1) Upgraded our code from wicket 1.4.9 to wicket 6.6 and from jdk 1.6 to Jdk 1.8 2)First time i am able to log in application, if i click logout and click login link from homepage getting session expired, Is there any modification is required in wicket 6.6 to work fine in IE and FireFox, old code(wicket 1.4.9) was working fine in all 3 browsers. 3)We are using Jboss-eap-7.0 server This the servlet class responsible for JSESSIONID
package com.bnaf.servlet;
import static com.bnaf.CLAS.clasConfiguration;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.grlea.log.SimpleLogger;
import org.owasp.esapi.ESAPI;
import com.bnaf.utils.Constants;
import com.bnaf.utils.RedirectUrlBuilder;
public class ReqAuthnServlet extends HttpServlet {
private static final SimpleLogger log = new SimpleLogger(ReqAuthnServlet.class);
private HttpServletResponse response = null;
public void init(ServletConfig config) throws ServletException {
super.init(config);
}
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
log.info("*********************************************************");
log.info(" Authentication request process initiated ");
log.info("**********************************************************");
this.response = response;
// Valid request parameters
ESAPI.httpUtilities().setCurrentHTTP(request, response);
String sessionIdReq = ServletHelper.getSafeValue(request, "sessionid");
log.debug("Authentication request received. sessionIdReq: [" + sessionIdReq + "]");
if (sessionIdReq == null || sessionIdReq.equals("")) {
log.error("Failed to find requested session ID!");
String message = Constants.ERROR_CODE_ILLEGAL_ARGS + ";" + Constants.ERROR_MSG_ILLEGAL_ARGS;
handleResponse(HttpServletResponse.SC_BAD_REQUEST, message);
return;
}
sessionIdReq = sessionIdReq.trim();
if (request.getSession(false) != null) {
request.getSession(false).invalidate(); // invalidate old session
}
Cookie cookie = new Cookie("JSESSIONID", sessionIdReq);
cookie.setMaxAge(-1);
response.addCookie(cookie);
String authnURL = constructRedirectUrl(request, clasConfiguration().getAuthnURL()) + ";jsessionid=" + sessionIdReq;
log.debug("authnURL = " + authnURL);
response.sendRedirect(response.encodeRedirectURL(authnURL));
log.info(" ****** Generated authentication URL ****** " + authnURL);
log.info(" ****** Authentication request process completed ****** ");
}
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}
private String constructRedirectUrl(HttpServletRequest request, String path) {
// construct redirect url base
RedirectUrlBuilder urlBuilder = new RedirectUrlBuilder();
urlBuilder.setScheme(request.getScheme());
urlBuilder.setServerName(request.getServerName());
urlBuilder.setPort(request.getServerPort());
urlBuilder.setContextPath(request.getContextPath());
urlBuilder.setServletPath(path);
return urlBuilder.getUrl();
}
private void handleResponse(int status, String msg) throws IOException {
if (status != HttpServletResponse.SC_OK) {
response.sendError(status, msg);
} else {
this.response.setStatus(status);
PrintWriter out = this.response.getWriter();
out.println(msg);
out.flush();
out.close();
}
}
}
Below code is in wicket6.6 -- you can find log out method, where session is invalidated.
import static com.bnaf.CLAS.clasConfiguration;
import java.util.List;
import java.util.Locale;
import org.apache.commons.lang.WordUtils;
import org.apache.wicket.RestartResponseException;
import org.apache.wicket.core.request.handler.PageProvider;
import org.apache.wicket.core.request.handler.RenderPageRequestHandler;
import org.apache.wicket.markup.head.CssHeaderItem;
import org.apache.wicket.markup.head.IHeaderResponse;
import org.apache.wicket.markup.html.WebPage;
import org.apache.wicket.markup.html.basic.Label;
import org.apache.wicket.markup.html.link.BookmarkablePageLink;
import org.apache.wicket.markup.html.link.Link;
import org.apache.wicket.markup.html.link.PopupSettings;
import org.apache.wicket.request.cycle.RequestCycle;
import org.apache.wicket.request.http.WebResponse;//new
import org.apache.wicket.request.http.handler.RedirectRequestHandler;//news
import org.apache.wicket.request.mapper.parameter.PageParameters;//new
import org.apache.wicket.request.resource.CssPackageResource;//new
import org.bouncycastle.ocsp.RespData;
import org.grlea.log.SimpleLogger;
import com.bnaf.exception.AuthenticationServiceException;
import com.bnaf.model.ClasDB;
import com.bnaf.utils.Constants;
import com.bnaf.web.ClasApplication;
import com.bnaf.web.UserSession;
import com.bnaf.web.common.panel.ClasBaseAfterLoginPanel;
import com.bnaf.web.onlineregistration.ui.BnafContactAddress;
import com.bnaf.web.onlineregistration.ui.BnafPrivacyPolicy;
import com.bnaf.web.onlineregistration.ui.BnafServCenter;
public class ClasBaseAfterLogin extends WebPage {
ClasDB user;
String userId;
protected String accountType = "";
private static final SimpleLogger LOG = new SimpleLogger(ClasBaseAfterLogin.class);
public ClasBaseAfterLogin(PageParameters parameters) {
String ticket = parameters.get("ticket").toString();
String clasSessionId = parameters.get("clasSessionId").toString();
Authentication au = new Authentication();
List lst;
try {
lst = au.retrieveAuthnStatus(ticket, clasSessionId);
} catch (AuthenticationServiceException e) {
String locale = getSession().getLocale().toString();
String redirectUrl = clasConfiguration().getUserMgmtHomeUrl() + "?loc=" + locale;
getRequestCycle().scheduleRequestHandlerAfterCurrent(new RedirectRequestHandler(redirectUrl));//new
return;
}
String authStat = (String) lst.get(1);
boolean authStatus = Boolean.valueOf(authStat);
userId = (String) lst.get(0);
}
public ClasBaseAfterLogin() {
PopupSettings popupSettings = new PopupSettings().setHeight(825).setWidth(1000);
add(new BookmarkablePageLink("privacyPolicy", BnafPrivacyPolicy.class).setPopupSettings(new PopupSettings(PopupSettings.RESIZABLE
| PopupSettings.SCROLLBARS).setHeight(1500).setWidth(1000)));
add(new BookmarkablePageLink("contactUs", BnafContactAddress.class).setPopupSettings(new PopupSettings(PopupSettings.RESIZABLE
add(new BookmarkablePageLink("servCenter", BnafServCenter.class).setPopupSettings(new PopupSettings(PopupSettings.RESIZABLE
| PopupSettings.SCROLLBARS).setHeight(1500).setWidth(1000)));
Label label = new Label("pageTitle", getLocalizer().getString("label.title", this));
add(label);
userId = (String) UserSession.get().getMyObject();
if (userId == null) {
setResponsePage(Welcome.class);
} else {
try {
user = ClasApplication.get().getPasswordManagerService().getUserProfileDetails(userId);
} catch (AuthenticationServiceException e) {
LOG.errorException(e);
setResponsePage(new BnafCommonErrorPage(this.getPage(), getLocalizer().getString("label.applicaiton.error.page", this),
getLocalizer().getString("request.process.page.error", this)));
}
}
String nameOfUser = null;
if (user != null && user.getLangPref().equals(Constants.USER_LANG_PREF_ENG)) {
nameOfUser = WordUtils.capitalize(user.getName().concat(" ")
.concat((user.getSixthName() != null || (!user.getSixthName().equals("")) ? user.getSixthName() : "")));
} else if (user != null && user.getLangPref().equals(Constants.USER_LANG_PREF_AR)) {
nameOfUser = user.getNameArb().concat(" ")
.concat((user.getSixthNameArb() != null || (!user.getSixthNameArb().equals("")) ? user.getSixthNameArb() : ""));
}
add(new Label("userName", nameOfUser));
add(new ClasBaseAfterLoginPanel("clasbasepanel", userId));
// addCssToPage();
String accountType ="";
String registrationType =(String) UserSession.get().getRegistrationType();
if(!(registrationType.equals(""))){
if(registrationType.equals(Constants.LABEL_BASIC_EKEY_USER)){
accountType = getLocalizer().getString("standard.ekey.account", this);
}else if(registrationType.equals(Constants.LABEL_ADVANCE_EKEY_USER)){
accountType = getLocalizer().getString("advanced.ekey.account", this);
}
}
LOG.info("account_type:" + accountType);
add(new Label("accountType", accountType));
if (getSession().getId() == null) {
//getRequestCycle().setRedirect(true);
throw new RestartResponseException(new BnafCommonErrorPage(this.getPage(), getLocalizer().getString(
"label.session.expired.heading", this), getLocalizer().getString("label.session.expired.error", this)));
}
add(new Link("logout") {
public void onClick() {
String locale = getSession().getLocale().toString();
String redirectUrl = clasConfiguration().getUserMgmtHomeUrl() + "?loc=" + locale;
getSession().invalidateNow();
// getRequestCycle().setRedirect(true);
//getRequestCycle().setRequestTarget(new RedirectRequestTarget(redirectUrl));//old
getRequestCycle().scheduleRequestHandlerAfterCurrent(new RedirectRequestHandler(redirectUrl));//new
}
});
}
/**************NEW WAY TO ADD css FILE FROM WICKET 6.X ************************/
@Override
public void renderHead(IHeaderResponse response) {
response.render(CssHeaderItem.forUrl("css/$/styles.css".replace("$", getSession().getLocale().toString().toLowerCase())));
response.render(CssHeaderItem.forUrl("css/$/reset.css".replace("$", getSession().getLocale().toString().toLowerCase())));
}
/**************END NEW WAY TO ADD css FILE FROM WICKET 6.X ************************/
@Override
protected void configureResponse(WebResponse responses) {
super.configureResponse(responses);
//WebResponse response = (WebResponse) getRequestCycle().getResponse();// getResponse() use Get the active response at the request cycle.
responses.setHeader("Cache-Control", "no-cache, max-age=0,must-revalidate, no-store");
responses.setHeader("Expires", "-1");
responses.setHeader("Pragma", "no-cache");
// responses.setCharacterEncoding("text/html; charset=utf-8");
getSession().setLocale(new Locale(getSession().getLocale().toString()));
}
}