Hi Dan!
Still the same thing...
A central login application is calling several web application modules with a
parameter ?user=xxxx
And then the user should login automagically. Different users have different
roles, so therefore
the user switch...
Christian
________________________________________
From: Dan Haywood [[email protected]]
Sent: Friday, May 31, 2013 2:36 PM
To: users
Subject: Re: automatic login using url?
By the way, is this a continuation of the TPM demo, or something else?
On 31 May 2013 13:34, Christian Steinebach <
[email protected]> wrote:
> Thanks a lot, Dan! :-)
>
> Christian
> ________________________________________
> From: Dan Haywood [[email protected]]
> Sent: Friday, May 31, 2013 2:30 PM
> To: users
> Subject: Re: automatic login using url?
>
> Looks ok to me. It's in your subclass of WicketApplication, so you can do
> what you want.
>
> As I said, we need to integrate Shiro, Isis and Wicket more closely, and
> part of that is the lifecycle of the invalidations of their respective
> authentication sessions when logging out. Blowing away the HttpSession, as
> you've done, is the nuclear option, but it's probably the best thing you
> can do right now.
>
> Cheers
> Dan
>
>
>
> On 31 May 2013 13:27, Christian Steinebach <
> [email protected]> wrote:
>
> > Hi again!
> >
> > Quick (and dirty?) overriding newWebRequest seems to do the job.
> > If I've created a big problem for myself please let me know. ;-)
> > The solution doesn't have to be secure, just work. It's for a demo
> > where login is handled by another application anyway.
> >
> > Regards
> > Christian
> >
> >
> >
> > @Override
> > public WebRequest newWebRequest(HttpServletRequest servletRequest,
> > String filterPath) {
> > try {
> > String uname = servletRequest.getParameter("user");
> > if (uname != null) {
> > servletRequest.getSession().invalidate();
> > }
> > } catch (Exception e) {
> > }
> > WebRequest request = super.newWebRequest(servletRequest,
> > filterPath);
> > return request;
> > }
> >
> > ________________________________________
> > From: Christian Steinebach [[email protected]]
> > Sent: Friday, May 31, 2013 2:02 PM
> > To: [email protected]
> > Subject: automatic login using url?
> >
> > Hi all!
> >
> > I wanted to login using url parameters, something like:
> >
> > http://localhost://MyIsisApplication?user=erik&pass=pass
> >
> > should log in as user erik with password pass.
> > I seem to have managed to find a solution, just override the newSession
> > method in the application class:
> >
> > public class MyIsisApplication extends IsisWicketApplication {
> >
> > @Override
> > public Session newSession(final Request request, final Response
> > response) {
> > AuthenticatedWebSessionForIsis s =
> > (AuthenticatedWebSessionForIsis) super.newSession(request, response);
> > StringValue user =
> > request.getRequestParameters().getParameterValue("user");
> > StringValue password =
> > request.getRequestParameters().getParameterValue("pass");
> > s.signIn(user.toString(), "pass");
> > return s;
> >
> >
> > So far, it seems to work, the only problem i have is when trying to log
> in
> > with a different user
> > before the session has timed out.
> >
> > Has anybody a hint, where (and how) I should switch the user when called
> > with a different user name?
> >
> > Any help very much appreciated
> >
> > Christian
> >
>
