I am developing a web application with two major division, one is the Wicket side of the application and the Restlet side of the application which are quite decoupled. Although the code resides in the same project, I want to decouple it, so the Wicket part calls on the REST services exposed by the Restlet backend.
Now the issue is with the Session, in the Restlet part, there is a Shiro component which does the authentication et. al. when /login is accessed and the correct username & password pair is supplied.
The question is, what is the approach such that Wicket part of the app would know about the session user currently logged-in in the Restlet part with Shiro?
If your Restlet server part shares same web session provided by the container with your Wicket app, you can access it in Wicket with:
((HttpServletRequest) RequestCycle.get().getRequest().getContainerRequest()).getSession()
Which gives you javax.servlet.http.HttpSession provided by Servlet api. Your Wicket's session which extends org.apache.wicket.protocol.http.WebSession is stored in this session under wicket:wicket.yourapp:session key along with other data set by you, or libraries you use outside Wicket.
I don't know Restlet and how you propagate session there, but I assume you will a need dependency to Servlets in your Restlet / Shiro part, which stores data in session.
Edit: Checking Shiros Session interface javadoc:
//A Session is intended to be managed by the business tier and accessible via other tiers without being tied to any given client technology. This is a great benefit to Java systems, since until now, the only viable session mechanisms were the javax.servlet.http.HttpSession or Stateful Session EJB's, which many times unnecessarily coupled applications to web or ejb technologies
Considering this the above proposal will not work, but it sounds you should be able to easily access Shiros Session object, if you add Shiro dependency to your Wicket part.