By default, Wicket uses the KeyInSessionSunJceCryptFactory which
stores the encryption key in the user's session.
On Thu, Mar 25, 2010 at 11:50 AM, fachhoch <fachh...@gmail.com> wrote:
>
> does encryption has anything to do with this upon debugging I found its
> failing in CryptedUrlWebRequestCodingStrategy.java
>
> here is the method where it fails
>
> protected String decodeURL(final String url)
> {
> int startIndex = url.indexOf("?x=");
> if (startIndex == -1)
> {
> startIndex = url.indexOf("&x=");
> }
>
> if (startIndex != -1)
> {
> try
> {
> startIndex = startIndex + 3;
> final int endIndex = url.indexOf("&",
> startIndex);
> String secureParam;
> if (endIndex == -1)
> {
> secureParam =
> url.substring(startIndex);
> }
> else
> {
> secureParam =
> url.substring(startIndex, endIndex);
> }
>
> secureParam =
> WicketURLDecoder.QUERY_INSTANCE.decode(secureParam);
>
> // Get the crypt implementation from the
> application
> final ICrypt urlCrypt = Application.get()
> .getSecuritySettings()
> .getCryptFactory()
> .newCrypt();
>
> // Decrypt the query string
> String queryString =
> urlCrypt.decryptUrlSafe(secureParam);
>
> // The querystring might have been shortened
> (length reduced).
> // In that case, lengthen the query string
> again.
> queryString = rebuildUrl(queryString);
> return queryString;
> }
> catch (Exception ex)
> {
> return onError(ex, url);
> }
> }
> return null;
> }
> it fails at this line
> String queryString = urlCrypt.decryptUrlSafe(secureParam);
>
> why decrypt fails if session is invalidated ?
>
> James Carman-3 wrote:
>>
>> This works for me:
>>
>> final Link signOutLink = new Link("signOutLink")
>> {
>> public void onClick()
>> {
>> getSession().invalidate();
>> setResponsePage(getApplication().getHomePage());
>> setRedirect(true);
>> }
>>
>> public boolean isVisible()
>> {
>> return ((MySessionClass)getSession()).isSignedIn();
>> }
>> };
>>
>> I put that in my "base page" class so that it's visible everywhere.
>>
>> On Thu, Mar 25, 2010 at 11:30 AM, fachhoch <fachh...@gmail.com> wrote:
>>>
>>> I did as u said
>>> public class AuditSignOutPage extends SignOutPage
>>> {
>>>
>>> public AuditSignOutPage() {
>>> ((AuditWebSession)(Session.get())).signout();
>>> setRedirect(true);
>>> throw new RestartResponseException(SSISignOutPage.class);
>>> }
>>> }
>>>
>>>
>>> public class SSISignOutPage extends UnSecuredBasePage {
>>>
>>> public SSISignOutPage() {
>>> add(new AjaxLink<Void>("relogin"){
>>> �...@override
>>> public void onClick(AjaxRequestTarget target) {
>>> setResponsePage(new
>>> AuditWicketApplication.SignInPageHelper().getSignInPage());
>>> setRedirect(true);
>>> }
>>> });
>>> }
>>> }
>>> I click on the signout link AuditSignOutPage invalidates the session
>>> and send to SSISignOutPage .here this page gets loaded , I see the
>>> link
>>> relogin.
>>>
>>> when I click on the link relogin it should take me to my signinpage but
>>> again i am ending up with session expired page . I set the break point
>>> in onClick method but it never goes there ,
>>>
>>> please explain me what could be causing this ?
>>>
>>>
>>>
>>> Mauro Ciancio wrote:
>>>>
>>>> In order to implement my sign out page I've created a SignOutPage
>>>> that invokes the signOut method in AuthenticatedWebSession, then
>>>> setRedirect(true) and as final step I throw a:
>>>>
>>>> throw new RestartResponseException(HomePage.class).
>>>>
>>>> This makes the home page be processed (and the url in the navigation
>>>> bar remains /your_home_page_url).
>>>>
>>>> Here is the full code if you need it:
>>>>
>>>> public class LogOutPage extends WebPage {
>>>>
>>>> public LogOutPage() {
>>>> AuthenticatedWebSession.get().signOut();
>>>> setRedirect(true);
>>>> throw new RestartResponseException(HomePage.class);
>>>> }
>>>> }
>>>>
>>>> Cheers.
>>>>
>>>> On Thu, Mar 25, 2010 at 11:19 AM, fachhoch <fachh...@gmail.com> wrote:
>>>>>
>>>>> I initially tried etResponsePage(SSISignOutPage.class) it did not
>>>>> worked ,
>>>>> so used the new approach ,
>>>>>
>>>>> regarding what my SSISignOutPage it does nothing except for showing a
>>>>> link
>>>>> , before to that the control never goes to the page constructor ,
>>>>>
>>>>> I am assuming after a session is invalidated wicket removes all its
>>>>> pages
>>>>> from page map and its possible that it cannot find the page
>>>>> SSISignOutPage
>>>>> and for that reason do I get pageExpired error ?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> christian.giambalvo wrote:
>>>>>>
>>>>>> Depends on what your SSISignOutPage.class does.
>>>>>> But why don't use setResponsePage(SSISignOutPage.class) ??
>>>>>>
>>>>>> -----Ursprüngliche Nachricht-----
>>>>>> Von: tubin gen [mailto:fachh...@gmail.com]
>>>>>> Gesendet: Donnerstag, 25. März 2010 12:59
>>>>>> An: users
>>>>>> Betreff: signout and redirect
>>>>>>
>>>>>> here is my code to signout link.
>>>>>>
>>>>>> add(new Link<Void>("signout"){
>>>>>> @Override
>>>>>> public void onClick() {
>>>>>> ((AuditWebSession)(Session.get())).signout();
>>>>>> throw new RestartResponseException(SSISignOutPage.class);
>>>>>> }
>>>>>> });
>>>>>>
>>>>>> when user clicks on signout I expect to go to SSISignOutPage.
>>>>>> but I end up with a different page which is set in
>>>>>> applicationsettings
>>>>>>
>>>>>> IApplicationSettings settings= super.getApplicationSettings();
>>>>>> settings.setPageExpiredErrorPage(SessionExpiredPage.class);
>>>>>>
>>>>>>
>>>>>> the SessionExpiredPage .
>>>>>> please tell me what could be causing this ?
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>>>>>> For additional commands, e-mail: users-h...@wicket.apache.org
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> View this message in context:
>>>>> http://old.nabble.com/signout-and-redirect-tp28027857p28029507.html
>>>>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>>>>> For additional commands, e-mail: users-h...@wicket.apache.org
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Mauro Ciancio <maurociancio at gmail dot com>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>>>> For additional commands, e-mail: users-h...@wicket.apache.org
>>>>
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://old.nabble.com/signout-and-redirect-tp28027857p28030542.html
>>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>>> For additional commands, e-mail: users-h...@wicket.apache.org
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>> For additional commands, e-mail: users-h...@wicket.apache.org
>>
>>
>>
>
> --
> View this message in context:
> http://old.nabble.com/signout-and-redirect-tp28027857p28030831.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
