Re: [Wicket-user] feature suggestion component instantiation

2007-07-18 Thread Maurice Marrink 
Ok, thanks for your input guys, no hard feelings :)
There are indeed workarounds, i just thought it would be an elegant
solution if wicket supported it. But i guess you are right, there are
too many caveats.

Maurice

On 7/18/07, Eelco Hillenius <[EMAIL PROTECTED]> wrote:
> > i think its time for you to build something that uses aop and get it out of
> > your system :)
>
> Get it out of my system? I'm not exactly recommending AOP as I think
> other solutions would be better.
>
> after(Component c) returning: this(c) && execution(Component.new(..)) 
> {
> System.out.println("constructed component with model " + 
> c.getModel());
> }
>
> Something like that works. I'm sure there's lots of ifs and buts, but
> the point is that it is a possible way out.
>
> Eelco
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] feature suggestion component instantiation

2007-07-18 Thread Maurice Marrink 
However besides the benefit of being more efficient it also prevents a
lot of nasty stuff like throwing custom exceptions / NPE in the page
constructor or redirecting, which i now have to take into account
because the page is fully constructed. When the strategy can tell me
for certain if the page is allowed i would not have to do that.

Maurice

On 7/18/07, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> Right now i manually need to trigger
> isActionAuthorized(Component.RENDER); after the component has been
> fully initialized. I would like to abort as soon as possible.
>
> Maurice
>
> On 7/18/07, Johan Compagner <[EMAIL PROTECTED]> wrote:
> > cant you test this with the render action check?
> > that is always done also if the model is changed
> >
> > johan
> >
> >
> > On 7/18/07, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> > >
> > > True you can't do setModel(foo) and expect your instantiation check to
> > > work. Which imho is perfectly logical if you want to use your model in
> > > the instantiation check you need to pass it in the constructor.
> > >
> > > As for the example
> > > We have a search page for students, uppon clicking on one of those
> > > students, you go to a detail page for that student. that page also
> > > contains several tabs to go to other relevant pages for the student
> > > (like it's school grades). on these pages we made a quicksearch
> > > function with contains amongst other things 2 buttons to navigate
> > > forth and back between the searchresults of the search page, while
> > > keeping the same view. Suppose i have sufficient rights to see the
> > > detail pages of all students but only enough rights to see the grades
> > > of my own students.
> > >
> > > So if i make the search wide enough to get all students and then
> > > select one of my own, going to the grades. That's fine. But if i then
> > > navigate to another student i am not allowed to see the grades
> > > (creating a new instance of the grades page in the process) i need to
> > > know if the page in combination with the student is allowed, because
> > > the page itself is basically allowed.
> > >
> > > Maurice
> > >
> > > On 7/18/07, Eelco Hillenius <[EMAIL PROTECTED]> wrote:
> > > > I don't think I agree with that.
> > > >
> > > > MyComponent c = new MyComponent(); c.setModel(foo) wouldn't work for
> > > > starters, and you can even set models mutliple times. Not to mention
> > > > the other problems you mentioned in this thread. And finally, it would
> > > > just invite people to go crazy with this functionality.
> > > >
> > > > But give us a good example of where using the model to determine an
> > > > access restriction would actually be useful?
> > > >
> > > > Eelco
> > > >
> > > >
> > > -
> > > > This SF.net email is sponsored by DB2 Express
> > > > Download DB2 Express C - the FREE version of DB2 express and take
> > > > control of your XML. No limits. Just data. Click to get it now.
> > > > http://sourceforge.net/powerbar/db2/
> > > > ___
> > > > Wicket-user mailing list
> > > > Wicket-user@lists.sourceforge.net
> > > > https://lists.sourceforge.net/lists/listinfo/wicket-user
> > > >
> > >
> > > -
> > > This SF.net email is sponsored by DB2 Express
> > > Download DB2 Express C - the FREE version of DB2 express and take
> > > control of your XML. No limits. Just data. Click to get it now.
> > > http://sourceforge.net/powerbar/db2/
> > > ___
> > > Wicket-user mailing list
> > > Wicket-user@lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/wicket-user
> > >
> > -
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > ___
> > Wicket-user mailing list
> > Wicket-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/wicket-user
> >
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] feature suggestion component instantiation

2007-07-18 Thread Maurice Marrink 
Right now i manually need to trigger
isActionAuthorized(Component.RENDER); after the component has been
fully initialized. I would like to abort as soon as possible.

Maurice

On 7/18/07, Johan Compagner <[EMAIL PROTECTED]> wrote:
> cant you test this with the render action check?
> that is always done also if the model is changed
>
> johan
>
>
> On 7/18/07, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> >
> > True you can't do setModel(foo) and expect your instantiation check to
> > work. Which imho is perfectly logical if you want to use your model in
> > the instantiation check you need to pass it in the constructor.
> >
> > As for the example
> > We have a search page for students, uppon clicking on one of those
> > students, you go to a detail page for that student. that page also
> > contains several tabs to go to other relevant pages for the student
> > (like it's school grades). on these pages we made a quicksearch
> > function with contains amongst other things 2 buttons to navigate
> > forth and back between the searchresults of the search page, while
> > keeping the same view. Suppose i have sufficient rights to see the
> > detail pages of all students but only enough rights to see the grades
> > of my own students.
> >
> > So if i make the search wide enough to get all students and then
> > select one of my own, going to the grades. That's fine. But if i then
> > navigate to another student i am not allowed to see the grades
> > (creating a new instance of the grades page in the process) i need to
> > know if the page in combination with the student is allowed, because
> > the page itself is basically allowed.
> >
> > Maurice
> >
> > On 7/18/07, Eelco Hillenius <[EMAIL PROTECTED]> wrote:
> > > I don't think I agree with that.
> > >
> > > MyComponent c = new MyComponent(); c.setModel(foo) wouldn't work for
> > > starters, and you can even set models mutliple times. Not to mention
> > > the other problems you mentioned in this thread. And finally, it would
> > > just invite people to go crazy with this functionality.
> > >
> > > But give us a good example of where using the model to determine an
> > > access restriction would actually be useful?
> > >
> > > Eelco
> > >
> > >
> > -
> > > This SF.net email is sponsored by DB2 Express
> > > Download DB2 Express C - the FREE version of DB2 express and take
> > > control of your XML. No limits. Just data. Click to get it now.
> > > http://sourceforge.net/powerbar/db2/
> > > ___
> > > Wicket-user mailing list
> > > Wicket-user@lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/wicket-user
> > >
> >
> > -
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > ___
> > Wicket-user mailing list
> > Wicket-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/wicket-user
> >
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] feature suggestion component instantiation

2007-07-18 Thread Maurice Marrink 
True you can't do setModel(foo) and expect your instantiation check to
work. Which imho is perfectly logical if you want to use your model in
the instantiation check you need to pass it in the constructor.

As for the example
We have a search page for students, uppon clicking on one of those
students, you go to a detail page for that student. that page also
contains several tabs to go to other relevant pages for the student
(like it's school grades). on these pages we made a quicksearch
function with contains amongst other things 2 buttons to navigate
forth and back between the searchresults of the search page, while
keeping the same view. Suppose i have sufficient rights to see the
detail pages of all students but only enough rights to see the grades
of my own students.

So if i make the search wide enough to get all students and then
select one of my own, going to the grades. That's fine. But if i then
navigate to another student i am not allowed to see the grades
(creating a new instance of the grades page in the process) i need to
know if the page in combination with the student is allowed, because
the page itself is basically allowed.

Maurice

On 7/18/07, Eelco Hillenius <[EMAIL PROTECTED]> wrote:
> I don't think I agree with that.
>
> MyComponent c = new MyComponent(); c.setModel(foo) wouldn't work for
> starters, and you can even set models mutliple times. Not to mention
> the other problems you mentioned in this thread. And finally, it would
> just invite people to go crazy with this functionality.
>
> But give us a good example of where using the model to determine an
> access restriction would actually be useful?
>
> Eelco
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] feature suggestion component instantiation

2007-07-18 Thread Maurice Marrink 
After having Johan explain to me that It is only the
IComponentAssignedModel that will cause serious problems and models
like CompoundPropertyModel will work just fine. And since we do not
use those.
I have no objection to this restriction.

Maurice

On 7/18/07, Johan Compagner <[EMAIL PROTECTED]> wrote:
> i can see the value of having the model in the authorizationstrategy
> this is pretty handy. But the problem is with wrapmodels  because we
> just can't give those to the outside world withing a constructor of a
> component
> because we have a big warning in the wrapOnAssigment(Component) call
> that in that method you shouldn't really touch the component because it is
> not
> fully constructed yet. But we can't have it that the component is still not
> fully constructed
> in the getObject() call of the wrapped model.
>
> So i am +1 for such a change except that the model param will be null of not
> given and
> null if it is wrapped model.
>
> johan
>
>
> On 7/18/07, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> >
> > Hi,
> > In my project we often have the case where a user initially is allowed
> > to construct a certain component (pages mostly) but whether he really
> > can depends on the model of the page.
> > So my request / suggestion is to enhance IAuthorizationStrategy with
> > the following method isInstantiationAuthorized(Class, IModel). whether
> > this methods is made available next to
> > isInstantiationAuthorized(Class) or replaces it is not important.
> >
> > As far as i can see the following changes need to be made
> > -Application.notifyComponentInstantiationListeners needs to be
> > upgraded to receive the model to, or the component should not call
> > notify untill the model has been set on the component (which happens
> > on the next line)
> > -the default listener needs to pass the model to the strategy.
> >
> > For regular models this should not be a problem but IWrapModels might
> > have a problem when accessing anything else from the component but the
> > id. Not passing the wrappedmodel but the original model is imo not an
> > option because the main point of passing the model is to be able to
> > use the getObject method.
> >
> > What do you think?
> >
> > Maurice
> >
> > -
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > ___
> > Wicket-user mailing list
> > Wicket-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/wicket-user
> >
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

[Wicket-user] feature suggestion component instantiation

2007-07-18 Thread Maurice Marrink 
Hi,
In my project we often have the case where a user initially is allowed
to construct a certain component (pages mostly) but whether he really
can depends on the model of the page.
So my request / suggestion is to enhance IAuthorizationStrategy with
the following method isInstantiationAuthorized(Class, IModel). whether
this methods is made available next to
isInstantiationAuthorized(Class) or replaces it is not important.

As far as i can see the following changes need to be made
-Application.notifyComponentInstantiationListeners needs to be
upgraded to receive the model to, or the component should not call
notify untill the model has been set on the component (which happens
on the next line)
-the default listener needs to pass the model to the strategy.

For regular models this should not be a problem but IWrapModels might
have a problem when accessing anything else from the component but the
id. Not passing the wrappedmodel but the original model is imo not an
option because the main point of passing the model is to be able to
use the getObject method.

What do you think?

Maurice

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] WicketTester does not clean up resources very well

2007-07-16 Thread Maurice Marrink 
Well, thats why i asked if maybe i was missing something :)
Anyway an issue has been created
https://issues.apache.org/jira/browse/WICKET-762

Maurice

Oh btw like Martijn said there might be a legit reason to keep the
session and stuff around after the processing thingy but i really
think they should be gone after destroy has been called.


On 7/16/07, Martijn Dashorst <[EMAIL PROTECTED]> wrote:
> I thought that not all resources were cleaned up so that test cases
> can query the response and other things. The responsibility is on the
> tester to initiate a new fresh RequestCycle iiuc.
>
> That said, it may be that we don't provide enough hooks to perform the clean 
> up.
>
> Martijn
>
> On 7/15/07, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> > I just noticed that running the following minimal junittest fails.
> > WicketTester mock=new WicketTester();
> > mock.setupRequestAndResponse();
> > mock.processRequestCycle();
> > mock.destroy();
> > assertNull(Session.get()); //actually should throw
> > IllegalStateException but 
> >
> > I would expect the threadlocal Session to be gone after the request
> > had been processed but it is even available after the application has
> > been destroyed.
> > Or am i missing something?
> >
> > Maurice
> >
> > -
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > ___
> > Wicket-user mailing list
> > Wicket-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/wicket-user
> >
>
>
> --
> Wicket joins the Apache Software Foundation as Apache Wicket
> Apache Wicket 1.3.0-beta2 is released
> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.0-beta2/
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] SecureTextField rendered as span element?

2007-07-16 Thread Maurice Marrink 
Yes that should be possible. Please take a look at
org.apache.wicket.markup.html.link.AbstractLink#disableLink and
org.apache.wicket.markup.html.link.Link#onComponentTag for some ideas.
Basically you need to override onComponentTag and change the tag to a
span there if the textfield is disabled.

If you have the wicket-security-examples you can also take a look at
org.apache.wicket.security.examples.components.navigation.ButtonContainer
which does something similar only for a link. In a link it is easier
because they have build in support for custom disabled behavior/markup
but it is nothing you can not do in any component yourself by
overriding onComponentTag.

Maurice


On 7/16/07, Árni Hermann Reynisson <[EMAIL PROTECTED]> wrote:
> Hi
>
> Would it be possible to render an instance of SecureTextField as 
> instead of disabled input if the action isn't authorized?
>
> Regards,
> Arni Hermann
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

[Wicket-user] WicketTester does not clean up resources very well

2007-07-15 Thread Maurice Marrink 
I just noticed that running the following minimal junittest fails.
WicketTester mock=new WicketTester();
mock.setupRequestAndResponse();
mock.processRequestCycle();
mock.destroy();
assertNull(Session.get()); //actually should throw
IllegalStateException but 

I would expect the threadlocal Session to be gone after the request
had been processed but it is even available after the application has
been destroyed.
Or am i missing something?

Maurice

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Editable grid

2007-07-11 Thread Maurice Marrink 
Actually we have gone completely Ajax for the grid, so i have no idea
what problems you are going to run into when using forms, especially
in combination with a moving editor. our grid was based on a listview
using wicket 1.2.6 but 1.3 might have better alternatives.

Maurice

On 7/11/07, Eelco Hillenius <[EMAIL PROTECTED]> wrote:
> > I have recently started playing with wicket to see if we can use it to
> > rewrite a legacy enterprise. I really like the simplicity of the
> > architecture. A good chunk of our screens (35%) require editable grid.
> > For example maintenance screens for small tables. I have seen bunch of
> > examples in wicket on how to do grid views but just one example on how
> > to make editable grid (Contacts editor - though it is not complete). I
> > also found an example of an editable tree view and it is not complete
> > either. Are there any examples out there that can help me get started?
> > Any help would be greatly appreciated.
>
> You can. If you need to clone a spreadsheet (like I know Maurice did
> for his project) you might want to think about optimizations. For more
> simple cases, just remember that anything you nest in a form, no
> matter how deeply nested, will take part in form processing. You can
> probably best start with DefaultDataTable.
>
> Eelco
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Editable grid

2007-07-10 Thread Maurice Marrink 
An editable grid is certainly possible in wicket. I've build one of
those monsters in our application. Unfortunately for you it has grown
so much to be able to do everything you ever wanted and everything you
never even knew you wanted that it is completely useless as an
example. I can however give you some tips.
- Do not use textfields or dropdowns in every cell, especially with
larger grids this is going to hurt you performance wise (ie more than
firefox but still)
-instead use one moving textfield (or a dropdown for each different
type you need)
-use spans to create editable labels (showing the textfield or other
editor on click)
-if you are going to use ajax, send multiple changes each time using
the time delay
-if you use something of a form submit you will need to collect the
changes in a custom way since you don't have textfields.
-get ready for some serious javascripting (i have some javascript to
navigate a table in javascript you should be able to reuse).
-make good use of the component structure of wicket building on cells,
rows and tables (off course you need to build these yourself).
-really think your underlying datamodel through, we are using 1 custom
model to dispatch models for each cell. but i'm not sure this is
ideal.
-inline attribute changes on your cells by overriding the
oncomponenttag to minimize your footprint.
-Keep it simple

Maurice

On 7/10/07, Sanjay Gupta <[EMAIL PROTECTED]> wrote:
> I have recently started playing with wicket to see if we can use it to
> rewrite a legacy enterprise. I really like the simplicity of the
> architecture. A good chunk of our screens (35%) require editable grid.
> For example maintenance screens for small tables. I have seen bunch of
> examples in wicket on how to do grid views but just one example on how
> to make editable grid (Contacts editor - though it is not complete). I
> also found an example of an editable tree view and it is not complete
> either. Are there any examples out there that can help me get started?
> Any help would be greatly appreciated.
> Thanks
> Sanjay
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Displaying Modal Window to capture and display error message

2007-07-10 Thread Maurice Marrink 
The button has a setDefaultFormProcessing option, if you turn it off,
you manually have to do whatever form.process now does for you, which
is amongst other things form validation.

Maurice

On 7/10/07, Dipu Seminlal <[EMAIL PROTECTED]> wrote:
> Hi All,
>
> Is there a way to display a modal window when a submit button is clicked
>
> Use Case is
>
> Button button = new Button("bbutton")
> {
>   protected void onSubmit()
>   {
> if(isValidInput())
> {
>  // do process and traverse to next screen
> }
> else
> {
>   // show a modal dialog with messages
> }
>   }
> }
>
>
> Thanks
> Dipu
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Extending WebApplication in related projects problem

2007-07-06 Thread Maurice Marrink 
Perhaps a bit late but you also do not need to extend
SwarmWebApplication (it just takes care of the grunt work for you) You
could use Swarm and not use the SwarmWebApplication by implementing
the WaspApplication interface for an example of this check out the
ExtendsTest in the test directory of swarm.

Maurice

On 7/5/07, Daniel Stoch <[EMAIL PROTECTED]> wrote:
> Hi,
>
> There is a problem with using different Wicket related projects in one
> application, because in many cases each project defines its own
> implementation of WebApplication class (and sometimes WebSession too).
> For example:
> - wicket-spring: SpringWebApplication
> - wicket-auth-roles: AuthenticatedWebApplication
> - wicket-swarm: SwarmWebApplication
> etc...
>
> If I want to use wicket-spring and wicket-swarm, there is a problem:
> from which class should I extend my application class:
> SpringWebApplication or SwarmWebApplication?
>
> So I think it is not a good "pattern" to implement such things by
> extending an application and a session base classes, because this
> closes the door for integration different projects into one
> application.
>
> --
> Daniel
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Wicket security

2007-07-06 Thread Maurice Marrink 
I think it has to do with your wicket version. Only recently they made
that method public.
If you are using the snapshot version of wicket, try updating it. Note
that some versions of maven have a problem updating snapshots so go
into your local repository and delete wicket from it. then you should
have no problem updating to the latest snapshot.
Alternatively the beta2 version should also work.
Or if you can not upgrade to the latest wicket i suggest downloading
wasp and swarm here
http://sourceforge.net/project/showfiles.php?group_id=134391 It is a
slightly older version but the only changes between this version and
the snapshots are the clustering changes (which is causing your
problem), some code restructuring, some apidoc changes and i changed
the eclipse project settings to eclipse 3.3.

Just let me know if this does not solve your problem.

Maurice

On 7/5/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Hi
>
> First off, I really like where wicket security is heading, the JAAS smell of 
> it is just fantastic! :)
>
> I've been trying to experiment with wicket security and I've hit a wall. I'm 
> pretty sure I got the configuration right, I get redirected to the login page 
> and when I press login I get this exception:
>
> java.lang.IllegalAccessError: tried to access method 
> org.apache.wicket.Session.dirty()V from class 
> org.apache.wicket.security.hive.authentication.LoginContainer
>  at 
> org.apache.wicket.security.hive.authentication.LoginContainer.login(LoginContainer.java:87)
>  at 
> org.apache.wicket.security.swarm.strategies.SwarmStrategy.login(SwarmStrategy.java:190)
>  at org.apache.wicket.security.WaspSession.login(WaspSession.java:74)
>  at is.sja.pages.auth.LoginPage$2.signIn(LoginPage.java:38)
>
> I was hoping you would have some idea what's happening there since my 
> searches turned up almost moot on how to fix this. I'm running this on wicket 
> 1.3-beta2 and wicket-security 0.1-SNAPSHOT through maven.
>
> Regards,
> Arni Hermann Reynisson
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] 401 HTTP authentication?

2007-07-04 Thread Maurice Marrink 
Very interesting question indeed.
I did some digging in the code and found the following: using the
RequestCycle you can get the Response. which is most likely a
WebResponse from there you can get the HttpServletResponse and set the
statuscode to 401. Question remains how to tell wicket to stop
processing and simply return the statuscode.

If any of the core committers could respond with a proper way of doing this :)

Maurice



On 7/4/07, Jesse Barnum <[EMAIL PROTECTED]> wrote:
> What is the right way to use basic HTTP authentication? I know how to
> read the headers to extract the username and password, but if they
> don't match, or if they're not supplied, what is the best way to send
> the 401 response to the user?
>
> It seems like the
> ISecuritySettings.setUnauthorizedComponentInstantiationListener()
> method assumes that you want to present an HTML login component to
> the user.
>
> --Jesse Barnum, President, 360Works
> http://www.360works.com
> (770) 234-9293
>
>
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] suggestion: have Wicket SVN searchable with FishEye

2007-07-02 Thread Maurice Marrink 
If FishEye can cause problems, so might ohloh
http://www.ohloh.net/projects/3958.

Just thinking out loud.

Maurice

On 7/2/07, Eelco Hillenius <[EMAIL PROTECTED]> wrote:
> > You _must_ do this in association with the Apache Infrastructure group.
> >
> > The ASF's repository is large. There have been occasions when FishEye
> > has put the ASF SVN server under an unnecessary load.
> >
> > It _should_ be possible, but _must_ be done in consultation with the
> > infrastructure team.
>
> Ok. Peter, if you want this, could you open a feature request for
> this. We can chat with infra after that.
>
> Cheers,
>
> Eelco
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] RestartResponseAtInterceptPageException / continueToOriginalDestination

2007-06-30 Thread Maurice Marrink 
I don't think that is possible but why can't you do the following:
user enters username and password on sign in page.
form successfully authenticates user.
try to continueToOriginalDestination or if there is none, set the
responsepage to a homepage or something
do the password change check
if required throw restart..exception

then on the password change page use continueTo again.

Theoretical this should send your user after the password change to
the page he wanted to go to before he was forced to login, or at the
very least to the homepage and not back to the login page.

Maurice


On 6/29/07, Mark Southern <[EMAIL PROTECTED]> wrote:
>
>
>
>
> I have an authorization scheme where by the user is presented with a sign in
> page. After signing in, a check is made to see if they need to change their
> password. If so, they are redirected to a change password page. After that
> they should be redirected back to their intended page.
>
>
>
> However, if I use a
> RestartResponseAtInterceptPageException(); to go to the
> password change page from the sign in page, after submission I get directed
> back to the sign in page. Can I specify the intended original destination
> without setting a response page and passing it as a page parameter?
>
>
>
> Thank you,
>
>
>
> ~Mark
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] wicket security and acl files

2007-06-30 Thread Maurice Marrink 
> > A subject is the root/ abstract entity for a user, principals are
> > views or identities of a subject

Well I'm glad we all agree on that one :)
However as Eelco said a principal can be much more than just a role.
So i am a little reluctant to rename Principal to Role.

If i wanted to i could even use the Swarm Subjects as Roles (although
that would be a really long stretch, and certainly not recommended :)
). And although the fact that you can use principals / subjects in
several ways might make it less clear from the start how to use them,
that is also there power as it gives you greater flexibility on how to
set up your security.

That being said i am still open for renaming suggestions, i just don't
think role should be it.

> an application that is more fluid and tenants can create their own structure
> of roles.
I am sorry that you feel swarm does not accommodate you enough in this
field. But I welcome you to build upon wasp and enrich the wicket
community with your work.
Looking at swarm should have given you a pretty clear picture of the
security building blocks in wicket.

Maurice



On 6/29/07, Craig Lenzen <[EMAIL PROTECTED]> wrote:
>
> > A subject is the root/ abstract entity for a user, principals are
> > views or identities of a subject and in JAAS you would represent a
> > role as a principal.
>
> I agree with your statement which leads me to the fact that the principal
> should really be a role in swarm and the hive file is a mapping of a role to
> given permissions and actions.  So back to what I said before, swarm is
> really nice when you have an application with pre-defined roles instead of
> an application that is more fluid and tenants can create their own structure
> of roles.
>
> -Craig
>
>
> Eelco Hillenius wrote:
> >
> >> Right now swarm operates the following way: A user is associated with
> >> 1 or more Subjects, each Subject has 0 or more Principals.
> >
> > This sounds right to me, and is like how JAAS works.
> >
> > A subject is the root/ abstract entity for a user, principals are
> > views or identities of a subject and in JAAS you would represent a
> > role as a principal.
> >
> > As JAAS is the default authorization mechnism in Java, it is arguably
> > the 'industry standard' (for Java). Whether it is what you prefer is
> > another question. I think people find users/ roles easier to
> > understand, but personally I like the more abstracted model of JAAS;
> > whether you want to model groups, roles a combination of the two or
> > even something different, it fits seamlessly.
> >
> > My 2c,
> >
> > Eelco
> >
> > -
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > ___
> > Wicket-user mailing list
> > Wicket-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/wicket-user
> >
> >
>
> --
> View this message in context: 
> http://www.nabble.com/wicket-security-and-acl-files-tf3960558.html#a11364093
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] wicket security and acl files

2007-06-29 Thread Maurice Marrink 
I am open to suggestions for alternate names, or if someone could
point me to the naming standards :)

Right now swarm operates the following way: A user is associated with
1 or more Subjects, each Subject has 0 or more Principals. Each
Principal is mapped to 1 or more Permissions.
Each Permission has 0 or more Actions.

Permissions and actions are named pretty straight forward i think.

Maurice

On 6/29/07, craigdd <[EMAIL PROTECTED]> wrote:
>
> Just my two cents but I think the API should change, or I guess not really
> the API but the implementation(swarm) to better reflect industry naming
> standards which will hopefully cut down on the confusion and hopefully make
> it a little easier to integrate other security frameworks.
>
> I use acegi as an example, they have an Authentication object that has a
> method "getPrincipal" which if you read their javadoc makes it pretty clear
> that an authenticated entity has one principal, which also seems to fit with
> JAAS.
>
> -Craig
>
>
> Mr Mean wrote:
> >
> > Neither am i :) And you could be right about me misusing the
> > principal, but using the actions of a permission for read write and
> > then logically separating permissions with read from permissions with
> > write in different principals does not seem like stretch to me.
> >
> > Maurice
> >
> > On 6/29/07, craigdd <[EMAIL PROTECTED]> wrote:
> >>
> >> I understand what you are saying and I see how you have accomplished
> >> something similar to what I'm trying to do, however it seems to me that
> >> you
> >> are miss using the concept of a Principal.  I'm not a security expert but
> >> a
> >> principal seems to point to an individual and not with something called
> >> write.  Write fits a little better into the concepts of ACL.
> >>
> >> -Craig
> >>
> >>
> >> Mr Mean wrote:
> >> >
> >> >> By the way, I'm not saying wicket security is bad, other than my
> >> example
> >> >> I
> >> >> think it is a well put together framework that beats the hell out of
> >> >> using
> >> >> JAAS.
> >> >
> >> > Thanks, i appreciate that :)
> >> >
> >> >> I've had a pretty good look at wicket security but the conclusion that
> >> >> I've
> >> >> come to with that is it only supports the fact that you have pre
> >> defined
> >> >> roles within your application.
> >> >>
> >> >
> >> > Well i am not saying it is impossible to declare and add new
> >> > permissions / principals at runtime but i think it is generally
> >> > undesirable to do so. Instead you should make your principals fine
> >> > grained enough to be used as building blocks for  roles.
> >> >
> >> >> I'm currently working on a multi tenant web application where the
> >> >> application provided a set of permission, such and read / write access
> >> to
> >> >> an
> >> >> object and each tenant in the application defines their own role
> >> heirachy
> >> >> based on those permissions.
> >> >
> >> > This is exactly what we are doing in our application. We have
> >> > literally +- 1000 principals defined in our system. By allowing the
> >> > users to group principals together they can build there own roles. We
> >> > have multiple organizations in our application and each of them can
> >> > completely redesign there user roles in the system (well only up to a
> >> > point because we could not allow that, but that aside they could). We
> >> > provide each organization with a set of default roles as we think will
> >> > suit most of them but they are completely free to alter/ rename/
> >> > delete/ whatever do with those roles because we do not depend on the
> >> > roles but on the underlying principals, which are controlled by us. A
> >> > big help is the fact that we made our principals imply each other
> >> > (write implies read, etc)  So when a user designs there roles they
> >> > don't have to check read access to page A and write access to page A
> >> > but can suffice with write access to page A. Although most of our
> >> > principals handle a couple of related pages we also have principals
> >> > going as deep as individual components. For instance we have a large
> >> > data grid, the principals are fine grained enough to give you read or
> >> > write access up to the individual cell.
> >> >
> >> > Correct me if i am wrong but this seems to be what you want too.
> >> >
> >> > Maurice
> >> >
> >> >
> >> > On 6/28/07, craigdd <[EMAIL PROTECTED]> wrote:
> >> >>
> >> >> I've had a pretty good look at wicket security but the conclusion that
> >> >> I've
> >> >> come to with that is it only supports the fact that you have pre
> >> defined
> >> >> roles within your application.
> >> >>
> >> >> I'm currently working on a multi tenant web application where the
> >> >> application provided a set of permission, such and read / write access
> >> to
> >> >> an
> >> >> object and each tenant in the application defines their own role
> >> heirachy
> >> >> based on those permissions.
> >> >>
> >> >> We are currently using acegi and I'm trying to figure out the best way
> >> to

Re: [Wicket-user] wicket security and acl files

2007-06-29 Thread Maurice Marrink 
Actually that is already how they work. Even though the Principal
class does not have methods for getting and setting the Permissions.
The mapping is done in the policy file like this.

grant principal ${RechtenSet} "PageA.read"
{
//read permission for all of page A
permission ${ComponentPermission}
"nl.topicus.krypton.web.pages.PageA", "inherit, render";
};
grant principal ${RechtenSet} "PageA.write"
{
//write permission for all form components on page A
permission ${ComponentPermission}
"nl.topicus.krypton.web.pages.PageA:form", "inherit, enable";
};
grant principal ${RechtenSet} "PageA.delete"
{
//allow separate delete links to be clicked
permission ${ComponentPermission}
"nl.topicus.krypton.web.pages.PageA:deleteLink1", "enable";
permission ${ComponentPermission}
"nl.topicus.krypton.web.pages.PageA:deleteLink2", "enable";
};

I know the api doc for principal states "which can be used to
represent any entity, such as an individual, a corporation, or a login
id." I admit it is shamelessly copied from java.security.Principal :)
And now that i think about i can see the way we use principals like
permissions now actually comes from our dealings with jaas. But i
still feel it is not a big issue. I'll just rewrite the api doc ;)

Maurice

On 6/29/07, Igor Vaynberg <[EMAIL PROTECTED]> wrote:
> take maurice's post and substitute word permission for word principal,
> define user/principal as an object that has a set of permissions, and it
> makes perfect sense.
>
> -igor
>
>
>
>
>  On 6/28/07, craigdd <[EMAIL PROTECTED]> wrote:
> >
> > I understand what you are saying and I see how you have accomplished
> > something similar to what I'm trying to do, however it seems to me that
> you
> > are miss using the concept of a Principal.  I'm not a security expert but
> a
> > principal seems to point to an individual and not with something called
> > write.  Write fits a little better into the concepts of ACL.
> >
> > -Craig
> >
> >
> > Mr Mean wrote:
> > >
> > >> By the way, I'm not saying wicket security is bad, other than my
> example
> > >> I
> > >> think it is a well put together framework that beats the hell out of
> > >> using
> > >> JAAS.
> > >
> > > Thanks, i appreciate that :)
> > >
> > >> I've had a pretty good look at wicket security but the conclusion that
> > >> I've
> > >> come to with that is it only supports the fact that you have pre
> defined
> > >> roles within your application.
> > >>
> > >
> > > Well i am not saying it is impossible to declare and add new
> > > permissions / principals at runtime but i think it is generally
> > > undesirable to do so. Instead you should make your principals fine
> > > grained enough to be used as building blocks for  roles.
> > >
> > >> I'm currently working on a multi tenant web application where the
> > >> application provided a set of permission, such and read / write access
> to
> > >> an
> > >> object and each tenant in the application defines their own role
> heirachy
> > >> based on those permissions.
> > >
> > > This is exactly what we are doing in our application. We have
> > > literally +- 1000 principals defined in our system. By allowing the
> > > users to group principals together they can build there own roles. We
> > > have multiple organizations in our application and each of them can
> > > completely redesign there user roles in the system (well only up to a
> > > point because we could not allow that, but that aside they could). We
> > > provide each organization with a set of default roles as we think will
> > > suit most of them but they are completely free to alter/ rename/
> > > delete/ whatever do with those roles because we do not depend on the
> > > roles but on the underlying principals, which are controlled by us. A
> > > big help is the fact that we made our principals imply each other
> > > (write implies read, etc)  So when a user designs there roles they
> > > don't have to check read access to page A and write access to page A
> > > but can suffice with write access to page A. Although most of our
> > > principals handle a couple of related pages we also have principals
> > > going as deep as individual components. For instance we have a large
> > > data grid, the principals are fine grained enough to give you read or
> > > write access up to the individual cell.
> > >
> > > Correct me if i am wrong but this seems to be what you want too.
> > >
> > > Maurice
> > >
> > >
> > > On 6/28/07, craigdd <[EMAIL PROTECTED]> wrote:
> > >>
> > >> I've had a pretty good look at wicket security but the conclusion that
> > >> I've
> > >> come to with that is it only supports the fact that you have pre
> defined
> > >> roles within your application.
> > >>
> > >> I'm currently working on a multi tenant web application where the
> > >> application provided a set of permission, such and read / write access
> to
> > >> an
> > >> object and each tenant in the application defines their own role
> heirachy
> > >> based on

Re: [Wicket-user] wicket security and acl files

2007-06-28 Thread Maurice Marrink 
Neither am i :) And you could be right about me misusing the
principal, but using the actions of a permission for read write and
then logically separating permissions with read from permissions with
write in different principals does not seem like stretch to me.

Maurice

On 6/29/07, craigdd <[EMAIL PROTECTED]> wrote:
>
> I understand what you are saying and I see how you have accomplished
> something similar to what I'm trying to do, however it seems to me that you
> are miss using the concept of a Principal.  I'm not a security expert but a
> principal seems to point to an individual and not with something called
> write.  Write fits a little better into the concepts of ACL.
>
> -Craig
>
>
> Mr Mean wrote:
> >
> >> By the way, I'm not saying wicket security is bad, other than my example
> >> I
> >> think it is a well put together framework that beats the hell out of
> >> using
> >> JAAS.
> >
> > Thanks, i appreciate that :)
> >
> >> I've had a pretty good look at wicket security but the conclusion that
> >> I've
> >> come to with that is it only supports the fact that you have pre defined
> >> roles within your application.
> >>
> >
> > Well i am not saying it is impossible to declare and add new
> > permissions / principals at runtime but i think it is generally
> > undesirable to do so. Instead you should make your principals fine
> > grained enough to be used as building blocks for  roles.
> >
> >> I'm currently working on a multi tenant web application where the
> >> application provided a set of permission, such and read / write access to
> >> an
> >> object and each tenant in the application defines their own role heirachy
> >> based on those permissions.
> >
> > This is exactly what we are doing in our application. We have
> > literally +- 1000 principals defined in our system. By allowing the
> > users to group principals together they can build there own roles. We
> > have multiple organizations in our application and each of them can
> > completely redesign there user roles in the system (well only up to a
> > point because we could not allow that, but that aside they could). We
> > provide each organization with a set of default roles as we think will
> > suit most of them but they are completely free to alter/ rename/
> > delete/ whatever do with those roles because we do not depend on the
> > roles but on the underlying principals, which are controlled by us. A
> > big help is the fact that we made our principals imply each other
> > (write implies read, etc)  So when a user designs there roles they
> > don't have to check read access to page A and write access to page A
> > but can suffice with write access to page A. Although most of our
> > principals handle a couple of related pages we also have principals
> > going as deep as individual components. For instance we have a large
> > data grid, the principals are fine grained enough to give you read or
> > write access up to the individual cell.
> >
> > Correct me if i am wrong but this seems to be what you want too.
> >
> > Maurice
> >
> >
> > On 6/28/07, craigdd <[EMAIL PROTECTED]> wrote:
> >>
> >> I've had a pretty good look at wicket security but the conclusion that
> >> I've
> >> come to with that is it only supports the fact that you have pre defined
> >> roles within your application.
> >>
> >> I'm currently working on a multi tenant web application where the
> >> application provided a set of permission, such and read / write access to
> >> an
> >> object and each tenant in the application defines their own role heirachy
> >> based on those permissions.
> >>
> >> We are currently using acegi and I'm trying to figure out the best way to
> >> bake acl into wicket's components.  Example, a link is set to invisible
> >> if
> >> the authenticated use doesn't contain a role with the given permission of
> >> that link.  So lets say the link is to delete an object, the user must
> >> have
> >> a role with the permission to delete that object or the link will not
> >> show
> >> on the page.
> >>
> >> By the way, I'm not saying wicket security is bad, other than my example
> >> I
> >> think it is a well put together framework that beats the hell out of
> >> using
> >> JAAS.
> >>
> >> -Craig
> >>
> >>
> >> Mr Mean wrote:
> >> >
> >> > If you mean java Jaas like acl than swarm is what you are looking for.
> >> > Optionally if you really want to use jaas and not some look alike i
> >> > made up you could practically copy swarm and replace most objects with
> >> > there jaas counterparts.
> >> > However i chose not to use jaas because  we are using that in one of
> >> > our projects right now and although it works it is less than optimal
> >> > :) As soon as we make the switch to wicket 1.3.0 jaas will be replaced
> >> > by swarm.
> >> >
> >> > You can also check out the example project here
> >> >
> >> https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-examples
> >> >
> >> >
> >> > Maurice
> >> >
> >> > On 6/21/

[Wicket-user] Session.dirty()

2007-06-28 Thread Maurice Marrink 
Hi,
I am in the process of making wasp and swarm play nicer within a
clustered environment.
Johan suggested calling dirty() whenever i make a change in the
session (which is where i store everything indirectly). But because i
have login method on my authorization strategy (which should call
dirty after a login) and Session.dirty() is protected i can not call
dirty unless i expose it in my WaspSession. Before i do that however i
thought i check here if there was a special reason not to make dirty()
public. I could not come up with one especially since bind is also
public which kind of has the same (side)effect.

So my question, what is the reason dirty() is not public and if there
is no reason could you make it public.

Thanks,

Maurice

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] wicket security and acl files

2007-06-28 Thread Maurice Marrink 
> By the way, I'm not saying wicket security is bad, other than my example I
> think it is a well put together framework that beats the hell out of using
> JAAS.

Thanks, i appreciate that :)

> I've had a pretty good look at wicket security but the conclusion that I've
> come to with that is it only supports the fact that you have pre defined
> roles within your application.
>

Well i am not saying it is impossible to declare and add new
permissions / principals at runtime but i think it is generally
undesirable to do so. Instead you should make your principals fine
grained enough to be used as building blocks for  roles.

> I'm currently working on a multi tenant web application where the
> application provided a set of permission, such and read / write access to an
> object and each tenant in the application defines their own role heirachy
> based on those permissions.

This is exactly what we are doing in our application. We have
literally +- 1000 principals defined in our system. By allowing the
users to group principals together they can build there own roles. We
have multiple organizations in our application and each of them can
completely redesign there user roles in the system (well only up to a
point because we could not allow that, but that aside they could). We
provide each organization with a set of default roles as we think will
suit most of them but they are completely free to alter/ rename/
delete/ whatever do with those roles because we do not depend on the
roles but on the underlying principals, which are controlled by us. A
big help is the fact that we made our principals imply each other
(write implies read, etc)  So when a user designs there roles they
don't have to check read access to page A and write access to page A
but can suffice with write access to page A. Although most of our
principals handle a couple of related pages we also have principals
going as deep as individual components. For instance we have a large
data grid, the principals are fine grained enough to give you read or
write access up to the individual cell.

Correct me if i am wrong but this seems to be what you want too.

Maurice


On 6/28/07, craigdd <[EMAIL PROTECTED]> wrote:
>
> I've had a pretty good look at wicket security but the conclusion that I've
> come to with that is it only supports the fact that you have pre defined
> roles within your application.
>
> I'm currently working on a multi tenant web application where the
> application provided a set of permission, such and read / write access to an
> object and each tenant in the application defines their own role heirachy
> based on those permissions.
>
> We are currently using acegi and I'm trying to figure out the best way to
> bake acl into wicket's components.  Example, a link is set to invisible if
> the authenticated use doesn't contain a role with the given permission of
> that link.  So lets say the link is to delete an object, the user must have
> a role with the permission to delete that object or the link will not show
> on the page.
>
> By the way, I'm not saying wicket security is bad, other than my example I
> think it is a well put together framework that beats the hell out of using
> JAAS.
>
> -Craig
>
>
> Mr Mean wrote:
> >
> > If you mean java Jaas like acl than swarm is what you are looking for.
> > Optionally if you really want to use jaas and not some look alike i
> > made up you could practically copy swarm and replace most objects with
> > there jaas counterparts.
> > However i chose not to use jaas because  we are using that in one of
> > our projects right now and although it works it is less than optimal
> > :) As soon as we make the switch to wicket 1.3.0 jaas will be replaced
> > by swarm.
> >
> > You can also check out the example project here
> > https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-examples
> >
> >
> > Maurice
> >
> > On 6/21/07, Igor Vaynberg <[EMAIL PROTECTED]> wrote:
> >> wicket's security model is completely generic
> >>
> >> see IAuthorizationStrategy - it is very abstract and thus can be used to
> >> implement any kind of authorization
> >>
> >> wicket-auth is just an example that implements basic role-based model
> >>
> >> see wicket-stuff wasp and swarm projects
> >>
> >> http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security
> >>
> >> -igor
> >>
> >>
> >> On 6/21/07, craigdd <[EMAIL PROTECTED]> wrote:
> >> >
> >> > Is wicket security based only on role based authorization or could it
> >> somehow
> >> > be used with a more traditional ACL type of file / logic.
> >> >
> >> > -Craig
> >> > --
> >> > View this message in context:
> >> http://www.nabble.com/wicket-security-and-acl-files-tf3960558.html#a11239024
> >> > Sent from the Wicket - User mailing list archive at Nabble.com.
> >> >
> >> >
> >> >
> >> -
> >> > This SF.net email is sponsored by DB2 Express
> >> > Download DB2 Express C

[Wicket-user] [Announcement] First release of projects Wasp and Swarm

2007-06-26 Thread Maurice Marrink 
All, i have just made a first release of the Wicket-Security projects
Wasp and Swarm. Available at SourceForge
Wasp : 
http://sourceforge.net/project/showfiles.php?group_id=134391&package_id=236513&release_id=519031
Swarm: 
http://sourceforge.net/project/showfiles.php?group_id=134391&package_id=236514&release_id=519034

More info available at
http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security

I am also glad to announce that the getting started at the
wicket-stuff wiki is finally complete.
http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm

And last but not least the examples, after being released earlier this
weak, have also been renewed. get them at
http://sourceforge.net/project/showfiles.php?group_id=134391&package_id=236512&release_id=518355

More examples will be added in the coming days / weeks.


Maurice

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Wicket Helloworld using Tomcat

2007-06-26 Thread Maurice Marrink 
The helloworld example quickly steps over the fact that you have to
deploy your example to tomcat. It does mention that you should use the
quickstart project. After you have integrated your helloworld example
in the quickstart you need to deploy it.

Maurice

On 6/26/07, tnjtn1 <[EMAIL PROTECTED]> wrote:
>
> HI,
>
> I am newer to wicket. just i am trying to use HelloWorld program following
> this below url with Tomcat5.0 server.
>
> http://wicket.sourceforge.net/ExampleHelloWorld.html
>
> 1) I have place java file under  src folder.
> 2) I have placed HelloWorld.html file under webContent folder.
>
> when i run the Helloworld.html file, it display only  -- " Message goes
> here" . But it won't display the content of label component..
>
> where i took mistake..?
>
> Thanks & Regards,
> kumar
> --
> View this message in context: 
> http://www.nabble.com/Wicket-Helloworld-using-Tomcat-tf3982219.html#a11305084
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] newbie-Question

2007-06-26 Thread Maurice Marrink 
Thanks, for this additional info Martijn, i guess i am so used to
using IPageLink i sometimes forget the pitfalls for new wicket users.

The trick with the IPageLink is that it does not use the getPage
method until the link is actually clicked. And therefore your Pages
will always be constructed lazily.

But like Martijn says Link is in this case just as easy.

Maurice

On 6/26/07, Martijn Dashorst <[EMAIL PROTECTED]> wrote:
> Don't use page link!
>
> Use PageLink only if you actually know what you are doing.
>
> In this case: you should use the normal Link and set the responsepage
> in the onclick.
>
> Page1 {
> ... counter ...
>
> add(new Link("page2") { onclick() { setResponsePage(new
> Page2(Page1.this)); });
> ...
> }
>
>
> Page2 {
> private Page returnToPage;
> public Page2(Page returnTo) {
> this.returnToPage = returnTo;
>
> add(new Link("page1") { onclick() { setResponsePage(returnToPage); 
> }});
> }
> }
>
> Don't do the following, I repeat: the following is REALLY BAD:
>
> add(new PageLink("page1", new Page1()));
> add(new PageLink("page2", new Page2()));
> add(new PageLink("page3", new Page3()));
>
> Don't do that! It will exhaust your memory (you create pages upfront,
> even when they never will be used). Remember what the 'new' keyword
> does?
>
> Martijn
>
>
> On 6/26/07, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> > Sure :)
> >
> > In page 1 you do add(new PageLink("start", Foo.class));
> > because you are using the class reference to your 2nd page here wicket
> > always creates a new instance, the same happens with the pagelink on
> > page2 where you go back to page 1.
> >
> > The trick is to tell wicket to use an existing page.
> > so on page 1 we could do this
> > add(new PageLink("start", new IPageLink()
> > {
> >  public Page getPage()
> > {
> >  //now we can decide which instance / constructor we use
> >  //in this case a new page is fine
> >  return new Foo(HelloWorld.this);
> > }
> > public Class getPageIdentity()
> > {
> >  return Foo.class;
> > }
> > }));
> >
> > Because we now pass the first page to the 2nd page we need to alter
> > the constructor of the 2nd page
> >
> >  public Foo(Page returnPage) {
> >add(new Label("message", "Foo page"));
> > //this basically wraps your page in an IPageLink like we did manually on 
> > page 1
> >Link pl = new PageLink("return", returnPage);
> >pl.add(new AttributeAppender("class", new Model("return"), " 
> > "));
> >add(pl);
> >}
> >
> > And thats all there is to it.
> > And i did not even have to use a regular link like i though we would
> > have to in my previous response :)
> >
> > Maurice
> >
> > On 6/26/07, Leucht, Axel <[EMAIL PROTECTED]> wrote:
> > > Thx for the quick answer, but being a newbie can I ask you to elaborate 
> > > it a little bit more?
> > >
> > > Regards
> > >
> > > /Axel
> > >
> > >
> > > >>-Ursprüngliche Nachricht-
> > > >>Von: [EMAIL PROTECTED]
> > > >>[mailto:[EMAIL PROTECTED] Auftrag
> > > >>von Maurice
> > > >>Marrink
> > > >>Gesendet: Dienstag, 26. Juni 2007 11:07
> > > >>An: wicket-user@lists.sourceforge.net
> > > >>Betreff: Re: [Wicket-user] newbie-Question
> > > >>
> > > >>
> > > >>You need to pass a reference for page 1 to page 2 and then instead of
> > > >>using a pagelink on page2 to return to page1 use a regular link which
> > > >>sets the responsepage to the instance of page 1 you passed to page 2.
> > > >>
> > > >>Maurice
> > > >>
> > > >>On 6/26/07, Leucht, Axel <[EMAIL PROTECTED]> wrote:
> > > >>> Sorry if this is a dumb question and has been answered
> > > >>hundred times but I couldn't find any answer to the following
> > > >>question.
> > > >>>
> > > >>> I do have two HTML pages. Page one contains a link which
> > > >>displays the number on clicks the user executed. The second
> > > >>link jumps to page 2. Page 2 just displays a link to go back
> > &g

Re: [Wicket-user] newbie-Question

2007-06-26 Thread Maurice Marrink 
Sure :)

In page 1 you do add(new PageLink("start", Foo.class));
because you are using the class reference to your 2nd page here wicket
always creates a new instance, the same happens with the pagelink on
page2 where you go back to page 1.

The trick is to tell wicket to use an existing page.
so on page 1 we could do this
add(new PageLink("start", new IPageLink()
{
 public Page getPage()
{
 //now we can decide which instance / constructor we use
 //in this case a new page is fine
 return new Foo(HelloWorld.this);
}
public Class getPageIdentity()
{
 return Foo.class;
}
}));

Because we now pass the first page to the 2nd page we need to alter
the constructor of the 2nd page

 public Foo(Page returnPage) {
   add(new Label("message", "Foo page"));
//this basically wraps your page in an IPageLink like we did manually on page 1
   Link pl = new PageLink("return", returnPage);
   pl.add(new AttributeAppender("class", new Model("return"), " "));
   add(pl);
   }

And thats all there is to it.
And i did not even have to use a regular link like i though we would
have to in my previous response :)

Maurice

On 6/26/07, Leucht, Axel <[EMAIL PROTECTED]> wrote:
> Thx for the quick answer, but being a newbie can I ask you to elaborate it a 
> little bit more?
>
> Regards
>
> /Axel
>
>
> >>-Ursprüngliche Nachricht-
> >>Von: [EMAIL PROTECTED]
> >>[mailto:[EMAIL PROTECTED] Auftrag
> >>von Maurice
> >>Marrink
> >>Gesendet: Dienstag, 26. Juni 2007 11:07
> >>An: wicket-user@lists.sourceforge.net
> >>Betreff: Re: [Wicket-user] newbie-Question
> >>
> >>
> >>You need to pass a reference for page 1 to page 2 and then instead of
> >>using a pagelink on page2 to return to page1 use a regular link which
> >>sets the responsepage to the instance of page 1 you passed to page 2.
> >>
> >>Maurice
> >>
> >>On 6/26/07, Leucht, Axel <[EMAIL PROTECTED]> wrote:
> >>> Sorry if this is a dumb question and has been answered
> >>hundred times but I couldn't find any answer to the following
> >>question.
> >>>
> >>> I do have two HTML pages. Page one contains a link which
> >>displays the number on clicks the user executed. The second
> >>link jumps to page 2. Page 2 just displays a link to go back
> >>to page 1.
> >>>
> >>> Assume that user clicks 5 times on the ClickCounter link in
> >>page 1 and hence the link displays as 'This link is clicked 5
> >>times'. When the user the switches to page 2 and immediately
> >>goes back to page 1 the counter is reset to 0 and rendered as
> >>'This link is clicked 0 times'.
> >>>
> >>> What am I doing wrong here? I assumed that clicking on the
> >>return-button on page 2 goes "back" to the original session
> >>in page 1 ?!
> >>>
> >>> Here is my Java classes:
> >>> -- page 1 ---
> >>> public class HelloWorld extends WebPage implements Serializable {
> >>> public HelloWorld() {
> >>> add(new Label("message", "Foo World!"));
> >>> add(new PageLink("start", Foo.class));
> >>> final ClickCount count1 = new ClickCount();
> >>> Link link1 = new Link("link1") {
> >>> public void onClick() {
> >>> count1.clicks++;
> >>> }
> >>> };
> >>> link1.add(new Label("label1", new Model() {
> >>> public java.lang.Object
> >>getObject(Component component) {
> >>> return
> >>Integer.toString(count1.clicks);
> >>> }
> >>> }));
> >>> add(link1);
> >>> }
> >>>
> >>> class ClickCount implements Serializable {
> >>> private int clicks = 0;
> >>> }
> >>> }
> >>> --- page 2 ---
> >>> public class Foo extends WebPage {
> >>> public Foo() {
> >>> add(new Label("message", "Foo page"));
> >>> Link pl = new PageLink("return", HelloWorld.class);
> >>>

Re: [Wicket-user] newbie-Question

2007-06-26 Thread Maurice Marrink 
You need to pass a reference for page 1 to page 2 and then instead of
using a pagelink on page2 to return to page1 use a regular link which
sets the responsepage to the instance of page 1 you passed to page 2.

Maurice

On 6/26/07, Leucht, Axel <[EMAIL PROTECTED]> wrote:
> Sorry if this is a dumb question and has been answered hundred times but I 
> couldn't find any answer to the following question.
>
> I do have two HTML pages. Page one contains a link which displays the number 
> on clicks the user executed. The second link jumps to page 2. Page 2 just 
> displays a link to go back to page 1.
>
> Assume that user clicks 5 times on the ClickCounter link in page 1 and hence 
> the link displays as 'This link is clicked 5 times'. When the user the 
> switches to page 2 and immediately goes back to page 1 the counter is reset 
> to 0 and rendered as 'This link is clicked 0 times'.
>
> What am I doing wrong here? I assumed that clicking on the return-button on 
> page 2 goes "back" to the original session in page 1 ?!
>
> Here is my Java classes:
> -- page 1 ---
> public class HelloWorld extends WebPage implements Serializable {
> public HelloWorld() {
> add(new Label("message", "Foo World!"));
> add(new PageLink("start", Foo.class));
> final ClickCount count1 = new ClickCount();
> Link link1 = new Link("link1") {
> public void onClick() {
> count1.clicks++;
> }
> };
> link1.add(new Label("label1", new Model() {
> public java.lang.Object getObject(Component 
> component) {
> return Integer.toString(count1.clicks);
> }
> }));
> add(link1);
> }
>
> class ClickCount implements Serializable {
> private int clicks = 0;
> }
> }
> --- page 2 ---
> public class Foo extends WebPage {
> public Foo() {
> add(new Label("message", "Foo page"));
> Link pl = new PageLink("return", HelloWorld.class);
> pl.add(new AttributeAppender("class", new Model("return"), " 
> "));
> add(pl);
> }
> }
> /Axel
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

[Wicket-user] Security comparison

2007-06-24 Thread Maurice Marrink 
All,

I started a little comparison of Wicket security frameworks on the
Wicket-Stuff wiki:
http://wicketstuff.org/confluence/display/STUFFWIKI/Security+Framework+Comparison
As the article states it is not about who's framework is better but
about giving a summary of the facts.

That being said, I welcome input from others about missing or
incorrect information.
Also if you would like to see another project up there you can let us know here.

Maurice

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Use of Session

2007-06-22 Thread Maurice Marrink 
imo your best option is to override the newSession method in
Application and use your own custom session as it allows you to get
your objects back without casting, as you would have to with metadata,
and it allows you to do do some detach logic (if you need to).
Alternatively you could use the requestcycle in the same way.

Maurice

On 6/22/07, Matthieu Casanova <[EMAIL PROTECTED]> wrote:
> Hi, I'm not familiar with wicket sessions. I understand that I can
> create my own session object that extends the WebSession, and that
> will have some fields containing my sessions datas. In that case I
> have to replace the ISessionFactory of my application.
> The other choice to store datas in the Session is to use the
> getMetaData and setMetaData methods of WebSession ?
> What is the best choice ?
> thanks
>
> Matthieu
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] wicket security and acl files

2007-06-21 Thread Maurice Marrink 
If you mean java Jaas like acl than swarm is what you are looking for.
Optionally if you really want to use jaas and not some look alike i
made up you could practically copy swarm and replace most objects with
there jaas counterparts.
However i chose not to use jaas because  we are using that in one of
our projects right now and although it works it is less than optimal
:) As soon as we make the switch to wicket 1.3.0 jaas will be replaced
by swarm.

You can also check out the example project here
https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-examples


Maurice

On 6/21/07, Igor Vaynberg <[EMAIL PROTECTED]> wrote:
> wicket's security model is completely generic
>
> see IAuthorizationStrategy - it is very abstract and thus can be used to
> implement any kind of authorization
>
> wicket-auth is just an example that implements basic role-based model
>
> see wicket-stuff wasp and swarm projects
>
> http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security
>
> -igor
>
>
> On 6/21/07, craigdd <[EMAIL PROTECTED]> wrote:
> >
> > Is wicket security based only on role based authorization or could it
> somehow
> > be used with a more traditional ACL type of file / logic.
> >
> > -Craig
> > --
> > View this message in context:
> http://www.nabble.com/wicket-security-and-acl-files-tf3960558.html#a11239024
> > Sent from the Wicket - User mailing list archive at Nabble.com.
> >
> >
> >
> -
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > ___
> > Wicket-user mailing list
> > Wicket-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/wicket-user
> >
>
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] handling expiring pages

2007-06-19 Thread Maurice Marrink 
couldn't there be a setting in wicket to turn this on?
autoforward_postdata or something ?

would be useful to lots of people i imagine.

Maurice

On 6/19/07, Eelco Hillenius <[EMAIL PROTECTED]> wrote:
> > Actually even statelessforms are not going to save you in this case
> > because you wanted to have the user login first. This is most commonly
> > achieved by throwing a RestartResponseAtInterceptPage. But that does
> > not save form postdata in the request, so even though you will get
> > back to the form you don't have the postdata to save.
>
> True, but the request parameters are available for you to pass on to
> the next request, so if you think a little bit about it you can do it.
>
> Eelco
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] handling expiring pages

2007-06-19 Thread Maurice Marrink 
> > 2 (nearly the same, but with a form)
> > ---
> > User Sarah logs in, searches a song "Anton aus Tirol" and starts editing the
> > song data, but doesn't submit the data. She gets away from her desk and when
> > she returns everyting seems fine to her. She continues editing the data of
> > "Anton aus Tirol" and submits. Her session has expired, so she gets
> > redirected to the login page. She logs in again and the data she wanted to
> > submit get submitted by the application. Sarah is shown the new data of
> > "Anton aus Tirol", which she submitted.
>
> Yeah, this is only possible with stateless forms, or using
> bookmarkable pages and code the forms yourself (this might be an
> option for 1.2).
>
Actually even statelessforms are not going to save you in this case
because you wanted to have the user login first. This is most commonly
achieved by throwing a RestartResponseAtInterceptPage. But that does
not save form postdata in the request, so even though you will get
back to the form you don't have the postdata to save.

Maurice

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Is it possible to set visibility in an IBehavior (in 1.3.0 trunk)?

2007-06-19 Thread Maurice Marrink 
This sounds more like a security issue than a behavior issue. I expect
you can use any security framework for wicket (Swarm, Auth-Roles,
someone is working on integrating Acegi) to do this. but off course I
would suggest Swarm :) In this particular case it could be as easy as
using for instance the SecureTextField and defining the proper
principals for your usergroups.

You can find more about Swarm here
http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security

Maurice

On 6/19/07, Timo Rantalaiho <[EMAIL PROTECTED]> wrote:
> Hello Wicket,
>
> We have to hide a couple of components from certain groups
> of users. We tried doing it with a reusable AbstractBehavior,
> but calling component.setVisible() in IBehavior.beforeRender()
> caused the good old "cannot modify component hierarchy
> during render phase" exception. There is no onBeforeRender()
> in IBehavior.
>
> Should it be possible for an IBehavior to control visibility
> (Component.isVisible(), not just HTML or CSS attributes)?
>
> The code (calling same code in all relevant isVisible()
> methods()) works, but it would be interesting to know if
> there would be a more elegant or reusable solution.
>
> We develop on 1.3.0 trunk.
>
>
> Visiting all relevant components (e.g. marked with an
> interface) from a parent might be possible too.
>
> Thanks,
> Timo
>
> --
> Timo Rantalaiho
> Reaktor Innovations Oyhttp://www.ri.fi/ >
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Wicket Security Example Time Frame

2007-06-14 Thread Maurice Marrink 
Well i finally committed my first example to wicket stuff svn at
https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-examples.
Sorry no live examples at the moment. just an eclipse project ready to
run with the tomcat plugin. I will be making more examples in the
coming weeks/months.
Also if there are any requests as to what you want to see in the
examples, just ask.
Questions / comments let me know.

Maurice

On 6/3/07, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> Indeed GeneralTest is the place to look at right now. I am working on
> some examples but there are only so many hours in a day :)
> Also there is an (unfinished) getting started section at the wiki
> http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm
>
> Thanks for the interest in the project and if you have any questions
> just ask them on the mailing list
>
> Maurice
>
> On 6/2/07, craigdd <[EMAIL PROTECTED]> wrote:
> >
> > I came across the GeneralTest in the security project, looks like a great
> > example starter for the security project.
> >
> > Thanks
> > Craig
> >
> >
> > craigdd wrote:
> > >
> > > Does anyone know the time frame for the wicket security project to come
> > > out with an examples project or is there some early access code people can
> > > get access to?
> > >
> > > The project looks pretty nice, I look forward to doing some evaluation on
> > > it and possibly using in on an upcoming project.
> > >
> > > Thanks
> > > Craig
> > >
> >
> > --
> > View this message in context: 
> > http://www.nabble.com/Wicket-Security-Example-Time-Frame-tf3855250.html#a10922941
> > Sent from the Wicket - User mailing list archive at Nabble.com.
> >
> >
> > -
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > ___
> > Wicket-user mailing list
> > Wicket-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/wicket-user
> >
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Evaluating Wicket

2007-06-12 Thread Maurice Marrink 
It is at 
https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/branches/WICKET_1_2/wicket-kronos-cms
to be precise.

Ted maybe you can refresh our memory about kronos again :)

Maurice

On 6/12/07, Igor Vaynberg <[EMAIL PROTECTED]> wrote:
> two students, who were new to wicket, put together a wicket based cms. it is
> in wicket-stuff and is called kronos. no need to get gray hair, its probably
> a good starting point for building your own.
>
> -igor
>
>
>
> On 6/12/07, Francis Amanfo <[EMAIL PROTECTED]> wrote:
> >
> > Hi Patrick,
> >
> >
> > On 6/12/07, Patrick Angeles < [EMAIL PROTECTED]> wrote:
> > >
> > > I'd also like to know if I can mount bookmarkable
> > > pages dynamically... say if someone were to create and publish a new CMS
> > > page from the admin app.
> >
> >
> > This is a very good question. With Wicket requiring a corresponding Java
> class for any dynamic page, this could get tricky. I was faced with a
> similar dilema 2 years ago when I was using Wicket for a medium sized
> project. Fortunately for me, they decided to drop the CMS for some other
> reason not relating to Wicket and could hence save my dark hair. Otherwise I
> might have gotten gray hair by now :-)
> >
> >
> > > --
> > > View this message in context:
> http://www.nabble.com/Evaluating-Wicket-tf3909204.html#a11084242
> > > Sent from the Wicket - User mailing list archive at Nabble.com.
> > >
> > >
> > >
> -
> > > This SF.net email is sponsored by DB2 Express
> > > Download DB2 Express C - the FREE version of DB2 express and take
> > > control of your XML. No limits. Just data. Click to get it now.
> > > http://sourceforge.net/powerbar/db2/
> > > ___
> > > Wicket-user mailing list
> > > Wicket-user@lists.sourceforge.net
> > >
> https://lists.sourceforge.net/lists/listinfo/wicket-user
> > >
> >
> >
> >
> > --
> > Beware of bugs in the above code;
> > I have only proved it correct, not tried it.
> > -Donald Knuth
> >
> -
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > ___
> > Wicket-user mailing list
> > Wicket-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/wicket-user
> >
> >
>
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] nice url for DownloadLink

2007-06-12 Thread Maurice Marrink 
wicket 1.3 is available if you include the following in your
repositories tag of maven 2 pom.xml


wicket-snaps
http://wicketstuff.org/maven/repository

true


false



Maurice

On 6/12/07, Jean-Baptiste Quenot <[EMAIL PROTECTED]> wrote:
> * Jan Van Besien:
>
> > Jean-Baptiste Quenot wrote:
> >
> > > If I were you I would look at the static pages examples:
> > >
> > > http://wicketstuff.org/wicket13/staticpages/
> >
> > Looks promising  indeed, but  unfortunattely seems to  be wicket
> > 1.3 features. I'm  using latest stable  1.2.6, and will  need to
> > verify if 1.3 is an option (not in public maven repository?).
>
> The concepts described in the static pages examples are the same
> in 1.2.6.  You would just have to copy
> URIRequestTargetUrlCodingStrategy in your project, it is
> compatible with 1.2.6.
> --
>  Jean-Baptiste Quenot
> aka  John Banana   Qwerty
> http://caraldi.com/jbq/
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] WASPSession.logout(object)

2007-06-09 Thread Maurice Marrink 
Ok, i just committed some refactoring in the authentication module of
swarm. To make sure we do not store user credentials in the session.
For those of you already depending on swarm, here are the changes.

-All is...Authenticated methods from LoginContext are now in  Subject,
just copy paste the relevant code.
-SingleLoginContext has been folded into LoginContext, simply replace
any occurrence of  the word SingleLoginContext with LoginContext as
the constructors remained the same.
-LoginContext equal and hashcode are final
-LoginContext is now a throw away object and therefor is no longer serializable
-LoginContext no longer implements Comparable interface
-Subjects are now considered readonly, and therefor the interface does
no longer define an addPrincipal method. instead implementations will
provide add/remove methods that honor the readonly flag which is set
by swarm as soon as the subject has been passed on.

I haven't had time to update the getting started yet, so be patient there.

Oh and before anyone else says something about it, I'll do it myself :)
I know Subject now has a dependency on the wicket gui, making it a
less ideal candidate for storing it in a database as before. But my
reasoning is this Subject is part of swarm and therefor of wicket, so
the dependency is allowed. Instead use your own entity for database
storage and wrap them in a Subject that will be thrown away when they
logoff.

Maurice

On 6/9/07, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> :D Well i had to come up with something outrageous didn't i? ;)
>
> Maurice
>
> On 6/9/07, Igor Vaynberg <[EMAIL PROTECTED]> wrote:
> > On 6/9/07, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> > > retinal scan.
> >
> > :)
> >
> > -igor
> >
> >
> > -
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > ___
> > Wicket-user mailing list
> > Wicket-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/wicket-user
> >
> >
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] WASPSession.logout(object)

2007-06-09 Thread Maurice Marrink 
:D Well i had to come up with something outrageous didn't i? ;)

Maurice

On 6/9/07, Igor Vaynberg <[EMAIL PROTECTED]> wrote:
> On 6/9/07, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> > retinal scan.
>
> :)
>
> -igor
>
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] WASPSession.logout(object)

2007-06-09 Thread Maurice Marrink 
It isn't fixed on username an password because i want people to be
able to use any kind of authentication. e.g. a card reader or retinal
scan. A credentials object could be used in this case, but then i am
introducing yet another class people need to use / extend. But i
already have an idea how to refactor this.

Maurice

On 6/9/07, craigdd <[EMAIL PROTECTED]> wrote:
>
> Just out of curiosity why doesn't the login method take a username/password?
> Or if you want it to be more abstracted create some sort of Credentials
> object and update the WASPSession.login to take a LoginContext and
> Credentials object.  Then update the LoginContext login to take the
> Credential.
>
> -Craig
>
>
> Mr Mean wrote:
> >
> > I just remembered a little snag, this is not going to work because i
> > currently use the context to ask if the component, class, model is
> > authenticated by this context. So i really need it atm.
> >
> > Looks like i need to think this trough a little better. but first i
> > gotta grab some sleep.
> >
> > Maurice
> >
> > On 6/9/07, craigdd <[EMAIL PROTECTED]> wrote:
> >>
> >> Sounds like a pretty good idea, I like that much better than having the
> >> user
> >> need to know they need to cleanup data state in their LoginContext.
> >>
> >> Another idea might be to have the LoginContext provide a method that
> >> returns
> >> a unique identifier.  That value could be store internally and the user
> >> can
> >> pass anything they want, I'd assume the default would be to return the
> >> username which is completely fair to be in the session.
> >>
> >> Without looking too closely at the code you could also use this
> >> identifier
> >> during logout.
> >>
> >> -Craig
> >>
> >>
> >> Mr Mean wrote:
> >> >
> >> > Just thinking out loud here, but it shouldn't be too difficult to
> >> > change this into holding a hash of the logincontext instead of the
> >> > whole context. Since the equals contract already specifies that equal
> >> > object should have equal hashes The equals check can be easily
> >> > performed on the hash, HashMap actually uses the hash before it uses
> >> > the equal, so i do not see much problems here. And it is not like you
> >> > are gonna have an army of logincontexts in each session.
> >> >
> >> > Ill see if i can implement this sometime tomorrow.
> >> >
> >> > Thanks again for pointing this out, if you think there are more of
> >> > this kind of problems just let me know.
> >> >
> >> > Maurice
> >> >
> >> > P.S. i guess an api for getting the original logincontext is out of
> >> > the question then :)
> >> >
> >> >
> >> > On 6/8/07, craigdd <[EMAIL PROTECTED]> wrote:
> >> >>
> >> >> Are you saying then that the instance of LoginContext used to login is
> >> >> held
> >> >> onto in the WASPSession, via the security framework?
> >> >>
> >> >> If so then this brings up a huge security issue, as least the way the
> >> API
> >> >> sits and the examples showing that a LoginContext takes a username and
> >> >> password in its constructor.  This mean that a password(probably plain
> >> >> text)
> >> >> is available in the session which is usually a big no no when it comes
> >> to
> >> >> a
> >> >> secure application.  I've been through a few security probes from
> >> banks
> >> >> on
> >> >> various online applications that that is one of the first thing they
> >> look
> >> >> for / ask. "Are you holding onto the password?"
> >> >>
> >> >> -Craig
> >> >>
> >> >>
> >> >> Mr Mean wrote:
> >> >> >
> >> >> > There is currently no way to grab the login context, so you could
> >> >> > store it yourself (there migh be multiple logintexts though). But
> >> the
> >> >> > good news is you don't have to store it if you don't want to. The
> >> >> > logoff performs an equals check and currently every logincontext of
> >> >> > the same class and level is equal to another. So if you login using
> >> a
> >> >> > MySingleLoginContext(username, password) you can logoff with any new
> >> >> > instance of that class (logoff(new MySingleLoginContext());)
> >> >> >
> >> >> > However if you feel you need to have access to the original
> >> instance,
> >> >> > for instance because you want to know the username, i can always
> >> >> > include such a method in the api.
> >> >> >
> >> >> > Maurice
> >> >> >
> >> >> > On 6/8/07, craigdd <[EMAIL PROTECTED]> wrote:
> >> >> >>
> >> >> >> I see that the WASPSession.logout method takes a LoginContext.  Is
> >> >> there
> >> >> >> somewhere within the SWARM implementation to grab the LoginContext
> >> >> used
> >> >> >> to
> >> >> >> login?  Or when logging in is it up to the developer to put the
> >> >> >> LoginContext
> >> >> >> somewhere...say maybe the session itself?
> >> >> >>
> >> >> >> Thanks
> >> >> >> Craig
> >> >> >> --
> >> >> >> View this message in context:
> >> >> >>
> >> >>
> >> http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11018551
> >> >> >> Sent from the Wicket - User mailing list archive at Nabble.com.
> >> >> >>
> >> >> >>
> >> >>

Re: [Wicket-user] WASPSession.logout(object)

2007-06-08 Thread Maurice Marrink 
I just remembered a little snag, this is not going to work because i
currently use the context to ask if the component, class, model is
authenticated by this context. So i really need it atm.

Looks like i need to think this trough a little better. but first i
gotta grab some sleep.

Maurice

On 6/9/07, craigdd <[EMAIL PROTECTED]> wrote:
>
> Sounds like a pretty good idea, I like that much better than having the user
> need to know they need to cleanup data state in their LoginContext.
>
> Another idea might be to have the LoginContext provide a method that returns
> a unique identifier.  That value could be store internally and the user can
> pass anything they want, I'd assume the default would be to return the
> username which is completely fair to be in the session.
>
> Without looking too closely at the code you could also use this identifier
> during logout.
>
> -Craig
>
>
> Mr Mean wrote:
> >
> > Just thinking out loud here, but it shouldn't be too difficult to
> > change this into holding a hash of the logincontext instead of the
> > whole context. Since the equals contract already specifies that equal
> > object should have equal hashes The equals check can be easily
> > performed on the hash, HashMap actually uses the hash before it uses
> > the equal, so i do not see much problems here. And it is not like you
> > are gonna have an army of logincontexts in each session.
> >
> > Ill see if i can implement this sometime tomorrow.
> >
> > Thanks again for pointing this out, if you think there are more of
> > this kind of problems just let me know.
> >
> > Maurice
> >
> > P.S. i guess an api for getting the original logincontext is out of
> > the question then :)
> >
> >
> > On 6/8/07, craigdd <[EMAIL PROTECTED]> wrote:
> >>
> >> Are you saying then that the instance of LoginContext used to login is
> >> held
> >> onto in the WASPSession, via the security framework?
> >>
> >> If so then this brings up a huge security issue, as least the way the API
> >> sits and the examples showing that a LoginContext takes a username and
> >> password in its constructor.  This mean that a password(probably plain
> >> text)
> >> is available in the session which is usually a big no no when it comes to
> >> a
> >> secure application.  I've been through a few security probes from banks
> >> on
> >> various online applications that that is one of the first thing they look
> >> for / ask. "Are you holding onto the password?"
> >>
> >> -Craig
> >>
> >>
> >> Mr Mean wrote:
> >> >
> >> > There is currently no way to grab the login context, so you could
> >> > store it yourself (there migh be multiple logintexts though). But the
> >> > good news is you don't have to store it if you don't want to. The
> >> > logoff performs an equals check and currently every logincontext of
> >> > the same class and level is equal to another. So if you login using a
> >> > MySingleLoginContext(username, password) you can logoff with any new
> >> > instance of that class (logoff(new MySingleLoginContext());)
> >> >
> >> > However if you feel you need to have access to the original instance,
> >> > for instance because you want to know the username, i can always
> >> > include such a method in the api.
> >> >
> >> > Maurice
> >> >
> >> > On 6/8/07, craigdd <[EMAIL PROTECTED]> wrote:
> >> >>
> >> >> I see that the WASPSession.logout method takes a LoginContext.  Is
> >> there
> >> >> somewhere within the SWARM implementation to grab the LoginContext
> >> used
> >> >> to
> >> >> login?  Or when logging in is it up to the developer to put the
> >> >> LoginContext
> >> >> somewhere...say maybe the session itself?
> >> >>
> >> >> Thanks
> >> >> Craig
> >> >> --
> >> >> View this message in context:
> >> >>
> >> http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11018551
> >> >> Sent from the Wicket - User mailing list archive at Nabble.com.
> >> >>
> >> >>
> >> >>
> >> -
> >> >> This SF.net email is sponsored by DB2 Express
> >> >> Download DB2 Express C - the FREE version of DB2 express and take
> >> >> control of your XML. No limits. Just data. Click to get it now.
> >> >> http://sourceforge.net/powerbar/db2/
> >> >> ___
> >> >> Wicket-user mailing list
> >> >> Wicket-user@lists.sourceforge.net
> >> >> https://lists.sourceforge.net/lists/listinfo/wicket-user
> >> >>
> >> >
> >> >
> >> -
> >> > This SF.net email is sponsored by DB2 Express
> >> > Download DB2 Express C - the FREE version of DB2 express and take
> >> > control of your XML. No limits. Just data. Click to get it now.
> >> > http://sourceforge.net/powerbar/db2/
> >> > ___
> >> > Wicket-user mailing list
> >> > Wicket-user@lists.sourceforge.net
> >> > https://lists.sourceforge.net/lists/listinfo/wicket-user
> >> >
> >> >
> >>
> >> --
> >>

Re: [Wicket-user] WASPSession.logout(object)

2007-06-08 Thread Maurice Marrink 
Just thinking out loud here, but it shouldn't be too difficult to
change this into holding a hash of the logincontext instead of the
whole context. Since the equals contract already specifies that equal
object should have equal hashes The equals check can be easily
performed on the hash, HashMap actually uses the hash before it uses
the equal, so i do not see much problems here. And it is not like you
are gonna have an army of logincontexts in each session.

Ill see if i can implement this sometime tomorrow.

Thanks again for pointing this out, if you think there are more of
this kind of problems just let me know.

Maurice

P.S. i guess an api for getting the original logincontext is out of
the question then :)


On 6/8/07, craigdd <[EMAIL PROTECTED]> wrote:
>
> Are you saying then that the instance of LoginContext used to login is held
> onto in the WASPSession, via the security framework?
>
> If so then this brings up a huge security issue, as least the way the API
> sits and the examples showing that a LoginContext takes a username and
> password in its constructor.  This mean that a password(probably plain text)
> is available in the session which is usually a big no no when it comes to a
> secure application.  I've been through a few security probes from banks on
> various online applications that that is one of the first thing they look
> for / ask. "Are you holding onto the password?"
>
> -Craig
>
>
> Mr Mean wrote:
> >
> > There is currently no way to grab the login context, so you could
> > store it yourself (there migh be multiple logintexts though). But the
> > good news is you don't have to store it if you don't want to. The
> > logoff performs an equals check and currently every logincontext of
> > the same class and level is equal to another. So if you login using a
> > MySingleLoginContext(username, password) you can logoff with any new
> > instance of that class (logoff(new MySingleLoginContext());)
> >
> > However if you feel you need to have access to the original instance,
> > for instance because you want to know the username, i can always
> > include such a method in the api.
> >
> > Maurice
> >
> > On 6/8/07, craigdd <[EMAIL PROTECTED]> wrote:
> >>
> >> I see that the WASPSession.logout method takes a LoginContext.  Is there
> >> somewhere within the SWARM implementation to grab the LoginContext used
> >> to
> >> login?  Or when logging in is it up to the developer to put the
> >> LoginContext
> >> somewhere...say maybe the session itself?
> >>
> >> Thanks
> >> Craig
> >> --
> >> View this message in context:
> >> http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11018551
> >> Sent from the Wicket - User mailing list archive at Nabble.com.
> >>
> >>
> >> -
> >> This SF.net email is sponsored by DB2 Express
> >> Download DB2 Express C - the FREE version of DB2 express and take
> >> control of your XML. No limits. Just data. Click to get it now.
> >> http://sourceforge.net/powerbar/db2/
> >> ___
> >> Wicket-user mailing list
> >> Wicket-user@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/wicket-user
> >>
> >
> > -
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > ___
> > Wicket-user mailing list
> > Wicket-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/wicket-user
> >
> >
>
> --
> View this message in context: 
> http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11033924
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] WASPSession.logout(object)

2007-06-08 Thread Maurice Marrink 
The loginContext is indeed stored indirectly in the session. But
neither wasp nor swarm requires you to:
1 pass in a username and password in a constructor, those are just
convenient examples, although you are right and this will be the most
likely use case.
2 use plaintext authentication data (e.g. password)
3 hold onto the username and password (or anything else you use for
authentication) after the login method is called.

As stated in the apidoc the login method is only called once so you
can and probably should clear anything used to authenticate your user.
The current documentation and or example code does not make this very
clear, thanks for pointing that out.

Maurice

On 6/8/07, craigdd <[EMAIL PROTECTED]> wrote:
>
> Are you saying then that the instance of LoginContext used to login is held
> onto in the WASPSession, via the security framework?
>
> If so then this brings up a huge security issue, as least the way the API
> sits and the examples showing that a LoginContext takes a username and
> password in its constructor.  This mean that a password(probably plain text)
> is available in the session which is usually a big no no when it comes to a
> secure application.  I've been through a few security probes from banks on
> various online applications that that is one of the first thing they look
> for / ask. "Are you holding onto the password?"
>
> -Craig
>
>
> Mr Mean wrote:
> >
> > There is currently no way to grab the login context, so you could
> > store it yourself (there migh be multiple logintexts though). But the
> > good news is you don't have to store it if you don't want to. The
> > logoff performs an equals check and currently every logincontext of
> > the same class and level is equal to another. So if you login using a
> > MySingleLoginContext(username, password) you can logoff with any new
> > instance of that class (logoff(new MySingleLoginContext());)
> >
> > However if you feel you need to have access to the original instance,
> > for instance because you want to know the username, i can always
> > include such a method in the api.
> >
> > Maurice
> >
> > On 6/8/07, craigdd <[EMAIL PROTECTED]> wrote:
> >>
> >> I see that the WASPSession.logout method takes a LoginContext.  Is there
> >> somewhere within the SWARM implementation to grab the LoginContext used
> >> to
> >> login?  Or when logging in is it up to the developer to put the
> >> LoginContext
> >> somewhere...say maybe the session itself?
> >>
> >> Thanks
> >> Craig
> >> --
> >> View this message in context:
> >> http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11018551
> >> Sent from the Wicket - User mailing list archive at Nabble.com.
> >>
> >>
> >> -
> >> This SF.net email is sponsored by DB2 Express
> >> Download DB2 Express C - the FREE version of DB2 express and take
> >> control of your XML. No limits. Just data. Click to get it now.
> >> http://sourceforge.net/powerbar/db2/
> >> ___
> >> Wicket-user mailing list
> >> Wicket-user@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/wicket-user
> >>
> >
> > -
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > ___
> > Wicket-user mailing list
> > Wicket-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/wicket-user
> >
> >
>
> --
> View this message in context: 
> http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11033924
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] WASPSession.logout(object)

2007-06-08 Thread Maurice Marrink 
There is currently no way to grab the login context, so you could
store it yourself (there migh be multiple logintexts though). But the
good news is you don't have to store it if you don't want to. The
logoff performs an equals check and currently every logincontext of
the same class and level is equal to another. So if you login using a
MySingleLoginContext(username, password) you can logoff with any new
instance of that class (logoff(new MySingleLoginContext());)

However if you feel you need to have access to the original instance,
for instance because you want to know the username, i can always
include such a method in the api.

Maurice

On 6/8/07, craigdd <[EMAIL PROTECTED]> wrote:
>
> I see that the WASPSession.logout method takes a LoginContext.  Is there
> somewhere within the SWARM implementation to grab the LoginContext used to
> login?  Or when logging in is it up to the developer to put the LoginContext
> somewhere...say maybe the session itself?
>
> Thanks
> Craig
> --
> View this message in context: 
> http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11018551
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Wicket Security Configuration Question

2007-06-07 Thread Maurice Marrink 
Thanks, Craig

I've updated the getting started to include the example for the
default mode, which is what most likely you will be using. I am sorry
to say that as of yet i do not have an ETA for the examples but i will
post it on the mailing list when i have them ready.

Maurice

On 6/7/07, craigdd <[EMAIL PROTECTED]> wrote:
>
> This original post was under wicket stuff users list and I've reposted it
> hear for more visibility, as requested by Martijn.  The following is the
> response that I got from Maurice.
>
> Hi,
>
> what i mean is this: By default SecurePageLink (and all other links
> with the same securitycheck) checks for an enable action on the page
> the link points to. This check occurs both in the render (where is
> decided if the link should be clickable) and in the onclick (just to
> check if nobody spoofed an url to trigger a link click where it is not
> allowed).
>
> Maybe an example will make things more clear (note to self to update
> the getting started)
> HomePage contains a SecurePageLink to PageA.
> We should declare at least .HomePage, "render"; in our policy or
> we will never see the homepage. With just this the link will not be
> rendered because it lacks .PageA, "render";
> So if we put that in the policy to we will see a disabled link.
> (wicket turns it into a span by default) but because the component is
> still available on the server side someone could spoof the url and
> trigger wicket into thinking the link was clicked, fortunatly the
> second check i mentioned earlier will detect this and send you to the
> accessdenied page.
> Only if we make sure our policy also contains .PageA, "enable";
> the link will be fully operational.
>
> I hope this answered your question. :)
>
> But if you want to get realy confused you should read on because there
> is an alternative mode in which it is possible to show the link even
> if we have not granted render to PageA.
> I am actually working on some examples showing this alternate mode,
> but they are not yet available.
> To activate the alternate rendering mode you need to do this:
> ((LinkSecurityCheck)link.getSecurityCheck()).setUseAlternativeRenderCheck(true);
> Given the above example and a policy file only containing
> HomePage, "inherit, render";
> the link will render as a disabled link. Note the inherit, this means
> all child components on the homepage are allowed to render. Optionally
> we could replace that one line with the following two lines
> HomePage, "render"; and HomePage:link, "render"; Assuming the
> wicket id of our link is link :) To enable the link we would still
> require PageA, "enable"; in our policy.
>
> Thanks for checking out swarm and wasp, i hope i did not just confuse
> the hell out you :)
>
> Maurice
>
>
>
> craigdd wrote:
> >
> > In look looking the getting started page for wicket security I came across
> > the following block on text when describing the configuration of
> > principals.
> >
> > What we just did is grant everyone the right to see (render) our HomePage,
> > if there are secure components on the homepage we can see them too
> > (inherit). In addition we granted links to our homepage the right to be
> > clicked (enable). Because we do not want to give links on our homepage the
> > right to be clicked we did not place the enable action on the previous
> > line with the inherit. If we know for a fact that there are absolutely no
> > links pointing to the homepage we could delete the second line, but
> > generally you will want these two lines for any given secure page. If you
> > think, what a long line isn't there a shorter way, then i have good news
> > for you. Hive supports aliases. This means that besides the build in
> > aliases for permissions you can add your own aliases for permissions,
> > principals and names, just not for actions!. aliases can be concatenated
> > but not nested. sow if we rewrite our policy to use aliases we get
> >
> > Just to clarify, when you say "In addition we granted links to our
> > homepage the right to be clicked (enable)", does this mean that the link,
> > which I assume you mean , is able to be physically clicked? And if it was
> > the opposite, as is the next line of the configuration "HomePage",
> > "enable"", does this mean that the link is disabled to the user, or that
> > it is enabled but you will get an access error exception on the server
> > side?
> >
> > Thanks
> > Craig
> >
>
> --
> View this message in context: 
> http://www.nabble.com/Wicket-Security-Configuration-Question-tf3884414.html#a11009846
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wi

Re: [Wicket-user] AuthenticatedWebApplication - Component Level Authentication

2007-06-03 Thread Maurice Marrink 
Please do, yesterday i checked in some changes that should redirect
you to the login page if you place secure components on a non secure
page.

All the documentation and examples are still work in progress but you
could check out the junit tests and the documentation here
http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm
and here http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security

Maurice

On 6/3/07, mchack <[EMAIL PROTECTED]> wrote:
>
> The override of onUnauthorizedPage didn't work because the framework was
> throwing the UnauthorizedInstantiationException because the page itself was
> not secure, but the component was. I was able to handle this by overriding
> the WebRequestCycle to handle exceptions explicitly as indicated in the
> previous post:
>
> http://www.nabble.com/Exception-Strategy-in-1.3-tf3793570.html#a10790773
>
> My reason for doing this is that I have a fairly generic bookmarkable page
> (single class) that will serve up varied content (markup) depending upon the
> URL. I also have a dynamic mechanism using resolve() to detect wicket:id's
> that have behavior of my choosing. So, my motivation is that while the pages
> themselves are not declared "secure", the HTML developer could inadvertantly
> reference a secured component. Hence my desire to trap instantiation issues
> at the component level and then do proper redirection to either the login
> page or error page.
>
> While not a classic use of the framework, I think it has some merit. I will
> also check out the WASP and SWARM projects.
>
>
>
> Eelco Hillenius wrote:
> >
> > Hi,
> >
> > On 6/3/07, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> >> Not sure if it is the preferred way of doing things (since this is
> >> Eelco's framework)
> >
> > That part is actually Jonathan's
> >
> >> but you could override the init() method and set up
> >> a different authorizationstrategy and or instantiationlistener, all
> >> you have to do for that is skip the call to super and do something
> >> similar yourself.
> >
> > Imho, that class is better viewed as an example.
> >
> >> Or you can ask Eelco nice and maybe he will remove the final :)
> >
> > I don't think that's needed though. How about overriding
> > onUnauthorizedPage? As long as a user isn't logged in, the strategy
> > will redirect to the page that is returned by getSignInPageClass.
> > After that, onUnauthorizedPage is called when a user tries to access a
> > page he/ she isn't authorized for.
> >
> > Eelco
> >
> > -
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > ___
> > Wicket-user mailing list
> > Wicket-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/wicket-user
> >
> >
>
> --
> View this message in context: 
> http://www.nabble.com/AuthenticatedWebApplication---Component-Level-Authentication-tf3854757.html#a10939875
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] AuthenticatedWebApplication - Component Level Authentication

2007-06-03 Thread Maurice Marrink 
Not sure if it is the preferred way of doing things (since this is
Eelco's framework) but you could override the init() method and set up
a different authorizationstrategy and or instantiationlistener, all
you have to do for that is skip the call to super and do something
similar yourself.

Or you can ask Eelco nice and maybe he will remove the final :)

Maurice

On 6/2/07, mchack <[EMAIL PROTECTED]> wrote:
>
> I am using the AuthenticatedWebApplication package. I would like to do
> component level authorization. The framework generates an exception for this
> that I can't see how I can override. Basic behavior is to be redirected back
> to Home Page. My reason for doing this at the component level is to make
> sure that a developer does not include an authorized component in a page,
> but I would like to direct the conversation back to the login page.
>
> Is this not supported or am I missing the way to capture the exception and
> provide my own handling. onUnauthorizedInstantiation is final so i can't
> override that.
>
> Thanks
> --
> View this message in context: 
> http://www.nabble.com/AuthenticatedWebApplication---Component-Level-Authentication-tf3854757.html#a10921366
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Wicket Security Example Time Frame

2007-06-02 Thread Maurice Marrink 
Indeed GeneralTest is the place to look at right now. I am working on
some examples but there are only so many hours in a day :)
Also there is an (unfinished) getting started section at the wiki
http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm

Thanks for the interest in the project and if you have any questions
just ask them on the mailing list

Maurice

On 6/2/07, craigdd <[EMAIL PROTECTED]> wrote:
>
> I came across the GeneralTest in the security project, looks like a great
> example starter for the security project.
>
> Thanks
> Craig
>
>
> craigdd wrote:
> >
> > Does anyone know the time frame for the wicket security project to come
> > out with an examples project or is there some early access code people can
> > get access to?
> >
> > The project looks pretty nice, I look forward to doing some evaluation on
> > it and possibly using in on an upcoming project.
> >
> > Thanks
> > Craig
> >
>
> --
> View this message in context: 
> http://www.nabble.com/Wicket-Security-Example-Time-Frame-tf3855250.html#a10922941
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Wicket & YUI

2007-05-31 Thread Maurice Marrink 
Hi James,

There is a little project coming up for me that will require heavy use
of the yui drag and drop functions, so I'll do some checking some time
soon and will let you know if i have any questions. Since this is
gonna be my first encounter with yui i have no doubt i will come come
up with some :)

Maurice

On 5/31/07, James McLaughlin <[EMAIL PROTECTED]> wrote:
> There is a wicket-contrib-yui project included in wicket-stuff on sourceforge:
> http://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-contrib-yui
>
> I've been working on it a little, mostly on the menu module. The drag
> and drop is somewhat broken, and I haven't had time to look at it.
> This may have happened when I updated the libs to 2.2.2. But the
> slider and animation modules work fine.
>
> There is very little in the way of documentation, but there is a
> wicket-contrib-yui-examples project that demos each module.
> http://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-contrib-yui-examples
>
> If you perform a mvn install on wicket-contrib-yui, then a mvn
> jetty:run on wicket-contrib-yui-examples, you should be up and running
> in a few minutes.
> Once I get the menu working to my satisfaction, I will produce some
> documentation.
>
> When I updated the libs, I created a YuiHeaderContributor that will
> resolve dependencies for the module you want and include the necessary
> files in the proper order (yui is way weaker than dojo in this
> respect).
>
> A few months ago, a number of people expressed interest in
> contributing, so if any of you are reading this, I would love to have
> some help. In particular, i think it would be great if someone could
> bring drag and drop back to life. I think it could use some pretty
> heavy refactoring as well. Actually, there have been a lot of changes
> in wicket since wcy was last worked on, so much of the project could
> use "modernization". If you don't know where to start, respond to this
> email and I can provide a few ideas.
>
> best,
> jim
>
> On 5/31/07, howzat <[EMAIL PROTECTED]> wrote:
> >
> > Are there any examples/tutorials that re using YUI  with Wicket.
> > I see there is also a wicket YUI project but could not find much getting
> > started help.
> > --
> > View this message in context: 
> > http://www.nabble.com/Wicket---YUI-tf3848786.html#a10901677
> > Sent from the Wicket - User mailing list archive at Nabble.com.
> >
> >
> > -
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > ___
> > Wicket-user mailing list
> > Wicket-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/wicket-user
> >
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Conditional output

2007-05-30 Thread Maurice Marrink 
You should use an attribute modifier on the totals row. like this
totalsRow.add(new AttributeModifier("colspan",myModel));
If you know for a fact the number of columns is not going to change
after a page refresh you could use a new
SimpleAttributeModifier("colspan",length) else you should use a model
to dynamically compute the number of desired columns

Maurice

On 5/30/07, Thies Edeling <[EMAIL PROTECTED]> wrote:
> All,
>
> Say that I have an HTML table with data and the last row is a total with
> a colspan to align the value:
> 
> 
> Project A
> stuff
> stuff
> 5
> 
>
> 
>  
> 5
> 
> 
>
> When col2 is optional I'd do a col2.setVisible(false) on that label but
> the colspan in the total row needs to be adjusted as well. Should I
> create a colspan property in the Page class and do a "> or is there another preferred way? Wondering
> how much I've to 'unlearn' from my JSTL way of doing things :)
>
> Thies
> --
> http://blog.ehour.nl/
>
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Swarm - [was Wicket & Acegi ?]

2007-05-29 Thread Maurice Marrink 
Don't worry, i like committees about as much as how far i can throw them :)

Maurice

On 5/29/07, Eelco Hillenius <[EMAIL PROTECTED]> wrote:
> > I don't mind the competition. But it might be a good idea if we can
> > all agree on some common api. for that reason i made wasp. Off course
> > nothing is written in stone so if you have some suggestions I'll be
> > happy to listen to them. Just take a look at wasp, is all i ask.
>
> Yeah, I agree that that's a good idea. Just don't fall into the design
> by committee trap ;)
>
> Eelco
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Swarm - [was Wicket & Acegi ?]

2007-05-29 Thread Maurice Marrink 
I don't mind the competition. But it might be a good idea if we can
all agree on some common api. for that reason i made wasp. Off course
nothing is written in stone so if you have some suggestions I'll be
happy to listen to them. Just take a look at wasp, is all i ask.

Maurice

On 5/29/07, Jan Kriesten <[EMAIL PROTECTED]> wrote:
>
> hi eelco,
>
> > Yeah, makes sense. Contributions are welcome of course. We don't mind
> > having competing implementations; it'll only make them better :)
>
> hehe, i'll keep you posted. ;-)
>
> --- jan.
>
>
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Swarm - [was Wicket & Acegi ?]

2007-05-29 Thread Maurice Marrink 
True, Swarm does not yet provide blackbox authentication against ldap,
cas or whatever else, but it allows you to customize your own
authentication allowing you to implement any of those models. And the
time not spend on fixing all your urls for acegi can now be spend on
implementing cas or ldap for swarm :)

Maurice

On 5/29/07, Jan Kriesten <[EMAIL PROTECTED]> wrote:
>
> hi martijn,
>
> >> what i really dislike about acegi is the spring/xml-stuff. but that's 
> >> another
> >> story... ;-)
> >
> > If you take the spring/xml and the URL based authorization out of
> > Acegi, what is left?
> >
> > Not a stab at Acegi, just asking.
>
> hehe - now i'm having to argue pro acegi where i'm not yet finished finding 
> out
> if it really is what i'm looking for. *ggg*
>
> first of all, what i dislike is the xml-/spring-injection-dependent
> configuration. everything else is not tight to spring, it can be used in any
> other environment.
>
> everything else is:
>
> acegi supports a wide range of authentication models. from http basic
> authentication headers, ldap to jaas - you just have to choose.
>
> also, the authorization is as customizable as is e.g. swarm. like in swarm, 
> you
> have to define your policies. it's just an implementation detail, if you use 
> it
> url- or component-based.
>
> so, when thinking about authentication/authorization, i don't think of a
> one-time-installation at one defined customer but how it can be integrated 
> into
> a variety of heterogenous systems. having a wicket application running in a
> system using a service-oriented-approach, i might have to use a ticketing 
> system
> (like cas) to handle authorization. acegi delivers such functionality.
>
> best regards, --- jan.
>
>
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Swarm - [was Wicket & Acegi ?]

2007-05-29 Thread Maurice Marrink 
I am sorry if i made you think i was accusing you of starting a
framework war, i was merely stating i didn't want to start one :).

I am only just reading up on acegi, but what i learned so far is that
acegi was designed for spring just like swarm is for wicket so trying
to integrate either in the other framework should provide for quite a
challenge.

Maurice

On 5/29/07, Jan Kriesten <[EMAIL PROTECTED]> wrote:
>
> hi maurice,
>
> i didn't want to stat a framework war... ;-)
>
> my point was just to understand why you started a new thing. i'm currently in
> the process of selecting a authentication/authorization framework, too. it
> should be highly flexible, so it can integrated in very different 
> environments.
> still, the component oriented security should be reflectable.
>
> what i was thinking about was - instead of using acegi as a filter and use it 
> on
> urls - integrate it in the wicket-app and act on top of the components. this
> sounds like the wasp/swarm-concepts, only that acegi is the base.
>
> what i really dislike about acegi is the spring/xml-stuff. but that's another
> story... ;-)
>
> best regards, --- jan.
>
>
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Swarm - [was Wicket & Acegi ?]

2007-05-29 Thread Maurice Marrink 
On 5/29/07, Jan Kriesten <[EMAIL PROTECTED]> wrote:
>
> Why re-invent the wheel with Wasp/Swarm?

The same question could be asked when acegi was introduced, or any
other security framework for that matter.
The simple answer is because it things differently and hopes to solves
problems not addressed by other frameworks. Without having any further
knowledge of acegi, one of the differences is component oriented
security as opposed to url based. wicket is after all component based
so why fiddle with urls. Second swarm was designed from the ground to
interact with wicket whereas acegi requires you to go through several
hoops just to get some simple stuff done.
Third configuring a security framework is often not a simple task, i
like to think swarm does a better job.
Just to name a few of the selling points without going into a "my
framework is better then yours war". :)

Maurice

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Wicket & Acegi ?

2007-05-29 Thread Maurice Marrink 
:) indeed i realized my mistake after i hit the send button :)

Maurice

On 5/29/07, Eelco Hillenius <[EMAIL PROTECTED]> wrote:
> > I know martijn and i will fix this, in the meantime i would like to
> > add to my defense that i am not the only stuff project to use log4j :)
>
> You mean commons-logging :)
>
> Eelco
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Wicket & Acegi ?

2007-05-29 Thread Maurice Marrink 
I know martijn and i will fix this, in the meantime i would like to
add to my defense that i am not the only stuff project to use log4j :)

Maurice

On 5/29/07, Martijn Dashorst <[EMAIL PROTECTED]> wrote:
> On 5/29/07, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> > Swarm only requires the following jars besides wicket: Wasp,
> > commons-logging and Log4j.
>
> You did notice that Wicket now uses slf4j instead of clogging?
>
> Martijn
>
> --
> Join the wicket community at irc.freenode.net: ##wicket
> Wicket 1.2.6 contains a very important fix. Download Wicket now!
> http://wicketframework.org
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Wicket & Acegi ?

2007-05-29 Thread Maurice Marrink 
No problem and thanks.
Have you decided yet if you are going to upgrade to wicket 1.3?

Maurice

On 5/29/07, Francis Amanfo <[EMAIL PROTECTED]> wrote:
> Yes, I thought so too since I couldn't see any package reference to apache
> hivemind but just the name Hivemind, but to be sure I decided to ask.
>
> Thanks for the answer and great work.
>
> Francis
>
>
>  On 5/29/07, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> >
> > Francis,
> >
> > Swarm does not use apache hivemind. The hivemind reference you saw in
> > the example code is to an internal class who is coincidentally named
> > like apache hivemind.
> > Swarm only requires the following jars besides wicket: Wasp,
> > commons-logging and Log4j.
> >
> > Maurice
> >
> > On 5/29/07, Francis Amanfo <[EMAIL PROTECTED]> wrote:
> > > Hi Marice,
> > >
> > > While here may I ask a quick question? I've quickly glanced through the
> docs
> > > at Wiki and could see some reference to Hivemind. Does this
> implementation
> > > employs Apache HiveMind and if so I assume I have to place yet another
> jar
> > > on my classpath. Right or not?
> > >
> > > Regards,
> > > Francis
> > >
> > >
> > > On 5/29/07, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> > > > Johan, has an excellent point, but we too have a pre wicket 1.3 app so
> > > > i guess i'll have to make a branche for that app anyhow if i want to
> > > > replace or old security mechanisme.
> > > > I don't think it will be much work to backport to 1.2.6.
> > > > Let me know if you plan on staying with wicket 1.2.x or upgrade to 1.3
> > > >
> > > > Maurice
> > > >
> > > > On 5/29/07, Johan Compagner <[EMAIL PROTECTED]> wrote:
> > > > > you could ofcourse upgrade to 1.3!
> > > > > Now you rewrite from struts to wicket but we are moving alone and
> then
> > > you
> > > > > have to rewrite it again to 1.3.
> > > > >
> > > > > johan
> > > > >
> > > > >
> > > > >
> > > > > On 5/29/07, Thies Edeling < [EMAIL PROTECTED]> wrote:
> > > > > > I'm using 1.2.6 so swarm is not in the picture. Will check out
> > > auth-roles
> > > > > > as I'm on java 1.5, thx!
> > > > > >
> > > > > > On Tue, 29 May 2007, Maurice Marrink wrote:
> > > > > >
> > > > > > > If you are using wicket 1.3 you could try the new wicket
> security
> > > > > > > framework swarm. unlike acegi it is not url based but component
> > > based.
> > > > > > > It was designed with simplicity in mind so you should be able to
> get
> > > > > > > started right away.
> > > > > > >
> > > > > > > You can find documentation here
> > > > > > >
> > > > >
> > >
> http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security
> > > > > > > The documentation is still work in progress but if you have any
> > > > > > > question you can always ask them on the mailing list.
> > > > > > >
> > > > > > > I am not sure if there is an existing wicket-acegi framework but
> i
> > > > > > > believe i have heard of people using them together.
> > > > > > >
> > > > > > > Optionally if you are using java 1.5 you could check out the
> > > > > > > wicket-auth-roles project.
> > > > > > >
> > > > > > > Maurice
> > > > > > >
> > > > > > > On 5/29/07, Thies Edeling <[EMAIL PROTECTED]> wrote:
> > > > > > >> Hello all,
> > > > > > >>
> > > > > > >> I'm migrating an existing Struts app to Wicket and have now
> reached
> > > the
> > > > > > >> point where I have to add authentication/authorization to it.
> > > > > > >> In the Struts app I used Acegi to add URL-based security.
> Ideally
> > > I'd
> > > > > re-use my
> > > > > > >> existing Acegi config for Wicket but I can't find any
> documentation
> > > on
> > > > > how
> > > > > > >> to do this. The 'Wicket way'

Re: [Wicket-user] Wicket & Acegi ?

2007-05-29 Thread Maurice Marrink 
Francis,

Swarm does not use apache hivemind. The hivemind reference you saw in
the example code is to an internal class who is coincidentally named
like apache hivemind.
Swarm only requires the following jars besides wicket: Wasp,
commons-logging and Log4j.

Maurice

On 5/29/07, Francis Amanfo <[EMAIL PROTECTED]> wrote:
> Hi Marice,
>
> While here may I ask a quick question? I've quickly glanced through the docs
> at Wiki and could see some reference to Hivemind. Does this implementation
> employs Apache HiveMind and if so I assume I have to place yet another jar
> on my classpath. Right or not?
>
> Regards,
> Francis
>
>
> On 5/29/07, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> > Johan, has an excellent point, but we too have a pre wicket 1.3 app so
> > i guess i'll have to make a branche for that app anyhow if i want to
> > replace or old security mechanisme.
> > I don't think it will be much work to backport to 1.2.6.
> > Let me know if you plan on staying with wicket 1.2.x or upgrade to 1.3
> >
> > Maurice
> >
> > On 5/29/07, Johan Compagner <[EMAIL PROTECTED]> wrote:
> > > you could ofcourse upgrade to 1.3!
> > > Now you rewrite from struts to wicket but we are moving alone and then
> you
> > > have to rewrite it again to 1.3.
> > >
> > > johan
> > >
> > >
> > >
> > > On 5/29/07, Thies Edeling < [EMAIL PROTECTED]> wrote:
> > > > I'm using 1.2.6 so swarm is not in the picture. Will check out
> auth-roles
> > > > as I'm on java 1.5, thx!
> > > >
> > > > On Tue, 29 May 2007, Maurice Marrink wrote:
> > > >
> > > > > If you are using wicket 1.3 you could try the new wicket security
> > > > > framework swarm. unlike acegi it is not url based but component
> based.
> > > > > It was designed with simplicity in mind so you should be able to get
> > > > > started right away.
> > > > >
> > > > > You can find documentation here
> > > > >
> > >
> http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security
> > > > > The documentation is still work in progress but if you have any
> > > > > question you can always ask them on the mailing list.
> > > > >
> > > > > I am not sure if there is an existing wicket-acegi framework but i
> > > > > believe i have heard of people using them together.
> > > > >
> > > > > Optionally if you are using java 1.5 you could check out the
> > > > > wicket-auth-roles project.
> > > > >
> > > > > Maurice
> > > > >
> > > > > On 5/29/07, Thies Edeling <[EMAIL PROTECTED]> wrote:
> > > > >> Hello all,
> > > > >>
> > > > >> I'm migrating an existing Struts app to Wicket and have now reached
> the
> > > > >> point where I have to add authentication/authorization to it.
> > > > >> In the Struts app I used Acegi to add URL-based security. Ideally
> I'd
> > > re-use my
> > > > >> existing Acegi config for Wicket but I can't find any documentation
> on
> > > how
> > > > >> to do this. The 'Wicket way' of authentication is mentioned on the
> Wiki
> > > > >> somewhere but details are missing.
> > > > >> What's the best way to add simple role-based security to a Wicket
> app?
> > > > >>
> > > > >> thanks in advance,
> > > > >>
> > > > >> Thies
> > > > >> --
> > > > >> http://blog.ehour.nl/
> > > > >>
> > > > >>
> > > > >>
> > >
> -
> > > > >> This SF.net email is sponsored by DB2 Express
> > > > >> Download DB2 Express C - the FREE version of DB2 express and take
> > > > >> control of your XML. No limits. Just data. Click to get it now.
> > > > >> http://sourceforge.net/powerbar/db2/
> > > > >> ___
> > > > >> Wicket-user mailing list
> > > > >> Wicket-user@lists.sourceforge.net
> > > > >>
> > >
> https://lists.sourceforge.net/lists/listinfo/w

Re: [Wicket-user] Wicket & Acegi ?

2007-05-29 Thread Maurice Marrink 
Johan, has an excellent point, but we too have a pre wicket 1.3 app so
i guess i'll have to make a branche for that app anyhow if i want to
replace or old security mechanisme.
I don't think it will be much work to backport to 1.2.6.
Let me know if you plan on staying with wicket 1.2.x or upgrade to 1.3

Maurice

On 5/29/07, Johan Compagner <[EMAIL PROTECTED]> wrote:
> you could ofcourse upgrade to 1.3!
> Now you rewrite from struts to wicket but we are moving alone and then you
> have to rewrite it again to 1.3.
>
> johan
>
>
>
> On 5/29/07, Thies Edeling <[EMAIL PROTECTED]> wrote:
> > I'm using 1.2.6 so swarm is not in the picture. Will check out auth-roles
> > as I'm on java 1.5, thx!
> >
> > On Tue, 29 May 2007, Maurice Marrink wrote:
> >
> > > If you are using wicket 1.3 you could try the new wicket security
> > > framework swarm. unlike acegi it is not url based but component based.
> > > It was designed with simplicity in mind so you should be able to get
> > > started right away.
> > >
> > > You can find documentation here
> > >
> http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security
> > > The documentation is still work in progress but if you have any
> > > question you can always ask them on the mailing list.
> > >
> > > I am not sure if there is an existing wicket-acegi framework but i
> > > believe i have heard of people using them together.
> > >
> > > Optionally if you are using java 1.5 you could check out the
> > > wicket-auth-roles project.
> > >
> > > Maurice
> > >
> > > On 5/29/07, Thies Edeling <[EMAIL PROTECTED]> wrote:
> > >> Hello all,
> > >>
> > >> I'm migrating an existing Struts app to Wicket and have now reached the
> > >> point where I have to add authentication/authorization to it.
> > >> In the Struts app I used Acegi to add URL-based security. Ideally I'd
> re-use my
> > >> existing Acegi config for Wicket but I can't find any documentation on
> how
> > >> to do this. The 'Wicket way' of authentication is mentioned on the Wiki
> > >> somewhere but details are missing.
> > >> What's the best way to add simple role-based security to a Wicket app?
> > >>
> > >> thanks in advance,
> > >>
> > >> Thies
> > >> --
> > >> http://blog.ehour.nl/
> > >>
> > >>
> > >>
> -
> > >> This SF.net email is sponsored by DB2 Express
> > >> Download DB2 Express C - the FREE version of DB2 express and take
> > >> control of your XML. No limits. Just data. Click to get it now.
> > >> http://sourceforge.net/powerbar/db2/
> > >> ___
> > >> Wicket-user mailing list
> > >> Wicket-user@lists.sourceforge.net
> > >>
> https://lists.sourceforge.net/lists/listinfo/wicket-user
> > >>
> > >
> > >
> -
> > > This SF.net email is sponsored by DB2 Express
> > > Download DB2 Express C - the FREE version of DB2 express and take
> > > control of your XML. No limits. Just data. Click to get it now.
> > > http://sourceforge.net/powerbar/db2/
> > > ___
> > > Wicket-user mailing list
> > > Wicket-user@lists.sourceforge.net
> > >
> https://lists.sourceforge.net/lists/listinfo/wicket-user
> > >
> >
> >
> >
> -
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > ___
> > Wicket-user mailing list
> > Wicket-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/wicket-user
> >
>
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Wicket & Acegi ?

2007-05-29 Thread Maurice Marrink 
According to your mail, you are only using acegi to do the
authentication and let auth-roles handle the authorization.

Swarm provides functionality to handle both authentication and
authorization and is perfectly capable of delegating to whatever
authentication framework you desire.

Maurice

On 5/29/07, Erik van Oosten <[EMAIL PROTECTED]> wrote:
>
> There was a thread some time ago.
>
> In  http://www.nabble.com/forum/ViewPost.jtp?post=7285394&framed=y this
> message  I explained how we use Acegi in combination with wicket-auth-roles.
>
> Regards,
> Erik.
>
>
> Mr Mean wrote:
> >
> > I am not sure if there is an existing wicket-acegi framework but i
> > believe i have heard of people using them together.
> >
> > Optionally if you are using java 1.5 you could check out the
> > wicket-auth-roles project.
> >
>
> --
> Erik van Oosten
> http://2007.rubyenrails.nl/
> http://www.day-to-day-stuff.blogspot.com/
> --
> View this message in context: 
> http://www.nabble.com/Wicket---Acegi---tf3833443.html#a10853872
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Wicket & Acegi ?

2007-05-29 Thread Maurice Marrink 
If you are using wicket 1.3 you could try the new wicket security
framework swarm. unlike acegi it is not url based but component based.
It was designed with simplicity in mind so you should be able to get
started right away.

You can find documentation here
http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security
The documentation is still work in progress but if you have any
question you can always ask them on the mailing list.

I am not sure if there is an existing wicket-acegi framework but i
believe i have heard of people using them together.

Optionally if you are using java 1.5 you could check out the
wicket-auth-roles project.

Maurice

On 5/29/07, Thies Edeling <[EMAIL PROTECTED]> wrote:
> Hello all,
>
> I'm migrating an existing Struts app to Wicket and have now reached the
> point where I have to add authentication/authorization to it.
> In the Struts app I used Acegi to add URL-based security. Ideally I'd re-use 
> my
> existing Acegi config for Wicket but I can't find any documentation on how
> to do this. The 'Wicket way' of authentication is mentioned on the Wiki
> somewhere but details are missing.
> What's the best way to add simple role-based security to a Wicket app?
>
> thanks in advance,
>
> Thies
> --
> http://blog.ehour.nl/
>
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Bookmarkable pages and transparent login

2007-05-28 Thread Maurice Marrink 
Regarding the backbutton, When you press the backbutton on you're
browser, it is the browser who gets the previous page from cache, the
server is never notified of this.
So regarding wicket, no there is not much you can do on that end. But
you might be able with the help of some javascript to remove the
license page from the browser, this script should go on the license
page but what it should look like i am not entirely sure. might i
suggest google :)

Regarding the license page, I think it will work in swarm (as the
project is called in wicket-security) as you can easily define a new
ISecurityCheck for a page and have that redirect to you're license
page. If you are interested you can mail me at [EMAIL PROTECTED] and
we can see how to customize you're situation.

Maurice

On 5/28/07, Thomas Singer <[EMAIL PROTECTED]> wrote:
> > On account of the transparent login, like Martijn said if you use a
> > framework for your security it is already handled automagically for
> > you. Now i am a bit biased on the new wicket-security framework since
> > i wrote it :), but you should really check it out sometime.
>
> To be exact, we don't need it for login, but for securing a download by
> accepting a corresponding license agreement (thanks to German laws).
>
> > On account of the serialization, yes this will become a problem for
> > your backbutton support.
> > wicket tries to serialize every page to disk and later retrieve it
> > when a user used the browsers backbutton and then performs an action
> > where it is necessary to go back to the server.
>
> Hmm, looks like I need to do that. :(
>
> The above mentioned download scenario will look like:
> - select the file to download (e.g. by getting a link by e-mail or by
>selecting it on our website)
> - on the file-download page check, whether the session-flag for accepted
>license agreement is set; if not, redirect to the license agreement page
>and path an IPageLink for the accept button, so the file-download page
>gets its right parameters after accepting the license agreement
>
> Regarding the back-button: it would be the best if the intermediate license
> agreement page would not occur when pressing the back-button, but instead
> the previous page (if any). Is something like that possible?
>
> Tom
>
>
> Maurice Marrink wrote:
> > On account of the serialization, yes this will become a problem for
> > your backbutton support.
> > wicket tries to serialize every page to disk and later retrieve it
> > when a user used the browsers backbutton and then performs an action
> > where it is necessary to go back to the server.
> >
> > On account of the transparent login, like Martijn said if you use a
> > framework for your security it is already handled automagically for
> > you. Now i am a bit biased on the new wicket-security framework since
> > i wrote it :), but you should really check it out sometime.
> >
> > Maurice
> >
> > On 5/28/07, Thomas Singer <[EMAIL PROTECTED]> wrote:
> >> Hm, by default, I'm getting an error that my page is not serializable. But
> >> when I set
> >>
> >>application.getDebugSettings().setSerializeSessionAttributes(false);
> >>
> >> it works without problems. Could this become a problem when my page still 
> >> is
> >> not serializable?
> >>
> >> Tom
> >>
> >>
> >> Thomas Singer wrote:
> >>> Never mind. RestartResponseAtInterceptPageException-handling is more
> >>> lightweight than I assumed. Of course the other processing is completely 
> >>> up
> >>> to me.
> >>>
> >>> Tom
> >> -
> >> This SF.net email is sponsored by DB2 Express
> >> Download DB2 Express C - the FREE version of DB2 express and take
> >> control of your XML. No limits. Just data. Click to get it now.
> >> http://sourceforge.net/powerbar/db2/
> >> ___
> >> Wicket-user mailing list
> >> Wicket-user@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/wicket-user
> >>
> >
> > -
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > ___
> > Wicket-user mailing list
&g

Re: [Wicket-user] Bookmarkable pages and transparent login

2007-05-28 Thread Maurice Marrink 
P.S you can read more here
http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security

Maurice

On 5/28/07, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> On account of the serialization, yes this will become a problem for
> your backbutton support.
> wicket tries to serialize every page to disk and later retrieve it
> when a user used the browsers backbutton and then performs an action
> where it is necessary to go back to the server.
>
> On account of the transparent login, like Martijn said if you use a
> framework for your security it is already handled automagically for
> you. Now i am a bit biased on the new wicket-security framework since
> i wrote it :), but you should really check it out sometime.
>
> Maurice
>
> On 5/28/07, Thomas Singer <[EMAIL PROTECTED]> wrote:
> > Hm, by default, I'm getting an error that my page is not serializable. But
> > when I set
> >
> >application.getDebugSettings().setSerializeSessionAttributes(false);
> >
> > it works without problems. Could this become a problem when my page still is
> > not serializable?
> >
> > Tom
> >
> >
> > Thomas Singer wrote:
> > > Never mind. RestartResponseAtInterceptPageException-handling is more
> > > lightweight than I assumed. Of course the other processing is completely 
> > > up
> > > to me.
> > >
> > > Tom
> >
> > -
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > ___
> > Wicket-user mailing list
> > Wicket-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/wicket-user
> >
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Bookmarkable pages and transparent login

2007-05-28 Thread Maurice Marrink 
On account of the serialization, yes this will become a problem for
your backbutton support.
wicket tries to serialize every page to disk and later retrieve it
when a user used the browsers backbutton and then performs an action
where it is necessary to go back to the server.

On account of the transparent login, like Martijn said if you use a
framework for your security it is already handled automagically for
you. Now i am a bit biased on the new wicket-security framework since
i wrote it :), but you should really check it out sometime.

Maurice

On 5/28/07, Thomas Singer <[EMAIL PROTECTED]> wrote:
> Hm, by default, I'm getting an error that my page is not serializable. But
> when I set
>
>application.getDebugSettings().setSerializeSessionAttributes(false);
>
> it works without problems. Could this become a problem when my page still is
> not serializable?
>
> Tom
>
>
> Thomas Singer wrote:
> > Never mind. RestartResponseAtInterceptPageException-handling is more
> > lightweight than I assumed. Of course the other processing is completely up
> > to me.
> >
> > Tom
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Exception Strategy in 1.3

2007-05-21 Thread Maurice Marrink 
As far as i know the wicket session is mandatory in wicket but that
does not mean you have to use it to store information. Other then that
i see no reason why your proposed strategy should not work.

Maurice

On 5/22/07, craigdd <[EMAIL PROTECTED]> wrote:
>
> Basically what I want to do is set the internal error page to my own internal
> page, i.e. my login page, and add a message from the a resource bundle,
> .properties file, that includes an error code that is generated from an
> internal RuntimeException.  Another requirement is that a Session is
> optional, meaning that this should work with or without a Session.
>
> -Craig
>
>
> craigdd wrote:
> >
> > What is the best way to implement your own exception strategy in wicket
> > 1.3?  I want to add some added logic to my application when an unexcepted
> > exception occurs.  During this added logic I want a handle on the page
> > that is being redirected to, ie the internal error page.
> >
> > Thanks
> > Craig
> >
>
> --
> View this message in context: 
> http://www.nabble.com/Exception-Strategy-in-1.3-tf3793570.html#a10730008
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Header contribution not always rendered

2006-11-14 Thread Maurice Marrink 
Ok

I just finished a simple quickstart showing the problem.
you can get it here https://issues.apache.org/jira/browse/WICKET-68.

Maurice

On 11/14/06, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> Its not just pages, i have a panel that adds some javascript to the
> header which suffers from this problem.
>
> Matej, ill see if i can put something together.
>
> Maurice
>
> On 11/13/06, Matej Knopp <[EMAIL PROTECTED]> wrote:
> > I've tested this with current 1.3 and couldn't reproduce this. Can you
> > please provide a quick-start project? I'd be more than happy to look
> > into it.
> >
> > -Matej
> >
> > Maurice Marrink wrote:
> > > I am using wicket:1.3-incubating-20061113.111007-1 and also have this
> > > problem with javascript not being rendered the second time.
> > > I render a new page and all is rendered fine. i click on a link to
> > > open a new page. there i click on a link that brings me back to the
> > > previous page instance. The javascript in the header is missing the
> > > second time.
> > >
> > > Anybody have a solution yet?
> > >
> > > Maurice
> > >
> > > On 11/10/06, Matej Knopp <[EMAIL PROTECTED]> wrote:
> > >> That's weird. Which wicket version are you using? Seems that Wicket 1.x
> > >> has already become 1.3 and the latest revision is 473519.
> > >>
> > >> Wicket 1.2 has it's own branch now.
> > >>
> > >> Are you sure you're using the apache repository?
> > >>
> > >> -Matej
> > >>
> > >> Erik van Oosten wrote:
> > >>> Hello,
> > >>>
> > >>> Something is going wrong with my header contributions. A css that was
> > >>> added like this
> > >>> add(HeaderContributor.forCss(MyPage.class, "MyPage.css"));
> > >>> are only rendered once and then never again.
> > >>>
> > >>> To be precise:
> > >>> - I start jetty.
> > >>> - I request the page (it is bookmarkable).
> > >>> - I get redirected to the signin page, I log in.
> > >>> - The page is displayed correct (with the css).
> > >>> - I press reload and the css is gone. The link is actually not in the
> > >>> header.
> > >>> - Press reload another 50 times, no more css.
> > >>>
> > >>> I have also seen another scenario: the first time the page is rendered
> > >>> it misses the css, the second time it is present and in all following
> > >>> renderings it is gone.
> > >>> All css added with wicket:head/wicket:link elements renders fine.
> > >>>
> > >>> I am using Wicket 1.x, revision 470570 (at moment of writing the latest
> > >>> revision of 1.x).
> > >>>
> > >>> Any ideas on what it is going on here?
> > >>>
> > >>> Regards,
> > >>>  Erik.
> > >>>
> > >>>
> > >>>
> > >>
> > >> -
> > >> Using Tomcat but need to do more? Need to support web services, security?
> > >> Get stuff done quickly with pre-integrated technology to make your job 
> > >> easier
> > >> Download IBM WebSphere Application Server v.1.0.1 based on Apache 
> > >> Geronimo
> > >> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> > >> ___
> > >> Wicket-user mailing list
> > >> Wicket-user@lists.sourceforge.net
> > >> https://lists.sourceforge.net/lists/listinfo/wicket-user
> > >>
> > >
> > > -
> > > Using Tomcat but need to do more? Need to support web services, security?
> > > Get stuff done quickly with pre-integrated technology to make your job 
> > > easier
> > > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> > > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> > > ___
> > > Wicket-user mailing list
> > > Wicket-user@lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/wicket-user
> > >
> >
> >
> > -
> > Using Tomcat but need to do more? Need to support web services, security?
> > Get stuff done quickly with pre-integrated technology to make your job 
> > easier
> > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> > ___
> > Wicket-user mailing list
> > Wicket-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/wicket-user
> >
>

-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Header contribution not always rendered

2006-11-14 Thread Maurice Marrink 
Its not just pages, i have a panel that adds some javascript to the
header which suffers from this problem.

Matej, ill see if i can put something together.

Maurice

On 11/13/06, Matej Knopp <[EMAIL PROTECTED]> wrote:
> I've tested this with current 1.3 and couldn't reproduce this. Can you
> please provide a quick-start project? I'd be more than happy to look
> into it.
>
> -Matej
>
> Maurice Marrink wrote:
> > I am using wicket:1.3-incubating-20061113.111007-1 and also have this
> > problem with javascript not being rendered the second time.
> > I render a new page and all is rendered fine. i click on a link to
> > open a new page. there i click on a link that brings me back to the
> > previous page instance. The javascript in the header is missing the
> > second time.
> >
> > Anybody have a solution yet?
> >
> > Maurice
> >
> > On 11/10/06, Matej Knopp <[EMAIL PROTECTED]> wrote:
> >> That's weird. Which wicket version are you using? Seems that Wicket 1.x
> >> has already become 1.3 and the latest revision is 473519.
> >>
> >> Wicket 1.2 has it's own branch now.
> >>
> >> Are you sure you're using the apache repository?
> >>
> >> -Matej
> >>
> >> Erik van Oosten wrote:
> >>> Hello,
> >>>
> >>> Something is going wrong with my header contributions. A css that was
> >>> added like this
> >>> add(HeaderContributor.forCss(MyPage.class, "MyPage.css"));
> >>> are only rendered once and then never again.
> >>>
> >>> To be precise:
> >>> - I start jetty.
> >>> - I request the page (it is bookmarkable).
> >>> - I get redirected to the signin page, I log in.
> >>> - The page is displayed correct (with the css).
> >>> - I press reload and the css is gone. The link is actually not in the
> >>> header.
> >>> - Press reload another 50 times, no more css.
> >>>
> >>> I have also seen another scenario: the first time the page is rendered
> >>> it misses the css, the second time it is present and in all following
> >>> renderings it is gone.
> >>> All css added with wicket:head/wicket:link elements renders fine.
> >>>
> >>> I am using Wicket 1.x, revision 470570 (at moment of writing the latest
> >>> revision of 1.x).
> >>>
> >>> Any ideas on what it is going on here?
> >>>
> >>> Regards,
> >>>  Erik.
> >>>
> >>>
> >>>
> >>
> >> -
> >> Using Tomcat but need to do more? Need to support web services, security?
> >> Get stuff done quickly with pre-integrated technology to make your job 
> >> easier
> >> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> >> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> >> ___
> >> Wicket-user mailing list
> >> Wicket-user@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/wicket-user
> >>
> >
> > -
> > Using Tomcat but need to do more? Need to support web services, security?
> > Get stuff done quickly with pre-integrated technology to make your job 
> > easier
> > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> > ___
> > Wicket-user mailing list
> > Wicket-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/wicket-user
> >
>
>
> -
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Header contribution not always rendered

2006-11-13 Thread Maurice Marrink 
Unfortunately this is not an option for me as the javascript is
generated dynamically by the java code.

Maurice

On 11/13/06, Erik van Oosten <[EMAIL PROTECTED]> wrote:
> My current workaround is to include the reference in the markup with
>  tags around it.
>
> I am sorry I did not yet have the time to create a quickstart/unit test
> with the problem.
>
>   Erik.
>
>
> Maurice Marrink schreef:
> > I am using wicket:1.3-incubating-20061113.111007-1 and also have this
> > problem with javascript not being rendered the second time.
> > I render a new page and all is rendered fine. i click on a link to
> > open a new page. there i click on a link that brings me back to the
> > previous page instance. The javascript in the header is missing the
> > second time.
> >
> > Anybody have a solution yet?
> >
> > Maurice
> >
> > On 11/10/06, Matej Knopp <[EMAIL PROTECTED]> wrote:
> >
> >> That's weird. Which wicket version are you using? Seems that Wicket 1.x
> >> has already become 1.3 and the latest revision is 473519.
> >>
> >> Wicket 1.2 has it's own branch now.
> >>
> >> Are you sure you're using the apache repository?
> >>
> >> -Matej
> >>
> >> Erik van Oosten wrote:
> >>
> >>> Hello,
> >>>
> >>> Something is going wrong with my header contributions. A css that was
> >>> added like this
> >>> add(HeaderContributor.forCss(MyPage.class, "MyPage.css"));
> >>> are only rendered once and then never again.
> >>>
> >>> To be precise:
> >>> - I start jetty.
> >>> - I request the page (it is bookmarkable).
> >>> - I get redirected to the signin page, I log in.
> >>> - The page is displayed correct (with the css).
> >>> - I press reload and the css is gone. The link is actually not in the
> >>> header.
> >>> - Press reload another 50 times, no more css.
> >>>
> >>> I have also seen another scenario: the first time the page is rendered
> >>> it misses the css, the second time it is present and in all following
> >>> renderings it is gone.
> >>> All css added with wicket:head/wicket:link elements renders fine.
> >>>
> >>> I am using Wicket 1.x, revision 470570 (at moment of writing the latest
> >>> revision of 1.x).
> >>>
> >>> Any ideas on what it is going on here?
> >>>
> >>> Regards,
> >>>  Erik.
> >>>
> >>>
> >>>
> >>>
> >> -
> >> Using Tomcat but need to do more? Need to support web services, security?
> >> Get stuff done quickly with pre-integrated technology to make your job 
> >> easier
> >> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> >> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> >> ___
> >> Wicket-user mailing list
> >> Wicket-user@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/wicket-user
> >>
> >>
> >
> > -
> > Using Tomcat but need to do more? Need to support web services, security?
> > Get stuff done quickly with pre-integrated technology to make your job 
> > easier
> > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> > ___
> > Wicket-user mailing list
> > Wicket-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/wicket-user
> >
> >
>
> --
> Erik van Oosten
> http://www.day-to-day-stuff.blogspot.com/
>
>
> -
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Header contribution not always rendered

2006-11-13 Thread Maurice Marrink 
I am using wicket:1.3-incubating-20061113.111007-1 and also have this
problem with javascript not being rendered the second time.
I render a new page and all is rendered fine. i click on a link to
open a new page. there i click on a link that brings me back to the
previous page instance. The javascript in the header is missing the
second time.

Anybody have a solution yet?

Maurice

On 11/10/06, Matej Knopp <[EMAIL PROTECTED]> wrote:
> That's weird. Which wicket version are you using? Seems that Wicket 1.x
> has already become 1.3 and the latest revision is 473519.
>
> Wicket 1.2 has it's own branch now.
>
> Are you sure you're using the apache repository?
>
> -Matej
>
> Erik van Oosten wrote:
> > Hello,
> >
> > Something is going wrong with my header contributions. A css that was
> > added like this
> > add(HeaderContributor.forCss(MyPage.class, "MyPage.css"));
> > are only rendered once and then never again.
> >
> > To be precise:
> > - I start jetty.
> > - I request the page (it is bookmarkable).
> > - I get redirected to the signin page, I log in.
> > - The page is displayed correct (with the css).
> > - I press reload and the css is gone. The link is actually not in the
> > header.
> > - Press reload another 50 times, no more css.
> >
> > I have also seen another scenario: the first time the page is rendered
> > it misses the css, the second time it is present and in all following
> > renderings it is gone.
> > All css added with wicket:head/wicket:link elements renders fine.
> >
> > I am using Wicket 1.x, revision 470570 (at moment of writing the latest
> > revision of 1.x).
> >
> > Any ideas on what it is going on here?
> >
> > Regards,
> >  Erik.
> >
> >
> >
>
>
> -
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authorization-question

2006-08-01 Thread Maurice Marrink 
Ok, so the session is not 100% safe for attaching detaching hibernate
stuff. If there is a better place to store something like a user
object i would love to here about it.

Maurice

On 7/31/06, Johan Compagner <[EMAIL PROTECTED]> wrote:
> yes but with igors example it is possible
> that the session is used over multiply request we do have a lock
> But that lock doesn't lock globally over everything.
> So it is possible that it gets detached from under your nose. But that is
> not a problem
> But it is also possible that you get a user loaded by another thread ==
> hibernate session.
> Session.detach() is not called in a sync block...
>
> johan
>
>
>
> On 7/31/06, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> >
>  Glad to see it was just a misunderstanding. I was afraid you guys were
> gonna tell me the world isn't flat ;)
>
> Maurice
>
> On 7/31/06, Igor Vaynberg <[EMAIL PROTECTED] > wrote:
> > i wasnt suggesting setting the user on request cycle, i was suggesting
> > keeping the id in session and letting requestcycle hold the cache for the
> > request.
> >
> > i didnt realize websession has attach/detach, so this can be made simpler
> >
> > MySession extends WebSession {
> >private long userid;
> >private transient User user;
> >
> >setUser(User u) {
> >  userid=u.getid();
> >  user=u;
> >}
> >
> >   getUser() {
> >   if (user==null) {
> >user=loaduserbyid(userid);
> >   }
> >   return user;
> >   }
> >
> >   detach() {
> >  user=null;
> >
> >}
> >
> > -Igor
> >
> >
> > On 7/31/06, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> > > > store is detached. second request comes in and it is dealing with
> stale
> > data
> > > > unless you reload the user object.
> > > correct that is why you should use an imodel or come up with your own
> > > attach detach strategy
> > >
> > > > also storing imodel in session wont work because session doesnt have
> an
> > > > imodel slot so who is going to be responsible for detaching that model
> > at
> > > > the end of request?
> > > session has an onattach and ondetach method you can use.
> > >
> > > Also the way i understand how the whole requestcycle stuff happens
> > > (and i know you guys know way more about that then me) is that a new
> > > requestcycleobject is created on every request by a factory so how is
> > > the current user supposed to get set on the requestcycle?
> > >
> > > Don't get me wrong i am not criticizing you guys, i am just curious as
> > > to how the internals of wicket operate.
> > >
> > > Maurice
> > >
> > > On 7/31/06, Igor Vaynberg < [EMAIL PROTECTED]> wrote:
> > > > but we are talking about caching here. if you store the instance of
> the
> > user
> > > > you loaded in session that is fine for the request that loaded it. but
> > what
> > > > happens after that request ends? the session is closed, the instance
> you
> > > > store is detached. second request comes in and it is dealing with
> stale
> > data
> > > > unless you reload the user object.
> > > >
> > > > also storing imodel in session wont work because session doesnt have
> an
> > > > imodel slot so who is going to be responsible for detaching that model
> > at
> > > > the end of request?
> > > >
> > > > -Igor
> > > >
> > > >
> > > >
> > > >  On 7/31/06, Maurice Marrink < [EMAIL PROTECTED]> wrote:
> > > > >
> > > >  true, but shouldn't the lock on the session prevent that in like 95%
> > > > of all the cases?
> > > >
> > > > Maurice
> > > >
> > > > On 7/31/06, Johan Compagner <[EMAIL PROTECTED]> wrote:
> > > >  > A session can be used by multiply threads/request
> > > > > So it will be detached by those when they are finished.
> > > > > So another request can be busy with it while another calls detach on
> > it.
> > > > >
> > > > > johan
> > > > >
> > > > >
> > > > >
> > > > >  On 7/31/06, Maurice Marrink < [EMAIL PROTECTED]> wrote:
> > > > > > >i wouldn't recommend doing this in session because user entity
> will
> > >

Re: [Wicket-user] Authorization-question

2006-07-31 Thread Maurice Marrink 
Glad to see it was just a misunderstanding. I was afraid you guys were
gonna tell me the world isn't flat ;)

Maurice

On 7/31/06, Igor Vaynberg <[EMAIL PROTECTED]> wrote:
> i wasnt suggesting setting the user on request cycle, i was suggesting
> keeping the id in session and letting requestcycle hold the cache for the
> request.
>
> i didnt realize websession has attach/detach, so this can be made simpler
>
> MySession extends WebSession {
>private long userid;
>private transient User user;
>
>setUser(User u) {
>  userid=u.getid();
>  user=u;
>}
>
>   getUser() {
>   if (user==null) {
>user=loaduserbyid(userid);
>   }
>   return user;
>   }
>
>   detach() {
>  user=null;
>
>}
>
> -Igor
>
>
> On 7/31/06, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> > > store is detached. second request comes in and it is dealing with stale
> data
> > > unless you reload the user object.
> > correct that is why you should use an imodel or come up with your own
> > attach detach strategy
> >
> > > also storing imodel in session wont work because session doesnt have an
> > > imodel slot so who is going to be responsible for detaching that model
> at
> > > the end of request?
> > session has an onattach and ondetach method you can use.
> >
> > Also the way i understand how the whole requestcycle stuff happens
> > (and i know you guys know way more about that then me) is that a new
> > requestcycleobject is created on every request by a factory so how is
> > the current user supposed to get set on the requestcycle?
> >
> > Don't get me wrong i am not criticizing you guys, i am just curious as
> > to how the internals of wicket operate.
> >
> > Maurice
> >
> > On 7/31/06, Igor Vaynberg < [EMAIL PROTECTED]> wrote:
> > > but we are talking about caching here. if you store the instance of the
> user
> > > you loaded in session that is fine for the request that loaded it. but
> what
> > > happens after that request ends? the session is closed, the instance you
> > > store is detached. second request comes in and it is dealing with stale
> data
> > > unless you reload the user object.
> > >
> > > also storing imodel in session wont work because session doesnt have an
> > > imodel slot so who is going to be responsible for detaching that model
> at
> > > the end of request?
> > >
> > > -Igor
> > >
> > >
> > >
> > >  On 7/31/06, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> > > >
> > >  true, but shouldn't the lock on the session prevent that in like 95%
> > > of all the cases?
> > >
> > > Maurice
> > >
> > > On 7/31/06, Johan Compagner <[EMAIL PROTECTED]> wrote:
> > >  > A session can be used by multiply threads/request
> > > > So it will be detached by those when they are finished.
> > > > So another request can be busy with it while another calls detach on
> it.
> > > >
> > > > johan
> > > >
> > > >
> > > >
> > > >  On 7/31/06, Maurice Marrink < [EMAIL PROTECTED]> wrote:
> > > > > >i wouldn't recommend doing this in session because user entity will
> > >  > > become detached, i >would instead do it in the requestcycle so the
> > > > > user is loaded once per request
> > > > > Yeah are you sure about this Igor? because we are also attaching our
> > > > > user object (hibernate object) to our session, lazy loading it
> > > > > whenever needed. And we have not noticed it getting detached before
> > > > > the end of the request. Mats i guess this also answers your question
> > > > > about if it is possible to put an imodel in the session. however if
> > > > > you are really concerned about the db access every time you could
> > > > > always store the team id in the session.
> > > > >
> > > > > Maurice
> > > > >
> > > > > On 7/31/06, Mats Norén < [EMAIL PROTECTED] > wrote:
> > > > > > On 7/31/06, Igor Vaynberg <[EMAIL PROTECTED]> wrote:
> > > > > > > i wouldnt recommend doint this in session because user entity
> will
> > > > become
> > > > > > > detached, i would instead do it in the requestcy

Re: [Wicket-user] Custom number formatting

2006-07-31 Thread Maurice Marrink 
You need 3 classes for this. 1 class to convert from string to number.
1 class to convert from number to string. and 1 converterfactory with
both classes registered for your number type.

for instance

private static final class IridiumConverterFactory implements IConverterFactory
{
public IConverter newConverter(Locale locale)
{

DateFormat dateFormat = new 
SimpleDateFormat("dd-MM-");
Locale nl = new Locale("nl", "NL");
DateConverter dateConverter = new DateConverter();
dateConverter.setDateFormat(nl, dateFormat);
StringConverter stringConverter = new StringConverter();

DateToStringConverter dateToStringConverter = new 
DateToStringConverter();
dateToStringConverter.setDateFormat(nl, dateFormat);


stringConverter.set(java.util.Date.class, 
dateToStringConverter);
stringConverter.set(java.sql.Date.class, 
dateToStringConverter);
stringConverter.set(java.sql.Timestamp.class, 
dateToStringConverter);

DoubleConverter doubleConverter = new DoubleConverter();

Converter converter = new Converter(locale);
converter.set(java.sql.Timestamp.class, dateConverter);
converter.set(java.sql.Date.class, dateConverter);
converter.set(java.util.Date.class, dateConverter);
converter.set(String.class, stringConverter);
converter.set(Double.class, doubleConverter);

TimeConverter timeConverter = new TimeConverter();
converter.set(Time.class, timeConverter);

return converter;
}
}

Then set this factory in your application.init() like this
applicationSettings.setConverterFactory(new IridiumConverterFactory());
A good starting point for your string to number converter is either
AbstractDecimalConverter or AbstractNumberConverter.

Maurice

On 7/31/06, Paolo Di Tommaso <[EMAIL PROTECTED]> wrote:
> I need to implement a special numbers formatting in my wicket application.
>
> Basically I have to round number to the first digit and use a blank space as
> thousand separator.
>
> For example instead to display number like '1, 000.33' it is required to
> display (and user will input) '1 000'.
>
> I can do that in Wicket?
>
> Thank for helping.
>
> -- Paolo
>
>
>
>
>
> -
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys -- and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>
>
>

-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authorization-question

2006-07-31 Thread Maurice Marrink 
> store is detached. second request comes in and it is dealing with stale data
> unless you reload the user object.
correct that is why you should use an imodel or come up with your own
attach detach strategy

> also storing imodel in session wont work because session doesnt have an
> imodel slot so who is going to be responsible for detaching that model at
> the end of request?
session has an onattach and ondetach method you can use.

Also the way i understand how the whole requestcycle stuff happens
(and i know you guys know way more about that then me) is that a new
requestcycleobject is created on every request by a factory so how is
the current user supposed to get set on the requestcycle?

Don't get me wrong i am not criticizing you guys, i am just curious as
to how the internals of wicket operate.

Maurice

On 7/31/06, Igor Vaynberg <[EMAIL PROTECTED]> wrote:
> but we are talking about caching here. if you store the instance of the user
> you loaded in session that is fine for the request that loaded it. but what
> happens after that request ends? the session is closed, the instance you
> store is detached. second request comes in and it is dealing with stale data
> unless you reload the user object.
>
> also storing imodel in session wont work because session doesnt have an
> imodel slot so who is going to be responsible for detaching that model at
> the end of request?
>
> -Igor
>
>
>
>  On 7/31/06, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> >
>  true, but shouldn't the lock on the session prevent that in like 95%
> of all the cases?
>
> Maurice
>
> On 7/31/06, Johan Compagner <[EMAIL PROTECTED]> wrote:
>  > A session can be used by multiply threads/request
> > So it will be detached by those when they are finished.
> > So another request can be busy with it while another calls detach on it.
> >
> > johan
> >
> >
> >
> >  On 7/31/06, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> > > >i wouldn't recommend doing this in session because user entity will
>  > > become detached, i >would instead do it in the requestcycle so the
> > > user is loaded once per request
> > > Yeah are you sure about this Igor? because we are also attaching our
> > > user object (hibernate object) to our session, lazy loading it
> > > whenever needed. And we have not noticed it getting detached before
> > > the end of the request. Mats i guess this also answers your question
> > > about if it is possible to put an imodel in the session. however if
> > > you are really concerned about the db access every time you could
> > > always store the team id in the session.
> > >
> > > Maurice
> > >
> > > On 7/31/06, Mats Norén < [EMAIL PROTECTED] > wrote:
> > > > On 7/31/06, Igor Vaynberg <[EMAIL PROTECTED]> wrote:
> > > > > i wouldnt recommend doint this in session because user entity will
> > become
> > > > > detached, i would instead do it in the requestcycle so the user is
> > loaded
> > > > > once per request
> > > >
> > > > It is? I've used a User-object in session and I haven't noticed that
> > > > it gets detached I guess I'll have to look into to that.
> > > >
> > > > Can I still have a getUser() method in Session that in turn uses the
> > code below?
> > > >
> > > > I think I saw an example (could have been in databinder) where a
> > > > IModel was stored in session. Is that an alternative?
> > > >
> > > > > ((MyRequestCycle)RequestCycle.get()).getUser();
> > > > >
> > > > > MyRequestCycle {
> > > > > private transient User user;
> > > > >
> > > > >   getuser() { if (user==null) { user=loaduser(
> > session.get().getuserid()); }
> > > > >   onendrequest() { user=null; }
> > > > > }
> > > > >
> > > > > -Igor
> > > > >
> > > >
> > > > /Mats
> > > >
> > > >
> >
> -
> > > > Take Surveys. Earn Cash. Influence the Future of IT
> > > > Join SourceForge.net 's Techsay panel and you'll get the chance to
> share
> > your
> > > > opinions on IT & business topics through brief surveys -- and earn
> cash
> > > >
> >
> http://www.techsay.com/default.php?page=jo

Re: [Wicket-user] Authorization-question

2006-07-31 Thread Maurice Marrink 
true, but shouldn't the lock on the session prevent that in like 95%
of all the cases?

Maurice

On 7/31/06, Johan Compagner <[EMAIL PROTECTED]> wrote:
> A session can be used by multiply threads/request
> So it will be detached by those when they are finished.
> So another request can be busy with it while another calls detach on it.
>
> johan
>
>
>
>  On 7/31/06, Maurice Marrink <[EMAIL PROTECTED]> wrote:
> > >i wouldn't recommend doing this in session because user entity will
> > become detached, i >would instead do it in the requestcycle so the
> > user is loaded once per request
> > Yeah are you sure about this Igor? because we are also attaching our
> > user object (hibernate object) to our session, lazy loading it
> > whenever needed. And we have not noticed it getting detached before
> > the end of the request. Mats i guess this also answers your question
> > about if it is possible to put an imodel in the session. however if
> > you are really concerned about the db access every time you could
> > always store the team id in the session.
> >
> > Maurice
> >
> > On 7/31/06, Mats Norén <[EMAIL PROTECTED] > wrote:
> > > On 7/31/06, Igor Vaynberg <[EMAIL PROTECTED]> wrote:
> > > > i wouldnt recommend doint this in session because user entity will
> become
> > > > detached, i would instead do it in the requestcycle so the user is
> loaded
> > > > once per request
> > >
> > > It is? I've used a User-object in session and I haven't noticed that
> > > it gets detached I guess I'll have to look into to that.
> > >
> > > Can I still have a getUser() method in Session that in turn uses the
> code below?
> > >
> > > I think I saw an example (could have been in databinder) where a
> > > IModel was stored in session. Is that an alternative?
> > >
> > > > ((MyRequestCycle)RequestCycle.get()).getUser();
> > > >
> > > > MyRequestCycle {
> > > > private transient User user;
> > > >
> > > >   getuser() { if (user==null) { user=loaduser(
> session.get().getuserid()); }
> > > >   onendrequest() { user=null; }
> > > > }
> > > >
> > > > -Igor
> > > >
> > >
> > > /Mats
> > >
> > >
> -
> > > Take Surveys. Earn Cash. Influence the Future of IT
> > > Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> > > opinions on IT & business topics through brief surveys -- and earn cash
> > >
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> > > ___
> > > Wicket-user mailing list
> > > Wicket-user@lists.sourceforge.net
> > >
> https://lists.sourceforge.net/lists/listinfo/wicket-user
> > >
> >
> >
> -
> > Take Surveys. Earn Cash. Influence the Future of IT
> > Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> > opinions on IT & business topics through brief surveys -- and earn cash
> >
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> > ___
> > Wicket-user mailing list
> > Wicket-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/wicket-user
> >
>
>
> -
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys -- and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>
>
>

-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authorization-question

2006-07-31 Thread Maurice Marrink 
>i wouldn't recommend doing this in session because user entity will
become detached, i >would instead do it in the requestcycle so the
user is loaded once per request
Yeah are you sure about this Igor? because we are also attaching our
user object (hibernate object) to our session, lazy loading it
whenever needed. And we have not noticed it getting detached before
the end of the request. Mats i guess this also answers your question
about if it is possible to put an imodel in the session. however if
you are really concerned about the db access every time you could
always store the team id in the session.

Maurice

On 7/31/06, Mats Norén <[EMAIL PROTECTED]> wrote:
> On 7/31/06, Igor Vaynberg <[EMAIL PROTECTED]> wrote:
> > i wouldnt recommend doint this in session because user entity will become
> > detached, i would instead do it in the requestcycle so the user is loaded
> > once per request
>
> It is? I've used a User-object in session and I haven't noticed that
> it gets detached I guess I'll have to look into to that.
>
> Can I still have a getUser() method in Session that in turn uses the code 
> below?
>
> I think I saw an example (could have been in databinder) where a
> IModel was stored in session. Is that an alternative?
>
> > ((MyRequestCycle)RequestCycle.get()).getUser();
> >
> > MyRequestCycle {
> > private transient User user;
> >
> >   getuser() { if (user==null) { user=loaduser(session.get().getuserid()); }
> >   onendrequest() { user=null; }
> > }
> >
> > -Igor
> >
>
> /Mats
>
> -
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys -- and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>

-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Deployment / Development mode

2006-07-21 Thread Maurice Marrink 
Johan, I don't know what you have been drinking, but it must have
contained alot of alcohol ;).

To determine at runtime if the application is running in development
mode we use the following code in Application.init. Note that this
code runs before super.init(), unfortunately we cannot place this code
in the constructor because it uses some field that have not been set
at that time.

WicketServlet wicketServlet = getWicketServlet();
String configuration =
wicketServlet.getInitParameter(Application.CONFIGURATION);
if (configuration == null)
configuration =
wicketServlet.getServletContext().getInitParameter(Application.CONFIGURATION);
development = configuration != null &&
configuration.equals(Application.DEVELOPMENT);

development is a global boolean field we added so we can now ask the
application at anytime if we are in development mode.
This code btw came from Johan.

On 7/21/06, Johan Compagner <[EMAIL PROTECTED]> wrote:
> The problem is that you want to know at code time
>
> This is also something Maurice wanted to know. He does it do now by checking
> another value
> that he knows is there in development but not in deployment.
>
> johan
>
>
>
> On 7/21/06, Martijn Dashorst <[EMAIL PROTECTED]> wrote:
> > I think it is logged in the log4j log.
> >
> > Martijn
> >
> > On 7/21/06, Johan Compagner <[EMAIL PROTECTED]> wrote:
> > > This can't be done that easily at the moment.
> > > If you don't alter this:
> > > getAjaxSettings().setAjaxDebugModeEnabled(true);
> > > yourself then you could ask for the ajax debug model enable property..
> > >
> > > We should have an settings.getModel() i guess would be nice.
> > > Can you make a RFE for this?
> > >
> > > johan
> > >
> > >
> > >
> > > On 7/21/06, Paolo Di Tommaso < [EMAIL PROTECTED]> wrote:
> > > >
> > >
> > > How to know if an application is in Deployment or Development mode?
> > >
> > > Thank for helping.
> > >
> > > - Paolo
> > >
> > >
> > >
> -
> > > Take Surveys. Earn Cash. Influence the Future of IT
> > > Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> > > opinions on IT & business topics through brief surveys -- and earn cash
> > >
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> > >
> > > ___
> > > Wicket-user mailing list
> > >  Wicket-user@lists.sourceforge.net
> > >
> https://lists.sourceforge.net/lists/listinfo/wicket-user
> > >
> > >
> > >
> > >
> > >
> -
> > > Take Surveys. Earn Cash. Influence the Future of IT
> > > Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> > > opinions on IT & business topics through brief surveys -- and earn cash
> > >
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> > >
> > > ___
> > > Wicket-user mailing list
> > > Wicket-user@lists.sourceforge.net
> > >
> https://lists.sourceforge.net/lists/listinfo/wicket-user
> > >
> > >
> > >
> >
> >
> > --
> > Download Wicket 1.2 now! Write Ajax applications without touching
> JavaScript!
> > -- http://wicketframework.org
> >
> >
> -
> > Take Surveys. Earn Cash. Influence the Future of IT
> > Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> > opinions on IT & business topics through brief surveys -- and earn cash
> >
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> > ___
> > Wicket-user mailing list
> > Wicket-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/wicket-user
> >
>
>
> -
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys -- and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>
>
>

-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Sessions?

2006-05-16 Thread Maurice Marrink 

The wicket way of storing objects in your session is by extending the
wicket session. For example if you want to store somekind of User
object in your session, you would create a getter and setter for it in
your custom wicket session.
For wicket to work with your custom session you should either
overwrite newSession() in WebApplication or provide your own
ISessionFactory.

Maurice

On 5/16/06, Nino Wael <[EMAIL PROTECTED]> wrote:




Hi



I have an object I would like to have stored in session, so that I may pass
it between pages. I've been looking at some sniplets and created this code
for setting the object:



HttpServletRequest request =
((WebRequest)RequestCycle.get().getRequest()).getHttpServletRequest();



request.setAttribute("here", "Hello world");



I am setting the value on the base of a panel which holds a button that
contains the below code in a onsubmit override.



And this piece for getting the value:



HttpServletRequest request = ((WebRequest)
RequestCycle.get().getRequest()).getHttpServletRequest();

String Message = (String) request.getAttribute("here");

info(Message);



I am getting the value on a onsubmit of a button.



However my String(message) are null how can that be, does it have something
to do with the scope?? If I paste the getting code in the same place as my
setting code it works just fine.





I do also feel that this is not 100% the wicket way to do it, so I must have
overlooked the better way?







---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] More on refreshing page contents

2006-04-04 Thread Maurice Marrink 
Hi,

I am also wrestling with the matrix beast and am still exploring my options.
However i might be able to help you out.
In your code the label is given a string as diplay value. This string
is not updated when the item model is. So you should give the label
the model of the item.
If you want some fancy numberformatting to take place you can always
overwrite the getConverter() method of your label to convert the
bigdecimal to a string there.

Hope this helps.

Maurice

On 4/4/06, Anders Peterson <[EMAIL PROTECTED]> wrote:
> Hi All,
>
> With one page I'm displaying a matrix of numbers and I have a problem
> updating/refreshing it. I roughly understand why it doesn't work, but I
> don't know what the best/correct way to make it work is.
>
> Basically I have a ListView of rows and the last column in each row is
> in turn a ListView creating more columns to the right. That final
> ListView is implemented with the code you can see below.
>
> How was I supposed to have done this to have updating/refreshing happen
> as automagically as possible?
>
> (I'm using Wicket 1.1.1)
>
> /Anders
>
> ListView tmpCorrList = new ListView(ID_CORRELATIONS,
> tmpInstrument.getCorrelations()) {
>
>BigDecimal tmpCoefficient;
>
>public void populateItem(final ListItem anItem) {
>
>tmpCoefficient = (BigDecimal) anItem.getModelObject();
>
>anItem.add(new Label(ID_COEFFICIENT, tmpCoefficient.toString()));
>
> }
>
>
> ---
> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
> that extends applications into web and mobile media. Attend the live webcast
> and join the prime developer group breaking into this new coding territory!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>


---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] adding required validator to a a component in the list view

2006-04-03 Thread Maurice Marrink 
Unless i am mistaken, wicket searches for several keys. You should be
able to use myPanel.firstName or simply firstName.

Maurice

On 4/3/06, Dipu <[EMAIL PROTECTED]> wrote:
>
> Hi ,
>
> Is there a way to add required validator to a component in the list view
> If i add a required validator to a component in the list view how will i
> specify the resource key in the properties file.
>
>
> With  the current version wicket is complaining with the following message.
> Caused by: java.util.MissingResourceException: Unable to
> find resource: RequiredValidator for component:
> myForm:myList:0:myPanel:firstName
>
> Thanks
> Dipu
>


---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] IAuthorizationStrategy and TabbedPanel

2006-03-14 Thread Maurice Marrink 
isActionAuthorized is called for each component at render time and in
case of a link when it is clicked.
And yes you should use the component argument to determine if it is
one of your tabs or not.

Maurice

On 3/14/06, R.A <[EMAIL PROTECTED]> wrote:
>
> Hi Maurice,
>
> I tried follow your advice.
> In the case of onRender achieved I a desired result. Thank you!
> But is isActionAuthorized method called by an increment of components in the
> page?
> For authentication I ask the database access and I would not like to
> increase it.
> Or is it necessary to determin whether "Component" argument of
> isActionAuthorized is tab or not?
>
> Thank you.
> R.A
> --
> View this message in context: 
> http://www.nabble.com/IAuthorizationStrategy-and-TabbedPanel-t1277505.html#a3395275
> Sent from the Wicket - User forum at Nabble.com.
>
>
>
> ---
> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
> that extends applications into web and mobile media. Attend the live webcast
> and join the prime developer group breaking into this new coding territory!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>


---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] IAuthorizationStrategy and TabbedPanel

2006-03-14 Thread Maurice Marrink 
Then you need as johan and i both said: authorize on the link click
just have your strategy check the ENABLE action in the
isActionAuthorized method for those tab links. there you should check
if they have enough points and if not throw an exception to redirect
the to a page explaining why they can not click on that tab.

Also i think you should put this same check on the RENDER action that
way once it has been established the user does not have enough points
the tab won't show up again.

Maurice

On 3/14/06, R.A <[EMAIL PROTECTED]> wrote:
>
> Hi Maurice and Johan,
>
> I understand you both.
> I spell out.
> One of my authenticate logic is whether logged in user can to use my
> services, for example the user has enough points or not.
> If user's points are not enough, I shut the user out of some service.
> User's points are in the database and fluctuant by another system.
> So I want to check user's points every time user accesses a page and tab
> panel.
> Even if when the user accesses "first tab" the user's points are enough, the
> user's points may not enough when the user accesses "second tab".
> I want to authenticate every click tab link.
>
> Thank you.
> R.A
> --
> View this message in context: 
> http://www.nabble.com/IAuthorizationStrategy-and-TabbedPanel-t1277505.html#a3394354
> Sent from the Wicket - User forum at Nabble.com.
>
>
>
> ---
> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
> that extends applications into web and mobile media. Attend the live webcast
> and join the prime developer group breaking into this new coding territory!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>


---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] IAuthorizationStrategy and TabbedPanel

2006-03-14 Thread Maurice Marrink 
dammit johan why did you have to reply so fast, i was writing an entire novel :P
Well perhaps i can elaborate some more on your short answer.
isInstantiationAuthorized is only called when the constructor is used.
So if you created all the tabs up front in your page's constructor
they won't get called when you change panels. If you create the new
panel when you switch panels it should work, but like johna said you
are better of not showing the link that will switch to that panel at
all. to do that you need to use the isActionAuthorized method from the
IAuthorisation strategy and check for an action of RENDER on that
link.
Or if you do want to show the link just not be able to click it you
should check for ENABLE.

Maurice

On 3/14/06, Johan Compagner <[EMAIL PROTECTED]> wrote:
> then you already did create that panel
> But in my eyes the problem is earlier.. Why can you click on the link that
> makes that tab panel visible?
> The link shouldn't be there..
>
> johan
>
>
>
> On 3/14/06, R.A <[EMAIL PROTECTED]> wrote:
> >
> > Hi,
> >
> > I have a question about IAuthorizationStrategy.
> > I create a class for authentication that implements
> IAuthorizationStrategy.
> > "isInstantiationAuthorized" in the class is not called when jump one Panel
> > to another Panel using TabbedPanel in one WebPage class.
> > I want to autenticate when using TabbedPanel too.
> > How do I do?
> >
> > I use wickt1.2-beta1.
> >
> > Thank you.
> > R.A
> > --
> > View this message in context:
> http://www.nabble.com/IAuthorizationStrategy-and-TabbedPanel-t1277505.html#a3393074
> > Sent from the Wicket - User forum at Nabble.com.
> >
> >
> >
> > ---
> > This SF.Net email is sponsored by xPML, a groundbreaking scripting
> language
> > that extends applications into web and mobile media. Attend the live
> webcast
> > and join the prime developer group breaking into this new coding
> territory!
> >
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> > ___
> > Wicket-user mailing list
> > Wicket-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/wicket-user
> >
>
>


---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] [wicket 1.1.1]FormTester clicking a specific button

2006-03-07 Thread Maurice Marrink 
Or
application.setupRequestAndResponse();
application.getServletRequest().setRequestToComponent(myButton);
application.processRequestCycle();

Note that myButton must be on a page that has been previously rendered.

Maurice

On 3/7/06, Nino Wael <[EMAIL PROTECTED]> wrote:
>
>
> Hi
>
> How do I click a specific button using the test wicket framework?
>
>
> -regards Nino


---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Get version of Wicket from program

2006-03-07 Thread Maurice Marrink 
Codesource should never be null, if you class is in a jar file,
codesource points to the jar.
else it might point to a directory where your class files can be found
(or in subdirs thereof). if none of the above is available it will
point to the classfile itself.

But perhaps Martijn can tell you how he did it, i know he did it for
our project but can't seem to find where.

Maurice

On 3/7/06, Joni Suominen <[EMAIL PROTECTED]> wrote:
> On Tue, 2006-03-07 at 10:27 +0100, Juergen Donnerstag wrote:
> > Do you know how to access that information?  How do you get the jar
> > file name a specific class has been loaded from?
>
> getClass().getProtectionDomain().getCodeSource().getLocation() gives you
> the location where the class was loaded from. I don't know in which
> situations the CodeSource may be null, though.
>
> Joni
>
>
>
> ---
> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
> that extends applications into web and mobile media. Attend the live webcast
> and join the prime developer group breaking into this new coding territory!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>


---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Wicket and JAAS integration

2006-03-02 Thread Maurice Marrink 
I don't believe letting the webcontainer handle all the security has
come up on the mailing before. So i am afraid i cannot help you there.
However i have build a jaas securityframework for wicket (1.2)
allowing your wicket app to control what pages/ components are
displayed based on the information in your policy file. If you are
interested in that i could send you a jar.

Maurice

On 3/2/06, Piotr Bzdyl <[EMAIL PROTECTED]> wrote:
> Hello,
>
> How can I integrate wicket with the JAAS? I mean configuring web.xml
> with following configuration:
>
> 
>
>  MySystem authorized area
>  /app/*
>  DELETE
>  GET
>  POST
>  PUT
>
>
>  MySystemUser
>
>
>  
>NONE
>  
>
>  
>  
>FORM
>MySystem
>
>  /login.html
>  /loginFailed.html
>
>  
>  
>MySystemUser
>  
>
> Another concern is what to do if I want to let the user to access my
> wicket home page but restrict access to other pages using container
> authorization?
>
> Best regards,
> Piotr
>
>
> ---
> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
> that extends applications into web and mobile media. Attend the live webcast
> and join the prime developer group breaking into this new coding territory!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>


---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Detachable resources

2006-02-27 Thread Maurice Marrink 
I think he is already doing that johan, hence the question about the
re-attaching.
Although there seems to be something going wrong because all models
are detatched at the end of a request (unless you are nesting models
and you don't propagate the detach call to the nested model). on
detach the loadabledetachable model should set the hibernate object to
null and only store the class and the id so when later attach is
called it can load them from the session.
That is what you usually use however if for some strange reason you
must keep the hibernateobject in your model then you have to resort to
stuff like re-attach or merge (all in the hibernate session object )
Personaly i have some experiance with re-attching hibernate objects to
the session and it is not something you can use out of the box. For
instance re-attch throws an exception if an object with the same id is
already loaded in the session (you need to do some dirty tricks to
find out if this is the case since hibernate does not have an api for
this). Re-attach only works for the hibernateobject you re-attached,
meaning if i have an object A with a list of objects of type C and a
reference to object B, after re-attching i can only safely call A and
C. if B has any lazy list they will give me an exception because they
have not been re-attched.

Maurice

On 2/24/06, Johan Compagner <[EMAIL PROTECTED]> wrote:
> personally i wouldn't keep hibernate objects in my models.
> Let one of the Hibernate caches do that for you down below (closer to youre
> data)
> instead of in the ui level/models.
>
>
>
>
> On 2/23/06, Gili <[EMAIL PROTECTED]> wrote:
> >
> > Ah! Thank you :)
> >
> > You seemed to have missed my question regarding clustering. Do I
> need
> > to fully detach LoadableDetachableModel on resource close or is it
> > sufficient to reattach the Hibernate objects to a new Session on the
> > next request? Will the latter cause problems in clustering environments?
> >
> > Thank you,
> > Gili
> >
> > Johan Compagner wrote:
> > > Iresourcestream.close()
> > >
> > > On 2/23/06, *Gili* < [EMAIL PROTECTED]
> > > > wrote:
> > >
> > >
> > >I meant I haved a Resource that gets its data from the
> > > database. So I
> > > wrapped my Hibernate object in a LoadableDetachableModel. Basically
> > > what
> > > I am noticing is this:
> > >
> > > 1) First request comes in
> > > 2) New Hibernate session is opened
> > > 3) Resource.getData() gets invoked
> > > 4) LoadableDetachableModel.attach() gets invoked and its object is
> > > returned. Resource uses this to generate its data.
> > > 5) Data is returned to client, Hibernate session is closed at the
> end of
> > > the request (by my servlet filter)
> > >
> > > 6) Second request comes in
> > > 7) LoadableDetachableModel thinks it is still attached
> > > 8) I try using the Hibernate object it returns but it is now
> > > disconnected from the Session so I have to explicitly reconnect it
> to a
> > > new session.
> > >
> > >Ideally I'd like to have a mechanism which lets me know when
> > > I should
> > > reconnect the Hibernate objects to the session so if
> > > Resource.getLength(), getData() get invoked in a single HTTP
> request, I
> > > only attach them to the session once.
> > >
> > >In my original image I was looking for a way to detach()
> > > LoadableDetachableModel at the end of each HTTP request, but I
> realize
> > > now this might be overkill. It is far more expensive to re-attach a
> > > LoadableDetachableModel than simply reattach its resulting object to
> the
> > > Hibernate session.
> > >
> > >So two questions:
> > >
> > > 1) Is there a good reason to re-attach the LoadableDetachableModel
> at
> > > the beginning of each HTTP request? Or is it enough to simply
> re-attach
> > > the Hibernate object? Will the latter break anything in a clustering
> > > environment?
> > >
> > > 2) Does it make sense for Wicket to provide some sort of
> mechanism/hook
> > > to let the resource know when the HTTP request begins/ends so it can
> > > reattach its model objects (if any exist) to the database?
> > >
> > > Thank you,
> > > Gili
> > >
> > > Johan Compagner wrote:
> > >  >  i guess you are now talking about a Component that is directly
> > > its own
> > >  > Resource Streamer?
> > >  > of do you have Shared Resources with a detachablemodel? That
> would be
> > >  > strange because that
> > >  > doesn't make anysense for wicket (we don't attach/detach it)
> > >  >
> > >  > But for a component and a model impl that has the resource this
> > >  > shouldn't be a problem to begin with
> > >  > Because the stream is done in one go so contenttype, data.
> > >  > And last modified is not checked for those so only a last modifed
> > >  > request doesn't com

Re: [Wicket-user] I submited a new bug in wicket-1.2-20060108

2006-01-10 Thread Maurice Marrink 
Maybe you remember johan and i worked on introducing a security
framework into wicket. One of the things we had (still do actually :))
was an access denied page that could be overridden by the developper.

Maurice

2006/1/10, Igor Vaynberg <[EMAIL PROTECTED]>:
> im not a big fan of the null = continue idea since its very implicit.
>
> -Igor
>
>
>
> On 1/9/06, Juergen Donnerstag < [EMAIL PROTECTED]> wrote:
> > May that is how we should change it. Instead of return a boolean a
> > Page. If null than go on, else goto the page provided.
> >
> > Juergen
> >
> > On 1/9/06, Johan Compagner <[EMAIL PROTECTED]> wrote:
> > > What do you expect it should do?
> > > Just an empty page? Or an internal error page?
> > >
> > > If you look at the signin examples you see that we set a response page:
> > > redirectToInterceptPage(newPage(SignIn2.class));
> > >
> > >  So if you don't set any response page but do return false.
> > > What should the framework do?
> > >
> > > johan
> > >
> > >
> > > On 1/9/06, pepone pepone < [EMAIL PROTECTED]> wrote:
> > > > wicket-1.2-20060108
> > > > Page renders when checkAccess returns false
> > > >
> > > >
> > >
> http://sourceforge.net/tracker/index.php?func=detail&aid=1400643&group_id=119783&atid=684975
> > > > --
> > > > play tetris http://pepone.on-rez.com/tetris
> > > >
> > > >
> > > >
> ---
> > > > This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> > > files
> > > > for problems?  Stop!  Download the new AJAX search engine that makes
> > > > searching your log files as easy as surfing the  web.  DOWNLOAD
> SPLUNK!
> > > > http://ads.osdn.com/?ad_idv37&alloc_id865&opclick
> > > > ___
> > > > Wicket-user mailing list
> > > > Wicket-user@lists.sourceforge.net
> > > >
> https://lists.sourceforge.net/lists/listinfo/wicket-user
> > > >
> > >
> > >
> >
> >
> > ---
> > This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> files
> > for problems?  Stop!  Download the new AJAX search engine that makes
> > searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> > http://ads.osdn.com/?ad_idv37&alloc_id865&opclick
> > ___
> > Wicket-user mailing list
> > Wicket-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/wicket-user
> >
>
>


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] After redirection doRender() still called

2005-12-25 Thread Maurice Marrink 
you could use an IAuthorizationStrategy to perform a check at the
constructor of your page.
This is from the java doc
/**
 * Authorization strategies control on a low level how authorization is implied.
 * A strategy itself is generally not responsible for enforcing it. What a
 * strategy does do is tell the framework whether a component may be created
 * (especialy usefull for implementing secure bookmarkable pages and components
 * that should always be secure no matter what environment they are put it),
 * whether it may be rendered (which can result in components being 'filtered'
 * from a page, or triggering the page to not be rendered at all and redirecting
 * to a error or logon page), and whether a component may be enabled (thus
 * controlling it's reachability etc) at all.
 *
 * @author Eelco Hillenius
 * @author Jonathan Locke
 */
The only catch is that you specify the strategy application wide so
your strategy will be called for every component you create (not just
pages).
This is ofcourse not a big problem, just something i would like to see
changed (just in case you are reading this eelco ;))

2005/12/22, John Patterson <[EMAIL PROTECTED]>:
> Hi Wicketeers,
>
> I have a page which can only be viewed if the user is logged in.  If the user
> is not logged in then checkAccess() redirects to a sign in page and returns
> false.
>
> I moved my "page building" code to the onBeginRequest() method so that it is
> only called when it is really needed (ie not when the page cannot be viewed).
>
> However, in my original page doRender() is still called and the html is parsed
> etc.  This involves looking up data from the database which is never shown.
>
> Is there any way to build a page that will only be built if it is actually
> going to be displayed?
>
> Thanks,
>
> John.
>
>
> ---
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Using POJO as Model - is this right?

2005-12-22 Thread Maurice Marrink 
You could always use a different model (containing just the fileupload
object) for the fileupload and the compoundmodel for the rest of the
form. then in the onsubmit you could get both models set the blob on
your pojo and save it. this way you can keep your pojo clean.

Maurice

2005/12/23, Joshua Lim <[EMAIL PROTECTED]>:
> Hi I have a question about using POJO as Models in wicket. BTW, love the
> framework ! I am using Hibernate 3 and Wicket 1.1
>
> I've got 2 POJO : Contestant -1:n-> Design. I have a page which lets a
> Contestant uploads a bunch of images and each of these images are stored as
> Blobs in a database. Each image is a Design
>
> Here's the 'problem'
>
> I am setting Contestant object as the CompoundPropertyModel, which is ok.
> and everything is populated. I use a ListView to handle set of Designs
> within the form, and I have FileUploadField to handle image file uploads.
>
> The FileUploadField, however, will populate a FileUpload object which I had
> to add into my POJO, and onSubmit, I then populate my Bolb field...
>
> Question: Although it works, does this sound right in using my POJO as a
> Model? becuase I really don't like the idea of having to modify my POJO just
> to accommodate the wicket page, becasue I might have another page which may
> require a checkbox for e.g. for some other reasonand I have to modify my
> Pojo again?
>
> I would like to have a Pojo that is not dependant on the wicket page ... is
> this right? any advise? Am I using it correctly?
>
> Thanks
> Joshua
>
>
>
>


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Hibernate transactions

2005-12-19 Thread Maurice Marrink 
>imho, your transactions should only be concerned with what happens in
event >handlers (onclick/onsubmit) and not through the enitire request
cycle because >anything outside the handlers should be read-only
access and thus not require a >transaction.

That would indeed be desirable, however as of the latest hibernate you
are required to have atransaction at all times. Even for read only
operations. failing to do results in lazyinit exceptions from
hibernate.

Maurice

2005/12/17, Igor Vaynberg <[EMAIL PROTECTED]>:
> yes. considering what you are trying to do that will work.
>
> still not sure why you are trying to do it this way, seems silly to me to
> tie transaction handling with UI code. imho, your transactions should only
> be concerned with what happens in event handlers (onclick/onsubmit) and not
> through the enitire request cycle because anything outside the handlers
> should be read-only access and thus not require a transaction. so i think
> you are setting the boundaries a bit wide. but as i said, this is imho.
>
> anyway i created an example of what you want a while back - pre requestcycle
> refactoring - so if you want to take a look you can find it here
>
> http://www.mail-archive.com/wicket-user@lists.sourceforge.net/msg07587.html
>
> my approach was a bit inversed opposed to yours. i used the application to
> handle sessions and used requestcycle to signal certain events to the
> application. that way all transaction mgmt lives in the application.
>
>
> -Igor
>
>
> On 12/17/05, John Patterson <[EMAIL PROTECTED]> wrote:
> > On Saturday 17 Dec 2005 15:19, Igor Vaynberg wrote:
> > > you might not be able to do it using the try/catch/finally semantic, but
> > > there are plenty of hooks in there to do it without. the
> > > iexceptionresponsestrategy is indirectly part of the cycle as well.
> >
> > So the answer is no, you cannot have transaction handling code in one
> class?
> >
> > This seems like it should be really simple to do so I am not sure I doing
> it
> > the way you suggest.
> >
> > Is this your suggested approach:
> >
> > 1 - Override
> WebApplication.getDefaultRequestCycleFactory() to return
> new
> > instances of my own custom RequestCycle.
> >
> > 2 - Subclass WebRequestCycle to override onEndRequest() where I can
> > commit/rollback the transaction.
> >
> > 3 - Override
> WebApplication.getDefaultRequestCycleProcessor to create
> and
> > cache a single instance of CompoundRequestCycleProcessor with my own
> custom
> > IExceptionResponseStrategy.
> >
> > 4 - Subclass DefaultExceptionResponseProcessor to catch
> exceptions and signal
> > my custom WebRequestCycle that the transaction should be rolled back in
> > onEndRequest().
> >
> > Thanks,
> >
> > John
> >
> >
> > ---
> > This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> files
> > for problems?  Stop!  Download the new AJAX search engine that makes
> > searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> > ___
> > Wicket-user mailing list
> > Wicket-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/wicket-user
> >
>
>


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Hibernate transactions

2005-12-19 Thread Maurice Marrink 
Actually, transactions are either committed automaticly within there
method call dao.save(someObject) or if i need to batch several
operations in 1 transaction i let the onclick event commit the
transaction for me.
public void onclick()
{
  Object obj=dao.batchLoad(id);
  dao.batchDelete(obj);
  dao.commit();
}

but thats just how we do things, remember i told you we rollback at
the end of a request. you could just as easilly commit there then you
would not have to worry about mixing transaction code all over wicket
code.

Maurice

2005/12/16, John Patterson <[EMAIL PROTECTED]>:
>
> > > It also creates a new transaction for every data operation which does not
> > > allow for making multiple operations atomic.
> >
> > Not true. Our base dao has methods for batching saves, updates and the
> > like that use the currently running transaction, with 1 single method
> > call you can then commit this transaction whenever you want.
> >
>
> So you have transaction related methods on your DAO?
>
> If so the user is responsible for defining the transaction boundary's.  I
> would prefer this to be automatically handled by the container OR by some
> wicket specific handler.  Separation of concerns and all that...
>
>
> ---
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Hibernate transactions

2005-12-16 Thread Maurice Marrink 
>This would require duplicating error and transaction handling in every method.
True, but you can compensate by inheriting a lot of common methods
from a general implementation. Besides our base dao we hardly ever
have to deal with transactions in our dao's.
> It also creates a new transaction for every data operation which does not
> allow for making multiple operations atomic.
Not true. Our base dao has methods for batching saves, updates and the
like that use the currently running transaction, with 1 single method
call you can then commit this transaction whenever you want.

Maurice Marrink


2005/12/16, John Patterson <[EMAIL PROTECTED]>:
> On Friday 16 Dec 2005 05:40, Maurice Marrink wrote:
> > We use the dao pattern. any exceptions are handled by the different dao's.
>
> This would require duplicating error and transaction handling in every method.
> It also creates a new transaction for every data operation which does not
> allow for making multiple operations atomic.
>
>
> ---
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Hibernate transactions

2005-12-16 Thread Maurice Marrink 
We use the dao pattern. any exceptions are handled by the different dao's.
We have overridden webrequestcycle to make a new hibernatesession (and
a transaction since hibernate 3 want's everything happening between
transactions)
The dao's use this session and at the end of the request any
uncommitted transaction is rolledback (just to be sure, the dao should
have caught any hibernateexceptions and rolledback already) and the
session is closed.

Maurice Marrink

2005/12/16, John Patterson <[EMAIL PROTECTED]>:
> Hi,
>
> I am using hibernate with my wicket application and was wondering how I can
> control transactions?  Usually I use a servlet filter that either commits the
> current transaction or rolls it back.
>
> Something like this:
>
> try
> {
>   chain.doFilter(req, resp);
>  // commit if needed
> }
> catch (Exception e)
> {
>  // roll back if needed
> }
> finally
> {
>  // close session if needed
> }
>
> I am using wicket HEAD and all exceptions are caught and handled in the
> RequestCycle so my catch block is never called.  Instead of using a servlet
> filter I tried subclassing WebRequestCycle to use onBeginRequest and
> onEndRequest.  But how do I catch exceptions to rollback the current
> transaction?  I was looking for some kind of onError handler.
>
> How do others handle this?
>
> Thanks,
>
> John
>
>
> ---
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

RE: [Wicket-user] replace ognl.

2005-10-27 Thread Maurice Marrink 
That nullpointer is our problem too and one of the reasons it is being
changed right now.
Don't think johan has put in the syntax you just suggested though.
Afaik it just returns null.

____

Maurice Marrink 
www.topicus.nl  

-Original Message-
From: Felix von Delius [mailto:[EMAIL PROTECTED] 
Sent: donderdag 27 oktober 2005 11:10
To: wicket-user@lists.sourceforge.net
Subject: Re: [Wicket-user] replace ognl.

I strongly support replacing OGNL with something more performant, as
long as it is not yet another new syntax for accessing properties (we
already have OGNL, Spring property access syntax, some expression
languages from the JSP/Taglib world and probably some others). At
least it sould be OGNL compatible for 90% of the cases. Perhaps using
the Spring implementation is possible? It is widely tested and I
suppose it doesn't have the OGNL performance issues.

Further I remember an issue in this mailinglist that in OGNL adressing
a not existing subtree results in a NullPointerException
("customer.address.city.zip" throws NPE if address is null). Maybe a
new implementation could handle this issue without NPE? (There was the
suggestion for a syntax like "customer.address?.city.zip", but I'm not
sure it this is a good idea).

Cheers,
Felix


On 10/27/05, Johan Compagner <[EMAIL PROTECTED]> wrote:
> Hi
>
>  I have written a replacement of OGNL when i test it with a very
simple test
> (The FormInput example)
>  then i see quite some improvements in cpu speedups and mem
improvements
>
>  Around 40% speed increase for a submitting the forminput example page
20
> times
>  and only 1/5 of the memory garbage is generated (50MB against 10MB)
>
>  The question is what do you guys use of ognl? Can i completely drop
it or
> must i make it an option so
>  that you can switch in youre application for all using ognl or the
homebrew
> wicket impl.
>  Or make seperate classes (like AbstractPropertyModel) but this is not
> really doable because then all the
>  sub classes must also be copied...(Like CompoundXX)
>
>  What i do support now is this:
>
>  person.name (plain properties)
>  person.addresses.0.street (addresses is a list and i take the first
> element)
>  person.addresses.homeaddress.street (addresses is map and i take the
> address with the key 'homeaddress' out of it)
>
>  so maps and list are seen and the next part of the expression is then
the
> key or the index you can also put values in a map
>  or append/set to a list:
>
>  person.addresses.homeaddress = new Address()
>  person.addresses.10 = new Address()
>
>  if the list size is smaller then 10 then it will appends null to make
it
> that size.
>
>  addresses can also be an Array but then it won't be able to grow.
>
>  Ofcourse the person.address.street will just be null if address is
null, no
> exception will be thrown
>  if you try to set something on a null object a exception is still
thrown,
> Maybe we could make some null handlers for that somehow that are easy
> useable.
>
>  So can people live with this? Does anybody uses something different
of
> ognl?
>
>  johan
>


---
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user



---
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

RE: [Wicket-user] replace ognl.

2005-10-27 Thread Maurice Marrink 
Also +1
Actually our project is what triggerd this change and will bring some
new features we need. Nothing fancy though.

What I have gathered from johan it will be possible to get elements from
maps / lists / arrays etc.
The expression would be something like person.children.0.name It is very
similar if not the same syntax ognl uses. If children was a map
containing a key "jack" you could use person.children.jack.name

____

Maurice Marrink 
www.topicus.nl  

-Original Message-
From: Martijn Dashorst [mailto:[EMAIL PROTECTED] 
Sent: donderdag 27 oktober 2005 7:28
To: wicket-user@lists.sourceforge.net
Subject: Re: [Wicket-user] replace ognl.

+1 on moving OGNL into extensions.

I think the OGNL thing is good, it provides a nice base
implementation. I'd like to see the current implementation still being
available for those 1% that need the full OGNL expression evaluator
(though I think I share the same sentiment Phil voiced).

Do we also support things like

person.getChildren().get(0).getName()?

Martijn


On 10/27/05, Phil Kulak <[EMAIL PROTECTED]> wrote:
> I'm very +1 on this. OGNL has turned into it's own scripting language
> over the years. If you want to use any of those features, then you're
> missing the point of Wicket.
>
>
> ---
> This SF.Net email is sponsored by the JBoss Inc.
> Get Certified Today * Register for a JBoss Training Course
> Free Certification Exam for All Training Attendees Through End of 2005
> Visit http://www.jboss.com/services/certification for more information
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>


---
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user



---
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

RE: [Wicket-user] swing renderer

2005-04-29 Thread Maurice Marrink 
That is exactly what I would have liked. In fact I even mentioned it to
Jonathan when he was here in Holland, but he saw wicket primarily as an
html app.

So I guess we would have to do it ourselves, haven't looked into how to
do it though since it's just a nice to have feature for me.

Maurice Marrink


-Oorspronkelijk bericht-
Van: bin zhu [mailto:[EMAIL PROTECTED] 
Verzonden: donderdag 28 april 2005 21:30
Aan: wicket-user@lists.sourceforge.net
Onderwerp: [Wicket-user] swing renderer

wonder if you guys have thought about writing a swing
or other renderers for wicket.. so that the same html
app can run in swing or swt without any code change.

thanks again for a great job in developing wicket!



__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---
SF.Net email is sponsored by: Tell us your software development plans!
Take this survey and enter to win a one-year sub to SourceForge.net
Plus IDC's 2005 look-ahead and a copy of this survey
Click here to start!  http://www.idcswdc.com/cgi-bin/survey?id=105hix
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user


---
SF.Net email is sponsored by: Tell us your software development plans!
Take this survey and enter to win a one-year sub to SourceForge.net
Plus IDC's 2005 look-ahead and a copy of this survey
Click here to start!  http://www.idcswdc.com/cgi-bin/survey?id5hix
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

RE: [Wicket-user] how to close a popup ?

2005-04-14 Thread Maurice Marrink 
This will not help much,
The window (popup) will have its own close button (the famous x)
And even though you can catch that event in JavaScript there is not much you 
can do to prevent the window from closing anyway (although there are some 
internet explorer only tricks that can) so you can forget about warning a user 
like "hey this has not yet been saved, are you sure you want to close this 
window?".
Maybe it is possible to open another window upon closing (to do some cleaning), 
but with all those popup killers I'm not sure if that would work everywhere.

Maurice Marrink
Topicus

-Oorspronkelijk bericht-
Van: Ari Suutari [mailto:[EMAIL PROTECTED] 
Verzonden: donderdag 14 april 2005 7:20
Aan: wicket-user@lists.sourceforge.net
Onderwerp: Re: [Wicket-user] how to close a popup ?

Hi,
> popup page will be in a separare pagemap now, so this isn't necessary.
> we might want some way of removing the pagemap though... and this would
> be a good reason for a wicket close button or whatever... can someone bug
> this as an RFE against 1.1?

I'll add it.

Ari S.

>
> Maurice Marrink wrote:
>
>>Javascript I'm afraid.
>>Also don't forget to remove the popup page from the cache after your
>>done (session.remove() I believe) or you might find that your original
>>page has expired (when opening and closing a lot of popups).
>>
>>Maurice Marrink
>>
>>
>>-Oorspronkelijk bericht-
>>Van: Ari Suutari [mailto:[EMAIL PROTECTED] Verzonden: woensdag 13 april 2005 
>>12:27
>>Aan: wicket-user@lists.sourceforge.net
>>Onderwerp: [Wicket-user] how to close a popup ?
>>
>>Hi,
>>
>>I have a link in my application which is created like this:
>>
>>EditLink link = new EditLink("editLink",
>>listItem.getModelObject());
>>link.setPopupSettings(new PopupSettings());
>>
>>ie. it opens a new page in separate popup. It would be nice to create
>>buttons in this popup so that they close the popup after it has been
>>submitted.
>>
>>Is there a wicket-style way doing this or do I need to do it with
>>javascript
>>as usual ?
>>
>>Ari S.
>>
>>
>>
>>---
>>SF email is sponsored by - The IT Product Guide
>>Read honest & candid reviews on hundreds of IT Products from real users.
>>Discover which products truly live up to the hype. Start reading now.
>>http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
>>___
>>Wicket-user mailing list
>>Wicket-user@lists.sourceforge.net
>>https://lists.sourceforge.net/lists/listinfo/wicket-user
>>
>>
>>---
>>SF email is sponsored by - The IT Product Guide
>>Read honest & candid reviews on hundreds of IT Products from real users.
>>Discover which products truly live up to the hype. Start reading now.
>>http://ads.osdn.com/?ad_ide95&alloc_id396&opÌk
>>___
>>Wicket-user mailing list
>>Wicket-user@lists.sourceforge.net
>>https://lists.sourceforge.net/lists/listinfo/wicket-user
>>
>>
>
>
> ---
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> ___
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>
> 



---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=ick
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

RE: [Wicket-user] how to close a popup ?

2005-04-13 Thread Maurice Marrink 
Javascript I'm afraid.
Also don't forget to remove the popup page from the cache after your
done (session.remove() I believe) or you might find that your original
page has expired (when opening and closing a lot of popups).

Maurice Marrink


-Oorspronkelijk bericht-
Van: Ari Suutari [mailto:[EMAIL PROTECTED] 
Verzonden: woensdag 13 april 2005 12:27
Aan: wicket-user@lists.sourceforge.net
Onderwerp: [Wicket-user] how to close a popup ?

Hi,

I have a link in my application which is created like this:

EditLink link = new EditLink("editLink",
listItem.getModelObject());
link.setPopupSettings(new PopupSettings());

ie. it opens a new page in separate popup. It would be nice to create
buttons in this popup so that they close the popup after it has been
submitted.

Is there a wicket-style way doing this or do I need to do it with
javascript
as usual ?

Ari S.



---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

RE: [Wicket-user] Obfuscated URLs? / wicket for me?

2005-03-23 Thread Maurice Marrink 
You can hide the url by placing your website in a frame.
It won't stop someone who is determined to get to your real url but
atleast the regular user is not bothered with complex urls anymore.

Maurice 

-Oorspronkelijk bericht-
Van: Jonathan Locke [mailto:[EMAIL PROTECTED] 
Verzonden: woensdag 23 maart 2005 10:07
Aan: wicket-user@lists.sourceforge.net
Onderwerp: Re: [Wicket-user] Obfuscated URLs? / wicket for me?


sorry, only had time for a few short answers below... i have to work on 
getting wicket out the door!

 jon

Dave E Martin wrote:

> I have stumbled across wicket quite by accident (there are something 
> like 5 frameworks just at apache.org to choose from, sigh), and am 
> seriously looking into it.
>
> I have the following concern however: The URLs it generates seem a bit

> revealing, and they also seem that they would encourage users to play 
> with them (I certainly did, and got some interesting results). Are 
> there any security implications to this (can a user manually 
> "generate" a valid URL that they shouldn't?).

all wicket urls are session relative.  you cannot accidentally or 
intentionally discover anything in another session by playing with 
urls.  this is one of the advantages of wicket in terms of security.

> Would it be/is it possible to have an obfuscated/encrypted URL option 
> (they would still need to be legal URL strings of course) to: a: 
> discourage the user from playing with it b: hide the implementation 
> from the user c: make it unlikely that they could manaully generate 
> some other valid URL into the application (even if doing so is 
> safe/secure, which I hope it is). (it would also be nice to not have 
> things like IPageView (or whatever) in bookmarkable URLs. (i've just 
> started converting my app so i'm not really sure what bookmarkable 
> URLs look like yet; in my case, I only have two URLs I want 
> bookmarkable anyway: the end-user main menu, and the backoffice user 
> main menu.)

i've thought about this for some time now.  it would not be /too/ hard 
to do this, although it would cost you something in terms of memory for 
each URL generated.  please submit an RFE if you want this looked at and

we'll take a look for 1.1. 

>
> ===
> And now the product of my swiss-cheesed mind, which ended up being 
> rather lengthly. Some of it are concerns that I hope wicket (its 
> developers) have thought about and considered, and some of it is 
> ranting/raving (well not to bad I hope).
>
> I have been implementing a project using JSF, but I have become 
> disillusioned with JSF. In particular, it seems to require things to 
> be defined in an average of 3 separate places, and they have to be 
> kept consistent. It also seems to throw type-safety to the wind (one 
> reason I dislike using PHP/perl). Bad/undefined outcomes don't 
> generate an error, they just reload the current page. Bad/undefined 
> values turn into blanks; sometimes you get a variableResolver 
> exception, sometimes you just get a blank or a property whose value 
> never updates. Also, detection of a number of errors is deferred until

> the last possible moment (a risk when relying on reflection to resolve

> things).
>
> I also can't imagine handing a JSF page over to the web designer guy 
> and getting taken seriously (and probably also for faces-config).
>
> I was just about to start tenatively using Tapestry, when I stumbled 
> across wicket (looking for Tapestry vs JSF articles). So far I am 
> encouraged (in spite of having to learn the differences between the 
> available documentation and how it actually works now (I am assuming 
> however that the javadocs are up-to-date, at least they seem to be)).
>
> I am looking for something which will:
>
> Let me adhere to "once-and-only-once"; (I have to put it in web.xml, 
> and in faces-config, and in my code, and somewhere under WEB-INF, 
> and I had to do lots of cut'n'paste because the reuse facilities are 
> inadequate?)
>
> Maintains type safety/compile-time-checking as much as possible;
>
we try.  don't know how successful we are from your point of view, but 
the components are all first class java components implemented with an 
ordinary java class.

> Allows dynamic generation of lists and lets the user manipulate the 
> individual rows separately or together).  (example: 5 rows in a 
> shopping cart, user can change quantity fields individually in all 
> rows, then hit update at bottom of list, and have all rows updated to 
> their individual new values. Each row can also have its own button 
> (for instance "delete") that affects only that row. (this seems to 
> *barely* work in jsf, and only after I took over the bean management, 
> see below).

you can put anything you want into listview rows.  each is a container 
that you get to populate.  we've got delete/move-up/move-down links.

>
> Allows me to easily reuse stuff (even multiple times on one page; for 
> instance, I have an address form, and a place where I

  1   2   >