By the way, is this a continuation of the TPM demo, or something else?
On 31 May 2013 13:34, Christian Steinebach < [email protected]> wrote: > Thanks a lot, Dan! :-) > > Christian > ________________________________________ > From: Dan Haywood [[email protected]] > Sent: Friday, May 31, 2013 2:30 PM > To: users > Subject: Re: automatic login using url? > > Looks ok to me. It's in your subclass of WicketApplication, so you can do > what you want. > > As I said, we need to integrate Shiro, Isis and Wicket more closely, and > part of that is the lifecycle of the invalidations of their respective > authentication sessions when logging out. Blowing away the HttpSession, as > you've done, is the nuclear option, but it's probably the best thing you > can do right now. > > Cheers > Dan > > > > On 31 May 2013 13:27, Christian Steinebach < > [email protected]> wrote: > > > Hi again! > > > > Quick (and dirty?) overriding newWebRequest seems to do the job. > > If I've created a big problem for myself please let me know. ;-) > > The solution doesn't have to be secure, just work. It's for a demo > > where login is handled by another application anyway. > > > > Regards > > Christian > > > > > > > > @Override > > public WebRequest newWebRequest(HttpServletRequest servletRequest, > > String filterPath) { > > try { > > String uname = servletRequest.getParameter("user"); > > if (uname != null) { > > servletRequest.getSession().invalidate(); > > } > > } catch (Exception e) { > > } > > WebRequest request = super.newWebRequest(servletRequest, > > filterPath); > > return request; > > } > > > > ________________________________________ > > From: Christian Steinebach [[email protected]] > > Sent: Friday, May 31, 2013 2:02 PM > > To: [email protected] > > Subject: automatic login using url? > > > > Hi all! > > > > I wanted to login using url parameters, something like: > > > > http://localhost://MyIsisApplication?user=erik&pass=pass > > > > should log in as user erik with password pass. > > I seem to have managed to find a solution, just override the newSession > > method in the application class: > > > > public class MyIsisApplication extends IsisWicketApplication { > > > > @Override > > public Session newSession(final Request request, final Response > > response) { > > AuthenticatedWebSessionForIsis s = > > (AuthenticatedWebSessionForIsis) super.newSession(request, response); > > StringValue user = > > request.getRequestParameters().getParameterValue("user"); > > StringValue password = > > request.getRequestParameters().getParameterValue("pass"); > > s.signIn(user.toString(), "pass"); > > return s; > > > > > > So far, it seems to work, the only problem i have is when trying to log > in > > with a different user > > before the session has timed out. > > > > Has anybody a hint, where (and how) I should switch the user when called > > with a different user name? > > > > Any help very much appreciated > > > > Christian > > >
