In Chapter 12 of the book "Wicket In Action" that is still being written,
there is some sample code on how to provide authentication pages for users.
I had trouble when using this code and this post is intended to help other
users that may encounter this problem.
I created the SignIn page class and the SignOut page class just as described
in the book. I also created the WIASession and everything that was described
there to make the Authentication piece work. The problem is that when I
would sign out I would have to successfully sign in twice in order to be
authenticated the next time(unless I closed the browser window and
re-visited the site). Here is what I found.
When Method #1 is called the User object gets set on the Session. So that
when Method #2 is called the isAuthenticated should return true since user
is not null. However, in a Stateless page a new Session gets created for
every request so when Method #2 gets executed it is calling isAuthenticated
on a new Session object which has a null user. The solution is in Method #4
when I set the user object on my Session. Notice that when the user gets set
it checks to see if the Session is a temporary session and if it is then it
binds it to make it non-temporary. This will ensure that the next call to
WIASession.get() will return the same Session that you expect.
It is a little more complicated to explain why it was working on the second
time the user logs in so I won't go into detail here. However, if anyone is
having this problem and is curious then let me know and I will try to
explain it.
If you are having this problem then I hope this helps.
Method #1(SignInPage.java):
private boolean signIn(String username, String password)
{
if(username != null && password != null)
{
User user = findUser(username);
if(user != null)
{
if(user.getPassword().equals(password))
{
WIASession.get().setUser(user);
return true;
}
}
}
return false;
}
Method #2(WIAAuthorizationStrategy.java):
public boolean isInstantiationAuthorized(Class componentClass)
{
if(ProtectedPage.class.isAssignableFrom(componentClass))
{
return WIASession.get().isAuthenticated();
}
return true;
}
Method #3(WIASession.java):
public boolean isAuthenticated()
{
return user != null;
}
Method #4 (WIASession.java):
public void setUser(User user)
{
this.user = user;
if(isTemporary())
{
bind();
}
}
--
View this message in context:
http://www.nabble.com/User-has-to-log-in-twice%28Using-example-from-%22Wicket-In-Action%22%29-tp17430131p17430131.html
Sent from the Wicket - User mailing list archive at Nabble.com.
