Recently Wicket put me in another problem of Session out. In normal web application what we do is simply declare session-timeout in web. xml and it works fine for us. But in wicket specifying session timeout in web.xml is not working anymore. But I need session time out for my application badly. Also I can't implemt Ajax Behavior or Ajax Timer for every class to check the session time out. That why I need some ay out to implement session time out for my program to work. Any help is appreciated.
My wicket version is 6.3.0.
Wicket does not manage session duration at all. I think you've misconfigured your servlet container. Try with an empty Wicket project to verify what I say.
If you need to handle session timeout you can set handler in the Application init method:
getApplicationSettings().setPageExpiredErrorPage(MyExpiredPage.class);
More info here.
Well if you want to do it programmatically...
This is how I did it using Wicket 1.5.7 (Pax-Wicket) and the servlet-api. I placed this code in the base page class of my application in which all pages extend.
int sessionTimeout = // session timeout
Request request = RequestCycle.get().getRequest();
if(request instanceof WebRequest) {
ServletWebRequest wr = (ServletWebRequest) request;
HttpSession session = wr.getContainerRequest().getSession();
if(session != null) {
session.setMaxInactiveInterval(sessionTimeout);
}
}
Related
I'm using Wicket 6, and we have a situation where a user is hitting back and it's loading the page without initializing it from the page history. I want the page init to run so that data is read fresh and things are in the proper state. How can I make wicket do this?
I thought I was already doing this with a custom MountedMapper that someone had suggested long ago, but I have a breakpoint in the page constructor (the one that accepts PageParameters) and it's not running.
The custom MountedMapper:
if (requestHandler instanceof ListenerInterfaceRequestHandler || requestHandler instanceof BookmarkableListenerInterfaceRequestHandler) {
return null;
} else {
return super.mapHandler(requestHandler);
}
You could make your page stateless, so it is recreated on each access.
Or improved your page, so that it loads fresh data on each render:
either use appropriate models that automatically deliver up-to-date data or override #onConfigure() and update,
In an ASPNet Webapplication, we currently use Sustainsys.Saml2 for our authentication against Okta.
This works well, however we would like to keep track of our users-login's inside the application.
So far we tried multiple eventhandlers HttpApplication.PostAuthenticateRequest, or the events on SessionAuthenticationModule but we cant seem to find the spot to capture the event.
Solution is ASP.Net MVC 5, with framework 4.7.2 and SustainSys.Saml2 1.0.2, with the Identitymodel implementation.
Any thoughts on this, apart from 'Upgrade' ?
TIA
I ended up with using the AcsCommandResultCreated.
For future reference, i added this to Application_Start :
// Capture the Login Event
Sustainsys.Saml2.Configuration.Options.FromConfiguration.Notifications
.AcsCommandResultCreated = (commandResult, response) =>
{
var username = commandResult.Principal.FindFirst(c => c.Type ==
ClaimTypes.NameIdentifier).Value;
System.Diagnostics.Debug.Write($"{username} logged in at {DateTime.Now}");
};
Use the AcsCommandResultCreated notification. The name is maybe not that clear, but it is called right after the Saml2 message is validated and before the call to the ?SessionAuthenticationModule
I was tasked with modifying a wicket6/glassfish4 application so that the session id changes as soon as a user logs in. This is to avoid the problem of Session Fixation. I used the replaceSession() method (from the wicket Session class), which does a destroy() and a bind(). replaceSession(). It seems to do the trick as the session id does indeed change. The problem is that now we see a jsessionid in the url everytime we initially log on. The id goes away after you log in and only appears on the initial launch.
My question is, is there a way to ensure that no jessionid appears in the url AND that the session id changes? Any advice would be greatly appreciated.
Use
<session-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
in your web.xml.
In some circumstances, I have to pass a request to a Wicket page to another Wicket page on the server side, i.e. forward maintaining the URL in the browser address bar, but passing the page parameters to the second page.
Before Wicket 1.5, I could do
public MyPage(PageParameters params) {
// some logic here to decide whether and where to forward
setRedirect(false);
setResponsePage(MyOtherPage.class, params);
}
As setRedirect(boolean) no longer exists, is there a way to achieve a server-side forward in later Wicket versions?
A colleague just found the solution here:
http://mail-archives.apache.org/mod_mbox/wicket-users/201203.mbox/%3CCAMomwMr2fkO38E3d9RTk5TEmuf0Vx66F46F8eYs84Bb3bVtPgA#mail.gmail.com%3E
Now it is:
RequestCycle.get().scheduleRequestHandlerAfterCurrent(new RenderPageRequestHandler(new PageProvider(MyOtherPage.class, params), RenderPageRequestHandler.RedirectPolicy.NEVER_REDIRECT));
Scary piece of code... does not look elegant at all, but works.
On Wicket 6 you can redirect to another page in a simpler way, throwing RestartResponseAtInterceptPageException at any point in your page code:
throw new RestartResponseAtInterceptPageException(WicketPage.class)
It worked fine for me...
You should be able to simply do:
throw new RestartResponseException(MyOtherPage.class, params);
im a newbie both in spring security and spring-security-facebook and in an app that we are building we have to couple them.Everything is working well i will need to know the way to listen to the facebook login success event. is there some one that already did a stuff that impose him to catch the facebook event success?? I need that because in the begining of the app (before adding the spring -security-Facebook plugin ); we have a special behaviour attached to the "grails.plugins.springsecurity.onInteractiveAuthenticationSuccessEvent" event (configured in the config.groovy file) and we have to execute the same special behaviour when the user connect with facebook account. Is there an event (extending springsecurity kinds of events) that we have to listen to?
any idea ??
Ps: when searching for solution we found a way to catch the FB js Events and work around to reach what we want as result but we would as possible to want to not go that way ....
The problem with it that current Spring Security Facebook authenticates user on each request (by listening to FB cookie, transparently), so you'll get this event on each request. Probably it's not what you want, right? It the same as having a filter on each request.
Btw, you can handle situation when user login into your app first time, but implementing onCreate(user, token) or afterCreate(user, token) in service FacebookAuthService (you have to create such service at this case)
Example:
File grails-app/services/FacebookAuthService.groovy:
class FacebookAuthService {
void afterCreate(def user, def token) {
log.info("New user!") //or any code there
}
}