I just remembered a little snag, this is not going to work because i currently use the context to ask if the component, class, model is authenticated by this context. So i really need it atm.
Looks like i need to think this trough a little better. but first i gotta grab some sleep. Maurice On 6/9/07, craigdd <[EMAIL PROTECTED]> wrote: > > Sounds like a pretty good idea, I like that much better than having the user > need to know they need to cleanup data state in their LoginContext. > > Another idea might be to have the LoginContext provide a method that returns > a unique identifier. That value could be store internally and the user can > pass anything they want, I'd assume the default would be to return the > username which is completely fair to be in the session. > > Without looking too closely at the code you could also use this identifier > during logout. > > -Craig > > > Mr Mean wrote: > > > > Just thinking out loud here, but it shouldn't be too difficult to > > change this into holding a hash of the logincontext instead of the > > whole context. Since the equals contract already specifies that equal > > object should have equal hashes The equals check can be easily > > performed on the hash, HashMap actually uses the hash before it uses > > the equal, so i do not see much problems here. And it is not like you > > are gonna have an army of logincontexts in each session. > > > > Ill see if i can implement this sometime tomorrow. > > > > Thanks again for pointing this out, if you think there are more of > > this kind of problems just let me know. > > > > Maurice > > > > P.S. i guess an api for getting the original logincontext is out of > > the question then :) > > > > > > On 6/8/07, craigdd <[EMAIL PROTECTED]> wrote: > >> > >> Are you saying then that the instance of LoginContext used to login is > >> held > >> onto in the WASPSession, via the security framework? > >> > >> If so then this brings up a huge security issue, as least the way the API > >> sits and the examples showing that a LoginContext takes a username and > >> password in its constructor. This mean that a password(probably plain > >> text) > >> is available in the session which is usually a big no no when it comes to > >> a > >> secure application. I've been through a few security probes from banks > >> on > >> various online applications that that is one of the first thing they look > >> for / ask. "Are you holding onto the password?" > >> > >> -Craig > >> > >> > >> Mr Mean wrote: > >> > > >> > There is currently no way to grab the login context, so you could > >> > store it yourself (there migh be multiple logintexts though). But the > >> > good news is you don't have to store it if you don't want to. The > >> > logoff performs an equals check and currently every logincontext of > >> > the same class and level is equal to another. So if you login using a > >> > MySingleLoginContext(username, password) you can logoff with any new > >> > instance of that class (logoff(new MySingleLoginContext());) > >> > > >> > However if you feel you need to have access to the original instance, > >> > for instance because you want to know the username, i can always > >> > include such a method in the api. > >> > > >> > Maurice > >> > > >> > On 6/8/07, craigdd <[EMAIL PROTECTED]> wrote: > >> >> > >> >> I see that the WASPSession.logout method takes a LoginContext. Is > >> there > >> >> somewhere within the SWARM implementation to grab the LoginContext > >> used > >> >> to > >> >> login? Or when logging in is it up to the developer to put the > >> >> LoginContext > >> >> somewhere...say maybe the session itself? > >> >> > >> >> Thanks > >> >> Craig > >> >> -- > >> >> View this message in context: > >> >> > >> http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11018551 > >> >> Sent from the Wicket - User mailing list archive at Nabble.com. > >> >> > >> >> > >> >> > >> ------------------------------------------------------------------------- > >> >> This SF.net email is sponsored by DB2 Express > >> >> Download DB2 Express C - the FREE version of DB2 express and take > >> >> control of your XML. No limits. Just data. Click to get it now. > >> >> http://sourceforge.net/powerbar/db2/ > >> >> _______________________________________________ > >> >> Wicket-user mailing list > >> >> Wicket-user@lists.sourceforge.net > >> >> https://lists.sourceforge.net/lists/listinfo/wicket-user > >> >> > >> > > >> > > >> ------------------------------------------------------------------------- > >> > This SF.net email is sponsored by DB2 Express > >> > Download DB2 Express C - the FREE version of DB2 express and take > >> > control of your XML. No limits. Just data. Click to get it now. > >> > http://sourceforge.net/powerbar/db2/ > >> > _______________________________________________ > >> > Wicket-user mailing list > >> > Wicket-user@lists.sourceforge.net > >> > https://lists.sourceforge.net/lists/listinfo/wicket-user > >> > > >> > > >> > >> -- > >> View this message in context: > >> http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11033924 > >> Sent from the Wicket - User mailing list archive at Nabble.com. > >> > >> > >> ------------------------------------------------------------------------- > >> This SF.net email is sponsored by DB2 Express > >> Download DB2 Express C - the FREE version of DB2 express and take > >> control of your XML. No limits. Just data. Click to get it now. > >> http://sourceforge.net/powerbar/db2/ > >> _______________________________________________ > >> Wicket-user mailing list > >> Wicket-user@lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/wicket-user > >> > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by DB2 Express > > Download DB2 Express C - the FREE version of DB2 express and take > > control of your XML. No limits. Just data. Click to get it now. > > http://sourceforge.net/powerbar/db2/ > > _______________________________________________ > > Wicket-user mailing list > > Wicket-user@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/wicket-user > > > > > > -- > View this message in context: > http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11035304 > Sent from the Wicket - User mailing list archive at Nabble.com. > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Wicket-user mailing list > Wicket-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wicket-user > ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user