Redirect to original page not working

Question

I am trying to create a Wicket 7.8.0 application, and everything works correctly, except the page redirection to the original page accessed before logging in.

Whenever I try to access a secured page without being logged in, I'm correctly redirected to the SignIn page, but once I'm logged in, I'm redirected to the homepage instead of the original page.

Here is my application class:

public class MyApplication extends AuthenticatedWebApplication {

    ...

    @Override
    public void init() {
        super.init();

        MetaDataRoleAuthorizationStrategy.authorize(HomePage.class, "TEST_ROLE");
        MetaDataRoleAuthorizationStrategy.authorize(SecuredPage.class, "TEST_ROLE");

        this.mountPage("signin", SignInPage.class);
        this.mountPage("homepage", HomePage.class);
        this.mountPage("secured/secured", SecuredPage.class);
        //this page is secured with annotations
        this.mountPage("secured/another", AnotherSecuredPage.class);

        this.getRequestCycleSettings().setGatherExtendedBrowserInfo(true);
    }
}

In order to login, I'm using a very simplified SignIn page:

public class SignInPage extends WebPage {

    private String username;
    private String password;

    private static final long   serialVersionUID    = 8096706227164750788L;

    public SignInPage() {
        this.add(new FeedbackPanel("feedback"));
        final Form<SignInPage> form = new Form<>("form");
        form.add(new TextField<>("username", new PropertyModel<String>(this, "username")));
        form.add(new PasswordTextField("password", new PropertyModel<String>(this, "password")));
        form.add(new SubmitLink("submit") {

            private static final long   serialVersionUID    = 6057698894229534492L;

            @Override
            public void onSubmit() {
                final Session session = SignInPage.this.getSession();
                if(session.signIn(SignInPage.this.username, SignInPage.this.password)) {
                    this.continueToOriginalDestination();
                    setResponsePage(getApplication().getHomePage());
                }
                else {
                    SignInPage.this.error("Bad username / password combo!");
                }
            }

        });
        final WebClientInfo clientInfo = (WebClientInfo) this.getSession().getClientInfo();
        this.add(new Label("userAgent", clientInfo.getUserAgent()));
        this.add(form);
    }
}

As soon as I have logged in at least once in the application though, if I logout again, the redirect to the original page does work every time when log back in.

What I am doing wrong?

Answer 1

After debugging further, I found the problem.

In my application's init(), I am gathering browser information with this.getRequestCycleSettings().setGatherExtendedBrowserInfo(true);. And on the SignInPage , I am calling (WebClientInfo) this.getSession().getClientInfo() . This results in Wicket redirecting to an intermediary page that will gather browser information and put it in the session on the very first call to the sign in page, when the session hasn't been initialized yet.

As a result of this intermediary redirect, the original page url gets lost. It looks like a bug in Wicket to me.

The only way i found to fix this problem is to replace the WebClientInfo object by simply retrieving the raw User-Agent header directly from the request, and process it manually:

1. Remove this.getRequestCycleSettings().setGatherExtendedBrowserInfo(true); from the application init.

2. In the SignInPage class, replace

   final WebClientInfo clientInfo = (WebClientInfo) this.getSession().getClientInfo();
   this.add(new Label("userAgent", clientInfo.getUserAgent()));
   

   with

   final WebRequest webRequest = ((WebRequest)this.getRequest());
   this.add(new Label("userAgent", webRequest.getHeader("User-Agent")));
   

Now, there is no more intermidiary redirect, and the redirect to the original page works correctly.