[jira] [Commented] (WICKET-6242) Weak concurrency management in AuthenticatedWebSession#signedIn
[ https://issues.apache.org/jira/browse/WICKET-6242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15504460#comment-15504460 ] ASF subversion and git services commented on WICKET-6242: - Commit 4fdc8175cab0d842c7aeeb52366338ceaac250d9 in wicket's branch refs/heads/master from [~mgrigorov] [ https://git-wip-us.apache.org/repos/asf?p=wicket.git;h=4fdc817 ] WICKET-6242 Weak concurrency management in AuthenticatedWebSession#signedIn > Weak concurrency management in AuthenticatedWebSession#signedIn > --- > > Key: WICKET-6242 > URL: https://issues.apache.org/jira/browse/WICKET-6242 > Project: Wicket > Issue Type: Bug > Components: wicket-auth-roles >Affects Versions: 8.0.0-M1, 7.4.0 >Reporter: Martin Grigorov >Assignee: Martin Grigorov > Fix For: 8.0.0-M2, 7.5.0 > > > Discussion at dev@: http://markmail.org/message/syo3m6hrf2ix55rz > Currently [1] uses a volatile boolean "signedIn" to control the state. > org.apache.wicket.authroles.authentication.panel.SignInPanel#onConfigure() > tries to make use of it. > IMO this implementation is a bit weak. There are big windows this state to > change in the meantime. > Usually this shouldn't be a big problem, the application will authenticate > the same user twice. > But if the application does something in ISessionListener#onBind() then it > becomes a problem [2]. > 1. > https://github.com/apache/wicket/blob/master/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java > 2. https://issues.apache.org/jira/browse/ISIS-1481 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WICKET-6242) Weak concurrency management in AuthenticatedWebSession#signedIn
[ https://issues.apache.org/jira/browse/WICKET-6242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15504462#comment-15504462 ] ASF subversion and git services commented on WICKET-6242: - Commit 91b9dbac3ad2b05e2e8c7fe47370ea193a4763b5 in wicket's branch refs/heads/master from Pedro Henrique Oliveira dos Santos [ https://git-wip-us.apache.org/repos/asf?p=wicket.git;h=91b9dba ] WICKET-6242 testing signIn method atomicity > Weak concurrency management in AuthenticatedWebSession#signedIn > --- > > Key: WICKET-6242 > URL: https://issues.apache.org/jira/browse/WICKET-6242 > Project: Wicket > Issue Type: Bug > Components: wicket-auth-roles >Affects Versions: 8.0.0-M1, 7.4.0 >Reporter: Martin Grigorov >Assignee: Martin Grigorov > Fix For: 8.0.0-M2, 7.5.0 > > > Discussion at dev@: http://markmail.org/message/syo3m6hrf2ix55rz > Currently [1] uses a volatile boolean "signedIn" to control the state. > org.apache.wicket.authroles.authentication.panel.SignInPanel#onConfigure() > tries to make use of it. > IMO this implementation is a bit weak. There are big windows this state to > change in the meantime. > Usually this shouldn't be a big problem, the application will authenticate > the same user twice. > But if the application does something in ISessionListener#onBind() then it > becomes a problem [2]. > 1. > https://github.com/apache/wicket/blob/master/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java > 2. https://issues.apache.org/jira/browse/ISIS-1481 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WICKET-6242) Weak concurrency management in AuthenticatedWebSession#signedIn
[ https://issues.apache.org/jira/browse/WICKET-6242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15504463#comment-15504463 ] ASF subversion and git services commented on WICKET-6242: - Commit 5e1ced34e30135f3e46c9ab8cea1b8137f72ca8d in wicket's branch refs/heads/master from [~bitstorm] [ https://git-wip-us.apache.org/repos/asf?p=wicket.git;h=5e1ced3 ] WICKET-6242 Improved synchronization for signIn. Added missing header license. > Weak concurrency management in AuthenticatedWebSession#signedIn > --- > > Key: WICKET-6242 > URL: https://issues.apache.org/jira/browse/WICKET-6242 > Project: Wicket > Issue Type: Bug > Components: wicket-auth-roles >Affects Versions: 8.0.0-M1, 7.4.0 >Reporter: Martin Grigorov >Assignee: Martin Grigorov > Fix For: 8.0.0-M2, 7.5.0 > > > Discussion at dev@: http://markmail.org/message/syo3m6hrf2ix55rz > Currently [1] uses a volatile boolean "signedIn" to control the state. > org.apache.wicket.authroles.authentication.panel.SignInPanel#onConfigure() > tries to make use of it. > IMO this implementation is a bit weak. There are big windows this state to > change in the meantime. > Usually this shouldn't be a big problem, the application will authenticate > the same user twice. > But if the application does something in ISessionListener#onBind() then it > becomes a problem [2]. > 1. > https://github.com/apache/wicket/blob/master/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java > 2. https://issues.apache.org/jira/browse/ISIS-1481 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WICKET-6242) Weak concurrency management in AuthenticatedWebSession#signedIn
[ https://issues.apache.org/jira/browse/WICKET-6242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15504461#comment-15504461 ] ASF subversion and git services commented on WICKET-6242: - Commit d1fc5d2cc3c1ef5da9d8569328fa96a8de4abbad in wicket's branch refs/heads/master from [~mgrigorov] [ https://git-wip-us.apache.org/repos/asf?p=wicket.git;h=d1fc5d2 ] WICKET-6242 Weak concurrency management in AuthenticatedWebSession#signedIn Unset signedIn to 'false' only if the authenticated has failed. > Weak concurrency management in AuthenticatedWebSession#signedIn > --- > > Key: WICKET-6242 > URL: https://issues.apache.org/jira/browse/WICKET-6242 > Project: Wicket > Issue Type: Bug > Components: wicket-auth-roles >Affects Versions: 8.0.0-M1, 7.4.0 >Reporter: Martin Grigorov >Assignee: Martin Grigorov > Fix For: 8.0.0-M2, 7.5.0 > > > Discussion at dev@: http://markmail.org/message/syo3m6hrf2ix55rz > Currently [1] uses a volatile boolean "signedIn" to control the state. > org.apache.wicket.authroles.authentication.panel.SignInPanel#onConfigure() > tries to make use of it. > IMO this implementation is a bit weak. There are big windows this state to > change in the meantime. > Usually this shouldn't be a big problem, the application will authenticate > the same user twice. > But if the application does something in ISessionListener#onBind() then it > becomes a problem [2]. > 1. > https://github.com/apache/wicket/blob/master/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java > 2. https://issues.apache.org/jira/browse/ISIS-1481 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WICKET-6242) Weak concurrency management in AuthenticatedWebSession#signedIn
[ https://issues.apache.org/jira/browse/WICKET-6242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15504417#comment-15504417 ] ASF subversion and git services commented on WICKET-6242: - Commit a384c6f75df0b13962b65a948d766f73b39e11ba in wicket's branch refs/heads/wicket-7.x from [~mgrigorov] [ https://git-wip-us.apache.org/repos/asf?p=wicket.git;h=a384c6f ] WICKET-6242 Weak concurrency management in AuthenticatedWebSession#signedIn > Weak concurrency management in AuthenticatedWebSession#signedIn > --- > > Key: WICKET-6242 > URL: https://issues.apache.org/jira/browse/WICKET-6242 > Project: Wicket > Issue Type: Bug > Components: wicket-auth-roles >Affects Versions: 8.0.0-M1, 7.4.0 >Reporter: Martin Grigorov >Assignee: Martin Grigorov > > Discussion at dev@: http://markmail.org/message/syo3m6hrf2ix55rz > Currently [1] uses a volatile boolean "signedIn" to control the state. > org.apache.wicket.authroles.authentication.panel.SignInPanel#onConfigure() > tries to make use of it. > IMO this implementation is a bit weak. There are big windows this state to > change in the meantime. > Usually this shouldn't be a big problem, the application will authenticate > the same user twice. > But if the application does something in ISessionListener#onBind() then it > becomes a problem [2]. > 1. > https://github.com/apache/wicket/blob/master/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java > 2. https://issues.apache.org/jira/browse/ISIS-1481 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WICKET-6242) Weak concurrency management in AuthenticatedWebSession#signedIn
[ https://issues.apache.org/jira/browse/WICKET-6242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15504421#comment-15504421 ] ASF subversion and git services commented on WICKET-6242: - Commit 87fa748998a5c8e54df37d7ee119ede6b98db740 in wicket's branch refs/heads/wicket-7.x from [~mgrigorov] [ https://git-wip-us.apache.org/repos/asf?p=wicket.git;h=87fa748 ] Merge branch 'WICKET-6242-authenticate-once' into wicket-7.x > Weak concurrency management in AuthenticatedWebSession#signedIn > --- > > Key: WICKET-6242 > URL: https://issues.apache.org/jira/browse/WICKET-6242 > Project: Wicket > Issue Type: Bug > Components: wicket-auth-roles >Affects Versions: 8.0.0-M1, 7.4.0 >Reporter: Martin Grigorov >Assignee: Martin Grigorov > > Discussion at dev@: http://markmail.org/message/syo3m6hrf2ix55rz > Currently [1] uses a volatile boolean "signedIn" to control the state. > org.apache.wicket.authroles.authentication.panel.SignInPanel#onConfigure() > tries to make use of it. > IMO this implementation is a bit weak. There are big windows this state to > change in the meantime. > Usually this shouldn't be a big problem, the application will authenticate > the same user twice. > But if the application does something in ISessionListener#onBind() then it > becomes a problem [2]. > 1. > https://github.com/apache/wicket/blob/master/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java > 2. https://issues.apache.org/jira/browse/ISIS-1481 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WICKET-6242) Weak concurrency management in AuthenticatedWebSession#signedIn
[ https://issues.apache.org/jira/browse/WICKET-6242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15504418#comment-15504418 ] ASF subversion and git services commented on WICKET-6242: - Commit d5425534a568d0cc0d4c6749a8965af69f107b8e in wicket's branch refs/heads/wicket-7.x from [~mgrigorov] [ https://git-wip-us.apache.org/repos/asf?p=wicket.git;h=d542553 ] WICKET-6242 Weak concurrency management in AuthenticatedWebSession#signedIn Unset signedIn to 'false' only if the authenticated has failed. > Weak concurrency management in AuthenticatedWebSession#signedIn > --- > > Key: WICKET-6242 > URL: https://issues.apache.org/jira/browse/WICKET-6242 > Project: Wicket > Issue Type: Bug > Components: wicket-auth-roles >Affects Versions: 8.0.0-M1, 7.4.0 >Reporter: Martin Grigorov >Assignee: Martin Grigorov > > Discussion at dev@: http://markmail.org/message/syo3m6hrf2ix55rz > Currently [1] uses a volatile boolean "signedIn" to control the state. > org.apache.wicket.authroles.authentication.panel.SignInPanel#onConfigure() > tries to make use of it. > IMO this implementation is a bit weak. There are big windows this state to > change in the meantime. > Usually this shouldn't be a big problem, the application will authenticate > the same user twice. > But if the application does something in ISessionListener#onBind() then it > becomes a problem [2]. > 1. > https://github.com/apache/wicket/blob/master/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java > 2. https://issues.apache.org/jira/browse/ISIS-1481 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WICKET-6242) Weak concurrency management in AuthenticatedWebSession#signedIn
[ https://issues.apache.org/jira/browse/WICKET-6242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15504420#comment-15504420 ] ASF subversion and git services commented on WICKET-6242: - Commit 263e8c14476f9970d2ccfd8476f371149f2e2cb4 in wicket's branch refs/heads/wicket-7.x from [~bitstorm] [ https://git-wip-us.apache.org/repos/asf?p=wicket.git;h=263e8c1 ] WICKET-6242 Improved synchronization for signIn. Added missing header license. > Weak concurrency management in AuthenticatedWebSession#signedIn > --- > > Key: WICKET-6242 > URL: https://issues.apache.org/jira/browse/WICKET-6242 > Project: Wicket > Issue Type: Bug > Components: wicket-auth-roles >Affects Versions: 8.0.0-M1, 7.4.0 >Reporter: Martin Grigorov >Assignee: Martin Grigorov > > Discussion at dev@: http://markmail.org/message/syo3m6hrf2ix55rz > Currently [1] uses a volatile boolean "signedIn" to control the state. > org.apache.wicket.authroles.authentication.panel.SignInPanel#onConfigure() > tries to make use of it. > IMO this implementation is a bit weak. There are big windows this state to > change in the meantime. > Usually this shouldn't be a big problem, the application will authenticate > the same user twice. > But if the application does something in ISessionListener#onBind() then it > becomes a problem [2]. > 1. > https://github.com/apache/wicket/blob/master/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java > 2. https://issues.apache.org/jira/browse/ISIS-1481 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WICKET-6242) Weak concurrency management in AuthenticatedWebSession#signedIn
[ https://issues.apache.org/jira/browse/WICKET-6242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15504419#comment-15504419 ] ASF subversion and git services commented on WICKET-6242: - Commit 56f947ee52e3b42e69481bac78838e6ec8325573 in wicket's branch refs/heads/wicket-7.x from Pedro Henrique Oliveira dos Santos [ https://git-wip-us.apache.org/repos/asf?p=wicket.git;h=56f947e ] WICKET-6242 testing signIn method atomicity > Weak concurrency management in AuthenticatedWebSession#signedIn > --- > > Key: WICKET-6242 > URL: https://issues.apache.org/jira/browse/WICKET-6242 > Project: Wicket > Issue Type: Bug > Components: wicket-auth-roles >Affects Versions: 8.0.0-M1, 7.4.0 >Reporter: Martin Grigorov >Assignee: Martin Grigorov > > Discussion at dev@: http://markmail.org/message/syo3m6hrf2ix55rz > Currently [1] uses a volatile boolean "signedIn" to control the state. > org.apache.wicket.authroles.authentication.panel.SignInPanel#onConfigure() > tries to make use of it. > IMO this implementation is a bit weak. There are big windows this state to > change in the meantime. > Usually this shouldn't be a big problem, the application will authenticate > the same user twice. > But if the application does something in ISessionListener#onBind() then it > becomes a problem [2]. > 1. > https://github.com/apache/wicket/blob/master/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java > 2. https://issues.apache.org/jira/browse/ISIS-1481 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WICKET-6242) Weak concurrency management in AuthenticatedWebSession#signedIn
[ https://issues.apache.org/jira/browse/WICKET-6242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15487168#comment-15487168 ] ASF subversion and git services commented on WICKET-6242: - Commit 263e8c14476f9970d2ccfd8476f371149f2e2cb4 in wicket's branch refs/heads/WICKET-6242-authenticate-once from [~bitstorm] [ https://git-wip-us.apache.org/repos/asf?p=wicket.git;h=263e8c1 ] WICKET-6242 Improved synchronization for signIn. Added missing header license. > Weak concurrency management in AuthenticatedWebSession#signedIn > --- > > Key: WICKET-6242 > URL: https://issues.apache.org/jira/browse/WICKET-6242 > Project: Wicket > Issue Type: Bug > Components: wicket-auth-roles >Affects Versions: 8.0.0-M1, 7.4.0 >Reporter: Martin Grigorov >Assignee: Martin Grigorov > > Discussion at dev@: http://markmail.org/message/syo3m6hrf2ix55rz > Currently [1] uses a volatile boolean "signedIn" to control the state. > org.apache.wicket.authroles.authentication.panel.SignInPanel#onConfigure() > tries to make use of it. > IMO this implementation is a bit weak. There are big windows this state to > change in the meantime. > Usually this shouldn't be a big problem, the application will authenticate > the same user twice. > But if the application does something in ISessionListener#onBind() then it > becomes a problem [2]. > 1. > https://github.com/apache/wicket/blob/master/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java > 2. https://issues.apache.org/jira/browse/ISIS-1481 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WICKET-6242) Weak concurrency management in AuthenticatedWebSession#signedIn
[ https://issues.apache.org/jira/browse/WICKET-6242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15486511#comment-15486511 ] ASF GitHub Bot commented on WICKET-6242: Github user martin-g commented on the issue: https://github.com/apache/wicket/pull/180 Please amend the commit message before merging it. It should mention `WICKET-6242`. > Weak concurrency management in AuthenticatedWebSession#signedIn > --- > > Key: WICKET-6242 > URL: https://issues.apache.org/jira/browse/WICKET-6242 > Project: Wicket > Issue Type: Bug > Components: wicket-auth-roles >Affects Versions: 8.0.0-M1, 7.4.0 >Reporter: Martin Grigorov >Assignee: Martin Grigorov > > Discussion at dev@: http://markmail.org/message/syo3m6hrf2ix55rz > Currently [1] uses a volatile boolean "signedIn" to control the state. > org.apache.wicket.authroles.authentication.panel.SignInPanel#onConfigure() > tries to make use of it. > IMO this implementation is a bit weak. There are big windows this state to > change in the meantime. > Usually this shouldn't be a big problem, the application will authenticate > the same user twice. > But if the application does something in ISessionListener#onBind() then it > becomes a problem [2]. > 1. > https://github.com/apache/wicket/blob/master/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java > 2. https://issues.apache.org/jira/browse/ISIS-1481 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WICKET-6242) Weak concurrency management in AuthenticatedWebSession#signedIn
[ https://issues.apache.org/jira/browse/WICKET-6242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15480452#comment-15480452 ] ASF subversion and git services commented on WICKET-6242: - Commit 56f947ee52e3b42e69481bac78838e6ec8325573 in wicket's branch refs/heads/WICKET-6242-authenticate-once from Pedro Henrique Oliveira dos Santos [ https://git-wip-us.apache.org/repos/asf?p=wicket.git;h=56f947e ] WICKET-6242 testing signIn method atomicity > Weak concurrency management in AuthenticatedWebSession#signedIn > --- > > Key: WICKET-6242 > URL: https://issues.apache.org/jira/browse/WICKET-6242 > Project: Wicket > Issue Type: Bug > Components: wicket-auth-roles >Affects Versions: 8.0.0-M1, 7.4.0 >Reporter: Martin Grigorov >Assignee: Martin Grigorov > > Discussion at dev@: http://markmail.org/message/syo3m6hrf2ix55rz > Currently [1] uses a volatile boolean "signedIn" to control the state. > org.apache.wicket.authroles.authentication.panel.SignInPanel#onConfigure() > tries to make use of it. > IMO this implementation is a bit weak. There are big windows this state to > change in the meantime. > Usually this shouldn't be a big problem, the application will authenticate > the same user twice. > But if the application does something in ISessionListener#onBind() then it > becomes a problem [2]. > 1. > https://github.com/apache/wicket/blob/master/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java > 2. https://issues.apache.org/jira/browse/ISIS-1481 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WICKET-6242) Weak concurrency management in AuthenticatedWebSession#signedIn
[ https://issues.apache.org/jira/browse/WICKET-6242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15479651#comment-15479651 ] ASF subversion and git services commented on WICKET-6242: - Commit d5425534a568d0cc0d4c6749a8965af69f107b8e in wicket's branch refs/heads/WICKET-6242-authenticate-once from [~mgrigorov] [ https://git-wip-us.apache.org/repos/asf?p=wicket.git;h=d542553 ] WICKET-6242 Weak concurrency management in AuthenticatedWebSession#signedIn Unset signedIn to 'false' only if the authenticated has failed. > Weak concurrency management in AuthenticatedWebSession#signedIn > --- > > Key: WICKET-6242 > URL: https://issues.apache.org/jira/browse/WICKET-6242 > Project: Wicket > Issue Type: Bug > Components: wicket-auth-roles >Affects Versions: 8.0.0-M1, 7.4.0 >Reporter: Martin Grigorov >Assignee: Martin Grigorov > > Discussion at dev@: http://markmail.org/message/syo3m6hrf2ix55rz > Currently [1] uses a volatile boolean "signedIn" to control the state. > org.apache.wicket.authroles.authentication.panel.SignInPanel#onConfigure() > tries to make use of it. > IMO this implementation is a bit weak. There are big windows this state to > change in the meantime. > Usually this shouldn't be a big problem, the application will authenticate > the same user twice. > But if the application does something in ISessionListener#onBind() then it > becomes a problem [2]. > 1. > https://github.com/apache/wicket/blob/master/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java > 2. https://issues.apache.org/jira/browse/ISIS-1481 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WICKET-6242) Weak concurrency management in AuthenticatedWebSession#signedIn
[ https://issues.apache.org/jira/browse/WICKET-6242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15479636#comment-15479636 ] ASF subversion and git services commented on WICKET-6242: - Commit a384c6f75df0b13962b65a948d766f73b39e11ba in wicket's branch refs/heads/WICKET-6242-authenticate-once from [~mgrigorov] [ https://git-wip-us.apache.org/repos/asf?p=wicket.git;h=a384c6f ] WICKET-6242 Weak concurrency management in AuthenticatedWebSession#signedIn > Weak concurrency management in AuthenticatedWebSession#signedIn > --- > > Key: WICKET-6242 > URL: https://issues.apache.org/jira/browse/WICKET-6242 > Project: Wicket > Issue Type: Bug > Components: wicket-auth-roles >Affects Versions: 8.0.0-M1, 7.4.0 >Reporter: Martin Grigorov >Assignee: Martin Grigorov > > Discussion at dev@: http://markmail.org/message/syo3m6hrf2ix55rz > Currently [1] uses a volatile boolean "signedIn" to control the state. > org.apache.wicket.authroles.authentication.panel.SignInPanel#onConfigure() > tries to make use of it. > IMO this implementation is a bit weak. There are big windows this state to > change in the meantime. > Usually this shouldn't be a big problem, the application will authenticate > the same user twice. > But if the application does something in ISessionListener#onBind() then it > becomes a problem [2]. > 1. > https://github.com/apache/wicket/blob/master/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java > 2. https://issues.apache.org/jira/browse/ISIS-1481 -- This message was sent by Atlassian JIRA (v6.3.4#6332)