Hi, I think it is a bug in Wicket, so it should be fixed in Wicket itself. The only way an application can fix it is to add some logic in its #authenticate() method - wrap the logic inside "if (!isSignedIn())".
Using AtomicBoolean is definetely better in this case. #signIn() should call #authenticate() only if the value is changed. The open question is what to return from #signIn() because now there are three options: - unsuccessful authentication - successful authentication - already signed in Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Thu, Sep 8, 2016 at 3:30 PM, Andrea Del Bene <[email protected]> wrote: > In this case I think it would be enough if we use an atomic boolean and if > we change its value with compareAndSet. > > Andrea. > > > On 08/09/2016 13:22, Sven Meier wrote: > >> Hi Martin, >> >> how easy is it for the application to deal with this? >> >> We could break some stuff by sprinkling 'synchronized' over Wicket's >> session-handling methods now. >> >> Regards >> Sven >> >> >> On 07.09.2016 14:59, Martin Grigorov wrote: >> >>> Hi, >>> >>> Currently [1] uses a volatile boolean "signedIn" to control the state. >>> org.apache.wicket.authroles.authentication.panel.SignInPanel#onConfigure() >>> >>> tries to make use of it. >>> IMO this implementation is a bit weak. There are big windows this state >>> to >>> change in the meantime. >>> >>> Usually this shouldn't be a big problem, the application will >>> authenticate >>> the same user twice. >>> But if the application does something in ISessionListener#onBind() then >>> it >>> becomes a problem [2]. >>> >>> Do you think this is a problem in Wicket or the applications should deal >>> with it? >>> >>> 1. >>> https://github.com/apache/wicket/blob/master/wicket-auth- >>> roles/src/main/java/org/apache/wicket/authroles/authenticati >>> on/AuthenticatedWebSession.java >>> 2. https://issues.apache.org/jira/browse/ISIS-1481 >>> >>> Martin Grigorov >>> Wicket Training and Consulting >>> https://twitter.com/mtgrigorov >>> >>> >> >
