Uploaded image for project: 'Wicket'
  1. Wicket
  2. WICKET-2971

Refactor AuthenticatedWebSession class, introduce DefaultAuthenticatedWebSession class

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.4.9
    • 1.5-RC1
    • wicket-auth-roles
    • None

    Description

      From my experience of Apache Wicket & Spring Security integration I came to the conclusion that current wicket-auth-roles implementation isn't flexible enough: with the usage of Spring Security form login or HTTP Basic Authentication mechanisms there are no definite points to call AuthenticatedWebSession.signIn() and AuthenticatedWebSession.signOut() methods, 'cause login / logout procedure is completely managed by Spring Security. I think AuthenticatedWebSession should be refactored as following:

      public abstract class AuthenticatedWebSession extends WebSession {
      . . .
      public abstract Roles getRoles();

      public abstract Object getUser();

      public abstract boolean isSignedIn();
      . . .
      }

      and current version of AuthenticatedWebSession class will become DefaultAuthenticatedWebSession class that extends AuthenticatedWebSession.

      The point is to have an opportunity to delegate user / roles / sign in state management to some framework (e.g. Spring Security) when it's possible or to use custom implementation (i.e. subclass DefaultAuthenticatedWebSession). At the moment isSignedIn() method is declared final, and workaround as isSignedIn(boolean) method doesn't look pretty.

      Attachments

        1. wicket-auth-roles.patch
          6 kB
          Leonid Bogdanov
        2. SpringSecurityWebSession.java
          2 kB
          Leonid Bogdanov

        Activity

          People

            jdonnerstag Juegen Donnerstag
            von_zeppelin Leonid Bogdanov
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 2h
                2h
                Remaining:
                Remaining Estimate - 2h
                2h
                Logged:
                Time Spent - Not Specified
                Not Specified