Hi all, I am using Wicket 1.5.8 with wicket-auth and I can across the following problem.
I have implemented a MyWebSession extends AuthenticatedWebSession with my own authentication, and a login page with the default loginpanel with the remember option enabled. All of my pages are showing the logged on user's username on the top right, fetched by MyWebSession.get().getUsername() Now, if a user has saved their credentials (remember me), and they try to access a private page without logging in, the user is redirected to the login page, they are automatically authenticated by the cookie, and then redirected to the original page. Their username is correctly shown on the top right. However, if the user accesses an unprotected page, their username is not shown on the top right, because wicket does not try to authenticate the user via the login page. Even adding a component with @AuthorizeAction(action=Action.Render) to the page did not cause the user to be authenticated. To fix this, I had to copy the following code from LoginPanel to MyWebSession's constructor: IAuthenticationStrategy authenticationStrategy = getApplication().getSecuritySettings().getAuthenticationStrategy(); // get username and password from persistence store String[] data = authenticationStrategy.load(); if ((data != null) && (data.length > 1)) { if (!signIn(data[0], data[1])) { authenticationStrategy.remove(); } } Two questions: 1) Is this the right approach to do this? 2) Shouldn't this be the default behavior or at least a behavior that can be activated on the AuthenticatedWebSession without having to explicitly add code to call wicket-auth internals? Thanks in advance, Marios