no, nothing fancy there...
anyways, I can't seem to replicate it easily now and I don't have time for
further investigation.
sorry for your time and also thank you for it.
i will definitely try later.
On Tue, May 20, 2008 at 8:59 PM, Igor Vaynberg <[EMAIL PROTECTED]>
wrote:
> also, what does your code look like that creates a new instance of
> session (application.newsession())
>
> -igor
>
> On Tue, May 20, 2008 at 10:58 AM, Igor Vaynberg <[EMAIL PROTECTED]>
> wrote:
> > do the two users have different session ids? try printing it out from
> > your authenticate method.
> >
> > -igor
> >
> >
> > On Tue, May 20, 2008 at 7:59 AM, Cristi Manole <[EMAIL PROTECTED]>
> wrote:
> >> well, i figured it was just me... so I quit bothering you guys with
> >> something that's ... just me... :)
> >>
> >> i'm using tomcat, no clustering.
> >>
> >> this is my websession class:
> >>
> >> package com.fx.core;
> >>
> >> import java.security.NoSuchAlgorithmException;
> >>
> >> import org.apache.commons.logging.Log;
> >> import org.apache.commons.logging.LogFactory;
> >> import org.apache.wicket.Request;
> >> import org.apache.wicket.authentication.AuthenticatedWebApplication;
> >> import org.apache.wicket.authentication.AuthenticatedWebSession;
> >> import org.apache.wicket.authorization.strategies.role.Roles;
> >> import org.apache.wicket.injection.web.InjectorHolder;
> >> import org.apache.wicket.spring.injection.annot.SpringBean;
> >>
> >> import com.fx.utils.crypt.UltraPasswordHasher;
> >>
> >> @SuppressWarnings("serial")
> >> public class WebSession extends AuthenticatedWebSession {
> >> private static final Log log = LogFactory.getLog(WebSession.class);
> >>
> >> @SpringBean
> >> private JdbcUtilizatori jdbcUtilizatori;
> >>
> >> private Utilizator utilizator;
> >>
> >> public WebSession(final AuthenticatedWebApplication application,
> Request
> >> request) {
> >> super(request);
> >> InjectorHolder.getInjector().inject(this); //don't get spring by
> >> default in sessions...
> >> }
> >>
> >> @Override
> >> * public boolean authenticate(final String username, final String
> >> password) {
> >> if(utilizator == null) {
> >> * UtilizatorDAO dao =
> jdbcUtilizatori.getUtilizator(username);
> >> if(dao != null) {
> >> try {
> >> if(new
> >> UltraPasswordHasher().verifyPassword(password.getBytes(),
> dao.getParola()))
> >> {
> >> utilizator = new Utilizator(dao.getId(),
> username,
> >> dao.getParola(), dao.getNume(), dao.getPrenume(), dao.getTip());
> >> utilizator.addRole("AUTHENTICATED");
> >> }
> >> } catch (NoSuchAlgorithmException e) {
> >> log.error("ERROR:", e);
> >> return false;
> >> }
> >> }
> >> }
> >>
> >> return utilizator != null;
> >> }
> >>
> >> public void logOut() {
> >> utilizator = null;
> >> signOut();
> >> }
> >>
> >> @Override
> >> public Roles getRoles() {
> >> if (isSignedIn()) {
> >> // If the user is signed in, they have these roles
> >> return new Roles((String[])utilizator.getRoles().toArray(new
> >> String[0]));
> >> }
> >> return null;
> >> }
> >>
> >> public Utilizator getUtilizator() {
> >> return utilizator;
> >> }
> >>
> >> public Utilizator getUtilizatorFor(String password) {
> >> UtilizatorDAO dao = jdbcUtilizatori.getUtilizator(password);
> >> if(dao == null) {
> >> return null;
> >> } else {
> >> return new Utilizator(dao.getId(), dao.getUser(),
> >> dao.getParola(), dao.getNume(), dao.getPrenume(), dao.getTip());
> >> }
> >> }
> >> }
> >>
> >> in dev mode, running from two stations, same network (didn't test
> >> otherwise), "utilizator" is not null for the second user after the first
> has
> >> logged in (see bolded text above). And no matter what he puts in the
> login,
> >> it will get logged in with the others credential.
> >>
> >> *I really think I'm doing something stupid* cause this is the first time
> I
> >> get this and I've been developing quite a few web apps in wicket (then
> again
> >> i rarely develop in dev mode).
> >>
> >> Tks,
> >> Cristi Manole
> >>
> >> On Tue, May 20, 2008 at 5:23 PM, Igor Vaynberg <[EMAIL PROTECTED]
> >
> >> wrote:
> >>
> >>> On Tue, May 20, 2008 at 3:55 AM, Cristi Manole <[EMAIL PROTECTED]
> >
> >>> wrote:
> >>> > Hello,
> >>> >
> >>> > Today I tested an application on a number of computers (if it's
> useful
> >>> know
> >>> > that they were in the same network).
> >>> >
> >>> > What I found out is that the wicket session was shared among them
> when
> >>> > wicket was started in dev mode.
> >>>
> >>> what symptoms of this did you see? does it also happen with a plain
> >>> wicket-quickstart? what kind of server did you have running? what kind
> >>> of cluster topology? what replication tech did you use?
> >>>
> >>> you cant just tell us something interesting like this and leave us
> hanging!
> >>>
> >>> -igor
> >>>
> >>> > When I started the application in deploy
> >>> > mode, everything was as needed - a session object was created for
> each
> >>> > client.
> >>> >
> >>> > Is this how it's suppose to work in dev mode? I'm using wicket
> 1.3.2.
> >>> >
> >>> > Thank you,
> >>> > Cristi Manole
> >>> >
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: [EMAIL PROTECTED]
> >>> For additional commands, e-mail: [EMAIL PROTECTED]
> >>>
> >>>
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
