Re: Wicket-Security: What is the easiest way to switch user's principal behind the scenes?
By default a logincontext only allows a single login, this can be changed by a constructor flag. To switch principals simply login a second time with the new context and logoff with the old context. the session will be preserved. Maurice On Tue, Jun 24, 2008 at 2:14 PM, Sergey Podatelev [EMAIL PROTECTED] wrote: Hello, I'm wondering, how can I remove current Principals/Subject stored in LoginContext and put another Subject/Principle without making user re-login and without invalidation session (if that's even possible)? Just a brief description would be enough (: -- sp - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Wicket-Security: What is the easiest way to switch user's principal behind the scenes?
Thanks Maurice, this is exactly what I've done so far. But for some reason, session is reset. I'm using Acegi, and my LoginContext looks very similar to the one provided in the example of Swarm/Acegi integration. Since Authentication object containing user credentials, kept in Acegi's SecurityContext is being destroyed, I save it and pass to the login context. Here's what I do: ReauthPage.java: ... Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication; ((WaspSession) getSession()).logoff(MyLoginContext()); ((WaspSession) getSession()).login(MyLoginContext(token)); setResponsePage(SomePage.java); At this point everything seems to be okay, no exceptions are thrown that would be in case of unsuccessful authentication from LoginPage. However, once SomePage.java is instantiated, the newSession() method of MyApplication is called, thus logging user out. Any clues on why could that happen? On Tue, Jun 24, 2008 at 5:32 PM, Maurice Marrink [EMAIL PROTECTED] wrote: By default a logincontext only allows a single login, this can be changed by a constructor flag. To switch principals simply login a second time with the new context and logoff with the old context. the session will be preserved. Maurice On Tue, Jun 24, 2008 at 2:14 PM, Sergey Podatelev [EMAIL PROTECTED] wrote: Hello, I'm wondering, how can I remove current Principals/Subject stored in LoginContext and put another Subject/Principle without making user re-login and without invalidation session (if that's even possible)? Just a brief description would be enough (: -- sp - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- sp
Re: Wicket-Security: What is the easiest way to switch user's principal behind the scenes?
Thanks a lot, I'll give it a try. On Tue, Jun 24, 2008 at 5:54 PM, Maurice Marrink [EMAIL PROTECTED] wrote: First login with the second context, then log off with the first context. swarm will invalidate the session after the last subject has logged off. which is what is happening in your case. The easiest is to use different logincontexts classes for this but you should also be able to use the level parameter you can pass to the constructor. Maurice On Tue, Jun 24, 2008 at 3:48 PM, Sergey Podatelev [EMAIL PROTECTED] wrote: Thanks Maurice, this is exactly what I've done so far. But for some reason, session is reset. I'm using Acegi, and my LoginContext looks very similar to the one provided in the example of Swarm/Acegi integration. Since Authentication object containing user credentials, kept in Acegi's SecurityContext is being destroyed, I save it and pass to the login context. Here's what I do: ReauthPage.java: ... Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication; ((WaspSession) getSession()).logoff(MyLoginContext()); ((WaspSession) getSession()).login(MyLoginContext(token)); setResponsePage(SomePage.java); At this point everything seems to be okay, no exceptions are thrown that would be in case of unsuccessful authentication from LoginPage. However, once SomePage.java is instantiated, the newSession() method of MyApplication is called, thus logging user out. Any clues on why could that happen? On Tue, Jun 24, 2008 at 5:32 PM, Maurice Marrink [EMAIL PROTECTED] wrote: By default a logincontext only allows a single login, this can be changed by a constructor flag. To switch principals simply login a second time with the new context and logoff with the old context. the session will be preserved. Maurice On Tue, Jun 24, 2008 at 2:14 PM, Sergey Podatelev [EMAIL PROTECTED] wrote: Hello, I'm wondering, how can I remove current Principals/Subject stored in LoginContext and put another Subject/Principle without making user re-login and without invalidation session (if that's even possible)? Just a brief description would be enough (: -- sp - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- sp - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- sp