On Tue, 21 Sept 2021 at 09:57, Martin Grigorov <[email protected]> wrote: > > Hi, > > On Tue, Sep 21, 2021 at 10:35 AM Thomas Matthijs <[email protected]> wrote: > > > Hello, > > > > Wonder if anyone has tried (and succeed?) in allowing users to sign in > > with multiple accounts, thinking of the way gmail for example handles > > it, when each account you login with get a unique url foobar.com/1/ > > and foobar.com/2/, and then based on the param in the url have wicket > > (completely) isolate the session and page store etc ? > > > > Just looking for a general idea if it should be possible without too > > much trouble or if the wicket design/architecture will not allow it ? > > > > I have done something similar in the past for a client of mine but all the > logic was in Spring Security (SS). > SS servlet filter in front of WicketFilter was responsible to store/extract > the user auth info. > Wicket's AuthenticatedWebSession just asks SS to get the user and its roles. > > I say *similar*, because in our case only admin users should have been able > to log in as themselves or to impersonate regular users.
Thanks for the hint, it seems spring sets the value of the servlet/http cookie to for example "0 24354dfd-fsf", then when you sign in again it sets the cookie value to "0 24354dfd-fsf 1 14541-sfd", then based on url query/path param it extracts the "24354dfd-fsf" or "14541-sfd" to use as the session id when passing on the requests. Currently handling the authentication myself in wicket and don't want to pull in the whole spring security, but this seems doable to make myself and makes it transparent to wicket. Think jetty embed should be able to bind the wicket filter to a path with a wildcard param, then also don't have to worry about wicket keeping the path param or query param around with all the requests Thanks --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
