Hi, I had a similar problem while developing the model aware page cache in the NoWicket framework. I used a page factory wrapper to control when a new page or an old page is required. https://github.com/subes/invesdwin-nowicket/blob/master/invesdwin-nowicket-parent/invesdwin-nowicket/src/main/java/de/invesdwin/nowicket/application/filter/internal/ModelCacheUsingPageFactory.java
Dunno if it completely matches your requirement, but I remember that fiddling with the PageStore directly was to no avail, so I had to get to a step before the page store was queried. Though since you are talking about login, maybe you are missing the creation of a fresh session upon login? See signIn method here: https://github.com/subes/invesdwin-nowicket/blob/master/invesdwin-nowicket-parent/invesdwin-nowicket/src/main/java/de/invesdwin/nowicket/application/auth/AWebSession.java Which calls "Session.get().replaceSession()" to start from fresh and thus get a new page instance on next request. It is a good idea regarding security to replace the session on signIn/signOut to prevent data leaks. Best regards, Edwin 2016-04-14 15:35 GMT+02:00 Joachim Rohde <[email protected]>: > Hello, > > short version of my question: how do I evict the page store to force > Wicket to create a new instance after using the > back-button? > > Longer version: > > A user is redirected after login to my main page. On my main page I have > several links in onInitialize() which > overwrites isVisible checking the role of the logged-in user, like this: > > @AuthorizeInstantiation({MyRole.sAdmin}) > public abstract class AbstractSecureBasePage extends AbstractBasePage > implements ModelDetacher { > [...] > add(new Link("managementLink") { > @Override > public void onClick() { > setResponsePage(Management.class); > } > > @Override > public boolean isVisible() { > return MySession.get().getUser().hasRole(MyRole.ADMIN); > } > }); > [...] > } > > My session: > > public class MySession extends AuthenticatedWebSession { > [...] > @Override > public void signOut() { > > user = null; > > final RequestCycle requestCycle = RequestCycle.get(); > > if (RequestCycle.get() != null && requestCycle.getRequest() != null > && > ServletWebRequest.class.isAssignableFrom(RequestCycle.get().getRequest().getClass())) > { > LOGGER.log(Level.FINE, "Invalidating HttpSession-object {0}", > ((ServletWebRequest) > RequestCycle.get().getRequest()).getContainerRequest().getSession().getId()); > ((ServletWebRequest) > RequestCycle.get().getRequest()).getContainerRequest().getSession().invalidate(); > } > super.signOut(); > } > } > > After the log-out the user is redirected back to the login-page. If the > user now click the browsers back button Wicket > tries to fetch the last page from the page store and checks the links > visibility which will result in a > NullPointerException due to the fact that getUser() returns null. > > I attempted several solutions: > > 1) Checking in every isVisible() if the user is null. This *does* work but > I have quite a lot of links and I would like > to go with this solution only if I cannot find any other. > > 2) Checking at the very beginning of onInitialize() if the user is null. > This does not work since the components are > coming from the page store and onInitialize() is not called. > > 3) Overwriting onBeforeRender() of the main page. This does not work since > it's only called if a component is visible. > > 4) My next idea was, to empty the page store within my signOut-method. > I tried several things: > getApplication().getSessionStore().destroy(); > getPageManager().clear(); > getPageManager().destroy(); > getPageManager().commitRequest(); > None of them worked. > > getPageManager().destroy(); provokes even a NullPointerException within > Wicket itself (after using the back-button): > > java.lang.NullPointerException > at > org.apache.wicket.page.PageStoreManager$SessionEntry.getPage(PageStoreManager.java:203) > at > org.apache.wicket.page.PageStoreManager$PersistentRequestAdapter.getPage(PageStoreManager.java:357) > at > org.apache.wicket.page.AbstractPageManager.getPage(AbstractPageManager.java:82) > at > org.apache.wicket.page.PageManagerDecorator.getPage(PageManagerDecorator.java:50) > at > org.apache.wicket.page.PageAccessSynchronizer$2.getPage(PageAccessSynchronizer.java:246) > at > org.apache.wicket.DefaultMapperContext.getPageInstance(DefaultMapperContext.java:113) > at > org.apache.wicket.core.request.handler.PageProvider.getStoredPage(PageProvider.java:299) > at > org.apache.wicket.core.request.handler.PageProvider.isNewPageInstance(PageProvider.java:211) > at > org.apache.wicket.core.request.mapper.AbstractBookmarkableMapper.processHybrid(AbstractBookmarkableMapper.java:261) > at > org.apache.wicket.core.request.mapper.AbstractBookmarkableMapper.mapRequest(AbstractBookmarkableMapper.java:365) > at > org.apache.wicket.request.mapper.CompoundRequestMapper.mapRequest(CompoundRequestMapper.java:150) > at > org.apache.wicket.request.cycle.RequestCycle.resolveRequestHandler(RequestCycle.java:189) > at > org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:219) > at > org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:293) > at > org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:261) > at > org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:203) > at > org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:284) > [...] > > Line 203 of the PageStoreManager looks like: > > // not found, ask pagestore for the page > return getPageStore().getPage(sessionId, id); > > I am not sure if here should be a null-check on getPageStore (since I have > no clue what should be returned if > getPageStore() returns null). > > Long story short: is there a more elegant solution to my problem than the > first solution that I've tried? > I had the hope I could empty the page store and Wicket would be so smart > to create a new instance of the page if the > page store is empty (which would solve my problem since > AuthorizeInstantiation would cause Wicket to redirect to the > LoginPage again). > > > Joachim > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
