RE: automatic login using url?

[Christian Steinebach]

Thanks a lot, Dan! :-)

    Christian
________________________________________
From: Dan Haywood [d...@haywood-associates.co.uk]
Sent: Friday, May 31, 2013 2:30 PM
To: users
Subject: Re: automatic login using url?

Looks ok to me.  It's in your subclass of WicketApplication, so you can do
what you want.

As I said, we need to integrate Shiro, Isis and Wicket more closely, and
part of that is the lifecycle of the invalidations of their respective
authentication sessions when logging out.  Blowing away the HttpSession, as
you've done, is the nuclear option, but it's probably the best thing you
can do right now.

Cheers
Dan



On 31 May 2013 13:27, Christian Steinebach <
christian.steineb...@marintek.sintef.no> wrote:

> Hi again!
>
> Quick (and dirty?) overriding newWebRequest seems to do the job.
> If I've created a big problem for myself please let me know. ;-)
> The solution doesn't have to be secure, just work. It's for a demo
> where login is handled by another application anyway.
>
>           Regards
>                Christian
>
>
>
>     @Override
>     public WebRequest newWebRequest(HttpServletRequest servletRequest,
> String filterPath) {
>         try {
>             String uname = servletRequest.getParameter("user");
>             if (uname != null) {
>                 servletRequest.getSession().invalidate();
>             }
>         } catch (Exception e) {
>         }
>         WebRequest request = super.newWebRequest(servletRequest,
> filterPath);
>         return request;
>     }
>
> ________________________________________
> From: Christian Steinebach [christian.steineb...@marintek.sintef.no]
> Sent: Friday, May 31, 2013 2:02 PM
> To: users@isis.apache.org
> Subject: automatic login using url?
>
> Hi all!
>
> I wanted to login using url parameters, something like:
>
> http://localhost://MyIsisApplication?user=erik&pass=pass
>
> should log in as user erik with password pass.
> I seem to have managed to find a solution, just override the newSession
> method in the application class:
>
> public class MyIsisApplication extends IsisWicketApplication {
>
>     @Override
>     public Session newSession(final Request request, final Response
> response) {
>         AuthenticatedWebSessionForIsis s =
> (AuthenticatedWebSessionForIsis) super.newSession(request, response);
>         StringValue user =
> request.getRequestParameters().getParameterValue("user");
>         StringValue password =
> request.getRequestParameters().getParameterValue("pass");
>         s.signIn(user.toString(), "pass");
>         return s;
>
>
> So far, it seems to work, the only problem i have is when trying to log in
> with a different user
> before the session has timed out.
>
> Has anybody a hint, where (and how) I should switch the user when called
> with a different user name?
>
>        Any help very much appreciated
>
>                Christian
>