RE: continueToOriginalDestination seems to be incorrectly retaining destination across multiple logins
Thanks for your response Martin, and sorry for my delayed reply! I added the breakpoint (it's line 210 in my 1.5-SNAPSHOT). I also put one at line 197, at the start of the mapRequest method, to see if it was getting into the method and finding a null value for the data variable. But neither breakpoint gets reached so the method is not being called. Does this mean that something is wrong with my wicket/shiro integration code, regarding the wicket request processing not being used correctly? I should add that I'm using a library from this "fifyfive-wicket" project (see https://github.com/55minutes/fiftyfive-wicket#readme) that pretty much sets up the wicket/shiro integration for me. Does it sound like the problem is most likely coming from there, or might something else be going on? Thanks again, -Evan -Original Message- From: Martin Grigorov [mailto:mgrigo...@apache.org] Sent: Thursday, February 09, 2012 3:12 AM To: users@wicket.apache.org Subject: Re: continueToOriginalDestination seems to be incorrectly retaining destination across multiple logins Hi, The intercept data should be cleaned at org.apache.wicket.RestartResponseAtInterceptPageException, line 211 - InterceptData.clear(); Put a breakpoint there and see what happens. On Wed, Feb 8, 2012 at 7:55 PM, Evan Sable wrote: > Hi, > > > > I'm using wicket 1.5-SNAPSHOT along with Shiro for > authentication/authorization security, and when an unauthorized user > tries to go to a page, Shiro calls redirectToInterceptPage behind the > scenes, and during the login process, after a successful login, there is code > that says: > > if (!continueToOriginalDestination()) { > > setResponsePage(getApplication().getHomePage()); > > } > > > > It is working in the sense that if a user gets redirected to login, > they are taken to the correct destination afterwards, and if a user > just clicks the login link in a new browser they are redirected to the > homepage after login. > > > > BUT, the problem is, if an initial user tries to go to a protected > page, gets redirected to the login, logs in, and then logs out, and > then, without closing the browser, clicks the login link and logs in > with the same user again or even another user, it still redirects to the > prior "original" > destination, which should no longer take effect. I would think that > this should be forgotten upon logging out, which replaces the wicket > session > with: > > Session session = Session.get(); > > session.replaceSession(); > > > > I think I must be misunderstanding how continueToOriginalDestination > is working - I thought it was placing the original destination url > into the users session, which is why I figured that after the login > which redirects, followed by the logout which replaces the session, it would > be gone. > > > > Can someone please explain what I'm thinking about wrongly here and > why the destination is being retained across multiple logins. Also, > how can I avoid this so that the original destination is only used the > first time?Btw, just to be clear, if I logout and then click to a > new protected url, the "original destination" value is properly > replaced with the new protected destination which redirects back to > the intercept page. The problem is only if I click directly to the > login page without a new intercept, but after having previously > utilized the continueToOriginalDestination in the prior login. > > Thanks very much for any help! > > -Evan > -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: continueToOriginalDestination seems to be incorrectly retaining destination across multiple logins
Hi, The intercept data should be cleaned at org.apache.wicket.RestartResponseAtInterceptPageException, line 211 - InterceptData.clear(); Put a breakpoint there and see what happens. On Wed, Feb 8, 2012 at 7:55 PM, Evan Sable wrote: > Hi, > > > > I'm using wicket 1.5-SNAPSHOT along with Shiro for > authentication/authorization security, and when an unauthorized user tries > to go to a page, Shiro calls redirectToInterceptPage behind the scenes, and > during the login process, after a successful login, there is code that says: > > if (!continueToOriginalDestination()) { > > setResponsePage(getApplication().getHomePage()); > > } > > > > It is working in the sense that if a user gets redirected to login, they are > taken to the correct destination afterwards, and if a user just clicks the > login link in a new browser they are redirected to the homepage after login. > > > > BUT, the problem is, if an initial user tries to go to a protected page, > gets redirected to the login, logs in, and then logs out, and then, without > closing the browser, clicks the login link and logs in with the same user > again or even another user, it still redirects to the prior "original" > destination, which should no longer take effect. I would think that this > should be forgotten upon logging out, which replaces the wicket session > with: > > Session session = Session.get(); > > session.replaceSession(); > > > > I think I must be misunderstanding how continueToOriginalDestination is > working - I thought it was placing the original destination url into the > users session, which is why I figured that after the login which redirects, > followed by the logout which replaces the session, it would be gone. > > > > Can someone please explain what I'm thinking about wrongly here and why the > destination is being retained across multiple logins. Also, how can I avoid > this so that the original destination is only used the first time? Btw, > just to be clear, if I logout and then click to a new protected url, the > "original destination" value is properly replaced with the new protected > destination which redirects back to the intercept page. The problem is only > if I click directly to the login page without a new intercept, but after > having previously utilized the continueToOriginalDestination in the prior > login. > > Thanks very much for any help! > > -Evan > -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
continueToOriginalDestination seems to be incorrectly retaining destination across multiple logins
Hi, I'm using wicket 1.5-SNAPSHOT along with Shiro for authentication/authorization security, and when an unauthorized user tries to go to a page, Shiro calls redirectToInterceptPage behind the scenes, and during the login process, after a successful login, there is code that says: if (!continueToOriginalDestination()) { setResponsePage(getApplication().getHomePage()); } It is working in the sense that if a user gets redirected to login, they are taken to the correct destination afterwards, and if a user just clicks the login link in a new browser they are redirected to the homepage after login. BUT, the problem is, if an initial user tries to go to a protected page, gets redirected to the login, logs in, and then logs out, and then, without closing the browser, clicks the login link and logs in with the same user again or even another user, it still redirects to the prior "original" destination, which should no longer take effect. I would think that this should be forgotten upon logging out, which replaces the wicket session with: Session session = Session.get(); session.replaceSession(); I think I must be misunderstanding how continueToOriginalDestination is working - I thought it was placing the original destination url into the users session, which is why I figured that after the login which redirects, followed by the logout which replaces the session, it would be gone. Can someone please explain what I'm thinking about wrongly here and why the destination is being retained across multiple logins. Also, how can I avoid this so that the original destination is only used the first time?Btw, just to be clear, if I logout and then click to a new protected url, the "original destination" value is properly replaced with the new protected destination which redirects back to the intercept page. The problem is only if I click directly to the login page without a new intercept, but after having previously utilized the continueToOriginalDestination in the prior login. Thanks very much for any help! -Evan