wicket 6.0 - programmatic HTTPS switch
Hello,
is it possible in wicket 6.0 to programatically switch to SSL mode? -
I've read that according to the wiki:
"HttpsMapper has been refactored to make subclassing easier" - but
couldnt find the jira for it?
Reason why I'm asking is that I'm trying to get Brix CMS working with
wicket 5 or 6 and all time I'm hitting the wall when I need to tell
wicket that this page now (!) is SSL required while next isn't (Hint to
people unfamiliar with brix: all content is provided by same page
creating its content from an jcr - so annotating the page @RequireHttps
isn't possible - instead the decision if SSL or not needs to be
calculated on every page instance rendering depending on the content);
What about the idea to give Component an overridiable enum var like:
ENUM Component.RequireqProtocol {
sslNotRequired, sslRequired, protocolPreserved
}
public Component.RequiredProtocol getSecurityRequirement() {
return Component.RequiredProtocol.protocolPreserved;
}
And anyone who needs it can just override it? - Compared to the
annotation approach this can be implemented in a logic sensitive way if
needed
Regards,
KB
Re: wicket 6.0 - programmatic HTTPS switch
Hi,
The change list is f3defe9ec3e2113c4fa81182e864f7ffba798ea8
https://github.com/apache/wicket/commit/f3defe9ec3e2113c4fa81182e864f7ffba798ea8
You can override
org.apache.wicket.protocol.https.HttpsMapper#getDesiredSchemeFor(IRequestHandler).
If IRequestHandler is IPageRequestHandler then you can get the page
instance from it and visit its components to decide whether you need
Scheme.HTTPS. Annotating the component will do the job.
On Wed, Jun 13, 2012 at 12:40 PM, Korbinian Bachl - privat
wrote:
> Hello,
>
> is it possible in wicket 6.0 to programatically switch to SSL mode? - I've
> read that according to the wiki:
> "HttpsMapper has been refactored to make subclassing easier" - but couldnt
> find the jira for it?
>
> Reason why I'm asking is that I'm trying to get Brix CMS working with wicket
> 5 or 6 and all time I'm hitting the wall when I need to tell wicket that
> this page now (!) is SSL required while next isn't (Hint to people
> unfamiliar with brix: all content is provided by same page creating its
> content from an jcr - so annotating the page @RequireHttps isn't possible -
> instead the decision if SSL or not needs to be calculated on every page
> instance rendering depending on the content);
>
> What about the idea to give Component an overridiable enum var like:
>
> ENUM Component.RequireqProtocol {
> sslNotRequired, sslRequired, protocolPreserved
> }
>
> public Component.RequiredProtocol getSecurityRequirement() {
> return Component.RequiredProtocol.protocolPreserved;
> }
>
> And anyone who needs it can just override it? - Compared to the annotation
> approach this can be implemented in a logic sensitive way if needed
>
>
> Regards,
>
> KB
>
>
--
Martin Grigorov
jWeekend
Training, Consulting, Development
http://jWeekend.com
stateless resources vs. no cookies
Hi,I found this problem in Wicket 1.4.20:Let's have a browser without cookies enabled. We use stateless resources - there is no jsessionid rendered - it is always removed in WebRequestCodingStrategy#390 - this is OK, we want to cache it during the first request and we don't know the session is requestet via cookie or parameter). But when the browser makes a request to this resource, then there is requested a session, that doesn't exist.RequestLogger#229 (the method requestTime should work without usage of session in this case)WicketFilter#1197 (if the resource is cacheable then the session is obtained, why?)What is the reason for this? Has anybody idea how to fix it/workaround it?Thank you very much,Jan-- Jan LooseJ2EE Team Leader / Senior J2EE Developer_Cleverlance – CREATE ITčlen Cleverlance Groupwww.cleverlance.comDukelských hrdinů 34170 00 Praha 7Czech RepublicTel: +420 266 177 166Mobil: +420 777 788 078
Re: stateless resources vs. no cookies
Hi, Please use users@ mailing list for such kind of questions. Also please re-phrase your question because I personaly find it confusing and I cannot help you. On Wed, Jun 13, 2012 at 7:39 PM, Jan Loose wrote: > Hi, > > I found this problem in Wicket 1.4.20: > > Let's have a browser without cookies enabled. We use stateless resources - > there is no jsessionid rendered - it is always removed in > WebRequestCodingStrategy#390 - this is OK, we want to cache it during the > first request and we don't know the session is requestet via cookie or > parameter). But when the browser makes a request to this resource, then > there is requested a session, that doesn't exist. > > RequestLogger#229 (the method requestTime should work without usage of > session in this case) > WicketFilter#1197 (if the resource is cacheable then the session is > obtained, why?) > > What is the reason for this? Has anybody idea how to fix it/workaround it? > > Thank you very much, > Jan > > -- > Jan Loose > J2EE Team Leader / Senior J2EE Developer > _ > Cleverlance – CREATE IT > člen Cleverlance Group > www.cleverlance.com > > Dukelských hrdinů 34 > 170 00 Praha 7 > Czech Republic > > Tel: +420 266 177 166 > Mobil: +420 777 788 078 -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com
Re: wicket 6.0 - programmatic HTTPS switch
Hi,
I remember Igor explained that Brix uses its own mechanism for url
mapping. It doesn't use Wicket's IRequestMapper, or at least it
doesn't use Wicket's default HttpsMapper.
On Thu, Jun 14, 2012 at 3:24 AM, Korbinian Bachl - privat
wrote:
> Hi Martin,
>
>
>> instance from it and visit its components to decide whether you need
>> Scheme.HTTPS. Annotating the component will do the job.
>
> Sorry but with Brix annotating isnt possible as the page itself needs to
> decide if it needs SSL or not?
How the page will use this knowledge ? I.e. what should happen when
the page knows that it should redirect to https ?
>
> Did I get you wrong?
My idea is to provide custom HttpsMapper that checks the components
(or tiles) in the page instead of the page itself as the default
HttpsMapper does with @RequireHttps.
You can create a special interface (e.g. MyInterface {Scheme
getScheme(); } ) and your components/tiles which need to be served
with https can implement it and return Scheme.HTTPS.
>
> My plan is to get an Brix 6.0 out for wicket 6.0 as I want to shift our brix
> app up to wicket 6.0 - but the SSL thing keeps making me headaches...
>
> Best
>
>
>
>
> Am 13.06.12 11:54, schrieb Martin Grigorov:
>
>> Hi,
>>
>> The change list is f3defe9ec3e2113c4fa81182e864f7ffba798ea8
>>
>> https://github.com/apache/wicket/commit/f3defe9ec3e2113c4fa81182e864f7ffba798ea8
>>
>> You can override
>>
>> org.apache.wicket.protocol.https.HttpsMapper#getDesiredSchemeFor(IRequestHandler).
>> If IRequestHandler is IPageRequestHandler then you can get the page
>> instance from it and visit its components to decide whether you need
>> Scheme.HTTPS. Annotating the component will do the job.
>>
>> On Wed, Jun 13, 2012 at 12:40 PM, Korbinian Bachl - privat
>> wrote:
>>>
>>> Hello,
>>>
>>> is it possible in wicket 6.0 to programatically switch to SSL mode? -
>>> I've
>>> read that according to the wiki:
>>> "HttpsMapper has been refactored to make subclassing easier" - but
>>> couldnt
>>> find the jira for it?
>>>
>>> Reason why I'm asking is that I'm trying to get Brix CMS working with
>>> wicket
>>> 5 or 6 and all time I'm hitting the wall when I need to tell wicket that
>>> this page now (!) is SSL required while next isn't (Hint to people
>>> unfamiliar with brix: all content is provided by same page creating its
>>> content from an jcr - so annotating the page @RequireHttps isn't possible
>>> -
>>> instead the decision if SSL or not needs to be calculated on every page
>>> instance rendering depending on the content);
>>>
>>> What about the idea to give Component an overridiable enum var like:
>>>
>>> ENUM Component.RequireqProtocol {
>>> sslNotRequired, sslRequired, protocolPreserved
>>> }
>>>
>>> public Component.RequiredProtocol getSecurityRequirement() {
>>> return Component.RequiredProtocol.protocolPreserved;
>>> }
>>>
>>> And anyone who needs it can just override it? - Compared to the
>>> annotation
>>> approach this can be implemented in a logic sensitive way if needed
>>>
>>>
>>> Regards,
>>>
>>> KB
>>>
>>>
>>
>>
>>
>
--
Martin Grigorov
jWeekend
Training, Consulting, Development
http://jWeekend.com
