Then this is a bug. On Mon, Apr 16, 2012 at 1:18 PM, Chris Colman <chr...@stepaheadsoftware.com> wrote: > BTW that clear never gets called in the simple process of the Admin user > going to admin page redirected and then 'continued' after > authentication. I have not attempted to do anything with the standard > user at this point so the clear not getting called seems to be a problem > in a single user scenario. > >>-----Original Message----- >>From: Martin Grigorov [mailto:mgrigo...@apache.org] >>Sent: Monday, 16 April 2012 7:02 PM >>To: users@wicket.apache.org >>Subject: Re: ContinueToOriginalDestination does not clear destination > after >>continue >> >>Hi Chris, >> >>Check the code >>at >>org.apache.wicket.RestartResponseAtInterceptPageException#continueToOri > gina >>lDestination() >>This method indeed returns 'true' without cleaning the stored data but >>later when the redirect is processed the data is cleaned - see >>MAPPER#mapRequest(Request) method few lines below. >> >>Additionally this data is stored as meta data in the Session object, so >>changing users implies invalidation of the old (Admin) session and > creation >>of a new (normal user) session. Do you degrade the Admin user to a user >>with less permissions without a real logout ? >> >>On Mon, Apr 16, 2012 at 11:53 AM, Chris Colman >><chr...@stepaheadsoftware.com >>> wrote: >> >>> ** ** >>> >>> We have a scenario where single person can log in under different >>accounts >>> on the same website. Different user types will typically go to > different >>> page types.**** >>> >>> ** ** >>> >>> A single person using different accounts is not normally required but > we >>> are demonstrating to corporate clients how the system will be used by >>> different user types. In the demonstration we need to log in as an >>'admin' >>> user to demo the admin aspects and then we need to log in as a > 'standard' >>> user to demonstrate the aspects that will apply to a standard > user.**** >>> >>> ** ** >>> >>> The admin page uses RedirectToInterceptException to authentication > page >>> if no one is logged in.**** >>> >>> ** ** >>> >>> The standard page uses the home page to authenticate and throws new >>> RestartResponseException(new AuthenticatePage(parameters)) if no one > is >>> authenticated (i.e. no intercept)**** >>> >>> ** ** >>> >>> After authentication we either continue or go to the 'default' page > for a >>> standard user.**** >>> >>> ** ** >>> >>> Code looks like this:**** >>> >>> ** ** >>> >>> If ( authenicationSucceeded )**** >>> >>> {**** >>> >>> if ( > !continueToOriginalDestination() >>> )**** >>> >>> {**** >>> >>> // Was not redirected > to >>> this authentication page so go to default destination for the home >>page*** >>> * >>> >>> // Find default page > for >>> standard users and go to that page**** >>> >>> }**** >>> >>> }**** >>> >>> ** ** >>> >>> What we find is that after an admin log on (with intercept/continue >>> sequence) a subsequent standard user log on will not execute the > above >>body >>> because continueToOriginalDestination returns 'true' even though this >>> page was not an intercept page. **** >>> >>> ** ** >>> >>> It looks like after an intercept/continue has occurred it does not > clear >>> the 'original destination' attribute and so a subsequent call to >>> continueToOriginalDestination will return true when it should really >>> return false.**** >>> >>> ** ** >>> >>> Is the attribute that stores 'original destination' cleared after >>> continueToOriginalDestination? Should it be?**** >>> >>> ** ** >>> >>> ** ** >>> >>> Yours sincerely,**** >>> >>> ** ** >>> >>> Chris Colman**** >>> >>> **** >>> >>> Pagebloom Team Leader,**** >>> >>> Step Ahead Software >>> >>> **** >>> >>> pagebloom - your business & your website growing together**** >>> >>> ** ** >>> >>> **Sydney**: (+61 2) 9656 1278 ****Canberra****: (+61 2) 6100 2120 >>> **** >>> >>> Email: chr...@stepahead.com.au <//chr...@stepahead.com.au>**** >>> >>> Website:**** >>> >>> http://www.pagebloom.com**** >>> >>> http://develop.stepaheadsoftware.com**** >>> >>> **** >>> >>> ** ** >>> >> >> >> >>-- >>Martin Grigorov >>jWeekend >>Training, Consulting, Development >>http://jWeekend.com <http://jweekend.com/> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org >
-- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
