do the two users have different session ids? try printing it out from
your authenticate method.
-igor
On Tue, May 20, 2008 at 7:59 AM, Cristi Manole <[EMAIL PROTECTED]> wrote:
> well, i figured it was just me... so I quit bothering you guys with
> something that's ... just me... :)
>
> i'm using tomcat, no clustering.
>
> this is my websession class:
>
> package com.fx.core;
>
> import java.security.NoSuchAlgorithmException;
>
> import org.apache.commons.logging.Log;
> import org.apache.commons.logging.LogFactory;
> import org.apache.wicket.Request;
> import org.apache.wicket.authentication.AuthenticatedWebApplication;
> import org.apache.wicket.authentication.AuthenticatedWebSession;
> import org.apache.wicket.authorization.strategies.role.Roles;
> import org.apache.wicket.injection.web.InjectorHolder;
> import org.apache.wicket.spring.injection.annot.SpringBean;
>
> import com.fx.utils.crypt.UltraPasswordHasher;
>
> @SuppressWarnings("serial")
> public class WebSession extends AuthenticatedWebSession {
> private static final Log log = LogFactory.getLog(WebSession.class);
>
> @SpringBean
> private JdbcUtilizatori jdbcUtilizatori;
>
> private Utilizator utilizator;
>
> public WebSession(final AuthenticatedWebApplication application, Request
> request) {
> super(request);
> InjectorHolder.getInjector().inject(this); //don't get spring by
> default in sessions...
> }
>
> @Override
> * public boolean authenticate(final String username, final String
> password) {
> if(utilizator == null) {
> * UtilizatorDAO dao = jdbcUtilizatori.getUtilizator(username);
> if(dao != null) {
> try {
> if(new
> UltraPasswordHasher().verifyPassword(password.getBytes(), dao.getParola()))
> {
> utilizator = new Utilizator(dao.getId(), username,
> dao.getParola(), dao.getNume(), dao.getPrenume(), dao.getTip());
> utilizator.addRole("AUTHENTICATED");
> }
> } catch (NoSuchAlgorithmException e) {
> log.error("ERROR:", e);
> return false;
> }
> }
> }
>
> return utilizator != null;
> }
>
> public void logOut() {
> utilizator = null;
> signOut();
> }
>
> @Override
> public Roles getRoles() {
> if (isSignedIn()) {
> // If the user is signed in, they have these roles
> return new Roles((String[])utilizator.getRoles().toArray(new
> String[0]));
> }
> return null;
> }
>
> public Utilizator getUtilizator() {
> return utilizator;
> }
>
> public Utilizator getUtilizatorFor(String password) {
> UtilizatorDAO dao = jdbcUtilizatori.getUtilizator(password);
> if(dao == null) {
> return null;
> } else {
> return new Utilizator(dao.getId(), dao.getUser(),
> dao.getParola(), dao.getNume(), dao.getPrenume(), dao.getTip());
> }
> }
> }
>
> in dev mode, running from two stations, same network (didn't test
> otherwise), "utilizator" is not null for the second user after the first has
> logged in (see bolded text above). And no matter what he puts in the login,
> it will get logged in with the others credential.
>
> *I really think I'm doing something stupid* cause this is the first time I
> get this and I've been developing quite a few web apps in wicket (then again
> i rarely develop in dev mode).
>
> Tks,
> Cristi Manole
>
> On Tue, May 20, 2008 at 5:23 PM, Igor Vaynberg <[EMAIL PROTECTED]>
> wrote:
>
>> On Tue, May 20, 2008 at 3:55 AM, Cristi Manole <[EMAIL PROTECTED]>
>> wrote:
>> > Hello,
>> >
>> > Today I tested an application on a number of computers (if it's useful
>> know
>> > that they were in the same network).
>> >
>> > What I found out is that the wicket session was shared among them when
>> > wicket was started in dev mode.
>>
>> what symptoms of this did you see? does it also happen with a plain
>> wicket-quickstart? what kind of server did you have running? what kind
>> of cluster topology? what replication tech did you use?
>>
>> you cant just tell us something interesting like this and leave us hanging!
>>
>> -igor
>>
>> > When I started the application in deploy
>> > mode, everything was as needed - a session object was created for each
>> > client.
>> >
>> > Is this how it's suppose to work in dev mode? I'm using wicket 1.3.2.
>> >
>> > Thank you,
>> > Cristi Manole
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
