Hey David, Thanks for your reply! I have thought about using Spring Security or Shire, but at the moment the minimal wicket-auth-roles is enough for my requirements. I'd prefer to just create the session myself when I need it.
Any other ideas? Cheers, THomas On Tue, Nov 15, 2011 at 8:02 PM, David Berkman <[email protected]>wrote: > Apache Shiro, and create a shiro version of WebSession. Then wicket can > ask for the Shio Session from the Http context, and you can get it > outside the context. > > David > > -----Original Message----- > From: Thomas Heigl [mailto:[email protected]] > Sent: Tuesday, November 15, 2011 10:57 AM > To: [email protected] > Subject: Creating a Wicket Session outside of a Wicket request > > Hey all, > > I have a requirement where I'd like to create a Wicket Session outside > of a Wicket request: > > My application runs stand-alone (no problem here) and as a Facebook > application. Facebook calls my REST authentication service with a user's > credentials if they open my application in facebook. At this point I > don't have a Wicket session, but want to signin the user in my > AuthenticatedWebSession from wicket-auth-roles. I'm using the > WicketSessionFilter in front of my REST service to get access to the > session, which works fine if the session already exists. If there is no > session, as in this case, the filter throws an IllegalArgumentException. > > Since I have access to the Wicket Application I thought about calling > Application.get().newSession(), but this method only accepts Wicket's > WebRequest and WebResponse objects. Is it somehow possible to bind a new > session in a non-wicket request? > > Kind regards, > > Thomas > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
