does encryption has anything to do with this upon debugging I found its
failing in CryptedUrlWebRequestCodingStrategy.java
here is the method where it fails
protected String decodeURL(final String url)
{
int startIndex = url.indexOf("?x=");
if (startIndex == -1)
{
startIndex = url.indexOf("&x=");
}
if (startIndex != -1)
{
try
{
startIndex = startIndex + 3;
final int endIndex = url.indexOf("&",
startIndex);
String secureParam;
if (endIndex == -1)
{
secureParam = url.substring(startIndex);
}
else
{
secureParam = url.substring(startIndex,
endIndex);
}
secureParam =
WicketURLDecoder.QUERY_INSTANCE.decode(secureParam);
// Get the crypt implementation from the
application
final ICrypt urlCrypt = Application.get()
.getSecuritySettings()
.getCryptFactory()
.newCrypt();
// Decrypt the query string
String queryString =
urlCrypt.decryptUrlSafe(secureParam);
// The querystring might have been shortened
(length reduced).
// In that case, lengthen the query string
again.
queryString = rebuildUrl(queryString);
return queryString;
}
catch (Exception ex)
{
return onError(ex, url);
}
}
return null;
}
it fails at this line
String queryString = urlCrypt.decryptUrlSafe(secureParam);
why decrypt fails if session is invalidated ?
James Carman-3 wrote:
>
> This works for me:
>
> final Link signOutLink = new Link("signOutLink")
> {
> public void onClick()
> {
> getSession().invalidate();
> setResponsePage(getApplication().getHomePage());
> setRedirect(true);
> }
>
> public boolean isVisible()
> {
> return ((MySessionClass)getSession()).isSignedIn();
> }
> };
>
> I put that in my "base page" class so that it's visible everywhere.
>
> On Thu, Mar 25, 2010 at 11:30 AM, fachhoch <[email protected]> wrote:
>>
>> I did as u said
>> public class AuditSignOutPage extends SignOutPage
>> {
>>
>> public AuditSignOutPage() {
>> ((AuditWebSession)(Session.get())).signout();
>> setRedirect(true);
>> throw new RestartResponseException(SSISignOutPage.class);
>> }
>> }
>>
>>
>> public class SSISignOutPage extends UnSecuredBasePage {
>>
>> public SSISignOutPage() {
>> add(new AjaxLink<Void>("relogin"){
>> �...@override
>> public void onClick(AjaxRequestTarget target) {
>> setResponsePage(new
>> AuditWicketApplication.SignInPageHelper().getSignInPage());
>> setRedirect(true);
>> }
>> });
>> }
>> }
>> I click on the signout link AuditSignOutPage invalidates the session
>> and send to SSISignOutPage .here this page gets loaded , I see the
>> link
>> relogin.
>>
>> when I click on the link relogin it should take me to my signinpage but
>> again i am ending up with session expired page . I set the break point
>> in onClick method but it never goes there ,
>>
>> please explain me what could be causing this ?
>>
>>
>>
>> Mauro Ciancio wrote:
>>>
>>> In order to implement my sign out page I've created a SignOutPage
>>> that invokes the signOut method in AuthenticatedWebSession, then
>>> setRedirect(true) and as final step I throw a:
>>>
>>> throw new RestartResponseException(HomePage.class).
>>>
>>> This makes the home page be processed (and the url in the navigation
>>> bar remains /your_home_page_url).
>>>
>>> Here is the full code if you need it:
>>>
>>> public class LogOutPage extends WebPage {
>>>
>>> public LogOutPage() {
>>> AuthenticatedWebSession.get().signOut();
>>> setRedirect(true);
>>> throw new RestartResponseException(HomePage.class);
>>> }
>>> }
>>>
>>> Cheers.
>>>
>>> On Thu, Mar 25, 2010 at 11:19 AM, fachhoch <[email protected]> wrote:
>>>>
>>>> I initially tried etResponsePage(SSISignOutPage.class) it did not
>>>> worked ,
>>>> so used the new approach ,
>>>>
>>>> regarding what my SSISignOutPage it does nothing except for showing a
>>>> link
>>>> , before to that the control never goes to the page constructor ,
>>>>
>>>> I am assuming after a session is invalidated wicket removes all its
>>>> pages
>>>> from page map and its possible that it cannot find the page
>>>> SSISignOutPage
>>>> and for that reason do I get pageExpired error ?
>>>>
>>>>
>>>>
>>>>
>>>> christian.giambalvo wrote:
>>>>>
>>>>> Depends on what your SSISignOutPage.class does.
>>>>> But why don't use setResponsePage(SSISignOutPage.class) ??
>>>>>
>>>>> -----Ursprüngliche Nachricht-----
>>>>> Von: tubin gen [mailto:[email protected]]
>>>>> Gesendet: Donnerstag, 25. März 2010 12:59
>>>>> An: users
>>>>> Betreff: signout and redirect
>>>>>
>>>>> here is my code to signout link.
>>>>>
>>>>> add(new Link<Void>("signout"){
>>>>> @Override
>>>>> public void onClick() {
>>>>> ((AuditWebSession)(Session.get())).signout();
>>>>> throw new RestartResponseException(SSISignOutPage.class);
>>>>> }
>>>>> });
>>>>>
>>>>> when user clicks on signout I expect to go to SSISignOutPage.
>>>>> but I end up with a different page which is set in
>>>>> applicationsettings
>>>>>
>>>>> IApplicationSettings settings= super.getApplicationSettings();
>>>>> settings.setPageExpiredErrorPage(SessionExpiredPage.class);
>>>>>
>>>>>
>>>>> the SessionExpiredPage .
>>>>> please tell me what could be causing this ?
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: [email protected]
>>>>> For additional commands, e-mail: [email protected]
>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://old.nabble.com/signout-and-redirect-tp28027857p28029507.html
>>>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: [email protected]
>>>> For additional commands, e-mail: [email protected]
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> Mauro Ciancio <maurociancio at gmail dot com>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [email protected]
>>> For additional commands, e-mail: [email protected]
>>>
>>>
>>>
>>
>> --
>> View this message in context:
>> http://old.nabble.com/signout-and-redirect-tp28027857p28030542.html
>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [email protected]
>> For additional commands, e-mail: [email protected]
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
>
--
View this message in context:
http://old.nabble.com/signout-and-redirect-tp28027857p28030831.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
