1)将我们的代码从wicket 1.4.9升级到wicket 6.6,从jdk 1.6升级到Jdk 1.8 2)我第一次能够登录应用程序,如果我单击注销并单击登录 从主页获取会话过期的链接, 在wicket 6.6中是否需要进行任何修改才能在IE和FireFox中正常工作,旧代码(wicket 1.4.9)在所有3个浏览器中都运行良好。 3)我们正在使用Jboss-eap-7.0服务器 这是负责JSESSIONID
的servlet类package com.bnaf.servlet;
import static com.bnaf.CLAS.clasConfiguration;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.grlea.log.SimpleLogger;
import org.owasp.esapi.ESAPI;
import com.bnaf.utils.Constants;
import com.bnaf.utils.RedirectUrlBuilder;
public class ReqAuthnServlet extends HttpServlet {
private static final SimpleLogger log = new SimpleLogger(ReqAuthnServlet.class);
private HttpServletResponse response = null;
public void init(ServletConfig config) throws ServletException {
super.init(config);
}
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
log.info("*********************************************************");
log.info(" Authentication request process initiated ");
log.info("**********************************************************");
this.response = response;
// Valid request parameters
ESAPI.httpUtilities().setCurrentHTTP(request, response);
String sessionIdReq = ServletHelper.getSafeValue(request, "sessionid");
log.debug("Authentication request received. sessionIdReq: [" + sessionIdReq + "]");
if (sessionIdReq == null || sessionIdReq.equals("")) {
log.error("Failed to find requested session ID!");
String message = Constants.ERROR_CODE_ILLEGAL_ARGS + ";" + Constants.ERROR_MSG_ILLEGAL_ARGS;
handleResponse(HttpServletResponse.SC_BAD_REQUEST, message);
return;
}
sessionIdReq = sessionIdReq.trim();
if (request.getSession(false) != null) {
request.getSession(false).invalidate(); // invalidate old session
}
Cookie cookie = new Cookie("JSESSIONID", sessionIdReq);
cookie.setMaxAge(-1);
response.addCookie(cookie);
String authnURL = constructRedirectUrl(request, clasConfiguration().getAuthnURL()) + ";jsessionid=" + sessionIdReq;
log.debug("authnURL = " + authnURL);
response.sendRedirect(response.encodeRedirectURL(authnURL));
log.info(" ****** Generated authentication URL ****** " + authnURL);
log.info(" ****** Authentication request process completed ****** ");
}
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}
private String constructRedirectUrl(HttpServletRequest request, String path) {
// construct redirect url base
RedirectUrlBuilder urlBuilder = new RedirectUrlBuilder();
urlBuilder.setScheme(request.getScheme());
urlBuilder.setServerName(request.getServerName());
urlBuilder.setPort(request.getServerPort());
urlBuilder.setContextPath(request.getContextPath());
urlBuilder.setServletPath(path);
return urlBuilder.getUrl();
}
private void handleResponse(int status, String msg) throws IOException {
if (status != HttpServletResponse.SC_OK) {
response.sendError(status, msg);
} else {
this.response.setStatus(status);
PrintWriter out = this.response.getWriter();
out.println(msg);
out.flush();
out.close();
}
}
}
下面的代码在wicket6.6中 - 您可以找到注销方法,其中会话无效。
import static com.bnaf.CLAS.clasConfiguration;
import java.util.List;
import java.util.Locale;
import org.apache.commons.lang.WordUtils;
import org.apache.wicket.RestartResponseException;
import org.apache.wicket.core.request.handler.PageProvider;
import org.apache.wicket.core.request.handler.RenderPageRequestHandler;
import org.apache.wicket.markup.head.CssHeaderItem;
import org.apache.wicket.markup.head.IHeaderResponse;
import org.apache.wicket.markup.html.WebPage;
import org.apache.wicket.markup.html.basic.Label;
import org.apache.wicket.markup.html.link.BookmarkablePageLink;
import org.apache.wicket.markup.html.link.Link;
import org.apache.wicket.markup.html.link.PopupSettings;
import org.apache.wicket.request.cycle.RequestCycle;
import org.apache.wicket.request.http.WebResponse;//new
import org.apache.wicket.request.http.handler.RedirectRequestHandler;//news
import org.apache.wicket.request.mapper.parameter.PageParameters;//new
import org.apache.wicket.request.resource.CssPackageResource;//new
import org.bouncycastle.ocsp.RespData;
import org.grlea.log.SimpleLogger;
import com.bnaf.exception.AuthenticationServiceException;
import com.bnaf.model.ClasDB;
import com.bnaf.utils.Constants;
import com.bnaf.web.ClasApplication;
import com.bnaf.web.UserSession;
import com.bnaf.web.common.panel.ClasBaseAfterLoginPanel;
import com.bnaf.web.onlineregistration.ui.BnafContactAddress;
import com.bnaf.web.onlineregistration.ui.BnafPrivacyPolicy;
import com.bnaf.web.onlineregistration.ui.BnafServCenter;
public class ClasBaseAfterLogin extends WebPage {
ClasDB user;
String userId;
protected String accountType = "";
private static final SimpleLogger LOG = new SimpleLogger(ClasBaseAfterLogin.class);
public ClasBaseAfterLogin(PageParameters parameters) {
String ticket = parameters.get("ticket").toString();
String clasSessionId = parameters.get("clasSessionId").toString();
Authentication au = new Authentication();
List lst;
try {
lst = au.retrieveAuthnStatus(ticket, clasSessionId);
} catch (AuthenticationServiceException e) {
String locale = getSession().getLocale().toString();
String redirectUrl = clasConfiguration().getUserMgmtHomeUrl() + "?loc=" + locale;
getRequestCycle().scheduleRequestHandlerAfterCurrent(new RedirectRequestHandler(redirectUrl));//new
return;
}
String authStat = (String) lst.get(1);
boolean authStatus = Boolean.valueOf(authStat);
userId = (String) lst.get(0);
}
public ClasBaseAfterLogin() {
PopupSettings popupSettings = new PopupSettings().setHeight(825).setWidth(1000);
add(new BookmarkablePageLink("privacyPolicy", BnafPrivacyPolicy.class).setPopupSettings(new PopupSettings(PopupSettings.RESIZABLE
| PopupSettings.SCROLLBARS).setHeight(1500).setWidth(1000)));
add(new BookmarkablePageLink("contactUs", BnafContactAddress.class).setPopupSettings(new PopupSettings(PopupSettings.RESIZABLE
add(new BookmarkablePageLink("servCenter", BnafServCenter.class).setPopupSettings(new PopupSettings(PopupSettings.RESIZABLE
| PopupSettings.SCROLLBARS).setHeight(1500).setWidth(1000)));
Label label = new Label("pageTitle", getLocalizer().getString("label.title", this));
add(label);
userId = (String) UserSession.get().getMyObject();
if (userId == null) {
setResponsePage(Welcome.class);
} else {
try {
user = ClasApplication.get().getPasswordManagerService().getUserProfileDetails(userId);
} catch (AuthenticationServiceException e) {
LOG.errorException(e);
setResponsePage(new BnafCommonErrorPage(this.getPage(), getLocalizer().getString("label.applicaiton.error.page", this),
getLocalizer().getString("request.process.page.error", this)));
}
}
String nameOfUser = null;
if (user != null && user.getLangPref().equals(Constants.USER_LANG_PREF_ENG)) {
nameOfUser = WordUtils.capitalize(user.getName().concat(" ")
.concat((user.getSixthName() != null || (!user.getSixthName().equals("")) ? user.getSixthName() : "")));
} else if (user != null && user.getLangPref().equals(Constants.USER_LANG_PREF_AR)) {
nameOfUser = user.getNameArb().concat(" ")
.concat((user.getSixthNameArb() != null || (!user.getSixthNameArb().equals("")) ? user.getSixthNameArb() : ""));
}
add(new Label("userName", nameOfUser));
add(new ClasBaseAfterLoginPanel("clasbasepanel", userId));
// addCssToPage();
String accountType ="";
String registrationType =(String) UserSession.get().getRegistrationType();
if(!(registrationType.equals(""))){
if(registrationType.equals(Constants.LABEL_BASIC_EKEY_USER)){
accountType = getLocalizer().getString("standard.ekey.account", this);
}else if(registrationType.equals(Constants.LABEL_ADVANCE_EKEY_USER)){
accountType = getLocalizer().getString("advanced.ekey.account", this);
}
}
LOG.info("account_type:" + accountType);
add(new Label("accountType", accountType));
if (getSession().getId() == null) {
//getRequestCycle().setRedirect(true);
throw new RestartResponseException(new BnafCommonErrorPage(this.getPage(), getLocalizer().getString(
"label.session.expired.heading", this), getLocalizer().getString("label.session.expired.error", this)));
}
add(new Link("logout") {
public void onClick() {
String locale = getSession().getLocale().toString();
String redirectUrl = clasConfiguration().getUserMgmtHomeUrl() + "?loc=" + locale;
getSession().invalidateNow();
// getRequestCycle().setRedirect(true);
//getRequestCycle().setRequestTarget(new RedirectRequestTarget(redirectUrl));//old
getRequestCycle().scheduleRequestHandlerAfterCurrent(new RedirectRequestHandler(redirectUrl));//new
}
});
}
/**************NEW WAY TO ADD css FILE FROM WICKET 6.X ************************/
@Override
public void renderHead(IHeaderResponse response) {
response.render(CssHeaderItem.forUrl("css/$/styles.css".replace("$", getSession().getLocale().toString().toLowerCase())));
response.render(CssHeaderItem.forUrl("css/$/reset.css".replace("$", getSession().getLocale().toString().toLowerCase())));
}
/**************END NEW WAY TO ADD css FILE FROM WICKET 6.X ************************/
@Override
protected void configureResponse(WebResponse responses) {
super.configureResponse(responses);
//WebResponse response = (WebResponse) getRequestCycle().getResponse();// getResponse() use Get the active response at the request cycle.
responses.setHeader("Cache-Control", "no-cache, max-age=0,must-revalidate, no-store");
responses.setHeader("Expires", "-1");
responses.setHeader("Pragma", "no-cache");
// responses.setCharacterEncoding("text/html; charset=utf-8");
getSession().setLocale(new Locale(getSession().getLocale().toString()));
}
}