Hi,
I have a problem with designing authentication and session properly. I asked
for help some time ago, but I was not able to fix the problem.
I have a standard situation - I have an app that has bunch of pages and only
main page with login form should be accessible for everyone. Everything else
should be available after you log in. And some technical pages that should
be accessible for admins only.
So I want AuthenticatedApplication and AuthenticatedWebSession. I set main
page with login form in Application as the page that does not need
authentication. Then someone enters proper credentials and I set in Session
username [key] and whole User entity (transient) with proper role.
It all works fine on my computer, but when I deploy it, it stops working.
Session gets detached on the way and I cannot fetche the data to my models.
Yes, I keep user data in my session, I could do it with datastore queries,
but session is better solution on AppEngine. And problem would still be the
same pretty much.
There are 2 problems, which I don't really understand:
1. Session gets detached - where is it explained when and why it happens?
How should I properly initialise it? I thought that making
MySession.get().(...) would be enough... When user logs in, I do
"MySession.get().setUser(...)". Then user gets redirected to main app page,
where there are labels to display data
("MySession.get().getUser().getValueX()". Where is my mistake?
2. How to fetch data from Guice in Session? I have a Repository<User>
Inject, but when it is used in Session it throws nullpointer exception.
Should I have it in session at all? I guess repopulating user data like that
is not the best idea, I should probably just redirect him to login page
again, if session somehow losses data.
--
View this message in context:
http://apache-wicket.1842946.n4.nabble.com/Authentication-and-sessions-the-right-way-tp3866840p3866840.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
