Thanks for your response Martin, and sorry for my delayed reply!

I added the breakpoint (it's line 210 in my 1.5-SNAPSHOT).  I also put one at 
line 197, at the start of the mapRequest method, to see if it was getting into 
the method and finding a null value for the data variable.  But neither 
breakpoint gets reached so the method is not being called.  Does this mean that 
something is wrong with my wicket/shiro integration code, regarding the wicket 
request processing not being used correctly?  I should add that I'm using a 
library from this "fifyfive-wicket" project (see that pretty much sets up 
the wicket/shiro integration for me.  Does it sound like the problem is most 
likely coming from there, or might something else be going on?  

Thanks again,

-----Original Message-----
From: Martin Grigorov [] 
Sent: Thursday, February 09, 2012 3:12 AM
Subject: Re: continueToOriginalDestination seems to be incorrectly retaining 
destination across multiple logins


The intercept data should be cleaned at
org.apache.wicket.RestartResponseAtInterceptPageException, line 211 - 
InterceptData.clear(); Put a breakpoint there and see what happens.

On Wed, Feb 8, 2012 at 7:55 PM, Evan Sable <> wrote:
> Hi,
> I'm using wicket 1.5-SNAPSHOT along with Shiro for 
> authentication/authorization security, and when an unauthorized user 
> tries to go to a page, Shiro calls redirectToInterceptPage behind the 
> scenes, and during the login process, after a successful login, there is code 
> that says:
> if (!continueToOriginalDestination()) {
>       setResponsePage(getApplication().getHomePage());
> }
> It is working in the sense that if a user gets redirected to login, 
> they are taken to the correct destination afterwards, and if a user 
> just clicks the login link in a new browser they are redirected to the 
> homepage after login.
> BUT, the problem is, if an initial user tries to go to a protected 
> page, gets redirected to the login, logs in, and then logs out, and 
> then, without closing the browser, clicks the login link and logs in 
> with the same user again or even another user, it still redirects to the 
> prior "original"
> destination, which should no longer take effect.  I would think that 
> this should be forgotten upon logging out, which replaces the wicket 
> session
> with:
> Session session = Session.get();
> session.replaceSession();
> I think I must be misunderstanding how continueToOriginalDestination 
> is working - I thought it was placing the original destination url 
> into the users session, which is why I figured that after the login 
> which redirects, followed by the logout which replaces the session, it would 
> be gone.
> Can someone please explain what I'm thinking about wrongly here and 
> why the destination is being retained across multiple logins.  Also, 
> how can I avoid this so that the original destination is only used the 
> first time?    Btw, just to be clear, if I logout and then click to a 
> new protected url, the "original destination" value is properly 
> replaced with the new protected destination which redirects back to 
> the intercept page.  The problem is only if I click directly to the 
> login page without a new intercept, but after having previously 
> utilized the continueToOriginalDestination in the prior login.
> Thanks very much for any help!
> -Evan

Martin Grigorov
Training, Consulting, Development

To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to