It works now, thank you!
On 3/17/06, Johan Compagner <[EMAIL PROTECTED]> wrote:
why do you have 2 applications objects for youre web application?
Do you have 2 wicket servlets mapped? Do you really have 2 webapps?
But then you don't share session data. Because you make 2 session objects. 1 for login and 1 for Edit product application.
Why are you doing that?
Also better thing to do here:
public AdminPage()
{
//get user from session
User user = ((UserSession)getSession()).getUser();
//disallow access to non-admins
if (user != null)
{
if (user.getUserGroup().getAccessLevel() < 1)
setResponsePage(new Login());
}
else
{
setResponsePage(new Login());
}is this
public AdminPage()
{
//get user from session
User user = ((UserSession)getSession()).getUser();
//disallow access to non-admins
if (user != null)
{
if (user.getUserGroup().getAccessLevel() < 1)throw new RestartResponseAtInterceptPageException(Login.class );
}
else
{
throw new RestartResponseAtInterceptPageException(Login.class);
}
johanOn 3/18/06, Vincent Jenks <[EMAIL PROTECTED]> wrote:I'm doing exactly that and I don't see how I could invalidating the session in any way.
Let me clarify; I have a Login page and a EditProduct page. EditProduct will be one of many pages of which I'd like only the administrator User to access.
So, the Login Application class has this override:
public ISessionFactory getSessionFactory()
{
return new ISessionFactory()
{
public Session newSession()
{
return new UserSession(LoginApp.this);
}
};
}...and when the user logs in, I save it in the session:
.........
//event handler
public void onSubmit()
{//set user to session
((UserSession)getSession()).setUser(user);
........
I sub-classed WebPage and created AdminPage where I get the User from session:
public abstract class AdminPage extends WebPage
{
public AdminPage()
{
//get user from session
User user = ((UserSession)getSession()).getUser();
//disallow access to non-admins
if (user != null)
{
if (user.getUserGroup().getAccessLevel() < 1)
setResponsePage(new Login());
}
else
{
setResponsePage(new Login());
}
}
}
I then use the AdminPage class in a "protected" page (EditProduct):
public class EditProduct extends AdminPage
The EditProduct Application class has this override:
public ISessionFactory getSessionFactory()
{
return new ISessionFactory()
{
public Session newSession()
{
return new UserSession(EditProductApp.this );
}
};
}Now, here's where it gets screwed up and "sort of" works. I have the AdminPage class set to redirect you to Login if you are not logged-in. So, if I go to EditProduct before logging-in, I'm redirected to Login. I can login there and then go back to EditProduct...and it worked!!
Finally...if I should go to Login *first* and login...and *then* go to EditProduct....the User object is null in the session...it doesn't work and I'm redirected back to Login.
So, I wouldn't be able to send users to Login to log into their account....it just isn't working right....the User should be available in-session if they login at the Login page and then go to a "protected" page.
I looked at the signin examples in wicket-examples and it doesn't really answer my question...it's too small to go to the length I've gone to in my example.
Does this clarify where I'm having trouble? Thanks again for the help!On 3/17/06, Johan Compagner < [EMAIL PROTECTED]> wrote:i have no idea what you exactly do but if you put something in the session like
((MySession)getSession()).setUser(new User());
and then later on get it back:
((MySession)getSession()).getUser();
then it will be there. Ofcource the session shouldn't be invalidated and the browser should support cookies or url rewriting so that it can track the session.
all examples (see sign and so on) work that way so i din't know what you do wrong.
johanOn 3/17/06, Vincent Jenks < [EMAIL PROTECTED]> wrote:This still isn't working how I would have expected...
So I've still got a Login page and an EditProduct page.
If I go to /login (Login page) and login...I can't then go to /edit_product (EditProduct page) - I'll be automatically redirected back to Login...so obviously the User object was not found in-session.
However, if I first go to /edit_product (EditProduct) and login from there (since I was automatically redirected for not having an User object in-session)....I can then go to EditProduct and the form appears.
I would have expected that if I logged-in at Login that I could go to any of the other pages and find the User object in-session.
I'm confused... I changed the way I'm accessing the session per Igor's instructions so it now is called like so:
UserSession us = (UserSession)getSession();
Any ideas?On 3/17/06, Johan Compagner <[EMAIL PROTECTED] > wrote:no it means that the session will be replicated when you use clustering. So it will update itself in the httpsession.
yes just clear a reference and call dirty() this will ofcourse remove the object from the session.
johanOn 3/17/06, Vincent Jenks < [EMAIL PROTECTED]> wrote:And this does what? The Javadoc just says it marks the session as dirty...does this mean it will be cleaned up automatically?On 3/17/06, Johan Compagner <[EMAIL PROTECTED]> wrote:don't forget to call dirty() method on the session object when you change a value of the session:
public void setUser(User user)
{
this.user = user;dirty();
}
johanOn 3/17/06, Vincent Jenks <[EMAIL PROTECTED] > wrote:Yep, my mistake, thanks! It works fine. I guess it'll take some getting used to but it's not all that bad.
-vOn 3/16/06, Igor Vaynberg < [EMAIL PROTECTED]> wrote:UserSession us = new UserSession( EditProductApp.get());this is wrong, you dont create the session yourself, you let wicket create it for you (thats why you return a factory)
so in your page:
UserSession session=(UserSession)getSession();
sometimes nice to have this wrapped in a basepage.
-IgorOn 3/16/06, Vincent Jenks <[EMAIL PROTECTED] > wrote:I see, well I'm not complaining but my point is; it's just not simple to use and in most other aspects...wicket is worlds easier than JSP + Servlets. Perhaps there needs to exist a sub-implementation of WebSession that is global and easy to access & use...just for those of us who don't need to use it for much.
Anyhow I seem to be having a problem getting it working...here's what I've got so far.
Here's my session class:
public class UserSession extends WebSession
{
private User user;
public UserSession(Application application)
{
super(application);
}
public User getUser()
{
return this.user;
}
public void setUser(User user)
{
this.user = user;
}
public boolean authenticate()
{
if (this.getUser() == null)
return false;
else
return true;
}
}
I modified my EditProductApp class to include the overridden method:
public ISessionFactory getSessionFactory()
{
return new ISessionFactory()
{
public Session newSession()
{return new UserSession(EditProductApp.this );
}
};
}
In the page, I check to see if the user exists:
UserSession us = new UserSession(EditProductApp.get());
if (!us.authenticate())
setResponsePage(new Login());
...if not, I send them back to the login page...the problem is; they *always* get redirected...so to continue w/ the login page:
the login app class overrides the getSessionFactory() method:
public ISessionFactory getSessionFactory()
{
return new ISessionFactory()
{
public Session newSession()
{return new UserSession( LoginApp.this);
}
};
}
the login page submit action looks like this:
//event handler
public void onSubmit()
{
//authenticate user
User formUser = (User)getModelObject();
User dbUser = UserProxy.getAuthUser(formUser.getUsername(), formUser.getPassword());
UserSession us = new UserSession(LoginApp.get());
us.setUser(dbUser);
if (dbUser == null)
{
setResponsePage(new Login()); //login failed
}
else if (dbUser.isActive())
{
if (dbUser.getUserGroup ().getAccessLevel() == 1)
setResponsePage(new Home());
else
setResponsePage(new ProductCatalog());
}
else
{
setResponsePage(new InactiveAccount());
}
}
So, I login (that part works fine) and then go to the EditProduct page and get redirected to the Login page...the value was apparently *not* stored in session.
What am I missing?
Thanks!!On 3/16/06, Igor Vaynberg < [EMAIL PROTECTED]> wrote:we do not provide that get/setObject() method because we want to encourage type safety.
furthermore the session is also used to store application logic, like logic related to authentication/authorization or anything else youd like. it is not a simple Map<String,Object> like http session, it can be much much more.
-IgorOn 3/16/06, Vincent Jenks < [EMAIL PROTECTED]> wrote:Just as an observation, this seems a bit cumbersome to simply add/access/remove objects from the HttpSession (but that's just my opinion.)
It make sense, it just seems like a lot of work to tap into session values.
I suppose if I had a single getter/setter that used an Object parameter I could make something that behaved more like the HttpSession when used in JSP/Servlets...but then I've got to override getSessionFactory() in every Application class I want to use it in.
Anyhow, thanks for your help!On 3/16/06, Igor Vaynberg < [EMAIL PROTECTED]> wrote:yep.
-IgorOn 3/16/06, Vincent Jenks < [EMAIL PROTECTED]> wrote:MySessionObject being a class you created subclassing WebSession?On 3/16/06, Jonathan Cone <[EMAIL PROTECTED] > wrote:Hey Vincent,What I would do is override getSessionFactory in your application class, something like this:@Override
protected ISessionFactory getSessionFactory() {
return new ISessionFactory() {public Session newSession() {
return new MySessionObject(YourApplicationClass.this);
}
};
}Now MySessionObject is a subclass of WebSession (You'll want to look at this class). In your pages you would do something like:((MySessionObject)getSession()).getUsername();Make sense?----- Original Message -----From: Vincent JenksSent: Thursday, March 16, 2006 5:01 PMSubject: [Wicket-user] objects in sessionIf objects used in a page are stored in a session, how do I access those objects when I redirect to a new page? Say I have public users who login and I want to display their name on pages and keep their user info in-session...on each page, how would I call those values?
Thanks!
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.2.3/281 - Release Date: 3/14/2006
