21 PM, Paul Bors p...@bors.ws wrote: Are you sure it's not calling the setReponsePage() (put break-point or a log message) and instead is trying to call the onError() method of your button or form? ~ Thank you, Paul Bors -Original Message- From: Alfonso Quiroga [mailto:alfonsose...@gmail.com] Sent: Tuesday, September 11, 2012 11:07 AM To: users@wicket.apache.org Subject: stateless Login page!! Hi, I have a stateless login page (statelessForm) and when the user login I do: protected void onSubmit() { [] setResponsePage(HomePage.class); } This was WORKING on wicket 1.5.RC7, but when I've changed to 1.5.7 or 1.5.8, it does not work, it just RELOADS the login page. What can I do instead of using setResponsePage() ?? thanks in advance - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- regards, Vineet Semwal - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
stateless Login page!!
Hi, I have a stateless login page (statelessForm) and when the user login I do: protected void onSubmit() { [] setResponsePage(HomePage.class); } This was WORKING on wicket 1.5.RC7, but when I've changed to 1.5.7 or 1.5.8, it does not work, it just RELOADS the login page. What can I do instead of using setResponsePage() ?? thanks in advance - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
RE: stateless Login page!!
Are you sure it's not calling the setReponsePage() (put break-point or a log message) and instead is trying to call the onError() method of your button or form? ~ Thank you, Paul Bors -Original Message- From: Alfonso Quiroga [mailto:alfonsose...@gmail.com] Sent: Tuesday, September 11, 2012 11:07 AM To: users@wicket.apache.org Subject: stateless Login page!! Hi, I have a stateless login page (statelessForm) and when the user login I do: protected void onSubmit() { [] setResponsePage(HomePage.class); } This was WORKING on wicket 1.5.RC7, but when I've changed to 1.5.7 or 1.5.8, it does not work, it just RELOADS the login page. What can I do instead of using setResponsePage() ?? thanks in advance - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: stateless Login page!!
It IS calling it (I've debugged it) and nothing happens. I could make it work replacing that line with this: throw new RestartResponseAtInterceptPageException(RealHomePage.class); Is this the solution? Why setReponsePage() is not working? thanks! On Tue, Sep 11, 2012 at 12:21 PM, Paul Bors p...@bors.ws wrote: Are you sure it's not calling the setReponsePage() (put break-point or a log message) and instead is trying to call the onError() method of your button or form? ~ Thank you, Paul Bors -Original Message- From: Alfonso Quiroga [mailto:alfonsose...@gmail.com] Sent: Tuesday, September 11, 2012 11:07 AM To: users@wicket.apache.org Subject: stateless Login page!! Hi, I have a stateless login page (statelessForm) and when the user login I do: protected void onSubmit() { [] setResponsePage(HomePage.class); } This was WORKING on wicket 1.5.RC7, but when I've changed to 1.5.7 or 1.5.8, it does not work, it just RELOADS the login page. What can I do instead of using setResponsePage() ?? thanks in advance - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Problem with stateless login page after moving from Wicket 1.5-RC5.1 to 1.5.0
Hi, I encountered a strange behavior with a stateless login page after moving from Wicket 1.5-RC5.1 to 1.5.0. To assure that the login page is stateless I'm using the StatelessChecker class. The problem occurs when the login fails because the authenticate() method of the AuthenticatedWebSession class returns false. When this happens the StatelessChecker throws an IllegalArgumentException and with the following message: /Last cause: '[Page class = com.company.app.backend.common.web.page.LoginPage, id = 1, render count = 1]' claims to be stateless but isn't. Possible reasons: no stateless hint, statefull behaviors/ After switching back to Wicket 1.5-RC5.1 everything works as expected and the StatelessChecker doesn't throw an exception. Might this be a bug in one of the two versions (1.5-RC5.1 vs. 1.5.0)? -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Problem-with-stateless-login-page-after-moving-from-Wicket-1-5-RC5-1-to-1-5-0-tp3817801p3817801.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Problem with stateless login page after moving from Wicket 1.5-RC5.1 to 1.5.0
WICKET-3991 On Fri, Sep 16, 2011 at 1:58 PM, Florian B. florian.bernst...@gmail.com wrote: Hi, I encountered a strange behavior with a stateless login page after moving from Wicket 1.5-RC5.1 to 1.5.0. To assure that the login page is stateless I'm using the StatelessChecker class. The problem occurs when the login fails because the authenticate() method of the AuthenticatedWebSession class returns false. When this happens the StatelessChecker throws an IllegalArgumentException and with the following message: /Last cause: '[Page class = com.company.app.backend.common.web.page.LoginPage, id = 1, render count = 1]' claims to be stateless but isn't. Possible reasons: no stateless hint, statefull behaviors/ After switching back to Wicket 1.5-RC5.1 everything works as expected and the StatelessChecker doesn't throw an exception. Might this be a bug in one of the two versions (1.5-RC5.1 vs. 1.5.0)? -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Problem-with-stateless-login-page-after-moving-from-Wicket-1-5-RC5-1-to-1-5-0-tp3817801p3817801.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Problem with stateless login page after moving from Wicket 1.5-RC5.1 to 1.5.0
Ah thanks for the information. I didn't look in the bug tracker. -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Problem-with-stateless-login-page-after-moving-from-Wicket-1-5-RC5-1-to-1-5-0-tp3817801p3817891.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org