[jira] [Commented] (WICKET-6847) async page storing fails with flush before detach without session
[ https://issues.apache.org/jira/browse/WICKET-6847?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17227744#comment-17227744 ] Ernesto Reinaldo Barreiro commented on WICKET-6847: --- [~svenmeier]thanks for your work. This seems to fix problem. Running our full battery of tests now to double check. > async page storing fails with flush before detach without session > - > > Key: WICKET-6847 > URL: https://issues.apache.org/jira/browse/WICKET-6847 > Project: Wicket > Issue Type: Bug > Components: wicket >Affects Versions: 9.1.0 >Reporter: Sven Meier >Assignee: Martin Tzvetanov Grigorov >Priority: Minor > Fix For: 9.2.0 > > > Since WICKET-6831 the response is flushed before detach. > RequestPageStore delays storing all of stateful pages until detach; at that > moment AsynchronousPageStore can no longer acquire the required session id. -- This message was sent by Atlassian Jira (v8.3.4#803005)
buildbot success in on wicket-master-java13
The Buildbot has detected a restored build on builder wicket-master-java13 while building wicket. Full details are available at: https://ci.apache.org/builders/wicket-master-java13/builds/351 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: bb_slave6_ubuntu Build Reason: The SingleBranchScheduler scheduler named 'on-wicket-master-java13-commit' triggered this build Build Source Stamp: [branch master] 53ef2ff71ec2cd67f258ebadab9719affabeebaf Blamelist: Andrea Del Bene Build succeeded! Sincerely, -The Buildbot
[wicket] branch master updated: Added documentation on setting request headers for unit tests.
This is an automated email from the ASF dual-hosted git repository. adelbene pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/wicket.git The following commit(s) were added to refs/heads/master by this push: new 53ef2ff Added documentation on setting request headers for unit tests. 53ef2ff is described below commit 53ef2ff71ec2cd67f258ebadab9719affabeebaf Author: Andrea Del Bene AuthorDate: Fri Nov 6 22:45:41 2020 +0100 Added documentation on setting request headers for unit tests. --- .../src/main/asciidoc/security/security_5.adoc | 2 ++ .../src/main/asciidoc/testing/testing_1.adoc | 32 ++ 2 files changed, 34 insertions(+) diff --git a/wicket-user-guide/src/main/asciidoc/security/security_5.adoc b/wicket-user-guide/src/main/asciidoc/security/security_5.adoc index 9518d5e..5f96e30 100644 --- a/wicket-user-guide/src/main/asciidoc/security/security_5.adoc +++ b/wicket-user-guide/src/main/asciidoc/security/security_5.adoc @@ -59,6 +59,8 @@ For example: _ResourceIsolationRequestCycleListener_ is not an alternative to _CryptoMapper_! Both of them could be used separately or in tandem to prevent CSRF attacks depending on the application requirements. +NOTE: In the next chapter we will cover unit testing with Wicket. If your application is protected with _ResourceIsolationRequestCycleListener_ you have to properly set request header _"sec-fetch-site"_ to make you unit tests pass. In <> you will learn how to do it. + Wicket also provides the deprecated (since version 9.1.0) _CsrfPreventionRequestCycleListener_ - a _IRequestCycleListener_ that forbids requests made from a different origin. Similar to the __ResourceIsolationRequestCycleListener__ by default only actions are forbidden, i.e. a request coming from different origin cannot execute _Link.onClick()_ or submit forms (_Form.onSubmit()_). Any request to render pages are still allowed so Wicket pages could be easily embedded in other applications. MyApplication.java diff --git a/wicket-user-guide/src/main/asciidoc/testing/testing_1.adoc b/wicket-user-guide/src/main/asciidoc/testing/testing_1.adoc index 27dadfa..6f8339e 100644 --- a/wicket-user-guide/src/main/asciidoc/testing/testing_1.adoc +++ b/wicket-user-guide/src/main/asciidoc/testing/testing_1.adoc @@ -285,3 +285,35 @@ public void tearDown(){ } +=== Setting request headers + +In some cases you might need to set one or more specific request headers to make your test pass. This holds true when your application is protected against CSRF attacks as explained in <>. In this particular case in order to make your tests green you must set header request _"sec-fetch-site"_ to _same-site_ before clicking on a page link or before invoking a callback URL: + +[source,java] + +import static org.apache.wicket.protocol.http.FetchMetadataResourceIsolationPolicy.SAME_SITE; +import static org.apache.wicket.protocol.http.FetchMetadataResourceIsolationPolicy.SEC_FETCH_SITE_HEADER; + +public class TestHomePage +{ + private WicketTester tester; + + @BeforeEach + public void setUp() + { + tester = new WicketTester(new WicketApplication()); + } + + @Test + public void homepageRendersSuccessfully() + { + //start and render the test page + tester.startPage(HomePage.class); + + tester.addRequestHeader(SEC_FETCH_SITE_HEADER, SAME_SITE); + tester.clickLink("click"); + } +} + + +NOTE: keep in mind that request headers are immediately discarded after the use and thus are not re-used for following requests. \ No newline at end of file
[wicket] branch master updated: Added documentation on setting request headers for unit tests.
This is an automated email from the ASF dual-hosted git repository. adelbene pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/wicket.git The following commit(s) were added to refs/heads/master by this push: new 53ef2ff Added documentation on setting request headers for unit tests. 53ef2ff is described below commit 53ef2ff71ec2cd67f258ebadab9719affabeebaf Author: Andrea Del Bene AuthorDate: Fri Nov 6 22:45:41 2020 +0100 Added documentation on setting request headers for unit tests. --- .../src/main/asciidoc/security/security_5.adoc | 2 ++ .../src/main/asciidoc/testing/testing_1.adoc | 32 ++ 2 files changed, 34 insertions(+) diff --git a/wicket-user-guide/src/main/asciidoc/security/security_5.adoc b/wicket-user-guide/src/main/asciidoc/security/security_5.adoc index 9518d5e..5f96e30 100644 --- a/wicket-user-guide/src/main/asciidoc/security/security_5.adoc +++ b/wicket-user-guide/src/main/asciidoc/security/security_5.adoc @@ -59,6 +59,8 @@ For example: _ResourceIsolationRequestCycleListener_ is not an alternative to _CryptoMapper_! Both of them could be used separately or in tandem to prevent CSRF attacks depending on the application requirements. +NOTE: In the next chapter we will cover unit testing with Wicket. If your application is protected with _ResourceIsolationRequestCycleListener_ you have to properly set request header _"sec-fetch-site"_ to make you unit tests pass. In <> you will learn how to do it. + Wicket also provides the deprecated (since version 9.1.0) _CsrfPreventionRequestCycleListener_ - a _IRequestCycleListener_ that forbids requests made from a different origin. Similar to the __ResourceIsolationRequestCycleListener__ by default only actions are forbidden, i.e. a request coming from different origin cannot execute _Link.onClick()_ or submit forms (_Form.onSubmit()_). Any request to render pages are still allowed so Wicket pages could be easily embedded in other applications. MyApplication.java diff --git a/wicket-user-guide/src/main/asciidoc/testing/testing_1.adoc b/wicket-user-guide/src/main/asciidoc/testing/testing_1.adoc index 27dadfa..6f8339e 100644 --- a/wicket-user-guide/src/main/asciidoc/testing/testing_1.adoc +++ b/wicket-user-guide/src/main/asciidoc/testing/testing_1.adoc @@ -285,3 +285,35 @@ public void tearDown(){ } +=== Setting request headers + +In some cases you might need to set one or more specific request headers to make your test pass. This holds true when your application is protected against CSRF attacks as explained in <>. In this particular case in order to make your tests green you must set header request _"sec-fetch-site"_ to _same-site_ before clicking on a page link or before invoking a callback URL: + +[source,java] + +import static org.apache.wicket.protocol.http.FetchMetadataResourceIsolationPolicy.SAME_SITE; +import static org.apache.wicket.protocol.http.FetchMetadataResourceIsolationPolicy.SEC_FETCH_SITE_HEADER; + +public class TestHomePage +{ + private WicketTester tester; + + @BeforeEach + public void setUp() + { + tester = new WicketTester(new WicketApplication()); + } + + @Test + public void homepageRendersSuccessfully() + { + //start and render the test page + tester.startPage(HomePage.class); + + tester.addRequestHeader(SEC_FETCH_SITE_HEADER, SAME_SITE); + tester.clickLink("click"); + } +} + + +NOTE: keep in mind that request headers are immediately discarded after the use and thus are not re-used for following requests. \ No newline at end of file
[wicket] branch master updated: Added documentation on setting request headers for unit tests.
This is an automated email from the ASF dual-hosted git repository. adelbene pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/wicket.git The following commit(s) were added to refs/heads/master by this push: new 53ef2ff Added documentation on setting request headers for unit tests. 53ef2ff is described below commit 53ef2ff71ec2cd67f258ebadab9719affabeebaf Author: Andrea Del Bene AuthorDate: Fri Nov 6 22:45:41 2020 +0100 Added documentation on setting request headers for unit tests. --- .../src/main/asciidoc/security/security_5.adoc | 2 ++ .../src/main/asciidoc/testing/testing_1.adoc | 32 ++ 2 files changed, 34 insertions(+) diff --git a/wicket-user-guide/src/main/asciidoc/security/security_5.adoc b/wicket-user-guide/src/main/asciidoc/security/security_5.adoc index 9518d5e..5f96e30 100644 --- a/wicket-user-guide/src/main/asciidoc/security/security_5.adoc +++ b/wicket-user-guide/src/main/asciidoc/security/security_5.adoc @@ -59,6 +59,8 @@ For example: _ResourceIsolationRequestCycleListener_ is not an alternative to _CryptoMapper_! Both of them could be used separately or in tandem to prevent CSRF attacks depending on the application requirements. +NOTE: In the next chapter we will cover unit testing with Wicket. If your application is protected with _ResourceIsolationRequestCycleListener_ you have to properly set request header _"sec-fetch-site"_ to make you unit tests pass. In <> you will learn how to do it. + Wicket also provides the deprecated (since version 9.1.0) _CsrfPreventionRequestCycleListener_ - a _IRequestCycleListener_ that forbids requests made from a different origin. Similar to the __ResourceIsolationRequestCycleListener__ by default only actions are forbidden, i.e. a request coming from different origin cannot execute _Link.onClick()_ or submit forms (_Form.onSubmit()_). Any request to render pages are still allowed so Wicket pages could be easily embedded in other applications. MyApplication.java diff --git a/wicket-user-guide/src/main/asciidoc/testing/testing_1.adoc b/wicket-user-guide/src/main/asciidoc/testing/testing_1.adoc index 27dadfa..6f8339e 100644 --- a/wicket-user-guide/src/main/asciidoc/testing/testing_1.adoc +++ b/wicket-user-guide/src/main/asciidoc/testing/testing_1.adoc @@ -285,3 +285,35 @@ public void tearDown(){ } +=== Setting request headers + +In some cases you might need to set one or more specific request headers to make your test pass. This holds true when your application is protected against CSRF attacks as explained in <>. In this particular case in order to make your tests green you must set header request _"sec-fetch-site"_ to _same-site_ before clicking on a page link or before invoking a callback URL: + +[source,java] + +import static org.apache.wicket.protocol.http.FetchMetadataResourceIsolationPolicy.SAME_SITE; +import static org.apache.wicket.protocol.http.FetchMetadataResourceIsolationPolicy.SEC_FETCH_SITE_HEADER; + +public class TestHomePage +{ + private WicketTester tester; + + @BeforeEach + public void setUp() + { + tester = new WicketTester(new WicketApplication()); + } + + @Test + public void homepageRendersSuccessfully() + { + //start and render the test page + tester.startPage(HomePage.class); + + tester.addRequestHeader(SEC_FETCH_SITE_HEADER, SAME_SITE); + tester.clickLink("click"); + } +} + + +NOTE: keep in mind that request headers are immediately discarded after the use and thus are not re-used for following requests. \ No newline at end of file
[wicket] branch master updated: Added documentation on setting request headers for unit tests.
This is an automated email from the ASF dual-hosted git repository. adelbene pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/wicket.git The following commit(s) were added to refs/heads/master by this push: new 53ef2ff Added documentation on setting request headers for unit tests. 53ef2ff is described below commit 53ef2ff71ec2cd67f258ebadab9719affabeebaf Author: Andrea Del Bene AuthorDate: Fri Nov 6 22:45:41 2020 +0100 Added documentation on setting request headers for unit tests. --- .../src/main/asciidoc/security/security_5.adoc | 2 ++ .../src/main/asciidoc/testing/testing_1.adoc | 32 ++ 2 files changed, 34 insertions(+) diff --git a/wicket-user-guide/src/main/asciidoc/security/security_5.adoc b/wicket-user-guide/src/main/asciidoc/security/security_5.adoc index 9518d5e..5f96e30 100644 --- a/wicket-user-guide/src/main/asciidoc/security/security_5.adoc +++ b/wicket-user-guide/src/main/asciidoc/security/security_5.adoc @@ -59,6 +59,8 @@ For example: _ResourceIsolationRequestCycleListener_ is not an alternative to _CryptoMapper_! Both of them could be used separately or in tandem to prevent CSRF attacks depending on the application requirements. +NOTE: In the next chapter we will cover unit testing with Wicket. If your application is protected with _ResourceIsolationRequestCycleListener_ you have to properly set request header _"sec-fetch-site"_ to make you unit tests pass. In <> you will learn how to do it. + Wicket also provides the deprecated (since version 9.1.0) _CsrfPreventionRequestCycleListener_ - a _IRequestCycleListener_ that forbids requests made from a different origin. Similar to the __ResourceIsolationRequestCycleListener__ by default only actions are forbidden, i.e. a request coming from different origin cannot execute _Link.onClick()_ or submit forms (_Form.onSubmit()_). Any request to render pages are still allowed so Wicket pages could be easily embedded in other applications. MyApplication.java diff --git a/wicket-user-guide/src/main/asciidoc/testing/testing_1.adoc b/wicket-user-guide/src/main/asciidoc/testing/testing_1.adoc index 27dadfa..6f8339e 100644 --- a/wicket-user-guide/src/main/asciidoc/testing/testing_1.adoc +++ b/wicket-user-guide/src/main/asciidoc/testing/testing_1.adoc @@ -285,3 +285,35 @@ public void tearDown(){ } +=== Setting request headers + +In some cases you might need to set one or more specific request headers to make your test pass. This holds true when your application is protected against CSRF attacks as explained in <>. In this particular case in order to make your tests green you must set header request _"sec-fetch-site"_ to _same-site_ before clicking on a page link or before invoking a callback URL: + +[source,java] + +import static org.apache.wicket.protocol.http.FetchMetadataResourceIsolationPolicy.SAME_SITE; +import static org.apache.wicket.protocol.http.FetchMetadataResourceIsolationPolicy.SEC_FETCH_SITE_HEADER; + +public class TestHomePage +{ + private WicketTester tester; + + @BeforeEach + public void setUp() + { + tester = new WicketTester(new WicketApplication()); + } + + @Test + public void homepageRendersSuccessfully() + { + //start and render the test page + tester.startPage(HomePage.class); + + tester.addRequestHeader(SEC_FETCH_SITE_HEADER, SAME_SITE); + tester.clickLink("click"); + } +} + + +NOTE: keep in mind that request headers are immediately discarded after the use and thus are not re-used for following requests. \ No newline at end of file
[wicket] branch master updated: Added documentation on setting request headers for unit tests.
This is an automated email from the ASF dual-hosted git repository. adelbene pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/wicket.git The following commit(s) were added to refs/heads/master by this push: new 53ef2ff Added documentation on setting request headers for unit tests. 53ef2ff is described below commit 53ef2ff71ec2cd67f258ebadab9719affabeebaf Author: Andrea Del Bene AuthorDate: Fri Nov 6 22:45:41 2020 +0100 Added documentation on setting request headers for unit tests. --- .../src/main/asciidoc/security/security_5.adoc | 2 ++ .../src/main/asciidoc/testing/testing_1.adoc | 32 ++ 2 files changed, 34 insertions(+) diff --git a/wicket-user-guide/src/main/asciidoc/security/security_5.adoc b/wicket-user-guide/src/main/asciidoc/security/security_5.adoc index 9518d5e..5f96e30 100644 --- a/wicket-user-guide/src/main/asciidoc/security/security_5.adoc +++ b/wicket-user-guide/src/main/asciidoc/security/security_5.adoc @@ -59,6 +59,8 @@ For example: _ResourceIsolationRequestCycleListener_ is not an alternative to _CryptoMapper_! Both of them could be used separately or in tandem to prevent CSRF attacks depending on the application requirements. +NOTE: In the next chapter we will cover unit testing with Wicket. If your application is protected with _ResourceIsolationRequestCycleListener_ you have to properly set request header _"sec-fetch-site"_ to make you unit tests pass. In <> you will learn how to do it. + Wicket also provides the deprecated (since version 9.1.0) _CsrfPreventionRequestCycleListener_ - a _IRequestCycleListener_ that forbids requests made from a different origin. Similar to the __ResourceIsolationRequestCycleListener__ by default only actions are forbidden, i.e. a request coming from different origin cannot execute _Link.onClick()_ or submit forms (_Form.onSubmit()_). Any request to render pages are still allowed so Wicket pages could be easily embedded in other applications. MyApplication.java diff --git a/wicket-user-guide/src/main/asciidoc/testing/testing_1.adoc b/wicket-user-guide/src/main/asciidoc/testing/testing_1.adoc index 27dadfa..6f8339e 100644 --- a/wicket-user-guide/src/main/asciidoc/testing/testing_1.adoc +++ b/wicket-user-guide/src/main/asciidoc/testing/testing_1.adoc @@ -285,3 +285,35 @@ public void tearDown(){ } +=== Setting request headers + +In some cases you might need to set one or more specific request headers to make your test pass. This holds true when your application is protected against CSRF attacks as explained in <>. In this particular case in order to make your tests green you must set header request _"sec-fetch-site"_ to _same-site_ before clicking on a page link or before invoking a callback URL: + +[source,java] + +import static org.apache.wicket.protocol.http.FetchMetadataResourceIsolationPolicy.SAME_SITE; +import static org.apache.wicket.protocol.http.FetchMetadataResourceIsolationPolicy.SEC_FETCH_SITE_HEADER; + +public class TestHomePage +{ + private WicketTester tester; + + @BeforeEach + public void setUp() + { + tester = new WicketTester(new WicketApplication()); + } + + @Test + public void homepageRendersSuccessfully() + { + //start and render the test page + tester.startPage(HomePage.class); + + tester.addRequestHeader(SEC_FETCH_SITE_HEADER, SAME_SITE); + tester.clickLink("click"); + } +} + + +NOTE: keep in mind that request headers are immediately discarded after the use and thus are not re-used for following requests. \ No newline at end of file
[jira] [Comment Edited] (WICKET-6847) async page storing fails with flush before detach without session
[ https://issues.apache.org/jira/browse/WICKET-6847?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17227543#comment-17227543 ] Sven Meier edited comment on WICKET-6847 at 11/6/20, 5:45 PM: -- With https://github.com/apache/wicket/commit/15a6cedfb8b855c004b2ece201d9eac063ef770e RequestCycle calls #onEndRequest() from processRequest() instead onDetach(). This allows listeners to do things before flush, which itself is an improvement. Furthermore IPageManager/IPageStore/RequestPageStore can add a sessions cookie as late as possible but *before* flush. was (Author: svenmeier): On branch WICKET-6847-onEndRequest-before-flush RequestCycle now calls #onEndRequest() from processRequest() instead onDetach(). This allows listeners to do things before flush, which itself is an improvement. Furthermore IPageManager/IPageStore/RequestPageStore can add a sessions cookie as late as possible but *before* flush. > async page storing fails with flush before detach without session > - > > Key: WICKET-6847 > URL: https://issues.apache.org/jira/browse/WICKET-6847 > Project: Wicket > Issue Type: Bug > Components: wicket >Affects Versions: 9.1.0 >Reporter: Sven Meier >Assignee: Martin Tzvetanov Grigorov >Priority: Minor > Fix For: 9.2.0 > > > Since WICKET-6831 the response is flushed before detach. > RequestPageStore delays storing all of stateful pages until detach; at that > moment AsynchronousPageStore can no longer acquire the required session id. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WICKET-6847) async page storing fails with flush before detach without session
[ https://issues.apache.org/jira/browse/WICKET-6847?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17227543#comment-17227543 ] Sven Meier commented on WICKET-6847: On branch WICKET-6847-onEndRequest-before-flush RequestCycle now calls #onEndRequest() from processRequest() instead onDetach(). This allows listeners to do things before flush, which itself is an improvement. Furthermore IPageManager/IPageStore/RequestPageStore can add a sessions cookie as late as possible but *before* flush. > async page storing fails with flush before detach without session > - > > Key: WICKET-6847 > URL: https://issues.apache.org/jira/browse/WICKET-6847 > Project: Wicket > Issue Type: Bug > Components: wicket >Affects Versions: 9.1.0 >Reporter: Sven Meier >Assignee: Martin Tzvetanov Grigorov >Priority: Minor > Fix For: 9.2.0 > > > Since WICKET-6831 the response is flushed before detach. > RequestPageStore delays storing all of stateful pages until detach; at that > moment AsynchronousPageStore can no longer acquire the required session id. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WICKET-6847) async page storing fails with flush before detach without session
[ https://issues.apache.org/jira/browse/WICKET-6847?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17227539#comment-17227539 ] ASF subversion and git services commented on WICKET-6847: - Commit 15a6cedfb8b855c004b2ece201d9eac063ef770e in wicket's branch refs/heads/WICKET-6847-onEndRequest-before-flush from Sven Meier [ https://gitbox.apache.org/repos/asf?p=wicket.git;h=15a6ced ] WICKET-6847 onEndRequest before flush allows RequestPageStore to check for stateful pages > async page storing fails with flush before detach without session > - > > Key: WICKET-6847 > URL: https://issues.apache.org/jira/browse/WICKET-6847 > Project: Wicket > Issue Type: Bug > Components: wicket >Affects Versions: 9.1.0 >Reporter: Sven Meier >Assignee: Martin Tzvetanov Grigorov >Priority: Minor > Fix For: 9.2.0 > > > Since WICKET-6831 the response is flushed before detach. > RequestPageStore delays storing all of stateful pages until detach; at that > moment AsynchronousPageStore can no longer acquire the required session id. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[wicket] branch WICKET-6847-onEndRequest-before-flush created (now 15a6ced)
This is an automated email from the ASF dual-hosted git repository. svenmeier pushed a change to branch WICKET-6847-onEndRequest-before-flush in repository https://gitbox.apache.org/repos/asf/wicket.git. at 15a6ced WICKET-6847 onEndRequest before flush This branch includes the following new commits: new 15a6ced WICKET-6847 onEndRequest before flush The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
[wicket] 01/01: WICKET-6847 onEndRequest before flush
This is an automated email from the ASF dual-hosted git repository. svenmeier pushed a commit to branch WICKET-6847-onEndRequest-before-flush in repository https://gitbox.apache.org/repos/asf/wicket.git commit 15a6cedfb8b855c004b2ece201d9eac063ef770e Author: Sven Meier AuthorDate: Fri Nov 6 18:36:16 2020 +0100 WICKET-6847 onEndRequest before flush allows RequestPageStore to check for stateful pages --- pom.xml | 12 .../src/main/java/org/apache/wicket/Application.java | 6 ++ .../java/org/apache/wicket/page/IPageManager.java| 6 ++ .../java/org/apache/wicket/page/PageManager.java | 6 ++ .../apache/wicket/pageStore/DelegatingPageStore.java | 6 ++ .../java/org/apache/wicket/pageStore/IPageStore.java | 9 + .../apache/wicket/pageStore/RequestPageStore.java| 19 ++- .../apache/wicket/request/cycle/RequestCycle.java| 20 ++-- 8 files changed, 69 insertions(+), 15 deletions(-) diff --git a/pom.xml b/pom.xml index 0c7cfd5..4e0c912 100644 --- a/pom.xml +++ b/pom.xml @@ -1133,6 +1133,18 @@ 9.0.0 true true + + + 7012 + org/apache/wicket/page/IPageManager + void end() + + + 7012 + org/apache/wicket/pageStore/IPageStore + void end(org.apache.wicket.pageStore.IPageContext) + + diff --git a/wicket-core/src/main/java/org/apache/wicket/Application.java b/wicket-core/src/main/java/org/apache/wicket/Application.java index 78fd57f..fa4ce29 100644 --- a/wicket-core/src/main/java/org/apache/wicket/Application.java +++ b/wicket-core/src/main/java/org/apache/wicket/Application.java @@ -1567,6 +1567,12 @@ public abstract class Application implements UnboundListener, IEventSink, IMetad requestCycle.getListeners().add(new IRequestCycleListener() { @Override + public void onEndRequest(RequestCycle cycle) + { + internalGetPageManager().end(); + } + + @Override public void onDetach(final RequestCycle requestCycle) { internalGetPageManager().detach(); diff --git a/wicket-core/src/main/java/org/apache/wicket/page/IPageManager.java b/wicket-core/src/main/java/org/apache/wicket/page/IPageManager.java index c675cd9..ef6094a 100644 --- a/wicket-core/src/main/java/org/apache/wicket/page/IPageManager.java +++ b/wicket-core/src/main/java/org/apache/wicket/page/IPageManager.java @@ -73,6 +73,12 @@ public interface IPageManager void clear(); /** +* End the request. +*/ + default void end() { + } + + /** * Detach at end of request. */ void detach(); diff --git a/wicket-core/src/main/java/org/apache/wicket/page/PageManager.java b/wicket-core/src/main/java/org/apache/wicket/page/PageManager.java index 642b3c1..02bf13c 100644 --- a/wicket-core/src/main/java/org/apache/wicket/page/PageManager.java +++ b/wicket-core/src/main/java/org/apache/wicket/page/PageManager.java @@ -80,6 +80,12 @@ public class PageManager implements IPageManager } @Override + public void end() + { + store.end(createPageContext()); + } + + @Override public void detach() { store.detach(createPageContext()); diff --git a/wicket-core/src/main/java/org/apache/wicket/pageStore/DelegatingPageStore.java b/wicket-core/src/main/java/org/apache/wicket/pageStore/DelegatingPageStore.java index 5ec3a79..3402b2c 100644 --- a/wicket-core/src/main/java/org/apache/wicket/pageStore/DelegatingPageStore.java +++ b/wicket-core/src/main/java/org/apache/wicket/pageStore/DelegatingPageStore.java @@ -76,6 +76,12 @@ public abstract class DelegatingPageStore implements IPageStore } @Override + public void en
[jira] [Comment Edited] (WICKET-6847) async page storing fails with flush before detach without session
[ https://issues.apache.org/jira/browse/WICKET-6847?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17227396#comment-17227396 ] Ernesto Reinaldo Barreiro edited comment on WICKET-6847 at 11/6/20, 1:19 PM: - Ok. Situation arises in our case because we have a stateFul page unit test logs out and there is no longer a session... Still debugging was (Author: reiern70): Ok. Situation arises in our case because we have a stateFul page unit test logs and there is no longer a session to store page... Still debugging > async page storing fails with flush before detach without session > - > > Key: WICKET-6847 > URL: https://issues.apache.org/jira/browse/WICKET-6847 > Project: Wicket > Issue Type: Bug > Components: wicket >Affects Versions: 9.1.0 >Reporter: Sven Meier >Assignee: Martin Tzvetanov Grigorov >Priority: Minor > Fix For: 9.2.0 > > > Since WICKET-6831 the response is flushed before detach. > RequestPageStore delays storing all of stateful pages until detach; at that > moment AsynchronousPageStore can no longer acquire the required session id. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WICKET-6847) async page storing fails with flush before detach without session
[ https://issues.apache.org/jira/browse/WICKET-6847?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17227396#comment-17227396 ] Ernesto Reinaldo Barreiro commented on WICKET-6847: --- Ok. Situation arises in our case because we have a stateFul page unit test logs and there is no longer a session to store page... Still debugging > async page storing fails with flush before detach without session > - > > Key: WICKET-6847 > URL: https://issues.apache.org/jira/browse/WICKET-6847 > Project: Wicket > Issue Type: Bug > Components: wicket >Affects Versions: 9.1.0 >Reporter: Sven Meier >Assignee: Martin Tzvetanov Grigorov >Priority: Minor > Fix For: 9.2.0 > > > Since WICKET-6831 the response is flushed before detach. > RequestPageStore delays storing all of stateful pages until detach; at that > moment AsynchronousPageStore can no longer acquire the required session id. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WICKET-6847) async page storing fails with flush before detach without session
[ https://issues.apache.org/jira/browse/WICKET-6847?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17227394#comment-17227394 ] Martin Tzvetanov Grigorov commented on WICKET-6847: --- {code:java} isPageStateless and now RequestPageStore.addPage calls Page.isPageStateless again. IMHO this is bound to give problems. {code} Why ? The new code just binds an HttpSession if the page is already known to be stateful. If it becomes stateful at a later point in time then the new code does nothing harmful. I guess we need to add a new step before committing the request: * check whether there are stateful pages to be stored and bind HttpSession if needed * commit request * detach the page If this works then my previous change could be removed as obsolete. In any case it would be nice to have a test case demonstrating the current issue to protect us from further regressions. > async page storing fails with flush before detach without session > - > > Key: WICKET-6847 > URL: https://issues.apache.org/jira/browse/WICKET-6847 > Project: Wicket > Issue Type: Bug > Components: wicket >Affects Versions: 9.1.0 >Reporter: Sven Meier >Assignee: Martin Tzvetanov Grigorov >Priority: Minor > Fix For: 9.2.0 > > > Since WICKET-6831 the response is flushed before detach. > RequestPageStore delays storing all of stateful pages until detach; at that > moment AsynchronousPageStore can no longer acquire the required session id. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WICKET-6847) async page storing fails with flush before detach without session
[ https://issues.apache.org/jira/browse/WICKET-6847?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17227385#comment-17227385 ] Emond Papegaaij commented on WICKET-6847: - Yes, but in this case it simply calls {{super.touchPage}}, so it does not make a difference for the flow. > async page storing fails with flush before detach without session > - > > Key: WICKET-6847 > URL: https://issues.apache.org/jira/browse/WICKET-6847 > Project: Wicket > Issue Type: Bug > Components: wicket >Affects Versions: 9.1.0 >Reporter: Sven Meier >Assignee: Martin Tzvetanov Grigorov >Priority: Minor > Fix For: 9.2.0 > > > Since WICKET-6831 the response is flushed before detach. > RequestPageStore delays storing all of stateful pages until detach; at that > moment AsynchronousPageStore can no longer acquire the required session id. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WICKET-6847) async page storing fails with flush before detach without session
[ https://issues.apache.org/jira/browse/WICKET-6847?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17227380#comment-17227380 ] Ernesto Reinaldo Barreiro commented on WICKET-6847: --- DecoratablePageManager is your own class? I can't find it in wicket codebase > async page storing fails with flush before detach without session > - > > Key: WICKET-6847 > URL: https://issues.apache.org/jira/browse/WICKET-6847 > Project: Wicket > Issue Type: Bug > Components: wicket >Affects Versions: 9.1.0 >Reporter: Sven Meier >Assignee: Martin Tzvetanov Grigorov >Priority: Minor > Fix For: 9.2.0 > > > Since WICKET-6831 the response is flushed before detach. > RequestPageStore delays storing all of stateful pages until detach; at that > moment AsynchronousPageStore can no longer acquire the required session id. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WICKET-6847) async page storing fails with flush before detach without session
[ https://issues.apache.org/jira/browse/WICKET-6847?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17227336#comment-17227336 ] Emond Papegaaij commented on WICKET-6847: - I'm looking at the change by [~mgrigorov] once more and I think it is incorrect. {{RequestPageStore.addPage}} is called from {{Page.onInitialize}}, which can be called from {{Page.isPageStateless}} and now {{RequestPageStore.addPage}} calls {{Page.isPageStateless}} again. IMHO this is bound to give problems. Here's a stack dump from our application (on 9.1.0): {code} RequestPageStore.addPage(IPageContext, IManageablePage) line: 62 DecoratablePageManager(PageManager).touchPage(IManageablePage) line: 67 DecoratablePageManager.touchPage(IManageablePage) line: 22 PageAccessSynchronizer$1.touchPage(IManageablePage) line: 150 ConfigApplicationPage(Page).onInitialize() line: 301 ConfigApplicationPage(AbstractKeyHubPage).onInitialize() line: 64 ConfigApplicationPage(AbstractSecureKeyHubPage).onInitialize() line: 84 ConfigApplicationPage(AbstractKeyHubAdminPage).onInitialize() line: 57 ConfigApplicationPage.onInitialize() line: 25 ConfigApplicationPage(Component).fireInitialize() line: 874 ConfigApplicationPage(MarkupContainer).internalInitialize() line: 1050 ConfigApplicationPage(Page).isPageStateless() line: 461 {code} > async page storing fails with flush before detach without session > - > > Key: WICKET-6847 > URL: https://issues.apache.org/jira/browse/WICKET-6847 > Project: Wicket > Issue Type: Bug > Components: wicket >Affects Versions: 9.1.0 >Reporter: Sven Meier >Assignee: Martin Tzvetanov Grigorov >Priority: Minor > Fix For: 9.2.0 > > > Since WICKET-6831 the response is flushed before detach. > RequestPageStore delays storing all of stateful pages until detach; at that > moment AsynchronousPageStore can no longer acquire the required session id. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WICKET-6847) async page storing fails with flush before detach without session
[ https://issues.apache.org/jira/browse/WICKET-6847?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17227331#comment-17227331 ] Ernesto Reinaldo Barreiro commented on WICKET-6847: --- [~papegaaij] Trying to check. > async page storing fails with flush before detach without session > - > > Key: WICKET-6847 > URL: https://issues.apache.org/jira/browse/WICKET-6847 > Project: Wicket > Issue Type: Bug > Components: wicket >Affects Versions: 9.1.0 >Reporter: Sven Meier >Assignee: Martin Tzvetanov Grigorov >Priority: Minor > Fix For: 9.2.0 > > > Since WICKET-6831 the response is flushed before detach. > RequestPageStore delays storing all of stateful pages until detach; at that > moment AsynchronousPageStore can no longer acquire the required session id. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WICKET-6847) async page storing fails with flush before detach without session
[ https://issues.apache.org/jira/browse/WICKET-6847?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17227324#comment-17227324 ] Emond Papegaaij commented on WICKET-6847: - I think I know the cause of the problem. The check [~mgrigorov] added in https://github.com/apache/wicket/commit/8664176abcc6393c54b29d058c655d440500bc8d is done at a moment when we cannot always know if the page is stateless or not. One of the locations it is called from is {{onInitialize}}, at which point the page very likely does not hold any components yet. On thing I do find strange though, is that I consistently get a second call from {{onAfterRender}}, at which point the session is also created. [~reiern70] could it be that you are instantiating pages without actually rendering them? > async page storing fails with flush before detach without session > - > > Key: WICKET-6847 > URL: https://issues.apache.org/jira/browse/WICKET-6847 > Project: Wicket > Issue Type: Bug > Components: wicket >Affects Versions: 9.1.0 >Reporter: Sven Meier >Assignee: Martin Tzvetanov Grigorov >Priority: Minor > Fix For: 9.2.0 > > > Since WICKET-6831 the response is flushed before detach. > RequestPageStore delays storing all of stateful pages until detach; at that > moment AsynchronousPageStore can no longer acquire the required session id. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WICKET-6847) async page storing fails with flush before detach without session
[ https://issues.apache.org/jira/browse/WICKET-6847?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17227284#comment-17227284 ] Ernesto Reinaldo Barreiro commented on WICKET-6847: --- Sorry. We had other top priorities at work :-( I still get this error on our logs with latest master. > async page storing fails with flush before detach without session > - > > Key: WICKET-6847 > URL: https://issues.apache.org/jira/browse/WICKET-6847 > Project: Wicket > Issue Type: Bug > Components: wicket >Affects Versions: 9.1.0 >Reporter: Sven Meier >Assignee: Martin Tzvetanov Grigorov >Priority: Minor > Fix For: 9.2.0 > > > Since WICKET-6831 the response is flushed before detach. > RequestPageStore delays storing all of stateful pages until detach; at that > moment AsynchronousPageStore can no longer acquire the required session id. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WICKET-6847) async page storing fails with flush before detach without session
[ https://issues.apache.org/jira/browse/WICKET-6847?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17227283#comment-17227283 ] Ernesto Reinaldo Barreiro commented on WICKET-6847: --- java.lang.IllegalStateException: Cannot create a session after the response has been committed at org.apache.catalina.connector.Request.doGetSession(Request.java:3038) at org.apache.catalina.connector.Request.getSession(Request.java:2456) at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:896) at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:231) at org.apache.shiro.web.servlet.ShiroHttpServletRequest.getSession(ShiroHttpServletRequest.java:148) at org.apache.wicket.session.HttpSessionStore.getHttpSession(HttpSessionStore.java:85) at org.apache.wicket.session.HttpSessionStore.getSessionId(HttpSessionStore.java:146) at org.apache.wicket.Session.bind(Session.java:276) at org.apache.wicket.pageStore.DefaultPageContext.getSessionId(DefaultPageContext.java:44) at org.apache.wicket.pageStore.AsynchronousPageStore$PendingAdd.(AsynchronousPageStore.java:150) at org.apache.wicket.pageStore.AsynchronousPageStore.addPage(AsynchronousPageStore.java:368) at org.apache.wicket.pageStore.SerializingPageStore.addPage(SerializingPageStore.java:82) at org.apache.wicket.pageStore.CachingPageStore.addPage(CachingPageStore.java:73) at org.apache.wicket.pageStore.RequestPageStore.detach(RequestPageStore.java:108) at org.apache.wicket.page.PageManager.detach(PageManager.java:85) at org.apache.wicket.Application$2.onDetach(Application.java:1572) at org.apache.wicket.request.cycle.RequestCycleListenerCollection$3.notify(RequestCycleListenerCollection.java:105) at org.apache.wicket.request.cycle.RequestCycleListenerCollection$3.notify(RequestCycleListenerCollection.java:101) at org.apache.wicket.util.listener.ListenerCollection$1.notify(ListenerCollection.java:120) at org.apache.wicket.util.listener.ListenerCollection.reversedNotify(ListenerCollection.java:144) at org.apache.wicket.util.listener.ListenerCollection.reversedNotifyIgnoringExceptions(ListenerCollection.java:113) at org.apache.wicket.request.cycle.RequestCycleListenerCollection.onDetach(RequestCycleListenerCollection.java:100) at org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:669) at org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614) at org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284) at org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.partners.ckms.server.TransactionFilter$1.run(TransactionFilter.java:95) at org.partners.ckms.CkmsManager$32.call(CkmsManager.java:3361) at org.partners.ckms.CkmsManager$32.call(CkmsManager.java:3358) at org.partners.ckms.CkmsManager.executeInTransaction(CkmsManager.java:3381) at org.partners.ckms.CkmsManager.executeInTransaction(CkmsManager.java:3356) at org.partners.ckms.server.TransactionFilter.doFilter(TransactionFilter.java:91) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61) at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) at org
[jira] [Commented] (WICKET-6847) async page storing fails with flush before detach without session
[ https://issues.apache.org/jira/browse/WICKET-6847?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17227276#comment-17227276 ] Andrea Del Bene commented on WICKET-6847: - [~reiern70] Ping :D > async page storing fails with flush before detach without session > - > > Key: WICKET-6847 > URL: https://issues.apache.org/jira/browse/WICKET-6847 > Project: Wicket > Issue Type: Bug > Components: wicket >Affects Versions: 9.1.0 >Reporter: Sven Meier >Assignee: Martin Tzvetanov Grigorov >Priority: Minor > Fix For: 9.2.0 > > > Since WICKET-6831 the response is flushed before detach. > RequestPageStore delays storing all of stateful pages until detach; at that > moment AsynchronousPageStore can no longer acquire the required session id. -- This message was sent by Atlassian Jira (v8.3.4#803005)