well, i figured it was just me... so I quit bothering you guys with
something that's ... just me... :)
i'm using tomcat, no clustering.
this is my websession class:
package com.fx.core;
import java.security.NoSuchAlgorithmException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.wicket.Request;
import org.apache.wicket.authentication.AuthenticatedWebApplication;
import org.apache.wicket.authentication.AuthenticatedWebSession;
import org.apache.wicket.authorization.strategies.role.Roles;
import org.apache.wicket.injection.web.InjectorHolder;
import org.apache.wicket.spring.injection.annot.SpringBean;
import com.fx.utils.crypt.UltraPasswordHasher;
@SuppressWarnings("serial")
public class WebSession extends AuthenticatedWebSession {
private static final Log log = LogFactory.getLog(WebSession.class);
@SpringBean
private JdbcUtilizatori jdbcUtilizatori;
private Utilizator utilizator;
public WebSession(final AuthenticatedWebApplication application, Request
request) {
super(request);
InjectorHolder.getInjector().inject(this); //don't get spring by
default in sessions...
}
@Override
* public boolean authenticate(final String username, final String
password) {
if(utilizator == null) {
* UtilizatorDAO dao = jdbcUtilizatori.getUtilizator(username);
if(dao != null) {
try {
if(new
UltraPasswordHasher().verifyPassword(password.getBytes(), dao.getParola()))
{
utilizator = new Utilizator(dao.getId(), username,
dao.getParola(), dao.getNume(), dao.getPrenume(), dao.getTip());
utilizator.addRole("AUTHENTICATED");
}
} catch (NoSuchAlgorithmException e) {
log.error("ERROR:", e);
return false;
}
}
}
return utilizator != null;
}
public void logOut() {
utilizator = null;
signOut();
}
@Override
public Roles getRoles() {
if (isSignedIn()) {
// If the user is signed in, they have these roles
return new Roles((String[])utilizator.getRoles().toArray(new
String[0]));
}
return null;
}
public Utilizator getUtilizator() {
return utilizator;
}
public Utilizator getUtilizatorFor(String password) {
UtilizatorDAO dao = jdbcUtilizatori.getUtilizator(password);
if(dao == null) {
return null;
} else {
return new Utilizator(dao.getId(), dao.getUser(),
dao.getParola(), dao.getNume(), dao.getPrenume(), dao.getTip());
}
}
}
in dev mode, running from two stations, same network (didn't test
otherwise), "utilizator" is not null for the second user after the first has
logged in (see bolded text above). And no matter what he puts in the login,
it will get logged in with the others credential.
*I really think I'm doing something stupid* cause this is the first time I
get this and I've been developing quite a few web apps in wicket (then again
i rarely develop in dev mode).
Tks,
Cristi Manole
On Tue, May 20, 2008 at 5:23 PM, Igor Vaynberg <[EMAIL PROTECTED]>
wrote:
> On Tue, May 20, 2008 at 3:55 AM, Cristi Manole <[EMAIL PROTECTED]>
> wrote:
> > Hello,
> >
> > Today I tested an application on a number of computers (if it's useful
> know
> > that they were in the same network).
> >
> > What I found out is that the wicket session was shared among them when
> > wicket was started in dev mode.
>
> what symptoms of this did you see? does it also happen with a plain
> wicket-quickstart? what kind of server did you have running? what kind
> of cluster topology? what replication tech did you use?
>
> you cant just tell us something interesting like this and leave us hanging!
>
> -igor
>
> > When I started the application in deploy
> > mode, everything was as needed - a session object was created for each
> > client.
> >
> > Is this how it's suppose to work in dev mode? I'm using wicket 1.3.2.
> >
> > Thank you,
> > Cristi Manole
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
