Hi all, I am using wicket 1.4.7. I have problems getting a security certificate into the session object. Doing it the wicket way would be to do it in the newSession method of the Application - I think: @Override public Session newSession(Request request, Response response) { MySession newSession = new MySession(request); WebRequest webRequest = (WebRequest) request; HttpServletRequest httpRequest = webRequest.getHttpServletRequest(); _log.info(httpRequest.toString()); Object object = httpRequest.getAttribute(X509_CERTIFICATE_ATTRIBUTE); X509Certificate[] certificates = (X509Certificate[]) object; newSession.setCertificates(certificates); return newSession; }
The problem is that the httpRequest.getAttribute(X509_CERTIFICATE_ATTRIBUTE); returns null. When I do the evil not so wicket way later in the logIn-Page after a Click on a "Cert-SignIn" Button it works fine: @Override public void onSubmit() { ServletWebRequest servletWebRequest = (ServletWebRequest) getRequest(); HttpServletRequest request = servletWebRequest.getHttpServletRequest(); certificates = (X509Certificate[]) request.getAttribute(X509_CERTIFICATE_ATTRIBUTE); getLogInService().authenticate(certificates); } It seems that the first request to the application of a user does trigger the newSession method, but it is before the user was redirected to the https-login-page which requests the certificate...Can someone tell me the proper way to do this or is this even a wicket bug? I think it should be a common problem to get certificates into your web session? My webapp runs in a Jetty Server. Thanks in advance, Jan --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org