Gotcha. Good stuff.
On 31 May 2013 13:48, Christian Steinebach < [email protected]> wrote: > Hi Dan! > > Still the same thing... > > A central login application is calling several web application modules > with a parameter ?user=xxxx > And then the user should login automagically. Different users have > different roles, so therefore > the user switch... > > Christian > > > ________________________________________ > From: Dan Haywood [[email protected]] > Sent: Friday, May 31, 2013 2:36 PM > To: users > Subject: Re: automatic login using url? > > By the way, is this a continuation of the TPM demo, or something else? > > > > On 31 May 2013 13:34, Christian Steinebach < > [email protected]> wrote: > > > Thanks a lot, Dan! :-) > > > > Christian > > ________________________________________ > > From: Dan Haywood [[email protected]] > > Sent: Friday, May 31, 2013 2:30 PM > > To: users > > Subject: Re: automatic login using url? > > > > Looks ok to me. It's in your subclass of WicketApplication, so you can > do > > what you want. > > > > As I said, we need to integrate Shiro, Isis and Wicket more closely, and > > part of that is the lifecycle of the invalidations of their respective > > authentication sessions when logging out. Blowing away the HttpSession, > as > > you've done, is the nuclear option, but it's probably the best thing you > > can do right now. > > > > Cheers > > Dan > > > > > > > > On 31 May 2013 13:27, Christian Steinebach < > > [email protected]> wrote: > > > > > Hi again! > > > > > > Quick (and dirty?) overriding newWebRequest seems to do the job. > > > If I've created a big problem for myself please let me know. ;-) > > > The solution doesn't have to be secure, just work. It's for a demo > > > where login is handled by another application anyway. > > > > > > Regards > > > Christian > > > > > > > > > > > > @Override > > > public WebRequest newWebRequest(HttpServletRequest servletRequest, > > > String filterPath) { > > > try { > > > String uname = servletRequest.getParameter("user"); > > > if (uname != null) { > > > servletRequest.getSession().invalidate(); > > > } > > > } catch (Exception e) { > > > } > > > WebRequest request = super.newWebRequest(servletRequest, > > > filterPath); > > > return request; > > > } > > > > > > ________________________________________ > > > From: Christian Steinebach [[email protected]] > > > Sent: Friday, May 31, 2013 2:02 PM > > > To: [email protected] > > > Subject: automatic login using url? > > > > > > Hi all! > > > > > > I wanted to login using url parameters, something like: > > > > > > http://localhost://MyIsisApplication?user=erik&pass=pass > > > > > > should log in as user erik with password pass. > > > I seem to have managed to find a solution, just override the newSession > > > method in the application class: > > > > > > public class MyIsisApplication extends IsisWicketApplication { > > > > > > @Override > > > public Session newSession(final Request request, final Response > > > response) { > > > AuthenticatedWebSessionForIsis s = > > > (AuthenticatedWebSessionForIsis) super.newSession(request, response); > > > StringValue user = > > > request.getRequestParameters().getParameterValue("user"); > > > StringValue password = > > > request.getRequestParameters().getParameterValue("pass"); > > > s.signIn(user.toString(), "pass"); > > > return s; > > > > > > > > > So far, it seems to work, the only problem i have is when trying to log > > in > > > with a different user > > > before the session has timed out. > > > > > > Has anybody a hint, where (and how) I should switch the user when > called > > > with a different user name? > > > > > > Any help very much appreciated > > > > > > Christian > > > > > >
