Hi, https://github.com/apache/wicket/blob/master/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebApplication.java#L101 There is no code that binds the session.
Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Wed, Dec 10, 2014 at 11:22 AM, ChambreNoire <a...@tentelemed.com> wrote: > Hi, > > I've followed the Wicket guide's chapter on security in order to implement > authorization. Amongst other bits it advises using the following code in > the > AuthenticatedPage : > > @Override > protected void onConfigure() { > super.onConfigure(); > > AuthenticatedWebApplication app = > (AuthenticatedWebApplication)Application.get(); > //if user is not signed in, redirect him to sign in page > if(!AuthenticatedWebSession.get().isSignedIn()) > app.restartResponseAtSignInPage(); > } > > The problem is that restartResponseAtSignInPage() binds a new session so I > end up with a session despite redirecting to the stateless login page. > > Any ideas? > > CN > > -- > View this message in context: > http://apache-wicket.1842946.n4.nabble.com/Stateless-login-page-with-auth-roles-tp4668706.html > Sent from the Users forum mailing list archive at Nabble.com. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > >