CODEWITHSUNDEEP
javasessionwicket
Oiew
Oiew

Reputation: 1529

Adding attributes to Wicket session

There is an implementation of WebSession, which supposed to store ID of logged user:

public class SecurityWebSession extends AuthenticatedWebSession {

    public SecurityWebSession(Request request) {
        super(request);
        bind();
    }

    ...

    @Override
    public boolean authenticate(String username, String password) {
        user = usersFacadeLocal.findByEmail(username);
        if (user != null) {
            try {
                boolean valid = PasswordHash.validatePassword(password, user.getPassword());
                if (valid) {
                   WebSession.get().setAttribute(USER_ID, user.getId());
                }
                return valid;
            } catch (Exception ex) {
                logger.error("Authenticate ERROR", ex);
            }
        }
        return false;
    }
}

However, when I access SecurityWebSession to get ID of logged user from WebPage class, it returns null. I came across that Session does not store values which were added from its body. But it perfectly stores values if set them from classes inherited from Wicket's WebPage.

I did not find any mention in documentation about this situation. How can I add to Session attributes from Session?

Upvotes: 1

Views: 904

Answers (2)

martin-g
martin-g

Reputation: 17533

Do you use Wicket 6.19.0 by chance?
If this is the case then you hit https://issues.apache.org/jira/browse/WICKET-5845. It is fixed in 6.20.0.
If this is not the case then please create a new ticket with a quickstart application showing the problem. Thanks!

Upvotes: 4

Thorsten Wendelmuth
Thorsten Wendelmuth

Reputation: 780

I guess the problem lies within AuthenticatedWebSession.signIn(final String username, final String password).

This one calls your authenticate method and will destroy() and bind() your session again (this is done to avoid Session fixation).

You can however temporarily store the values you need by overriding replaceSession():

// this will be called *after* a successful authenticate
@Override
public void replaceSession() {
    //temp store any values you want to carry over to the new session...
    super.replaceSession();
    //reset them to the session after super.replaceSession();
}

Upvotes: 0

Related Questions