Wicket
  1. Wicket
  2. WICKET-2201

Auto login issue because cookie retrieval fails

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Won't Fix
    • Affects Version/s: 1.4-RC2
    • Fix Version/s: None
    • Component/s: wicket
    • Labels:
      None
    • Environment:
      doesnt matter. i have tried both unix and windows

      Description

      1. auto-login.patch
        34 kB
        Murat Yücel
      2. cookie-project.rar
        11 kB
        Murat Yücel
      3. SignIn2.java
        3 kB
        Murat Yücel
      4. SignInPanel.java
        7 kB
        Murat Yücel

        Issue Links

          Activity

          Murat Yücel created issue -
          Hide
          Murat Yücel added a comment -

          a quickstart project which has the issue.

          Show
          Murat Yücel added a comment - a quickstart project which has the issue.
          Murat Yücel made changes -
          Field Original Value New Value
          Attachment cookie-project.rar [ 12404387 ]
          Hide
          Juergen Donnerstag added a comment -

          Your quickstart is rather confusing, since you are seem to try to persist and read the cookies yourself. Please have a look at wicket.-examples signin and signin2 for how to do it the wicket way. If it is still doesn't work, than please update the quickstart, after stripping it down to the bare minimum necessary to validate the bug. Thanks.

          Show
          Juergen Donnerstag added a comment - Your quickstart is rather confusing, since you are seem to try to persist and read the cookies yourself. Please have a look at wicket.-examples signin and signin2 for how to do it the wicket way. If it is still doesn't work, than please update the quickstart, after stripping it down to the bare minimum necessary to validate the bug. Thanks.
          Hide
          Murat Yücel added a comment -

          Hi Juergen

          The auto-login part is not covered in the wicket-examples mentioned. The part that is mentioned is auto persistens. That works perfectly fine.

          My problem is that i want to create a cookie which i can read again so i can check the values against the database and auto login the user.

          If you read the nabble thread then Peter from the j-trac project is doing the same thing. And i am pretty sure this code worked once in wicket 1.3.x, but now i doesnt work anymore.

          /Murat

          Show
          Murat Yücel added a comment - Hi Juergen The auto-login part is not covered in the wicket-examples mentioned. The part that is mentioned is auto persistens. That works perfectly fine. My problem is that i want to create a cookie which i can read again so i can check the values against the database and auto login the user. If you read the nabble thread then Peter from the j-trac project is doing the same thing. And i am pretty sure this code worked once in wicket 1.3.x, but now i doesnt work anymore. /Murat
          Hide
          Juergen Donnerstag added a comment -

          Murat,

          Try this:
          1) go to http://www.wicket-library.com/wicket-examples/signin2 and sign in with "wicket" and "wicket".
          2) the application will forward you to the home page
          3) close your browser
          4) open the browser
          5) go to http://www.wicket-library.com/wicket-examples/signin2 again and you will immediately be forwarded to the home page.

          That works because

          • in step 1 Wicket will create two cookies for you: login name and password (encrypted).
          • in step 5 Wicket will automatically load your login name and password with the cookie values stored in step 1 (decrypting the password). Still before the login page is rendered these values are used to authenticate the user and if successful the login page is skipped and the user gets redirected to the original url. The example application doesn't use a database to authenticate a user but that is the only source code you need to change.

          Juergen

          Show
          Juergen Donnerstag added a comment - Murat, Try this: 1) go to http://www.wicket-library.com/wicket-examples/signin2 and sign in with "wicket" and "wicket". 2) the application will forward you to the home page 3) close your browser 4) open the browser 5) go to http://www.wicket-library.com/wicket-examples/signin2 again and you will immediately be forwarded to the home page. That works because in step 1 Wicket will create two cookies for you: login name and password (encrypted). in step 5 Wicket will automatically load your login name and password with the cookie values stored in step 1 (decrypting the password). Still before the login page is rendered these values are used to authenticate the user and if successful the login page is skipped and the user gets redirected to the original url. The example application doesn't use a database to authenticate a user but that is the only source code you need to change. Juergen
          Hide
          Murat Yücel added a comment -

          Hi Juergen

          Thanks for the quick response. I have just tested the flow with the provided url, but it doesnt work for me.
          I have tested with IE7. I dont know if the browser has any meaning. I cannot use FF because it will remember
          my session even if i close the browser. I have a session plugin.

          /Murat

          Show
          Murat Yücel added a comment - Hi Juergen Thanks for the quick response. I have just tested the flow with the provided url, but it doesnt work for me. I have tested with IE7. I dont know if the browser has any meaning. I cannot use FF because it will remember my session even if i close the browser. I have a session plugin. /Murat
          Hide
          Juergen Donnerstag added a comment -

          I've tested it with IE6, IE7, FF3 and Opera and it is working with me. Don't know about your FF plugin but a plain IE7 will do. What exactly is the problem your are experiencing. If you are not even able to open the page, than may be check your brower connection settings (proxy etc.)

          Show
          Juergen Donnerstag added a comment - I've tested it with IE6, IE7, FF3 and Opera and it is working with me. Don't know about your FF plugin but a plain IE7 will do. What exactly is the problem your are experiencing. If you are not even able to open the page, than may be check your brower connection settings (proxy etc.)
          Hide
          Murat Yücel added a comment -

          I have uninstalled the session plugin to FF. I did a test with FF, IE7, Chrome and Opera but browsers fail.
          I am expecting to be auto login. I want to see the page after you login even though the session is gone. But instead i am seing the login page. The only difference is that the username is auto filled out.

          Show
          Murat Yücel added a comment - I have uninstalled the session plugin to FF. I did a test with FF, IE7, Chrome and Opera but browsers fail. I am expecting to be auto login. I want to see the page after you login even though the session is gone. But instead i am seing the login page. The only difference is that the username is auto filled out.
          Hide
          Juergen Donnerstag added a comment -

          Sorry, my fault. I tested with an old version. PasswordTexField doesn't get persisted any more

          Show
          Juergen Donnerstag added a comment - Sorry, my fault. I tested with an old version. PasswordTexField doesn't get persisted any more
          Hide
          Murat Yücel added a comment -

          What is your suggestion? Would this work?

          new PasswordTextField("password") {
          @Override
          protected boolean supportsPersistence()

          { return true; }

          }

          Show
          Murat Yücel added a comment - What is your suggestion? Would this work? new PasswordTextField("password") { @Override protected boolean supportsPersistence() { return true; } }
          Hide
          Murat Yücel added a comment -

          I have checked out wicket-examples and added persistence flag. Still no auto login. The persistence flag is just prefilling the password textfield.

          Show
          Murat Yücel added a comment - I have checked out wicket-examples and added persistence flag. Still no auto login. The persistence flag is just prefilling the password textfield.
          Hide
          Johan Compagner added a comment -

          you have to program auto login yourself. The submit of your form isnt called by wicket themselfs if there are cookies..

          Show
          Johan Compagner added a comment - you have to program auto login yourself. The submit of your form isnt called by wicket themselfs if there are cookies..
          Hide
          Murat Yücel added a comment -

          Yes and now we are getting back to my problem. Because i have made the logic for auto login, but it doesnt work. When i am creating cookies then i am either not able to retrieve them or the maxAge is set to -1 which is wrong. I have attached two modified classes from the wicket examples. Then you can verify whether or not i am doing something wrong.

          Show
          Murat Yücel added a comment - Yes and now we are getting back to my problem. Because i have made the logic for auto login, but it doesnt work. When i am creating cookies then i am either not able to retrieve them or the maxAge is set to -1 which is wrong. I have attached two modified classes from the wicket examples. Then you can verify whether or not i am doing something wrong.
          Hide
          Murat Yücel added a comment -

          Modified code from wicket-examples

          Show
          Murat Yücel added a comment - Modified code from wicket-examples
          Murat Yücel made changes -
          Attachment SignInPanel.java [ 12404823 ]
          Attachment SignIn2.java [ 12404824 ]
          Juergen Donnerstag made changes -
          Link This issue relates to WICKET-2213 [ WICKET-2213 ]
          Hide
          Juergen Donnerstag added a comment -

          Please have a look at 2213 and the patch attacht there. Apply the changes made to the SignIn2.java only. May be you need to apply the CookieValuePersister changes as well.

          Show
          Juergen Donnerstag added a comment - Please have a look at 2213 and the patch attacht there. Apply the changes made to the SignIn2.java only. May be you need to apply the CookieValuePersister changes as well.
          Hide
          Murat Yücel added a comment - - edited

          Hi Juergen

          I needed to make changes to more classes. I have added an auto login patch for wicket-1.4-rc2. You can see the changes here.

          The patch works perfectly fine. When can i expect that it will be released? and will it be released for wicket-1.4-rc3???

          /Murat

          Show
          Murat Yücel added a comment - - edited Hi Juergen I needed to make changes to more classes. I have added an auto login patch for wicket-1.4-rc2. You can see the changes here. The patch works perfectly fine. When can i expect that it will be released? and will it be released for wicket-1.4-rc3??? /Murat
          Murat Yücel made changes -
          Attachment auto-login.patch [ 12405478 ]
          Hide
          Murat Yücel added a comment -

          One thing that i miss is that the username should still be autofilled when logging out

          Show
          Murat Yücel added a comment - One thing that i miss is that the username should still be autofilled when logging out
          Hide
          Igor Vaynberg added a comment -

          wicket does not provide any kind of auto-login functionality, you have to implement that yourself. you have to set your own cookies as well. i have implemented autologin on numeral occasions and it has worked just fine, the simplest way to do this is to check for the cookie inside the auth strategy and instead of redirecting to the login page authenticate the user if the cookie is correct.

          Show
          Igor Vaynberg added a comment - wicket does not provide any kind of auto-login functionality, you have to implement that yourself. you have to set your own cookies as well. i have implemented autologin on numeral occasions and it has worked just fine, the simplest way to do this is to check for the cookie inside the auth strategy and instead of redirecting to the login page authenticate the user if the cookie is correct.
          Igor Vaynberg made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Assignee Igor Vaynberg [ ivaynberg ]
          Resolution Won't Fix [ 2 ]
          Hide
          Murat Yücel added a comment -

          Hi Igor

          I think you are misunderstanding the issue. The problem is not that i want wicket to implement auto login functionality. Then i would have written feature request. The problem is that i am not able to make the auto login functionality in wicket-1.4rc2. The cookie save or retrieval is somehow broken.

          The code i was using before is no longer working after an upgrade to a never wicket version. If you have an example which is working for wicket-1.4rc2 then you are more than welcome to send it to me.

          Johan has send an example but the changes requires changes in the wicket core.

          Show
          Murat Yücel added a comment - Hi Igor I think you are misunderstanding the issue. The problem is not that i want wicket to implement auto login functionality. Then i would have written feature request. The problem is that i am not able to make the auto login functionality in wicket-1.4rc2. The cookie save or retrieval is somehow broken. The code i was using before is no longer working after an upgrade to a never wicket version. If you have an example which is working for wicket-1.4rc2 then you are more than welcome to send it to me. Johan has send an example but the changes requires changes in the wicket core.
          Hide
          Igor Vaynberg added a comment -

          setting and reading cookies is outside the scope of wicket, this is j2ee territory. wicket forwards all your cookie requests to the underlying httpservletrequest so if something is not working it is likely some bug on your side.

          if you have a project that demonstrates the problem maybe someone will look into it.

          looking into your "cookie-project.rar", there cookies are written and read just fine when the code actually executes, eg WicketApplication:65 and 66 produce the following output:

          email = test
          password = test

          if you change your homepage to extend authenticatedpage so the code actually has a chance to execute.

          Show
          Igor Vaynberg added a comment - setting and reading cookies is outside the scope of wicket, this is j2ee territory. wicket forwards all your cookie requests to the underlying httpservletrequest so if something is not working it is likely some bug on your side. if you have a project that demonstrates the problem maybe someone will look into it. looking into your "cookie-project.rar", there cookies are written and read just fine when the code actually executes, eg WicketApplication:65 and 66 produce the following output: email = test password = test if you change your homepage to extend authenticatedpage so the code actually has a chance to execute.

            People

            • Assignee:
              Igor Vaynberg
              Reporter:
              Murat Yücel
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development