Spring security + remember me question + wicket

I am using wicket 1.4.7 + spring 3.0 + spring security 3.0

Problem is : Spring security authenticate the user via cookie (remember开发者_开发百科-me service) but Wicket's AuthenticatedWebSession couldn't understand this and populate login panel. How can i solve it ?

Thanks.

Pretty old question, but I just stumbled upon it while research the exact same problem. So if anybody else comes across this, here's my solution.

The problem is that AuthenticatedWebSession#isSignedIn() ignores the SecurityContext and checks it's own boolean flag instead. As it isn't possible to override the final method #isSignedIn(), there has to be a workaround. I've gone for a custom WebRequestCycle overriding #onBeginRequest() to synchronize state just before Wicket starts processing the current request:

// MyApplication.java
public MyApplication extends AuthenticatedWebApplication {

  // SNIP

  @Override
  public RequestCycle newRequestCycle(final Request request, final Response response) {
    return new WebRequestCycle(this, (WebRequest) request, (WebResponse) response) {
      @Override
      protected void onBeginRequest() {
        MySession.get().updateSignIn();
      }
    };
  }

}

// MySession.java
public class MySession extends AuthenticatedWebSession {

  // SNIP

  void updateSignIn() {
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    signIn(auth != null && auth.isAuthenticated());
  }

}

Alternatively, AuthenticatedWebSession and AuthenticatedWebApplication could be abandoned alltogether as the rest of wicket-auth-roles doesn't require them. It just takes some code duplication from AuthenticatedWebApplication to make everything work similarly.