Hi everyone. I am using spring security 3 with auth-roles and wicket 1.5M3, and I have a real basic implementation following the cwiki guide.
It works but brokes easily: just clicking on a Home link continuosly cause the stored authentication object to get lost, in fact the SecurityContextImpl instance returned by the SecurityContextHolder (using, as of default, the ThreadLocalSecurityContextHolderStrategy) is different and of course contains a null Authentication and not the one I stored at login and that has been used for a short while. See a little log that prints the actual SecurityContext used in my implementation of AuthenticatedWebSession: 1. context: org.springframework.security.core.context.SecurityContextImpl@24c1c9c7: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@24c1c9c7: Principal: org.springframework.security.core.userdetails.User@621fc8c7: Username: daniele.dellafiore; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ADMIN 2. (the immediate next call, seconds later) context: org.springframework.security.core.context.SecurityContextImpl@ffffffff: Null authentication See, different instance. How can this happen apparently random? What should I check? I used this guide: https://cwiki.apache.org/WICKET/spring-security-and-wicket-auth-roles.html following Spring security version 3 and wicket 1.4 path The only difference is that I still use in the app init() getComponentInstantiationListeners().add(new SpringComponentInjector(this, context)); where "context" var is autowired and this is my web.xml (substantially identical to the cwiki one) <context-param> <param-name>contextConfigLocation</param-name> <param-value> classpath*:web-application.xml classpath*:security.xml </param-value> </context-param> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <filter> <filter-name>fenotipi</filter-name> <filter-class>org.apache.wicket.protocol.http.WicketFilter</filter-class> <init-param> <param-name>applicationFactoryClassName</param-name> <param-value>org.apache.wicket.spring.SpringWebApplicationFactory</param-value> </init-param> </filter> <filter-mapping> <filter-name>fenotipi</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <session-config> <session-timeout>60</session-timeout> </session-config> -- Daniele Dellafiore http://danieledellafiore.net --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org