also, what does your code look like that creates a new instance of
session (application.newsession())
-igor
On Tue, May 20, 2008 at 10:58 AM, Igor Vaynberg <[EMAIL PROTECTED]> wrote:
> do the two users have different session ids? try printing it out from
> your authenticate method.
>
> -igor
>
>
> On Tue, May 20, 2008 at 7:59 AM, Cristi Manole <[EMAIL PROTECTED]> wrote:
>> well, i figured it was just me... so I quit bothering you guys with
>> something that's ... just me... :)
>>
>> i'm using tomcat, no clustering.
>>
>> this is my websession class:
>>
>> package com.fx.core;
>>
>> import java.security.NoSuchAlgorithmException;
>>
>> import org.apache.commons.logging.Log;
>> import org.apache.commons.logging.LogFactory;
>> import org.apache.wicket.Request;
>> import org.apache.wicket.authentication.AuthenticatedWebApplication;
>> import org.apache.wicket.authentication.AuthenticatedWebSession;
>> import org.apache.wicket.authorization.strategies.role.Roles;
>> import org.apache.wicket.injection.web.InjectorHolder;
>> import org.apache.wicket.spring.injection.annot.SpringBean;
>>
>> import com.fx.utils.crypt.UltraPasswordHasher;
>>
>> @SuppressWarnings("serial")
>> public class WebSession extends AuthenticatedWebSession {
>> private static final Log log = LogFactory.getLog(WebSession.class);
>>
>> @SpringBean
>> private JdbcUtilizatori jdbcUtilizatori;
>>
>> private Utilizator utilizator;
>>
>> public WebSession(final AuthenticatedWebApplication application, Request
>> request) {
>> super(request);
>> InjectorHolder.getInjector().inject(this); //don't get spring by
>> default in sessions...
>> }
>>
>> @Override
>> * public boolean authenticate(final String username, final String
>> password) {
>> if(utilizator == null) {
>> * UtilizatorDAO dao = jdbcUtilizatori.getUtilizator(username);
>> if(dao != null) {
>> try {
>> if(new
>> UltraPasswordHasher().verifyPassword(password.getBytes(), dao.getParola()))
>> {
>> utilizator = new Utilizator(dao.getId(), username,
>> dao.getParola(), dao.getNume(), dao.getPrenume(), dao.getTip());
>> utilizator.addRole("AUTHENTICATED");
>> }
>> } catch (NoSuchAlgorithmException e) {
>> log.error("ERROR:", e);
>> return false;
>> }
>> }
>> }
>>
>> return utilizator != null;
>> }
>>
>> public void logOut() {
>> utilizator = null;
>> signOut();
>> }
>>
>> @Override
>> public Roles getRoles() {
>> if (isSignedIn()) {
>> // If the user is signed in, they have these roles
>> return new Roles((String[])utilizator.getRoles().toArray(new
>> String[0]));
>> }
>> return null;
>> }
>>
>> public Utilizator getUtilizator() {
>> return utilizator;
>> }
>>
>> public Utilizator getUtilizatorFor(String password) {
>> UtilizatorDAO dao = jdbcUtilizatori.getUtilizator(password);
>> if(dao == null) {
>> return null;
>> } else {
>> return new Utilizator(dao.getId(), dao.getUser(),
>> dao.getParola(), dao.getNume(), dao.getPrenume(), dao.getTip());
>> }
>> }
>> }
>>
>> in dev mode, running from two stations, same network (didn't test
>> otherwise), "utilizator" is not null for the second user after the first has
>> logged in (see bolded text above). And no matter what he puts in the login,
>> it will get logged in with the others credential.
>>
>> *I really think I'm doing something stupid* cause this is the first time I
>> get this and I've been developing quite a few web apps in wicket (then again
>> i rarely develop in dev mode).
>>
>> Tks,
>> Cristi Manole
>>
>> On Tue, May 20, 2008 at 5:23 PM, Igor Vaynberg <[EMAIL PROTECTED]>
>> wrote:
>>
>>> On Tue, May 20, 2008 at 3:55 AM, Cristi Manole <[EMAIL PROTECTED]>
>>> wrote:
>>> > Hello,
>>> >
>>> > Today I tested an application on a number of computers (if it's useful
>>> know
>>> > that they were in the same network).
>>> >
>>> > What I found out is that the wicket session was shared among them when
>>> > wicket was started in dev mode.
>>>
>>> what symptoms of this did you see? does it also happen with a plain
>>> wicket-quickstart? what kind of server did you have running? what kind
>>> of cluster topology? what replication tech did you use?
>>>
>>> you cant just tell us something interesting like this and leave us hanging!
>>>
>>> -igor
>>>
>>> > When I started the application in deploy
>>> > mode, everything was as needed - a session object was created for each
>>> > client.
>>> >
>>> > Is this how it's suppose to work in dev mode? I'm using wicket 1.3.2.
>>> >
>>> > Thank you,
>>> > Cristi Manole
>>> >
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>
>>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
