[jira] Assigned: (WICKET-877) stateless page + form + bookmark = trouble

Sat, 01 Sep 2007 11:53:42 -0700 

     [ 
https://issues.apache.org/jira/browse/WICKET-877?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Matej Knopp reassigned WICKET-877:
----------------------------------

    Assignee: Johan Compagner

> stateless page + form + bookmark = trouble
> ------------------------------------------
>
>                 Key: WICKET-877
>                 URL: https://issues.apache.org/jira/browse/WICKET-877
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket
>            Reporter: Peter Ertl
>            Assignee: Johan Compagner
>
> I have a stateless login page for the application (using 
> HybridUrlCodingStrategy):
>    url_1 = http://localhost/login
> When I press the login button of the username + password form the form data 
> will be sent using HTTP POST:
>   url_2 = 
> http://localhost/login/wicket:interface/%3A0%3AnavigationContrib%3Aform%3A%3AIFormSubmitListener%3A%3A/
> Unfortunately, if somebody bookmarks url_2 (which is stupid as we java dudes 
> all know, but it _will_ happen because average users don't know better) the 
> form submit listener will be invoked using HTTP GET and having no form 
> parameters. *imho* bookmarks should be possible in a professional application 
> at all time.
> This, of course, will result in an ugly error message and unexpected 
> application behavior and empty form fields and stuff. That's *btw* why I 
> declare this request a bug and not a feature / enhancement.
> I think it would be cool to have Form#onInvalidSubmit() to handle this kind 
> of stuff (it won't happen on stateful pages with redirect after post 
> enabled). So, for example, the application could just reload to the login 
> page.
> detection is easy... here my suggestion:
> ------------------------------------------------------
> class org.apache.wicket.markup.html.form.Form:
> public final void onFormSubmitted()  // line 746
> {
>     final String method = ((WebRequest) 
> getRequest()).getHttpServletRequest().getMethod();
>     if (method.equalsIgnoreCase(this.getMethod()) == false)
>       this.onInvalidSubmit();
>     // ...
> }
> // override (optional)
> protected onInvalidSubmit() {}
> ------------------------------
> in my case I would just do this:
> @Override
> protected onInvalidSubmit()
> {
>   this.setRedirect(true);
>   throw new RestartResponseException(getPage().getClass());
> }
> This would probably be a good default behavior for StatelessForm....
> I consider this change useful enough to be part of wicket core.
> What you guys think?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to