Re: Deployment vs development session
no, nothing fancy there... anyways, I can't seem to replicate it easily now and I don't have time for further investigation. sorry for your time and also thank you for it. i will definitely try later. On Tue, May 20, 2008 at 8:59 PM, Igor Vaynberg <[EMAIL PROTECTED]> wrote: > also, what does your code look like that creates a new instance of > session (application.newsession()) > > -igor > > On Tue, May 20, 2008 at 10:58 AM, Igor Vaynberg <[EMAIL PROTECTED]> > wrote: > > do the two users have different session ids? try printing it out from > > your authenticate method. > > > > -igor > > > > > > On Tue, May 20, 2008 at 7:59 AM, Cristi Manole <[EMAIL PROTECTED]> > wrote: > >> well, i figured it was just me... so I quit bothering you guys with > >> something that's ... just me... :) > >> > >> i'm using tomcat, no clustering. > >> > >> this is my websession class: > >> > >> package com.fx.core; > >> > >> import java.security.NoSuchAlgorithmException; > >> > >> import org.apache.commons.logging.Log; > >> import org.apache.commons.logging.LogFactory; > >> import org.apache.wicket.Request; > >> import org.apache.wicket.authentication.AuthenticatedWebApplication; > >> import org.apache.wicket.authentication.AuthenticatedWebSession; > >> import org.apache.wicket.authorization.strategies.role.Roles; > >> import org.apache.wicket.injection.web.InjectorHolder; > >> import org.apache.wicket.spring.injection.annot.SpringBean; > >> > >> import com.fx.utils.crypt.UltraPasswordHasher; > >> > >> @SuppressWarnings("serial") > >> public class WebSession extends AuthenticatedWebSession { > >>private static final Log log = LogFactory.getLog(WebSession.class); > >> > >>@SpringBean > >>private JdbcUtilizatori jdbcUtilizatori; > >> > >>private Utilizator utilizator; > >> > >>public WebSession(final AuthenticatedWebApplication application, > Request > >> request) { > >>super(request); > >>InjectorHolder.getInjector().inject(this); //don't get spring by > >> default in sessions... > >>} > >> > >>@Override > >> *public boolean authenticate(final String username, final String > >> password) { > >>if(utilizator == null) { > >> *UtilizatorDAO dao = > jdbcUtilizatori.getUtilizator(username); > >>if(dao != null) { > >>try { > >>if(new > >> UltraPasswordHasher().verifyPassword(password.getBytes(), > dao.getParola())) > >> { > >>utilizator = new Utilizator(dao.getId(), > username, > >> dao.getParola(), dao.getNume(), dao.getPrenume(), dao.getTip()); > >>utilizator.addRole("AUTHENTICATED"); > >>} > >>} catch (NoSuchAlgorithmException e) { > >>log.error("ERROR:", e); > >>return false; > >>} > >>} > >>} > >> > >>return utilizator != null; > >>} > >> > >>public void logOut() { > >>utilizator = null; > >>signOut(); > >>} > >> > >>@Override > >>public Roles getRoles() { > >>if (isSignedIn()) { > >>// If the user is signed in, they have these roles > >>return new Roles((String[])utilizator.getRoles().toArray(new > >> String[0])); > >>} > >>return null; > >>} > >> > >>public Utilizator getUtilizator() { > >>return utilizator; > >>} > >> > >>public Utilizator getUtilizatorFor(String password) { > >>UtilizatorDAO dao = jdbcUtilizatori.getUtilizator(password); > >>if(dao == null) { > >>return null; > >>} else { > >>return new Utilizator(dao.getId(), dao.getUser(), > >> dao.getParola(), dao.getNume(), dao.getPrenume(), dao.getTip()); > >>} > >>} > >> } > >> > >> in dev mode, running from two stations, same network (didn't test > >> otherwise), "utilizator" is not null for the second user after the first > has > >> logged in (see bolded text above). And no matter what he puts in the > login, > >> it will get logged in with the others credential. > >> > >> *I really think I'm doing something stupid* cause this is the first time > I > >> get this and I've been developing quite a few web apps in wicket (then > again > >> i rarely develop in dev mode). > >> > >> Tks, > >> Cristi Manole > >> > >> On Tue, May 20, 2008 at 5:23 PM, Igor Vaynberg <[EMAIL PROTECTED] > > > >> wrote: > >> > >>> On Tue, May 20, 2008 at 3:55 AM, Cristi Manole <[EMAIL PROTECTED] > > > >>> wrote: > >>> > Hello, > >>> > > >>> > Today I tested an application on a number of computers (if it's > useful > >>> know > >>> > that they were in the same network). > >>> > > >>> > What I found out is that the wicket session was shared among them > when > >>> > wicket was started in dev mode. > >>> > >>> what symptoms of this did you see? does it also happen with a plain > >>> wicket-quickstart? what kind of server did you have running? what kind > >
Re: Deployment vs development session
also, what does your code look like that creates a new instance of session (application.newsession()) -igor On Tue, May 20, 2008 at 10:58 AM, Igor Vaynberg <[EMAIL PROTECTED]> wrote: > do the two users have different session ids? try printing it out from > your authenticate method. > > -igor > > > On Tue, May 20, 2008 at 7:59 AM, Cristi Manole <[EMAIL PROTECTED]> wrote: >> well, i figured it was just me... so I quit bothering you guys with >> something that's ... just me... :) >> >> i'm using tomcat, no clustering. >> >> this is my websession class: >> >> package com.fx.core; >> >> import java.security.NoSuchAlgorithmException; >> >> import org.apache.commons.logging.Log; >> import org.apache.commons.logging.LogFactory; >> import org.apache.wicket.Request; >> import org.apache.wicket.authentication.AuthenticatedWebApplication; >> import org.apache.wicket.authentication.AuthenticatedWebSession; >> import org.apache.wicket.authorization.strategies.role.Roles; >> import org.apache.wicket.injection.web.InjectorHolder; >> import org.apache.wicket.spring.injection.annot.SpringBean; >> >> import com.fx.utils.crypt.UltraPasswordHasher; >> >> @SuppressWarnings("serial") >> public class WebSession extends AuthenticatedWebSession { >>private static final Log log = LogFactory.getLog(WebSession.class); >> >>@SpringBean >>private JdbcUtilizatori jdbcUtilizatori; >> >>private Utilizator utilizator; >> >>public WebSession(final AuthenticatedWebApplication application, Request >> request) { >>super(request); >>InjectorHolder.getInjector().inject(this); //don't get spring by >> default in sessions... >>} >> >>@Override >> *public boolean authenticate(final String username, final String >> password) { >>if(utilizator == null) { >> *UtilizatorDAO dao = jdbcUtilizatori.getUtilizator(username); >>if(dao != null) { >>try { >>if(new >> UltraPasswordHasher().verifyPassword(password.getBytes(), dao.getParola())) >> { >>utilizator = new Utilizator(dao.getId(), username, >> dao.getParola(), dao.getNume(), dao.getPrenume(), dao.getTip()); >>utilizator.addRole("AUTHENTICATED"); >>} >>} catch (NoSuchAlgorithmException e) { >>log.error("ERROR:", e); >>return false; >>} >>} >>} >> >>return utilizator != null; >>} >> >>public void logOut() { >>utilizator = null; >>signOut(); >>} >> >>@Override >>public Roles getRoles() { >>if (isSignedIn()) { >>// If the user is signed in, they have these roles >>return new Roles((String[])utilizator.getRoles().toArray(new >> String[0])); >>} >>return null; >>} >> >>public Utilizator getUtilizator() { >>return utilizator; >>} >> >>public Utilizator getUtilizatorFor(String password) { >>UtilizatorDAO dao = jdbcUtilizatori.getUtilizator(password); >>if(dao == null) { >>return null; >>} else { >>return new Utilizator(dao.getId(), dao.getUser(), >> dao.getParola(), dao.getNume(), dao.getPrenume(), dao.getTip()); >>} >>} >> } >> >> in dev mode, running from two stations, same network (didn't test >> otherwise), "utilizator" is not null for the second user after the first has >> logged in (see bolded text above). And no matter what he puts in the login, >> it will get logged in with the others credential. >> >> *I really think I'm doing something stupid* cause this is the first time I >> get this and I've been developing quite a few web apps in wicket (then again >> i rarely develop in dev mode). >> >> Tks, >> Cristi Manole >> >> On Tue, May 20, 2008 at 5:23 PM, Igor Vaynberg <[EMAIL PROTECTED]> >> wrote: >> >>> On Tue, May 20, 2008 at 3:55 AM, Cristi Manole <[EMAIL PROTECTED]> >>> wrote: >>> > Hello, >>> > >>> > Today I tested an application on a number of computers (if it's useful >>> know >>> > that they were in the same network). >>> > >>> > What I found out is that the wicket session was shared among them when >>> > wicket was started in dev mode. >>> >>> what symptoms of this did you see? does it also happen with a plain >>> wicket-quickstart? what kind of server did you have running? what kind >>> of cluster topology? what replication tech did you use? >>> >>> you cant just tell us something interesting like this and leave us hanging! >>> >>> -igor >>> >>> > When I started the application in deploy >>> > mode, everything was as needed - a session object was created for each >>> > client. >>> > >>> > Is this how it's suppose to work in dev mode? I'm using wicket 1.3.2. >>> > >>> > Thank you, >>> > Cristi Manole >>> > >>> >>> - >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional com
Re: Deployment vs development session
do the two users have different session ids? try printing it out from your authenticate method. -igor On Tue, May 20, 2008 at 7:59 AM, Cristi Manole <[EMAIL PROTECTED]> wrote: > well, i figured it was just me... so I quit bothering you guys with > something that's ... just me... :) > > i'm using tomcat, no clustering. > > this is my websession class: > > package com.fx.core; > > import java.security.NoSuchAlgorithmException; > > import org.apache.commons.logging.Log; > import org.apache.commons.logging.LogFactory; > import org.apache.wicket.Request; > import org.apache.wicket.authentication.AuthenticatedWebApplication; > import org.apache.wicket.authentication.AuthenticatedWebSession; > import org.apache.wicket.authorization.strategies.role.Roles; > import org.apache.wicket.injection.web.InjectorHolder; > import org.apache.wicket.spring.injection.annot.SpringBean; > > import com.fx.utils.crypt.UltraPasswordHasher; > > @SuppressWarnings("serial") > public class WebSession extends AuthenticatedWebSession { >private static final Log log = LogFactory.getLog(WebSession.class); > >@SpringBean >private JdbcUtilizatori jdbcUtilizatori; > >private Utilizator utilizator; > >public WebSession(final AuthenticatedWebApplication application, Request > request) { >super(request); >InjectorHolder.getInjector().inject(this); //don't get spring by > default in sessions... >} > >@Override > *public boolean authenticate(final String username, final String > password) { >if(utilizator == null) { > *UtilizatorDAO dao = jdbcUtilizatori.getUtilizator(username); >if(dao != null) { >try { >if(new > UltraPasswordHasher().verifyPassword(password.getBytes(), dao.getParola())) > { >utilizator = new Utilizator(dao.getId(), username, > dao.getParola(), dao.getNume(), dao.getPrenume(), dao.getTip()); >utilizator.addRole("AUTHENTICATED"); >} >} catch (NoSuchAlgorithmException e) { >log.error("ERROR:", e); >return false; >} >} >} > >return utilizator != null; >} > >public void logOut() { >utilizator = null; >signOut(); >} > >@Override >public Roles getRoles() { >if (isSignedIn()) { >// If the user is signed in, they have these roles >return new Roles((String[])utilizator.getRoles().toArray(new > String[0])); >} >return null; >} > >public Utilizator getUtilizator() { >return utilizator; >} > >public Utilizator getUtilizatorFor(String password) { >UtilizatorDAO dao = jdbcUtilizatori.getUtilizator(password); >if(dao == null) { >return null; >} else { >return new Utilizator(dao.getId(), dao.getUser(), > dao.getParola(), dao.getNume(), dao.getPrenume(), dao.getTip()); >} >} > } > > in dev mode, running from two stations, same network (didn't test > otherwise), "utilizator" is not null for the second user after the first has > logged in (see bolded text above). And no matter what he puts in the login, > it will get logged in with the others credential. > > *I really think I'm doing something stupid* cause this is the first time I > get this and I've been developing quite a few web apps in wicket (then again > i rarely develop in dev mode). > > Tks, > Cristi Manole > > On Tue, May 20, 2008 at 5:23 PM, Igor Vaynberg <[EMAIL PROTECTED]> > wrote: > >> On Tue, May 20, 2008 at 3:55 AM, Cristi Manole <[EMAIL PROTECTED]> >> wrote: >> > Hello, >> > >> > Today I tested an application on a number of computers (if it's useful >> know >> > that they were in the same network). >> > >> > What I found out is that the wicket session was shared among them when >> > wicket was started in dev mode. >> >> what symptoms of this did you see? does it also happen with a plain >> wicket-quickstart? what kind of server did you have running? what kind >> of cluster topology? what replication tech did you use? >> >> you cant just tell us something interesting like this and leave us hanging! >> >> -igor >> >> > When I started the application in deploy >> > mode, everything was as needed - a session object was created for each >> > client. >> > >> > Is this how it's suppose to work in dev mode? I'm using wicket 1.3.2. >> > >> > Thank you, >> > Cristi Manole >> > >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Deployment vs development session
well, i figured it was just me... so I quit bothering you guys with something that's ... just me... :) i'm using tomcat, no clustering. this is my websession class: package com.fx.core; import java.security.NoSuchAlgorithmException; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.wicket.Request; import org.apache.wicket.authentication.AuthenticatedWebApplication; import org.apache.wicket.authentication.AuthenticatedWebSession; import org.apache.wicket.authorization.strategies.role.Roles; import org.apache.wicket.injection.web.InjectorHolder; import org.apache.wicket.spring.injection.annot.SpringBean; import com.fx.utils.crypt.UltraPasswordHasher; @SuppressWarnings("serial") public class WebSession extends AuthenticatedWebSession { private static final Log log = LogFactory.getLog(WebSession.class); @SpringBean private JdbcUtilizatori jdbcUtilizatori; private Utilizator utilizator; public WebSession(final AuthenticatedWebApplication application, Request request) { super(request); InjectorHolder.getInjector().inject(this); //don't get spring by default in sessions... } @Override *public boolean authenticate(final String username, final String password) { if(utilizator == null) { *UtilizatorDAO dao = jdbcUtilizatori.getUtilizator(username); if(dao != null) { try { if(new UltraPasswordHasher().verifyPassword(password.getBytes(), dao.getParola())) { utilizator = new Utilizator(dao.getId(), username, dao.getParola(), dao.getNume(), dao.getPrenume(), dao.getTip()); utilizator.addRole("AUTHENTICATED"); } } catch (NoSuchAlgorithmException e) { log.error("ERROR:", e); return false; } } } return utilizator != null; } public void logOut() { utilizator = null; signOut(); } @Override public Roles getRoles() { if (isSignedIn()) { // If the user is signed in, they have these roles return new Roles((String[])utilizator.getRoles().toArray(new String[0])); } return null; } public Utilizator getUtilizator() { return utilizator; } public Utilizator getUtilizatorFor(String password) { UtilizatorDAO dao = jdbcUtilizatori.getUtilizator(password); if(dao == null) { return null; } else { return new Utilizator(dao.getId(), dao.getUser(), dao.getParola(), dao.getNume(), dao.getPrenume(), dao.getTip()); } } } in dev mode, running from two stations, same network (didn't test otherwise), "utilizator" is not null for the second user after the first has logged in (see bolded text above). And no matter what he puts in the login, it will get logged in with the others credential. *I really think I'm doing something stupid* cause this is the first time I get this and I've been developing quite a few web apps in wicket (then again i rarely develop in dev mode). Tks, Cristi Manole On Tue, May 20, 2008 at 5:23 PM, Igor Vaynberg <[EMAIL PROTECTED]> wrote: > On Tue, May 20, 2008 at 3:55 AM, Cristi Manole <[EMAIL PROTECTED]> > wrote: > > Hello, > > > > Today I tested an application on a number of computers (if it's useful > know > > that they were in the same network). > > > > What I found out is that the wicket session was shared among them when > > wicket was started in dev mode. > > what symptoms of this did you see? does it also happen with a plain > wicket-quickstart? what kind of server did you have running? what kind > of cluster topology? what replication tech did you use? > > you cant just tell us something interesting like this and leave us hanging! > > -igor > > > When I started the application in deploy > > mode, everything was as needed - a session object was created for each > > client. > > > > Is this how it's suppose to work in dev mode? I'm using wicket 1.3.2. > > > > Thank you, > > Cristi Manole > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: Deployment vs development session
On Tue, May 20, 2008 at 3:55 AM, Cristi Manole <[EMAIL PROTECTED]> wrote: > Hello, > > Today I tested an application on a number of computers (if it's useful know > that they were in the same network). > > What I found out is that the wicket session was shared among them when > wicket was started in dev mode. what symptoms of this did you see? does it also happen with a plain wicket-quickstart? what kind of server did you have running? what kind of cluster topology? what replication tech did you use? you cant just tell us something interesting like this and leave us hanging! -igor > When I started the application in deploy > mode, everything was as needed - a session object was created for each > client. > > Is this how it's suppose to work in dev mode? I'm using wicket 1.3.2. > > Thank you, > Cristi Manole > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Deployment vs development session
Note to self: we use development mode FOR DEVELOPMENT. We actually deploy our applications in DEPLOYMENT mode. There is ABSOLUTELY no reason why you would put your application in production using DEVELOPMENT mode. Need a useful feature that is enabled in dev mode? Set it in your configuration, but never, deploy in development mode. Regarding the original post: there should be no difference in handling sessions between the two modes. Martijn On Tue, May 20, 2008 at 1:56 PM, Maurice Marrink <[EMAIL PROTECTED]> wrote: > No, that is not how it is supposed to work. Each user should always > get his/her own session regardless. > development mode is for quick reloading of markupfiles etc without > redeploying. > > Not sure how you managed that but we use dev mode all the time and we > have never seen this behavior. > > Maurice > > On Tue, May 20, 2008 at 12:55 PM, Cristi Manole <[EMAIL PROTECTED]> wrote: >> Hello, >> >> Today I tested an application on a number of computers (if it's useful know >> that they were in the same network). >> >> What I found out is that the wicket session was shared among them when >> wicket was started in dev mode. When I started the application in deploy >> mode, everything was as needed - a session object was created for each >> client. >> >> Is this how it's suppose to work in dev mode? I'm using wicket 1.3.2. >> >> Thank you, >> Cristi Manole >> > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Buy Wicket in Action: http://manning.com/dashorst Apache Wicket 1.3.3 is released Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.3 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Deployment vs development session
No, that is not how it is supposed to work. Each user should always get his/her own session regardless. development mode is for quick reloading of markupfiles etc without redeploying. Not sure how you managed that but we use dev mode all the time and we have never seen this behavior. Maurice On Tue, May 20, 2008 at 12:55 PM, Cristi Manole <[EMAIL PROTECTED]> wrote: > Hello, > > Today I tested an application on a number of computers (if it's useful know > that they were in the same network). > > What I found out is that the wicket session was shared among them when > wicket was started in dev mode. When I started the application in deploy > mode, everything was as needed - a session object was created for each > client. > > Is this how it's suppose to work in dev mode? I'm using wicket 1.3.2. > > Thank you, > Cristi Manole > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Deployment vs development session
Hello, Today I tested an application on a number of computers (if it's useful know that they were in the same network). What I found out is that the wicket session was shared among them when wicket was started in dev mode. When I started the application in deploy mode, everything was as needed - a session object was created for each client. Is this how it's suppose to work in dev mode? I'm using wicket 1.3.2. Thank you, Cristi Manole