Hi, On Mon, Oct 3, 2011 at 9:54 AM, Zeldor <[email protected]> wrote: > Hi, > > I have a problem with designing authentication and session properly. I asked > for help some time ago, but I was not able to fix the problem. > > I have a standard situation - I have an app that has bunch of pages and only > main page with login form should be accessible for everyone. Everything else > should be available after you log in. And some technical pages that should > be accessible for admins only. > > So I want AuthenticatedApplication and AuthenticatedWebSession. I set main > page with login form in Application as the page that does not need > authentication. Then someone enters proper credentials and I set in Session > username [key] and whole User entity (transient) with proper role. > > It all works fine on my computer, but when I deploy it, it stops working. > Session gets detached on the way and I cannot fetche the data to my models. > Yes, I keep user data in my session, I could do it with datastore queries, > but session is better solution on AppEngine. And problem would still be the > same pretty much. > There are 2 problems, which I don't really understand: > > 1. Session gets detached - where is it explained when and why it happens? > How should I properly initialise it? I thought that making > MySession.get().(...) would be enough... When user logs in, I do > "MySession.get().setUser(...)". Then user gets redirected to main app page, > where there are labels to display data > ("MySession.get().getUser().getValueX()". Where is my mistake? The Wicket Session is detached at the end of the request processing. At this point the Wicket session is serialized as byte array in the http session. For the next request the Wicket session is deserialized from the http session and here your User object is null (because it is transient). This is all fine! > > 2. How to fetch data from Guice in Session? I have a Repository<User> > Inject, but when it is used in Session it throws nullpointer exception. > Should I have it in session at all? I guess repopulating user data like that > is not the best idea, I should probably just redirect him to login page > again, if session somehow losses data. Declare another field in your Session implementation: private @Inject Repository<User> repository;
And do: InjectorHolder.get().inject(this) (Wicket 1.5 syntax) in your Session contructor. This will inject serializable proxy which will be properly serialized and deserialized when needed. Now remove #setUser() and implement #getUser() method in YourSession. If the User field is non-null then just return it otherwise use the user id and with the repository fetch and created the User instance. > > -- > View this message in context: > http://apache-wicket.1842946.n4.nabble.com/Authentication-and-sessions-the-right-way-tp3866840p3866840.html > Sent from the Users forum mailing list archive at Nabble.com. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
