Same login data in every connection to Wicket application

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Same login data in every connection to Wicket application

burakongun
I exported my Wicket application to a .war file and right now it runs under my remote machine's Jetty server. When I connect the application from different devices, same user log in is activated every time. In other words, when I log in to the application on my laptop then open it from another laptop or a phone, it seems that a user is already logged in. How can I prevent that?

This is my Application class

public class WicketApplication extends AuthenticatedWebApplication
{  
    private static Connection CONNECTION;
    private static User USER;

    public Class<? extends WebPage> getHomePage()
    {
        return HomePage.class;
    }

    public void init()
    {
        super.init();
        CONNECTION = new DatabaseConnection().getConnection();
        Constants.init();

        getRequestCycleSettings().setResponseRequestEncoding("UTF-8");
        getComponentPreOnBeforeRenderListeners().add(new JQComponentOnBeforeRenderListener());
        getDebugSettings().setDevelopmentUtilitiesEnabled(true);
        this.getMarkupSettings().setStripWicketTags(true);
    }

    @Override
    public RuntimeConfigurationType getConfigurationType()
    {
        return RuntimeConfigurationType.DEPLOYMENT;
    }

    @Override
    protected Class<? extends AbstractAuthenticatedWebSession> getWebSessionClass()
    {
        return MyWebSession.class;
    }

    @Override
    protected Class<? extends WebPage> getSignInPageClass()
    {
        return SignInCustomPage.class;
    }

    @Override
    public Session newSession(Request request, Response response)
    {
        return new MyWebSession(request);
    }

    @Override
    protected void onDestroy()
    {
        super.onDestroy();
        try
        {
            System.out.println("Connection closed.");
            CONNECTION.close();
        }
        catch (SQLException e)
        {
            System.out.println("Error closing connection.");
            e.printStackTrace();
        }
    }

    public static Connection getConnection()
    {
        return CONNECTION;
    }

    public static User getUser()
    {
        return USER;
    }

    public static void setUser(User user)
    {
        USER = user;
    }
}

This is my Session class

public class MyWebSession extends AuthenticatedWebSession
{
    private static String ROLE;

    public MyWebSession(Request request)
    {
        super(request);
    }

    @Override
    public boolean authenticate(String username, String password)
    {      
        try
        {
            Statement stmt = WicketApplication.getConnection().createStatement();
            ResultSet rs = stmt.executeQuery("select * from manager where username = '" + username + "' and password = '" + password + "'");

            while(rs.next())
            {
                WicketApplication.setUser(new User(rs.getInt("id"), rs.getString("username"), rs.getString("password"), rs.getString("visible_name")));
                ROLE = "ADMIN";
                return true;
            }

            return false;
        }
        catch (SQLException e)
        {
            System.out.println("MYSQL ERROR: Login failed. " + e.toString());
            e.printStackTrace();
            return false;
        }
    }

    @Override
    public Roles getRoles()
    {
        return (isSignedIn() ? new Roles(Roles.ADMIN) : null);
    }

    public boolean isAdmin()
    {
        return isSignedIn() && MyWebSession.get().getRoles().hasRole(Roles.ADMIN);
    }

    @Override
    public void signOut()
    {
        super.signOut();
    }
}

I tried to change those static fields to non-static but didn't help.