Re: Wizard and confirmation screens
Found my problem. I needed to be using a DynamicWizardModel, not a WizardModel. This lets me add the steps as required and therefore get access to the version of the model at that stage of the process. I'd done this before, just had to paw through my personal svn to find how I implemented it. Yes, it was a 'Doh!' moment. Tx- John- On Mon, Nov 30, 2009 at 7:21 AM, John Armstrong siber...@siberian.org wrote: I believe my models are dynamic and self-contained. For example one is a Serviceorder that lives in the net.pnc.model.Serviceorder class. I have one instance of this in my wizard that is shared between all screens. All properties of Serviceorder are private to Serviceorder and accessed via getters/setters. So for example: add(new TextField(email, new PropertyModel(theOrder, email))); where 'theOrder' is the wizard scoped instance of a Serviceorder. That seems correct to me, can you confirm? I see in the wicket examples project there is a Wizard that uses a StaticContentStep for just this case. This leads me to believe that the only way to accomplish this task is to do the same and basically wrap that entire last step into the properties file and feed it the model? Feels wrong to me.. John- On Mon, Nov 30, 2009 at 3:07 AM, bgooren b...@iswd.nl wrote: Sounds like you are using static models instead of dynamic models. E.g. if you use Model.of(test), the model is essentialy self-contained. Whereas if you have a property called value in your wizard and you use new PropertyModel( Wizard.this, value ) , the model will depend on the value of the value property. Bas John Armstrong-3 wrote: It may just be late and I am missing the obvious but.. I have a wizard. The last step needs to be a confirmation step however it is constructed when added to the WizardModel in the Wizard constructor and at this stage all of the backing models are empty since, well, the user hasn't done anything. This means when I access models on the confirmation step all of the model data is empty (it was built by wicket earlier in the process). What am I missing? This is a common use pattern so I am doing something wrong since obviously the form has the data as back/forth show it just fine. The only work-around I can think of is to not add this step and then insert this step at the end myself (once the objects are populated). Seems hacky though. Tx John- - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- View this message in context: http://old.nabble.com/Wizard-and-confirmation-screens-tp26570806p26572871.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
IDataProvider
Hi, I am changing my tables from RefreshingView to DataView. In the IDataProvider interface, Is this a correct implementation for the model() function? public IModelMyRecord model(MyRecord inmodel) { return new ModelMyRecord(inmodel); } - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Help required in understanding DataView Mystery
Hi I need help with understanding DataView. My code that construct the dataview is as follows (name changed to protect the guilty), IDataProviderMyRecord dataProvider = new MyRecordDataProvider(); DataViewMyRecord dataView = new DataViewMyRecord(summary, dataProvider) { SimpleDateFormat sdf = new SimpleDateFormat(dd/MM/); @Override protected void populateItem(ItemMyRecord item) { MyRecord record = item.getModelObject(); } }; add(dataView); In my hmtl I just bascially put: table cellspacing=0 id=dsta-grid thead tr /tr /thead tbody tr wicket:id=summary /tr /tbody /table I reduced the fields printed because I got the following error regarding markup WicketMessage: The component(s) below failed to render. A common problem is that you have added a component in code but forgot to reference it in the markup (thus the component will never be rendered). 1. [MarkupContainer [Component id = summary]] 2. [MarkupContainer [Component id = 1]] 3. [MarkupContainer [Component id = 2]] 4. [MarkupContainer [Component id = 3]] 5. [MarkupContainer [Component id = 4]] 6. [MarkupContainer [Component id = 5]] 7. [MarkupContainer [Component id = 6]] 8. [MarkupContainer [Component id = 7]] 9. [MarkupContainer [Component id = 8]] 10. [MarkupContainer [Component id = 9]] This is really weird. It seems that Wicket is looking to render the tag id 1..9 (corresponds to the number of records in my list, whose iterator I returned.) Is my syntax wrong? Or does the problem lies with my data provider which implements the following public Iterator? extends MyRecord iterator(int arg0, int arg1) { Session dbSession = HibernateUtil.GetSessionFactory().openSession(); try { ListMyRecord list = dbSession.createCriteria(MyRecord.class).list(); return list.iterator(); } finally { dbSession.close(); } } @Override public IModelMyRecord model(MyRecord inmodel) { return new ModelMyRecord(inmodel); } Lester - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
How to write markup if type of component is not known yet...
Hi all, I want to write a panel which kan render in 2 modes: editable and read-only. In read-only mode all my components are just labels. In edit mode, are these labels replaced by input fields (e.g. Textfields, DropDowns, etc) The problem is now that I only want to write one markup (since all components are ordered in a quite complex hierarchy) Wicket complains now that tag type must be input instead of span... Is there any way around this. (Or am I doing bad practices...) regards, Pieter -- Pieter Degraeuwe Systemworks bvba Belgiëlaan 61 9070 Destelbergen GSM: +32 (0)485/68.60.85 Email: pieter.degrae...@systemworks.be visit us at http://www.systemworks.be
AW: How to write markup if type of component is not known yet...
Keep it simple and write 2 panels. -Ursprüngliche Nachricht- Von: Pieter Degraeuwe [mailto:pieter.degrae...@systemworks.be] Gesendet: Mittwoch, 2. Dezember 2009 09:55 An: users@wicket.apache.org Betreff: How to write markup if type of component is not known yet... Hi all, I want to write a panel which kan render in 2 modes: editable and read-only. In read-only mode all my components are just labels. In edit mode, are these labels replaced by input fields (e.g. Textfields, DropDowns, etc) The problem is now that I only want to write one markup (since all components are ordered in a quite complex hierarchy) Wicket complains now that tag type must be input instead of span... Is there any way around this. (Or am I doing bad practices...) regards, Pieter -- Pieter Degraeuwe Systemworks bvba Belgiëlaan 61 9070 Destelbergen GSM: +32 (0)485/68.60.85 Email: pieter.degrae...@systemworks.be visit us at http://www.systemworks.be - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: How to write markup if type of component is not known yet...
I want to avoid this, since I wanted to reuse the (complex) markup... Is there no way around this? On Wed, Dec 2, 2009 at 10:02 AM, Giambalvo, Christian christian.giamba...@excelsisnet.com wrote: Keep it simple and write 2 panels. -Ursprüngliche Nachricht- Von: Pieter Degraeuwe [mailto:pieter.degrae...@systemworks.be] Gesendet: Mittwoch, 2. Dezember 2009 09:55 An: users@wicket.apache.org Betreff: How to write markup if type of component is not known yet... Hi all, I want to write a panel which kan render in 2 modes: editable and read-only. In read-only mode all my components are just labels. In edit mode, are these labels replaced by input fields (e.g. Textfields, DropDowns, etc) The problem is now that I only want to write one markup (since all components are ordered in a quite complex hierarchy) Wicket complains now that tag type must be input instead of span... Is there any way around this. (Or am I doing bad practices...) regards, Pieter -- Pieter Degraeuwe Systemworks bvba Belgiëlaan 61 9070 Destelbergen GSM: +32 (0)485/68.60.85 Email: pieter.degrae...@systemworks.be visit us at http://www.systemworks.be - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Pieter Degraeuwe Systemworks bvba Belgiëlaan 61 9070 Destelbergen GSM: +32 (0)485/68.60.85 Email: pieter.degrae...@systemworks.be visit us at http://www.systemworks.be
Re: How to write markup if type of component is not known yet...
You have some options: Write one abstract panel with the complex markup and extend the read-only and editable panels from that class (wicket:child and wicket:extend). Or, create a panel with the complex markup and create two separate panels to edit and read. Switch those panels from the ComplexMarkupPanel, depending on which one you want to see. Regards, Daan van Etten On Wed, 2009-12-02 at 10:06 +0100, Pieter Degraeuwe wrote: I want to avoid this, since I wanted to reuse the (complex) markup... Is there no way around this? On Wed, Dec 2, 2009 at 10:02 AM, Giambalvo, Christian christian.giamba...@excelsisnet.com wrote: Keep it simple and write 2 panels. -Ursprüngliche Nachricht- Von: Pieter Degraeuwe [mailto:pieter.degrae...@systemworks.be] Gesendet: Mittwoch, 2. Dezember 2009 09:55 An: users@wicket.apache.org Betreff: How to write markup if type of component is not known yet... Hi all, I want to write a panel which kan render in 2 modes: editable and read-only. In read-only mode all my components are just labels. In edit mode, are these labels replaced by input fields (e.g. Textfields, DropDowns, etc) The problem is now that I only want to write one markup (since all components are ordered in a quite complex hierarchy) Wicket complains now that tag type must be input instead of span... Is there any way around this. (Or am I doing bad practices...) regards, Pieter -- Pieter Degraeuwe Systemworks bvba Belgiëlaan 61 9070 Destelbergen GSM: +32 (0)485/68.60.85 Email: pieter.degrae...@systemworks.be visit us at http://www.systemworks.be - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: How to write markup if type of component is not known yet...
Reuse the complex markup and use different detail panels for each detail? Maybe via some factory? Ernesto On Wed, Dec 2, 2009 at 10:06 AM, Pieter Degraeuwe pieter.degrae...@systemworks.be wrote: I want to avoid this, since I wanted to reuse the (complex) markup... Is there no way around this? On Wed, Dec 2, 2009 at 10:02 AM, Giambalvo, Christian christian.giamba...@excelsisnet.com wrote: Keep it simple and write 2 panels. -Ursprüngliche Nachricht- Von: Pieter Degraeuwe [mailto:pieter.degrae...@systemworks.be] Gesendet: Mittwoch, 2. Dezember 2009 09:55 An: users@wicket.apache.org Betreff: How to write markup if type of component is not known yet... Hi all, I want to write a panel which kan render in 2 modes: editable and read-only. In read-only mode all my components are just labels. In edit mode, are these labels replaced by input fields (e.g. Textfields, DropDowns, etc) The problem is now that I only want to write one markup (since all components are ordered in a quite complex hierarchy) Wicket complains now that tag type must be input instead of span... Is there any way around this. (Or am I doing bad practices...) regards, Pieter -- Pieter Degraeuwe Systemworks bvba Belgiëlaan 61 9070 Destelbergen GSM: +32 (0)485/68.60.85 Email: pieter.degrae...@systemworks.be visit us at http://www.systemworks.be - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Pieter Degraeuwe Systemworks bvba Belgiëlaan 61 9070 Destelbergen GSM: +32 (0)485/68.60.85 Email: pieter.degrae...@systemworks.be visit us at http://www.systemworks.be
Re: How to write markup if type of component is not known yet...
I'll go for the 'each detail' has a panel, and create these detail Panels via a factory. Thanks all of you. On Wed, Dec 2, 2009 at 10:12 AM, Ernesto Reinaldo Barreiro reier...@gmail.com wrote: Reuse the complex markup and use different detail panels for each detail? Maybe via some factory? Ernesto On Wed, Dec 2, 2009 at 10:06 AM, Pieter Degraeuwe pieter.degrae...@systemworks.be wrote: I want to avoid this, since I wanted to reuse the (complex) markup... Is there no way around this? On Wed, Dec 2, 2009 at 10:02 AM, Giambalvo, Christian christian.giamba...@excelsisnet.com wrote: Keep it simple and write 2 panels. -Ursprüngliche Nachricht- Von: Pieter Degraeuwe [mailto:pieter.degrae...@systemworks.be] Gesendet: Mittwoch, 2. Dezember 2009 09:55 An: users@wicket.apache.org Betreff: How to write markup if type of component is not known yet... Hi all, I want to write a panel which kan render in 2 modes: editable and read-only. In read-only mode all my components are just labels. In edit mode, are these labels replaced by input fields (e.g. Textfields, DropDowns, etc) The problem is now that I only want to write one markup (since all components are ordered in a quite complex hierarchy) Wicket complains now that tag type must be input instead of span... Is there any way around this. (Or am I doing bad practices...) regards, Pieter -- Pieter Degraeuwe Systemworks bvba Belgiëlaan 61 9070 Destelbergen GSM: +32 (0)485/68.60.85 Email: pieter.degrae...@systemworks.be visit us at http://www.systemworks.be - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Pieter Degraeuwe Systemworks bvba Belgiëlaan 61 9070 Destelbergen GSM: +32 (0)485/68.60.85 Email: pieter.degrae...@systemworks.be visit us at http://www.systemworks.be -- Pieter Degraeuwe Systemworks bvba Belgiëlaan 61 9070 Destelbergen GSM: +32 (0)485/68.60.85 Email: pieter.degrae...@systemworks.be visit us at http://www.systemworks.be
Re: IDataProvider
Hi, Sidenote: I suggest you look at the LoadableDetachableModel, see: http://wicket.apache.org/docs/wicket-1.3.2/wicket/apidocs/org/apache/wicket/model/LoadableDetachableModel.html Regards, Daan van Etten On Wed, 2009-12-02 at 16:20 +0800, Lester Chua wrote: Hi, I am changing my tables from RefreshingView to DataView. In the IDataProvider interface, Is this a correct implementation for the model() function? public IModelMyRecord model(MyRecord inmodel) { return new ModelMyRecord(inmodel); } - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: How to write markup if type of component is not known yet...
Ah, I misread your original question. Maybe you can use Wicket Fragments for each type of input. http://wicket.apache.org/examplefragments.html Regards, Daan van Etten On Wed, 2009-12-02 at 10:19 +0100, Pieter Degraeuwe wrote: I'll go for the 'each detail' has a panel, and create these detail Panels via a factory. Thanks all of you. On Wed, Dec 2, 2009 at 10:12 AM, Ernesto Reinaldo Barreiro reier...@gmail.com wrote: Reuse the complex markup and use different detail panels for each detail? Maybe via some factory? Ernesto On Wed, Dec 2, 2009 at 10:06 AM, Pieter Degraeuwe pieter.degrae...@systemworks.be wrote: I want to avoid this, since I wanted to reuse the (complex) markup... Is there no way around this? On Wed, Dec 2, 2009 at 10:02 AM, Giambalvo, Christian christian.giamba...@excelsisnet.com wrote: Keep it simple and write 2 panels. -Ursprüngliche Nachricht- Von: Pieter Degraeuwe [mailto:pieter.degrae...@systemworks.be] Gesendet: Mittwoch, 2. Dezember 2009 09:55 An: users@wicket.apache.org Betreff: How to write markup if type of component is not known yet... Hi all, I want to write a panel which kan render in 2 modes: editable and read-only. In read-only mode all my components are just labels. In edit mode, are these labels replaced by input fields (e.g. Textfields, DropDowns, etc) The problem is now that I only want to write one markup (since all components are ordered in a quite complex hierarchy) Wicket complains now that tag type must be input instead of span... Is there any way around this. (Or am I doing bad practices...) regards, Pieter -- Pieter Degraeuwe Systemworks bvba Belgiëlaan 61 9070 Destelbergen GSM: +32 (0)485/68.60.85 Email: pieter.degrae...@systemworks.be visit us at http://www.systemworks.be - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Pieter Degraeuwe Systemworks bvba Belgiëlaan 61 9070 Destelbergen GSM: +32 (0)485/68.60.85 Email: pieter.degrae...@systemworks.be visit us at http://www.systemworks.be - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Session stealing with wicket-auth-roles
Good morning all, I'm hoping I've misconfigured something in my application, but we seem to be prone to session stealing in our wicket application. We're using wicket-auth-roles to provide the security, and if you are able to access the jsessionid you can get another machine to log straight into the application as the intercepted user. We're using HTTPS for the communication, so hopefully the likelihood of this occurring is quite small, but we are still being forced to contemplate rewriting the security layer (which I want to avoid if possible). So, my question, have I misconfigured something, or is it just not possible to prevent this sort of attack when using wicket-auth-roles? I've managed to create a completely stripped-down app that still has the problem, below is the AuthenticatedWhenSession implementation. public class HelloWorldWebSession extends AuthenticatedWebSession { public HelloWorldWebSession(Request request) { super(request); } public boolean authenticate(String username, String password) { return helloUser.equals(username) password.equals(password); } public Roles getRoles() { return isSignedIn() ? new Roles(Roles.USER) : null; } } And the simple page: @AuthorizeInstantiation(USER) public class HelloWorldHomePage extends WebPage { } And the application: public class HelloWorldApplication extends AuthenticatedWebApplication { protected void init() { super.init(); mountBookmarkablePage(home, HelloWorldHomePage.class); mountBookmarkablePage(signin, SignInPage.class); } protected Class? extends WebPage getSignInPageClass() { return SignInPage.class; } protected Class? extends AuthenticatedWebSession getWebSessionClass() { return HelloWorldWebSession.class; } public Class? extends Page getHomePage() { return HelloWorldHomePage.class; } } The URL below, once logged in on one machine, could then be used on multiple machines to bypass the security layer. http://localhost:9090/HelloWorld/home;jsessionid=SESSION_ID_TAKEN_FROM_URL/COOKIE Many Thanks Andy _ Add your Gmail and Yahoo! Mail email accounts into Hotmail - it's easy http://clk.atdmt.com/UKM/go/186394592/direct/01/
Re: How to write markup if type of component is not known yet...
Hmm, that seems to be an easier solution; this way I, don't need to wrap everyting in a panel... Thanks for that tip ! On Wed, Dec 2, 2009 at 10:21 AM, Daan van Etten d...@stuq.nl wrote: Ah, I misread your original question. Maybe you can use Wicket Fragments for each type of input. http://wicket.apache.org/examplefragments.html Regards, Daan van Etten On Wed, 2009-12-02 at 10:19 +0100, Pieter Degraeuwe wrote: I'll go for the 'each detail' has a panel, and create these detail Panels via a factory. Thanks all of you. On Wed, Dec 2, 2009 at 10:12 AM, Ernesto Reinaldo Barreiro reier...@gmail.com wrote: Reuse the complex markup and use different detail panels for each detail? Maybe via some factory? Ernesto On Wed, Dec 2, 2009 at 10:06 AM, Pieter Degraeuwe pieter.degrae...@systemworks.be wrote: I want to avoid this, since I wanted to reuse the (complex) markup... Is there no way around this? On Wed, Dec 2, 2009 at 10:02 AM, Giambalvo, Christian christian.giamba...@excelsisnet.com wrote: Keep it simple and write 2 panels. -Ursprüngliche Nachricht- Von: Pieter Degraeuwe [mailto:pieter.degrae...@systemworks.be] Gesendet: Mittwoch, 2. Dezember 2009 09:55 An: users@wicket.apache.org Betreff: How to write markup if type of component is not known yet... Hi all, I want to write a panel which kan render in 2 modes: editable and read-only. In read-only mode all my components are just labels. In edit mode, are these labels replaced by input fields (e.g. Textfields, DropDowns, etc) The problem is now that I only want to write one markup (since all components are ordered in a quite complex hierarchy) Wicket complains now that tag type must be input instead of span... Is there any way around this. (Or am I doing bad practices...) regards, Pieter -- Pieter Degraeuwe Systemworks bvba Belgiëlaan 61 9070 Destelbergen GSM: +32 (0)485/68.60.85 Email: pieter.degrae...@systemworks.be visit us at http://www.systemworks.be - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Pieter Degraeuwe Systemworks bvba Belgiëlaan 61 9070 Destelbergen GSM: +32 (0)485/68.60.85 Email: pieter.degrae...@systemworks.be visit us at http://www.systemworks.be - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Pieter Degraeuwe Systemworks bvba Belgiëlaan 61 9070 Destelbergen GSM: +32 (0)485/68.60.85 Email: pieter.degrae...@systemworks.be visit us at http://www.systemworks.be
Re: IDataProvider
Thanks for the reply, I got very weird errors popping and grew suspicious of the instances that I am working with (using JRebel for superfast deployment). So I scratched the class I was working with and recoded from scratch. Restarted my instance and everything works now. I guess I need to pay once in a while for mucking around with a classloader tool like JRebel. Regards, Lester Daan van Etten wrote: Hi, Sidenote: I suggest you look at the LoadableDetachableModel, see: http://wicket.apache.org/docs/wicket-1.3.2/wicket/apidocs/org/apache/wicket/model/LoadableDetachableModel.html Regards, Daan van Etten On Wed, 2009-12-02 at 16:20 +0800, Lester Chua wrote: Hi, I am changing my tables from RefreshingView to DataView. In the IDataProvider interface, Is this a correct implementation for the model() function? public IModelMyRecord model(MyRecord inmodel) { return new ModelMyRecord(inmodel); } - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: IDataProvider
I agree; JRebel is realy handy, but sometimes it gives realy nasty effects. In my case, restarting my appserver solves the problem.. On Wed, Dec 2, 2009 at 10:38 AM, Lester Chua cicowic...@gmail.com wrote: Thanks for the reply, I got very weird errors popping and grew suspicious of the instances that I am working with (using JRebel for superfast deployment). So I scratched the class I was working with and recoded from scratch. Restarted my instance and everything works now. I guess I need to pay once in a while for mucking around with a classloader tool like JRebel. Regards, Lester Daan van Etten wrote: Hi, Sidenote: I suggest you look at the LoadableDetachableModel, see: http://wicket.apache.org/docs/wicket-1.3.2/wicket/apidocs/org/apache/wicket/model/LoadableDetachableModel.html Regards, Daan van Etten On Wed, 2009-12-02 at 16:20 +0800, Lester Chua wrote: Hi, I am changing my tables from RefreshingView to DataView. In the IDataProvider interface, Is this a correct implementation for the model() function? public IModelMyRecord model(MyRecord inmodel) { return new ModelMyRecord(inmodel); } - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Pieter Degraeuwe Systemworks bvba Belgiëlaan 61 9070 Destelbergen GSM: +32 (0)485/68.60.85 Email: pieter.degrae...@systemworks.be visit us at http://www.systemworks.be
AutocompleteTextField in wicket 1.3.6 ?
Hi I just tried to add a AutocompleteTextField to a 1.3.6 application but it doesn't seem to work. I copied the exact example from http://www.wicket-library.com/wicket-examples/ajax/autocomplete and removed the generics for 1.3.6 Yet still no matter if I enter anything or not, no autocomplete shows up and the ajax debug stays completely empty... Is there anything else to try or is there something more required to get it to work in 1.3.6 as opposed to 1.4.x ? Thanks a lot Matt -- matthias.kel...@ergon.ch +41 44 268 83 98 Ergon Informatik AG, Kleinstrasse 15, CH-8008 Zürich http://www.ergon.ch __ e r g o nsmart people - smart software smime.p7s Description: S/MIME Cryptographic Signature
InvalidUrlException considered evil?
There some places in Wicket sources where it throws InvalidUrlException that causes exception logging and InternalErrorPage is shown. However, I don't agree that badly constructed URL is and _internal_ error. It is external error (for example, user was playing with urls, modifying them by hand). So, my proposal: stop treating invalid urls and internal errors, don't log traces for them, don't show InternalErrorPage. Instead, either redirect user to home page, or show him 404, or show him 400 (bad request), or whatever else. The main point: do _not_ log errors just because user passed us an url that we couldn't resolve to a page/component. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: InvalidUrlException considered evil?
Am Mittwoch, 2. Dezember 2009 12:18:55 schrieb Marat Radchenko: There some places in Wicket sources where it throws InvalidUrlException that causes exception logging and InternalErrorPage is shown. However, I don't agree that badly constructed URL is and _internal_ error. It is external error (for example, user was playing with urls, modifying them by hand). So, my proposal: stop treating invalid urls and internal errors, don't log traces for them, don't show InternalErrorPage. Instead, either redirect user to home page, or show him 404, or show him 400 (bad request), or whatever else. The main point: do _not_ log errors just because user passed us an url that we couldn't resolve to a page/component. Hi, I have a slightly different proposal: - log errors for invalid urls in development mode only - log warnings for invalid urls in deployment mode Best Regards, Ilja -- binaere bauten gmbh · tempelhofer ufer 1a · 10961 berlin +49 · 171 · 9342 465 Handelsregister: HRB 115854 - Amtsgericht Charlottenburg Geschäftsführer: Dipl.-Inform. Ilja Pavkovic, Dipl.-Inform. Jost Becker - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: InvalidUrlException considered evil?
Same applies to org.apache.wicket.WicketRuntimeException: unable to find component with path ... on stateless page ... that can also be triggered by badly constructed url. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: InvalidUrlException considered evil?
2009/12/2 Ilja Pavkovic ilja.pavko...@binaere-bauten.de: Am Mittwoch, 2. Dezember 2009 12:18:55 schrieb Marat Radchenko: There some places in Wicket sources where it throws InvalidUrlException that causes exception logging and InternalErrorPage is shown. However, I don't agree that badly constructed URL is and _internal_ error. It is external error (for example, user was playing with urls, modifying them by hand). So, my proposal: stop treating invalid urls and internal errors, don't log traces for them, don't show InternalErrorPage. Instead, either redirect user to home page, or show him 404, or show him 400 (bad request), or whatever else. The main point: do _not_ log errors just because user passed us an url that we couldn't resolve to a page/component. Hi, I have a slightly different proposal: - log errors for invalid urls in development mode only - log warnings for invalid urls in deployment mode I'd be even more remissive: warning in development mode, silence in deployment mode. You don't log errors/warnings when user hits nonexisting url, do you? That's similar - he passed us an url that couldn't be resolved to a page. I don't see how it is different from url that resolved to a page, but couldn't be resolved to component on it. Best Regards, Ilja -- binaere bauten gmbh · tempelhofer ufer 1a · 10961 berlin +49 · 171 · 9342 465 Handelsregister: HRB 115854 - Amtsgericht Charlottenburg Geschäftsführer: Dipl.-Inform. Ilja Pavkovic, Dipl.-Inform. Jost Becker - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: How to write markup if type of component is not known yet...
I use the AjaxEditableLabel and related components and I've subclassed them overriding the onBeforeRender adding a call that checks if it should be in edit mode, then its just a matter of setEnabled(false) to keep the AjaxEditableLabel as a label. -Clint On Wed, Dec 2, 2009 at 3:24 AM, Pieter Degraeuwe pieter.degrae...@systemworks.be wrote: Hmm, that seems to be an easier solution; this way I, don't need to wrap everyting in a panel... Thanks for that tip ! On Wed, Dec 2, 2009 at 10:21 AM, Daan van Etten d...@stuq.nl wrote: Ah, I misread your original question. Maybe you can use Wicket Fragments for each type of input. http://wicket.apache.org/examplefragments.html Regards, Daan van Etten On Wed, 2009-12-02 at 10:19 +0100, Pieter Degraeuwe wrote: I'll go for the 'each detail' has a panel, and create these detail Panels via a factory. Thanks all of you. On Wed, Dec 2, 2009 at 10:12 AM, Ernesto Reinaldo Barreiro reier...@gmail.com wrote: Reuse the complex markup and use different detail panels for each detail? Maybe via some factory? Ernesto On Wed, Dec 2, 2009 at 10:06 AM, Pieter Degraeuwe pieter.degrae...@systemworks.be wrote: I want to avoid this, since I wanted to reuse the (complex) markup... Is there no way around this? On Wed, Dec 2, 2009 at 10:02 AM, Giambalvo, Christian christian.giamba...@excelsisnet.com wrote: Keep it simple and write 2 panels. -Ursprüngliche Nachricht- Von: Pieter Degraeuwe [mailto:pieter.degrae...@systemworks.be] Gesendet: Mittwoch, 2. Dezember 2009 09:55 An: users@wicket.apache.org Betreff: How to write markup if type of component is not known yet... Hi all, I want to write a panel which kan render in 2 modes: editable and read-only. In read-only mode all my components are just labels. In edit mode, are these labels replaced by input fields (e.g. Textfields, DropDowns, etc) The problem is now that I only want to write one markup (since all components are ordered in a quite complex hierarchy) Wicket complains now that tag type must be input instead of span... Is there any way around this. (Or am I doing bad practices...) regards, Pieter -- Pieter Degraeuwe Systemworks bvba Belgiëlaan 61 9070 Destelbergen GSM: +32 (0)485/68.60.85 Email: pieter.degrae...@systemworks.be visit us at http://www.systemworks.be - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Pieter Degraeuwe Systemworks bvba Belgiëlaan 61 9070 Destelbergen GSM: +32 (0)485/68.60.85 Email: pieter.degrae...@systemworks.be visit us at http://www.systemworks.be - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Pieter Degraeuwe Systemworks bvba Belgiëlaan 61 9070 Destelbergen GSM: +32 (0)485/68.60.85 Email: pieter.degrae...@systemworks.be visit us at http://www.systemworks.be
Re: Wizard and confirmation screens
Hi, I once had a similar problem and made it work even with static steps. Please allow me to share it. I wanted to use statics steps in order to feel them. Just for the fun, as I did wizard with dynamic steps before. So, I had a class Profile and wanted the wizard to create a new one (the wizard was also for editing. I had a boolean representing that). In the wizard, I use a CompundPropertyModel. My solution was to pass the profile instance to the summary step in the constructor. The magic of the CPM made the profile instance updated. In the summary step, I used onBeforeRender to show the updated profile. Here's some code: private void initProfileWizard(final Profile *profile*, final boolean newProfile, final PageParameters pageParametersForMainPage) { setModel(new CompoundPropertyModel(profile)); final Profile originalProfile = new Profile(profile); // Used in case of canceling edit. WizardModel wizardModel = new WizardModel() { private static final long serialVersionUID = 1L; @Override public void cancel() { super.cancel(); if (newProfile) { setResponsePage(ExtractRdbPage.class, pageParametersForMainPage); } else { final ViewProfilePage profilePage = new ViewProfilePage(originalProfile, pageParametersForMainPage); setResponsePage(profilePage); } } @Override public void finish() { super.finish(); setResponsePage(ExtractRdbPage.class, pageParametersForMainPage); } }; wizardModel.add(new ProfileBasicInfoStep(newProfile, ...)); wizardModel.add(new ProfileParametersStep(...)); wizardModel.add(new ViewProfileStep(*profile*, newProfile, ...)); init(wizardModel); } the above method is called from the constructor. The input profile may be new in one constructor or as parameter in another one. The wizard can be activated from two different pages (new profile, or edit profile), so I override the cancel. Don't mind other parameters... Here's the summary step: public ViewProfileStep(final Profile *profile*, boolean newProfile, ...) { ... @Override public void applyState() { if (newProfile) { profile.add(); } else { profile.update(); } } @Override protected void *onBeforeRende*r() { addOrReplace(new ViewProfilePanel(viewProfile, profile)); super.onBeforeRender(); } ... } I know, I could easily do it with Dynamic steps... Eyal Golan egola...@gmail.com Visit: http://jvdrums.sourceforge.net/ LinkedIn: http://www.linkedin.com/in/egolan74 P Save a tree. Please don't print this e-mail unless it's really necessary On Wed, Dec 2, 2009 at 10:06 AM, John Armstrong siber...@siberian.orgwrote: Found my problem. I needed to be using a DynamicWizardModel, not a WizardModel. This lets me add the steps as required and therefore get access to the version of the model at that stage of the process. I'd done this before, just had to paw through my personal svn to find how I implemented it. Yes, it was a 'Doh!' moment. Tx- John- On Mon, Nov 30, 2009 at 7:21 AM, John Armstrong siber...@siberian.org wrote: I believe my models are dynamic and self-contained. For example one is a Serviceorder that lives in the net.pnc.model.Serviceorder class. I have one instance of this in my wizard that is shared between all screens. All properties of Serviceorder are private to Serviceorder and accessed via getters/setters. So for example: add(new TextField(email, new PropertyModel(theOrder, email))); where 'theOrder' is the wizard scoped instance of a Serviceorder. That seems correct to me, can you confirm? I see in the wicket examples project there is a Wizard that uses a StaticContentStep for just this case. This leads me to believe that the only way to accomplish this task is to do the same and basically wrap that entire last step into the properties file and feed it the model? Feels wrong to me.. John- On Mon, Nov 30, 2009 at 3:07 AM, bgooren b...@iswd.nl wrote: Sounds like you are using static models instead of dynamic models. E.g. if you use Model.of(test), the model is essentialy self-contained. Whereas if you have a property called value in your wizard and you use new PropertyModel( Wizard.this, value ) , the model will depend on the value of the value property. Bas John Armstrong-3 wrote: It may just be late and I am missing the obvious but.. I have a wizard. The last step needs to be a confirmation step however it is constructed when added to the WizardModel in the Wizard constructor and at this stage all of the backing models are empty since, well, the user hasn't done anything. This means when I access models on the
RE: Session stealing with wicket-auth-roles
I too would like to know the Wicket answer. The problem is that JSESSIONID is how the Servlet container differentiates the session with the user. It's part of the spec since the beginning. Because it is well known and certain browsers (Firefox, representing over a third of browser clients) make it pretty easy to look at the cookies it has become a known weakness to people who want to do bad things. Now, if the entire interaction is done with HTTPS, theoretically you would be able to use the SSL session ID to match sessions. That would be a configuration setting on your Servlet container. The solution that some frameworks and roll your own security folks have come up with (like Ruby on Rails) is to use a secondary token as a salt for a secondary token. Rails uses this token for all POST requests and uses a constant time comparison for the token (another topic altogether). Of course, Rails stores all session data in a Cookie by default, encrypted and hashed with the secondary token. It makes it more difficult to steal a session that way. An approach similar to this (without storing session data in a cookie) can be done using a ServletFilter. The alternative I've seen is to change the secondary token periodically or every request. The problem with this solution is that you break the back button when the token changes. At the very least, the secondary token should be generated based on requestor information (IP address, user agent, etc.). That way the token is not simply a matter of simply matching the JSESSIONID string against a hash. You are recreating the master token the same way and comparing it with what you received. To summarize, I would most likely create a ServletFilter to handle the secondary token handling. The secondary token would be a SHA-1 hash of an application salt (random characters at least the length of an SHA-1), the user agent, and the requesting IP address, and the Servlet session ID. The ServletFilter either throws a 403 response, or invalidates the session if the newly generated key does not match the secondary token provided. Essentially, the user would have to be behind the same firewall/gateway, have the same exact browser and patch level, and the session id to successfully steal a session. Even within an organization the differences in user agent strings for Internet Explorer at any version vary greatly. Additionally, I would use the ServletFilter to actively reject automated clients. If the system lives in SSL, this is a valid approach because you don't necessarily want the contents indexed. You'd be surprised how many poorly behaving web crawlers there are out there. Many of them are home-brewed scripts that spider your site, ignoring your robots.txt file--even on private networks. -Original Message- From: Andrew Turner [mailto:grim_toas...@hotmail.com] Sent: Wednesday, December 02, 2009 4:24 AM To: users@wicket.apache.org Subject: Session stealing with wicket-auth-roles Good morning all, I'm hoping I've misconfigured something in my application, but we seem to be prone to session stealing in our wicket application. We're using wicket-auth-roles to provide the security, and if you are able to access the jsessionid you can get another machine to log straight into the application as the intercepted user. We're using HTTPS for the communication, so hopefully the likelihood of this occurring is quite small, but we are still being forced to contemplate rewriting the security layer (which I want to avoid if possible). So, my question, have I misconfigured something, or is it just not possible to prevent this sort of attack when using wicket-auth-roles? I've managed to create a completely stripped-down app that still has the problem, below is the AuthenticatedWhenSession implementation. public class HelloWorldWebSession extends AuthenticatedWebSession { public HelloWorldWebSession(Request request) { super(request); } public boolean authenticate(String username, String password) { return helloUser.equals(username) password.equals(password); } public Roles getRoles() { return isSignedIn() ? new Roles(Roles.USER) : null; } } And the simple page: @AuthorizeInstantiation(USER) public class HelloWorldHomePage extends WebPage { } And the application: public class HelloWorldApplication extends AuthenticatedWebApplication { protected void init() { super.init(); mountBookmarkablePage(home, HelloWorldHomePage.class); mountBookmarkablePage(signin, SignInPage.class); } protected Class? extends WebPage getSignInPageClass() { return SignInPage.class; } protected Class? extends AuthenticatedWebSession getWebSessionClass() { return HelloWorldWebSession.class; } public Class? extends Page getHomePage() { return HelloWorldHomePage.class; } } The URL below, once logged in on one machine, could then be used on multiple machines to bypass the security layer.
Re: Session stealing with wicket-auth-roles
Cant you use http://www.mkyong.com/wicket/how-do-encrypt-encode-url-in-wicket/ But I guess it might still get the session id appended..? 2009/12/2 Loritsch, Berin C. berin.lorit...@gd-ais.com I too would like to know the Wicket answer. The problem is that JSESSIONID is how the Servlet container differentiates the session with the user. It's part of the spec since the beginning. Because it is well known and certain browsers (Firefox, representing over a third of browser clients) make it pretty easy to look at the cookies it has become a known weakness to people who want to do bad things. Now, if the entire interaction is done with HTTPS, theoretically you would be able to use the SSL session ID to match sessions. That would be a configuration setting on your Servlet container. The solution that some frameworks and roll your own security folks have come up with (like Ruby on Rails) is to use a secondary token as a salt for a secondary token. Rails uses this token for all POST requests and uses a constant time comparison for the token (another topic altogether). Of course, Rails stores all session data in a Cookie by default, encrypted and hashed with the secondary token. It makes it more difficult to steal a session that way. An approach similar to this (without storing session data in a cookie) can be done using a ServletFilter. The alternative I've seen is to change the secondary token periodically or every request. The problem with this solution is that you break the back button when the token changes. At the very least, the secondary token should be generated based on requestor information (IP address, user agent, etc.). That way the token is not simply a matter of simply matching the JSESSIONID string against a hash. You are recreating the master token the same way and comparing it with what you received. To summarize, I would most likely create a ServletFilter to handle the secondary token handling. The secondary token would be a SHA-1 hash of an application salt (random characters at least the length of an SHA-1), the user agent, and the requesting IP address, and the Servlet session ID. The ServletFilter either throws a 403 response, or invalidates the session if the newly generated key does not match the secondary token provided. Essentially, the user would have to be behind the same firewall/gateway, have the same exact browser and patch level, and the session id to successfully steal a session. Even within an organization the differences in user agent strings for Internet Explorer at any version vary greatly. Additionally, I would use the ServletFilter to actively reject automated clients. If the system lives in SSL, this is a valid approach because you don't necessarily want the contents indexed. You'd be surprised how many poorly behaving web crawlers there are out there. Many of them are home-brewed scripts that spider your site, ignoring your robots.txt file--even on private networks. -Original Message- From: Andrew Turner [mailto:grim_toas...@hotmail.com] Sent: Wednesday, December 02, 2009 4:24 AM To: users@wicket.apache.org Subject: Session stealing with wicket-auth-roles Good morning all, I'm hoping I've misconfigured something in my application, but we seem to be prone to session stealing in our wicket application. We're using wicket-auth-roles to provide the security, and if you are able to access the jsessionid you can get another machine to log straight into the application as the intercepted user. We're using HTTPS for the communication, so hopefully the likelihood of this occurring is quite small, but we are still being forced to contemplate rewriting the security layer (which I want to avoid if possible). So, my question, have I misconfigured something, or is it just not possible to prevent this sort of attack when using wicket-auth-roles? I've managed to create a completely stripped-down app that still has the problem, below is the AuthenticatedWhenSession implementation. public class HelloWorldWebSession extends AuthenticatedWebSession { public HelloWorldWebSession(Request request) { super(request); } public boolean authenticate(String username, String password) { return helloUser.equals(username) password.equals(password); } public Roles getRoles() { return isSignedIn() ? new Roles(Roles.USER) : null; } } And the simple page: @AuthorizeInstantiation(USER) public class HelloWorldHomePage extends WebPage { } And the application: public class HelloWorldApplication extends AuthenticatedWebApplication { protected void init() { super.init(); mountBookmarkablePage(home, HelloWorldHomePage.class); mountBookmarkablePage(signin, SignInPage.class); } protected Class? extends WebPage getSignInPageClass() { return SignInPage.class; } protected Class? extends AuthenticatedWebSession getWebSessionClass() { return
Re: Session stealing with wicket-auth-roles
This is not a Wicket issue. However, there is a good discussion on the topic here: http://old.nabble.com/JSESSIONID-hijacking-td22492701.html What application server are you using? On Wed, Dec 2, 2009 at 4:24 AM, Andrew Turner grim_toas...@hotmail.com wrote: Good morning all, I'm hoping I've misconfigured something in my application, but we seem to be prone to session stealing in our wicket application. We're using wicket-auth-roles to provide the security, and if you are able to access the jsessionid you can get another machine to log straight into the application as the intercepted user. We're using HTTPS for the communication, so hopefully the likelihood of this occurring is quite small, but we are still being forced to contemplate rewriting the security layer (which I want to avoid if possible). So, my question, have I misconfigured something, or is it just not possible to prevent this sort of attack when using wicket-auth-roles? I've managed to create a completely stripped-down app that still has the problem, below is the AuthenticatedWhenSession implementation. public class HelloWorldWebSession extends AuthenticatedWebSession { public HelloWorldWebSession(Request request) { super(request); } public boolean authenticate(String username, String password) { return helloUser.equals(username) password.equals(password); } public Roles getRoles() { return isSignedIn() ? new Roles(Roles.USER) : null; } } And the simple page: @AuthorizeInstantiation(USER) public class HelloWorldHomePage extends WebPage { } And the application: public class HelloWorldApplication extends AuthenticatedWebApplication { protected void init() { super.init(); mountBookmarkablePage(home, HelloWorldHomePage.class); mountBookmarkablePage(signin, SignInPage.class); } protected Class? extends WebPage getSignInPageClass() { return SignInPage.class; } protected Class? extends AuthenticatedWebSession getWebSessionClass() { return HelloWorldWebSession.class; } public Class? extends Page getHomePage() { return HelloWorldHomePage.class; } } The URL below, once logged in on one machine, could then be used on multiple machines to bypass the security layer. http://localhost:9090/HelloWorld/home;jsessionid=SESSION_ID_TAKEN_FROM_URL/COOKIE Many Thanks Andy _ Add your Gmail and Yahoo! Mail email accounts into Hotmail - it's easy http://clk.atdmt.com/UKM/go/186394592/direct/01/ - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Session stealing with wicket-auth-roles
The Seam folks have a fix for removing JSESSIONID from the URLs, too: http://seamframework.org/Documentation/RemovingJSESSIONIDFromYourURLsAndFixingScache On Wed, Dec 2, 2009 at 9:31 AM, James Carman jcar...@carmanconsulting.com wrote: This is not a Wicket issue. However, there is a good discussion on the topic here: http://old.nabble.com/JSESSIONID-hijacking-td22492701.html What application server are you using? On Wed, Dec 2, 2009 at 4:24 AM, Andrew Turner grim_toas...@hotmail.com wrote: Good morning all, I'm hoping I've misconfigured something in my application, but we seem to be prone to session stealing in our wicket application. We're using wicket-auth-roles to provide the security, and if you are able to access the jsessionid you can get another machine to log straight into the application as the intercepted user. We're using HTTPS for the communication, so hopefully the likelihood of this occurring is quite small, but we are still being forced to contemplate rewriting the security layer (which I want to avoid if possible). So, my question, have I misconfigured something, or is it just not possible to prevent this sort of attack when using wicket-auth-roles? I've managed to create a completely stripped-down app that still has the problem, below is the AuthenticatedWhenSession implementation. public class HelloWorldWebSession extends AuthenticatedWebSession { public HelloWorldWebSession(Request request) { super(request); } public boolean authenticate(String username, String password) { return helloUser.equals(username) password.equals(password); } public Roles getRoles() { return isSignedIn() ? new Roles(Roles.USER) : null; } } And the simple page: @AuthorizeInstantiation(USER) public class HelloWorldHomePage extends WebPage { } And the application: public class HelloWorldApplication extends AuthenticatedWebApplication { protected void init() { super.init(); mountBookmarkablePage(home, HelloWorldHomePage.class); mountBookmarkablePage(signin, SignInPage.class); } protected Class? extends WebPage getSignInPageClass() { return SignInPage.class; } protected Class? extends AuthenticatedWebSession getWebSessionClass() { return HelloWorldWebSession.class; } public Class? extends Page getHomePage() { return HelloWorldHomePage.class; } } The URL below, once logged in on one machine, could then be used on multiple machines to bypass the security layer. http://localhost:9090/HelloWorld/home;jsessionid=SESSION_ID_TAKEN_FROM_URL/COOKIE Many Thanks Andy _ Add your Gmail and Yahoo! Mail email accounts into Hotmail - it's easy http://clk.atdmt.com/UKM/go/186394592/direct/01/ - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Session stealing with wicket-auth-roles
Thats basically the same code as on http://randomcoder.com/articles/jsessionid-considered-harmful. OWASP also has a good deal to say about sessions: http://www.owasp.org/index.php/Session_Management Regards, Erik. James Carman wrote: The Seam folks have a fix for removing JSESSIONID from the URLs, too: http://seamframework.org/Documentation/RemovingJSESSIONIDFromYourURLsAndFixingScache -- Erik van Oosten http://day-to-day-stuff.blogspot.com/ - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
AW: Session stealing with wicket-auth-roles
Hmm, for me it doesn't work. I mount the pages via: this.mount(/pages/secure, PackageName.forClass(this.getHomePage())); If I try to access the page from machine B with the same jessionid as machine A, then I get redirected to LoginPage. -Ursprüngliche Nachricht- Von: Andrew Turner [mailto:grim_toas...@hotmail.com] Gesendet: Mittwoch, 2. Dezember 2009 10:24 An: users@wicket.apache.org Betreff: Session stealing with wicket-auth-roles Good morning all, I'm hoping I've misconfigured something in my application, but we seem to be prone to session stealing in our wicket application. We're using wicket-auth-roles to provide the security, and if you are able to access the jsessionid you can get another machine to log straight into the application as the intercepted user. We're using HTTPS for the communication, so hopefully the likelihood of this occurring is quite small, but we are still being forced to contemplate rewriting the security layer (which I want to avoid if possible). So, my question, have I misconfigured something, or is it just not possible to prevent this sort of attack when using wicket-auth-roles? I've managed to create a completely stripped-down app that still has the problem, below is the AuthenticatedWhenSession implementation. public class HelloWorldWebSession extends AuthenticatedWebSession { public HelloWorldWebSession(Request request) { super(request); } public boolean authenticate(String username, String password) { return helloUser.equals(username) password.equals(password); } public Roles getRoles() { return isSignedIn() ? new Roles(Roles.USER) : null; } } And the simple page: @AuthorizeInstantiation(USER) public class HelloWorldHomePage extends WebPage { } And the application: public class HelloWorldApplication extends AuthenticatedWebApplication { protected void init() { super.init(); mountBookmarkablePage(home, HelloWorldHomePage.class); mountBookmarkablePage(signin, SignInPage.class); } protected Class? extends WebPage getSignInPageClass() { return SignInPage.class; } protected Class? extends AuthenticatedWebSession getWebSessionClass() { return HelloWorldWebSession.class; } public Class? extends Page getHomePage() { return HelloWorldHomePage.class; } } The URL below, once logged in on one machine, could then be used on multiple machines to bypass the security layer. http://localhost:9090/HelloWorld/home;jsessionid=SESSION_ID_TAKEN_FROM_URL/COOKIE Many Thanks Andy _ Add your Gmail and Yahoo! Mail email accounts into Hotmail - it's easy http://clk.atdmt.com/UKM/go/186394592/direct/01/ - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Session stealing with wicket-auth-roles
2009/12/2 Andrew Turner grim_toas...@hotmail.com: Good morning all, I'm hoping I've misconfigured something in my application, but we seem to be prone to session stealing in our wicket application. We're using wicket-auth-roles to provide the security, and if you are able to access the jsessionid you can get another machine to log straight into the application as the intercepted user. We're using HTTPS for the communication, so hopefully the likelihood of this occurring is quite small, but we are still being forced to contemplate rewriting the security layer (which I want to avoid if possible). So, my question, have I misconfigured something, or is it just not possible to prevent this sort of attack when using wicket-auth-roles? I've managed to create a completely stripped-down app that still has the problem, below is the AuthenticatedWhenSession implementation. public class HelloWorldWebSession extends AuthenticatedWebSession { public HelloWorldWebSession(Request request) { super(request); } public boolean authenticate(String username, String password) { return helloUser.equals(username) password.equals(password); } public Roles getRoles() { return isSignedIn() ? new Roles(Roles.USER) : null; } } And the simple page: @AuthorizeInstantiation(USER) public class HelloWorldHomePage extends WebPage { } And the application: public class HelloWorldApplication extends AuthenticatedWebApplication { protected void init() { super.init(); mountBookmarkablePage(home, HelloWorldHomePage.class); mountBookmarkablePage(signin, SignInPage.class); } protected Class? extends WebPage getSignInPageClass() { return SignInPage.class; } protected Class? extends AuthenticatedWebSession getWebSessionClass() { return HelloWorldWebSession.class; } public Class? extends Page getHomePage() { return HelloWorldHomePage.class; } } The URL below, once logged in on one machine, could then be used on multiple machines to bypass the security layer. http://localhost:9090/HelloWorld/home;jsessionid=SESSION_ID_TAKEN_FROM_URL/COOKIE Many Thanks Andy _ Add your Gmail and Yahoo! Mail email accounts into Hotmail - it's easy http://clk.atdmt.com/UKM/go/186394592/direct/01/ Man, just configure you webserver properly so it doesn't append jsessionid to urls. Wicket has nothing to do with session management. Jetty (web.xml): context-param param-nameorg.mortbay.jetty.servlet.SessionURL/param-name param-valuenone/param-value /context-param Resin (resin-web.xml): web-app id='...' session-config enable-cookies='true' enable-url-rewriting='false' / /web-app Other: use your webserver docs. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Session timeout - AJAX-enabled controls
Thank you Igor. Does somebody have a short example of java code to check for wicket-Ajax header ? Or an example of what such a header looks like ? In the debug window, I can see wicket xml responses, bot no query... Bernard in your servlet filter you will have to check for Wicket-Ajax header and if it is present return a properly formatted ajax-response that contains javascript to redirect to your login page. -igor On Tue, Dec 1, 2009 at 1:01 PM, Bernard Lupin beal6...@yahoo.fr wrote: And I'm using wicket version 1.4.3... Bernard Lupin wrote: Hello, I also have a similar problem : when the session is over, debug shows me that all my Ajax links receive an html response with my login page, instead of an xml response, because I have a servlet filter for that. So wicket says in the wicket ajax debug window ERROR: Wicket.Ajax.Call.failure: Error while parsing response: Could not find root ajax-response element, and for users nothing happens when clicking on AjaxLink's. Is it a way to solve this please ? Regards, Bernard -- View this message in context: http://old.nabble.com/Session-timeout---AJAX-enabled-controls-tp26422932p26611019.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Announcement: Annotation-based Mounting of Resources
Is this annotation-based approach really saving that much? It seems to me that a few helper methods would do just as well. On Wed, Dec 2, 2009 at 1:51 AM, Toscano koki...@gmail.com wrote: Hi again, First of all, thank you for your time and dedication with this project, I think is really useful and interesting. I just can't have it working and I don't know the reason, I would really appreciate if you can spend a few minutes trying to help me if you don't mind. I'm using Wicket 1.4.3 and the annotations approach. My javascript files are all in /js not in the java folder. So what I do is go the init() of my webapp and write this: ResourceMount mount = new ResourceMount(); ResourceMount.mountAnnotatedPackageResources(/js, MyApplication.Page, this, mount); Then I go to MyApplication.Page.HomePage and write this annotation: @JsContribution(jquery.min.js) When I try to run the application, I get this error: failed to mount resource ('/js/all.js') WicketRuntimeException: js/all.js is already mounted for SharedResourceEncoder I'm sure I'm understanding something wrong... hope you can help me... Thank you again, Oskar sfussenegger wrote: Today, I’m happy to announce the availability of annotation-based mounting and merging of resources in wicketstuff-merged-resources (version 3.0-SNAPSHOT for Wicket 1.4, version 2.1-SNAPSHOT for Wicket 1.3). In order to mount resources, all that’s needed is adding annotations to component classes: @JsContribution @CssContribution(media = print) @ResourceContribution(value = accept.png, path = /img/accept.png) public class PanelOne extends Panel { public PanelOne(String id) { super(id); // ... } } As an added benefit, you’ll get all the other features of wicketstuff-merged-resources: merging of multiple files into one for less HTTP requests adding of versions to resource paths for aggressive caching pre-processing of resources (e.g. replacing colors in CSS files) optionally uploading them to Amazon Cloudfront (well, at least you can expect this feature soon – we are using it already) So you will speed up rendering of your pages while simplifying and reducing your code (there’s no need to merge, mount or add HeaderContributors manually anymore)! More on our blog ... http://techblog.molindo.at/2009/10/wicket-annotation-based-mounting-of-resources.html ... and Wicket Stuff Wiki: http://wicketstuff.org/confluence/display/STUFFWIKI/wicketstuff-merged-resources Cheers - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - Stefan Fussenegger Wicket: wicketstuff-merged-resources Wicket on techblog.molindo.at -- View this message in context: http://old.nabble.com/Announcement%3A-Annotation-based-Mounting-of-Resources-tp25886703p26604363.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
nested property and CompoundPropertyModel
I am using CompoundPropertyModel as my form model , can I provide a nested property as id for a form component ?
Re: nested property and CompoundPropertyModel
Have you tried it? On Wed, Dec 2, 2009 at 10:51 AM, tubin gen fachh...@gmail.com wrote: I am using CompoundPropertyModel as my form model , can I provide a nested property as id for a form component ? - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: nested property and CompoundPropertyModel
I tried it did now work , need suggestion If I can make it work James Carman-3 wrote: Have you tried it? On Wed, Dec 2, 2009 at 10:51 AM, tubin gen fachh...@gmail.com wrote: I am using CompoundPropertyModel as my form model , can I provide a nested property as id for a form component ? - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- View this message in context: http://old.nabble.com/nested-property-and-CompoundPropertyModel-tp26611172p26611280.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: nested property and CompoundPropertyModel
Read this: http://cwiki.apache.org/WICKET/working-with-wicket-models.html#WorkingwithWicketmodels-CompoundPropertyModels On Wed, Dec 2, 2009 at 10:53 AM, James Carman jcar...@carmanconsulting.com wrote: Have you tried it? On Wed, Dec 2, 2009 at 10:51 AM, tubin gen fachh...@gmail.com wrote: I am using CompoundPropertyModel as my form model , can I provide a nested property as id for a form component ? - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Static link for stateful page (Wicket 1.3)
After some thought I have a better description of what I am trying to do: - I would like to have a stateless page that is always accessed via a bookmarkable link. - This page has an iframe whose content is backed by a stateful page that is altered via ajax links. - When the parent page is refreshed via the bookmarkable link I would like the state in the iframe to persist (eg the iframe content is rendered exactly as it was left before the refresh). The question boils down to how to generate a link to the stateful page that always points to the latest version of the page. The link can change from render to render as long as the link can be generated statelessly (because the containing page is stateless). In case anyone is curious the real use case is a dynamically generated javascript file that writes the iframe and other features into any host page (similar to getsatisfaction.com or nabble.com). Any hints on how to go about this are appreciated. Ryan On Mon, Nov 30, 2009 at 6:06 PM, Ryan Crumley crum...@gmail.com wrote: Hi all, I have an unusual requirement for a stateful page that can be accessed via a static url. To state it another way I would like the same url to always shows the latest state of a page for that session. For example: Operations: 1. Initial Render. url = http://ABC/XYZ 2. User changes the page state using links ajax operations 3. User returns to url = http://ABC/XYZ and the operations from step #2 are present from the same url visited in step #1. I tried modifying my page so that it was not versioned and hardcoding the numeric id to 0. This works for the first render but the changes made to the page on the first render are not reflected when that same url is refreshed. Here is the snippet of code I am using to generate the static url: PageMap pageMap = PageMap.forName(myMapName); Page page = pageMap.get(0, -1); if(page == null) { page = new MyPage(pageMap); } return getRequestCycle().urlFor(page).toString(); Seems like there is an elegant way to do this, any pointers? I am using Wicket 1.3. Thanks in advance, Ryan - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: nested property and CompoundPropertyModel
It worked I was wrong. Thanks fachhoch wrote: I tried it did now work , need suggestion If I can make it work James Carman-3 wrote: Have you tried it? On Wed, Dec 2, 2009 at 10:51 AM, tubin gen fachh...@gmail.com wrote: I am using CompoundPropertyModel as my form model , can I provide a nested property as id for a form component ? - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- View this message in context: http://old.nabble.com/nested-property-and-CompoundPropertyModel-tp26611172p26611496.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
making tinyMce TextArea readonly
I ma trying to make TextArea with TinyMce behaviour readonly , I added the following custom settings but it did not work tinyMCESettings.addCustomSetting(readonly : true); tinyMCESettings.addCustomSetting(mode : textareas); please suggest me how to make it readonly ?
AjaxFallbackLink does not work on Windows Mobile Internet Explorer
it seems that Mobile IE understands onclick a little bit to start running it but not enough to actually process the request so no actual fallback is being made. As I would really like to keep my code as it is I thought I would introduce Simple HTML mode which would strip all onclick tags and leave the browser with the href= tags it understands. Is there any elegant way to do it globally? lg -- Leszek Gawron http://lgawron.blogspot.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
RE: Session stealing with wicket-auth-roles
Marvellous, thanks for the input folks. So, in a nutshell, what we're basically saying is that when using Wicket we recommend HTTPS and disabling URL rewrite (we are using weblogic and I presumed one of the other settings should have disabled URL rewrite, the fool I am, cookie-secure seemed to do nothing!). It's still possible to steal the session, but I've just got to rely on the users not doing anything too silly now! The only other thing I thought may have been a problem is that as I'm using wicket-auth-roles it doesn't use the standard jee authentication, which I presume is where weblogic gets involved and sets its own secure-cookie. Oh well, at least now we should be able to prevent people emailing each other their sessions! Thanks again. Andy From: grim_toas...@hotmail.com To: users@wicket.apache.org Subject: Session stealing with wicket-auth-roles Date: Wed, 2 Dec 2009 09:24:13 + Good morning all, I'm hoping I've misconfigured something in my application, but we seem to be prone to session stealing in our wicket application. We're using wicket-auth-roles to provide the security, and if you are able to access the jsessionid you can get another machine to log straight into the application as the intercepted user. We're using HTTPS for the communication, so hopefully the likelihood of this occurring is quite small, but we are still being forced to contemplate rewriting the security layer (which I want to avoid if possible). So, my question, have I misconfigured something, or is it just not possible to prevent this sort of attack when using wicket-auth-roles? I've managed to create a completely stripped-down app that still has the problem, below is the AuthenticatedWhenSession implementation. public class HelloWorldWebSession extends AuthenticatedWebSession { public HelloWorldWebSession(Request request) { super(request); } public boolean authenticate(String username, String password) { return helloUser.equals(username) password.equals(password); } public Roles getRoles() { return isSignedIn() ? new Roles(Roles.USER) : null; } } And the simple page: @AuthorizeInstantiation(USER) public class HelloWorldHomePage extends WebPage { } And the application: public class HelloWorldApplication extends AuthenticatedWebApplication { protected void init() { super.init(); mountBookmarkablePage(home, HelloWorldHomePage.class); mountBookmarkablePage(signin, SignInPage.class); } protected Class? extends WebPage getSignInPageClass() { return SignInPage.class; } protected Class? extends AuthenticatedWebSession getWebSessionClass() { return HelloWorldWebSession.class; } public Class? extends Page getHomePage() { return HelloWorldHomePage.class; } } The URL below, once logged in on one machine, could then be used on multiple machines to bypass the security layer. http://localhost:9090/HelloWorld/home;jsessionid=SESSION_ID_TAKEN_FROM_URL/COOKIE Many Thanks Andy _ Add your Gmail and Yahoo! Mail email accounts into Hotmail - it's easy http://clk.atdmt.com/UKM/go/186394592/direct/01/ _ Got more than one Hotmail account? Save time by linking them together http://clk.atdmt.com/UKM/go/186394591/direct/01/
Re: AjaxFallbackLink does not work on Windows Mobile Internet Explorer
Hi, You could implement your own IComponentInstantiationListener, and in it add some sort of behavior to modify the component which removes the onclick. Or you could try an remove the AjaxEventBehavior from the AjaxFallbackLink. This should work globally but will only require you to modify your code in one place. eg something like this in application init: if(simple mode){ addComponentInstantiationListener( new IComponentInstantiationListener(){ onInstantiation(Component component){ if(component instance of AjaxFallbackLink){ IBehaviour b = code to get behaviour component.removeBehaviour(b) } } } ) } not sure if that will work but it seems like it should. Richard Leszek Gawron-2 wrote: a it seems that Mobile IE understands onclick a little bit to start running it but not enough to actually process the request so no actual fallback is being made. As I would really like to keep my code as it is I thought I would introduce Simple HTML mode which would strip all onclick tags and leave the browser with the href= tags it understands. Is there any elegant way to do it globally? lg -- Leszek Gawron http://lgawron.blogspot.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - http://richard-wilkinson.co.uk My blog: http://richard-wilkinson.co.uk -- View this message in context: http://old.nabble.com/AjaxFallbackLink-does-not-work-on-Windows-Mobile-Internet-Explorer-tp26612035p26612857.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: AjaxFallbackLink does not work on Windows Mobile Internet Explorer
Actually I've just realiaed, you can't remove the behaviour with component instansiation because it hasn't been added yet. Look at ibeforeonbeforerenderlistener. Its called something like that, can't check at the moment. Richard On 2 Dec 2009 17:30, richardwilko richardjohnwilkin...@gmail.com wrote: Hi, You could implement your own IComponentInstantiationListener, and in it add some sort of behavior to modify the component which removes the onclick. Or you could try an remove the AjaxEventBehavior from the AjaxFallbackLink. This should work globally but will only require you to modify your code in one place. eg something like this in application init: if(simple mode){ addComponentInstantiationListener( new IComponentInstantiationListener(){ onInstantiation(Component component){ if(component instance of AjaxFallbackLink){ IBehaviour b = code to get behaviour component.removeBehaviour(b) } } } ) } not sure if that will work but it seems like it should. Richard Leszek Gawron-2 wrote: a it seems that Mobile IE understands onclick a little bit to start running it but not enough t... - http://richard-wilkinson.co.uk My blog: http://richard-wilkinson.co.uk -- View this message in context: http://old.nabble.com/AjaxFallbackLink-does-not-work-on-Windows-Mobile-Internet-Explorer-tp26612035p26612857.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user...
Customized FeedbackPanel question
We have a requirement to render the offending FormComponent with a visual change (not an indicator...but a style change such as background is red) and show the error message below the component. I have created a customized FeedbackPanel for this so this is not a problem. The problem we have is that we also have a FeedbackPanel at the top of the page which renders the error message as well. We don't the message to be rendered twice. I have attempted this behavior by playing around with the IFeedbackMessageFilter, onBeforeRenderer and markRendered method but my efforts have failed. I was hoping that there was a onBeforeXXX method that can be called so I can determine if what messages are to be renderered in the FeedbackPanel before they are actually renderered. It appears that the component is rendered right after onBeforeRender before moving on to the next child component. Has anyone else come into this requirement and have found an acceptable solution? Is there another onBeforeXXX method that is called before rendering and traverses the entire component graph that I may override and mark messages as rendrered? Thanks in advance. - Doug - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
ModalWindow on Firefox plus IE tab
Hi, My web site as to run on Firefox and Internet Explorer, so I use IE tab (https://addons.mozilla.org/fr/firefox/addon/1419) to test it, and for the first time I see a difference between IE tab and normal IE. I introduced one ModalWindow (IFrame version) in my page : it works well on IE and on firefox, but on IE tab I have an error The page cannot be displayed, with a bad URL : http://:/; when creating this modal window. OK, the problem is perhaps within IE tab, but perhaps it can be easily corrected with one more hack in modal.js file, around the iframe creation. If some javascript expert can help me... Many thanks Bernard - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Customized FeedbackPanel question
why dont you simply check in your filter if the reporter component is a descendant of the form and then ignore the message? -igor On Wed, Dec 2, 2009 at 10:11 AM, Doug Leeper douglee...@yahoo.com wrote: We have a requirement to render the offending FormComponent with a visual change (not an indicator...but a style change such as background is red) and show the error message below the component. I have created a customized FeedbackPanel for this so this is not a problem. The problem we have is that we also have a FeedbackPanel at the top of the page which renders the error message as well. We don't the message to be rendered twice. I have attempted this behavior by playing around with the IFeedbackMessageFilter, onBeforeRenderer and markRendered method but my efforts have failed. I was hoping that there was a onBeforeXXX method that can be called so I can determine if what messages are to be renderered in the FeedbackPanel before they are actually renderered. It appears that the component is rendered right after onBeforeRender before moving on to the next child component. Has anyone else come into this requirement and have found an acceptable solution? Is there another onBeforeXXX method that is called before rendering and traverses the entire component graph that I may override and mark messages as rendrered? Thanks in advance. - Doug - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Customized FeedbackPanel question
That is my backup plan. -- View this message in context: http://old.nabble.com/Customized-FeedbackPanel-question-tp26613644p26614645.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
palette and event
I was trying to attach AjaxFormComponentUpdatingBehavior to palette and looks like I can't do it this way. Is there anyways to attach action to palette change event. Here is my code. Appreciate you feedback PaletteDtAddDisplay affiliatePalette = new PaletteDtAddDisplay(affiliatePalette, new PropertyModel(this.getModel(),allFilteredDtAdd), affiliateRenderer, 12, false); affiliatePalette.add(new AjaxFormComponentUpdatingBehavior(onchange) { protected void onUpdate(AjaxRequestTarget target) { } });
Re: palette and event
http://www.mail-archive.com/users@wicket.apache.org/msg14153.html 2009/12/2 Swarnim Ranjitkar swarn...@hotmail.com: I was trying to attach AjaxFormComponentUpdatingBehavior to palette and looks like I can't do it this way. Is there anyways to attach action to palette change event. Here is my code. Appreciate you feedback PaletteDtAddDisplay affiliatePalette = new PaletteDtAddDisplay(affiliatePalette, new PropertyModel(this.getModel(),allFilteredDtAdd), affiliateRenderer, 12, false); affiliatePalette.add(new AjaxFormComponentUpdatingBehavior(onchange) { protected void onUpdate(AjaxRequestTarget target) { } }); - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: palette and event
http://issues.apache.org/jira/browse/WICKET-1574 2009/12/2 Swarnim Ranjitkar swarn...@hotmail.com: I was trying to attach AjaxFormComponentUpdatingBehavior to palette and looks like I can't do it this way. Is there anyways to attach action to palette change event. Here is my code. Appreciate you feedback PaletteDtAddDisplay affiliatePalette = new PaletteDtAddDisplay(affiliatePalette, new PropertyModel(this.getModel(),allFilteredDtAdd), affiliateRenderer, 12, false); affiliatePalette.add(new AjaxFormComponentUpdatingBehavior(onchange) { protected void onUpdate(AjaxRequestTarget target) { } }); - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
RE: making tinyMce TextArea readonly
Yeah, would be good to update the whole tinyMCE thing. It's SO popular! It's rather outdated from what's on tinyMCE site. It should really be repackaged with some helper stuff like setReadOnly(true/false). And provide with a convenient tabbed panel for HTML/RAW edit window. Anyone who knows how to wants to help? -Original Message- From: tubin gen [mailto:fachh...@gmail.com] Sent: Wednesday, December 02, 2009 11:34 AM To: users Subject: making tinyMce TextArea readonly I ma trying to make TextArea with TinyMce behaviour readonly , I added the following custom settings but it did not work tinyMCESettings.addCustomSetting(readonly : true); tinyMCESettings.addCustomSetting(mode : textareas); please suggest me how to make it readonly ? - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Wicket 1.5 experiences
Anyone? 2009-12-01 23:17 keltezéssel, Major Péter írta: Hi, I'm trying to make my project 1.5-compatible, but I had run into two issues: First I was stumbled when saw IComponentBorder has been deleted, but after some Googling I found the corresponding ticket: https://issues.apache.org/jira/browse/WICKET-2280 Okay, that's great, but I can't see this @deprecation javadoc in my 1.4.3 source code (downloaded by maven), so could this commit just missed somehow in the 1.4-releasing? Another thing is, that I have problems with EJB injecting: - with Wicket 1.3 - Wicket 1.4 I saw that ComponentInjector moved into wicket-ioc (great, caused me some headache) - now Wicket 1.4 - Wicket 1.5 I'm unable again to use wicket-contrib-javaee like JavaEEComponentInjector, because ComponentInjector is deleted now. (see 830078 commit via Igor). Now my only question would be: how can I use @EJB annotation, now that this class is deleted (okay I could rewrite it, but I'd happy to hear better ways)? Or anyway, how can I use my EJB's the _right_ way, what would you recommend? (I can see, that you don't like @EJB annotation, I just guess, that you have a better approach then..) Any help would be really appreciated. Best Regards, Peter - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Has anybody seen this before?
[Ljava.lang.String; cannot be cast to java.lang.String java.lang.ClassCastException:[Ljava.lang.String; cannot be cast to java.lang.String org.apache.wicket.request.target.coding.BookmarkablePageRequestTargetUrlCodingStrategy.decode(BookmarkablePageRequestTargetUrlCodingStrategy.java:91) org.apache.wicket.protocol.http.request.WebRequestCodingStrategy.targetForRequest(WebRequestCodingStrategy.java:507) - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Wicket 1.5 experiences
no, there is no approximate release date. -igor 2009/12/2 Major Péter majorpe...@sch.bme.hu: Anyone? 2009-12-01 23:17 keltezéssel, Major Péter írta: Hi, I'm trying to make my project 1.5-compatible, but I had run into two issues: First I was stumbled when saw IComponentBorder has been deleted, but after some Googling I found the corresponding ticket: https://issues.apache.org/jira/browse/WICKET-2280 Okay, that's great, but I can't see this @deprecation javadoc in my 1.4.3 source code (downloaded by maven), so could this commit just missed somehow in the 1.4-releasing? Another thing is, that I have problems with EJB injecting: - with Wicket 1.3 - Wicket 1.4 I saw that ComponentInjector moved into wicket-ioc (great, caused me some headache) - now Wicket 1.4 - Wicket 1.5 I'm unable again to use wicket-contrib-javaee like JavaEEComponentInjector, because ComponentInjector is deleted now. (see 830078 commit via Igor). Now my only question would be: how can I use @EJB annotation, now that this class is deleted (okay I could rewrite it, but I'd happy to hear better ways)? Or anyway, how can I use my EJB's the _right_ way, what would you recommend? (I can see, that you don't like @EJB annotation, I just guess, that you have a better approach then..) Any help would be really appreciated. Best Regards, Peter - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Wicket 1.5 experiences
IMO, looking up EJBs through JNDI is better than relying on injection. Make the hostname (localhost, another ip, etc) part of the JNDI URL configurable and you give yourself the flexibility of being able to deploy them locally or in another VM. If you are using EJBs with JPA this will allow your load balanced web applications to all use the same EJB and therefore the same EntityManager, ensuring that your merge operations work correctly and you can catch OptimisticLockExceptions properly. Craig _ From: Major Péter [mailto:majorpe...@sch.bme.hu] To: users@wicket.apache.org Sent: Wed, 02 Dec 2009 19:00:26 -0500 Subject: Re: Wicket 1.5 experiences Anyone? 2009-12-01 23:17 keltezéssel, Major Péter írta: Hi, I'm trying to make my project 1.5-compatible, but I had run into two issues: First I was stumbled when saw IComponentBorder has been deleted, but after some Googling I found the corresponding ticket: https://issues.apache.org/jira/browse/WICKET-2280 Okay, that's great, but I can't see this @deprecation javadoc in my 1.4.3 source code (downloaded by maven), so could this commit just missed somehow in the 1.4-releasing? Another thing is, that I have problems with EJB injecting: - with Wicket 1.3 - Wicket 1.4 I saw that ComponentInjector moved into wicket-ioc (great, caused me some headache) - now Wicket 1.4 - Wicket 1.5 I'm unable again to use wicket-contrib-javaee like JavaEEComponentInjector, because ComponentInjector is deleted now. (see 830078 commit via Igor). Now my only question would be: how can I use @EJB annotation, now that this class is deleted (okay I could rewrite it, but I'd happy to hear better ways)? Or anyway, how can I use my EJB's the _right_ way, what would you recommend? (I can see, that you don't like @EJB annotation, I just guess, that you have a better approach then..) Any help would be really appreciated. Best Regards, Peter - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Wicket 1.5 experiences
We are fr away from clustering or using VM's. :) I heard lately about EJB proxy classes, which would do the lookup, and they also could create log entries in web layer, who's trying to call a specific business method from what IP. This could be also fun. Regards, Peter 2009-12-03 03:46 keltezéssel, McIlwee, Craig írta: IMO, looking up EJBs through JNDI is better than relying on injection. Make the hostname (localhost, another ip, etc) part of the JNDI URL configurable and you give yourself the flexibility of being able to deploy them locally or in another VM. If you are using EJBs with JPA this will allow your load balanced web applications to all use the same EJB and therefore the same EntityManager, ensuring that your merge operations work correctly and you can catch OptimisticLockExceptions properly. Craig _ From: Major Péter [mailto:majorpe...@sch.bme.hu] To: users@wicket.apache.org Sent: Wed, 02 Dec 2009 19:00:26 -0500 Subject: Re: Wicket 1.5 experiences Anyone? 2009-12-01 23:17 keltezéssel, Major Péter írta: Hi, I'm trying to make my project 1.5-compatible, but I had run into two issues: First I was stumbled when saw IComponentBorder has been deleted, but after some Googling I found the corresponding ticket: https://issues.apache.org/jira/browse/WICKET-2280 Okay, that's great, but I can't see this @deprecation javadoc in my 1.4.3 source code (downloaded by maven), so could this commit just missed somehow in the 1.4-releasing? Another thing is, that I have problems with EJB injecting: - with Wicket 1.3 - Wicket 1.4 I saw that ComponentInjector moved into wicket-ioc (great, caused me some headache) - now Wicket 1.4 - Wicket 1.5 I'm unable again to use wicket-contrib-javaee like JavaEEComponentInjector, because ComponentInjector is deleted now. (see 830078 commit via Igor). Now my only question would be: how can I use @EJB annotation, now that this class is deleted (okay I could rewrite it, but I'd happy to hear better ways)? Or anyway, how can I use my EJB's the _right_ way, what would you recommend? (I can see, that you don't like @EJB annotation, I just guess, that you have a better approach then..) Any help would be really appreciated. Best Regards, Peter - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: feedback messages
Thanks for ur help, Marco... :) GBU. On Mon, Nov 30, 2009 at 6:04 PM, Marco Mancini marcoman...@gmail.comwrote: Hi, Usualy i use this code: feedBackPanel.getFeedbackMessagesModel().setObject(null); target.addComponent(feedBackPanel); but i don't know if is it the right solution ^_^ Marco 2009/11/30 Gw not4spamm...@gmail.com Hi all, Anybody knows how to prevent feedback messages from being cleaned up when an Ajax Link (IndicatingAjaxFallbackLink) is clicked? Thanx for your help. Regards, Mike
Query related to displaying ListView items in a particular way
Hi, I have a List View. I want to display the items in this list view in 2 columns. The logic for this is as follows: If only 1 item in list then there will 1 item in left columns, and no right column. For 2 items there will be 1 item in left and 1 in right. For 3 items there will be 1st item in left and then 2nd in right and in the next line 3rd in left. For 4 items there will be 1st item in left and then 2nd in right and in the next line 3rd in left and 4th in right. And so on for N items. How can I achieve this? I am interested in both, the HTML markup code. Thanks. Regards, Vinay Karmarkar Please do not print this email unless it is absolutely necessary. The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com
Re: Query related to displaying ListView items in a particular way
see GridView -igor On Wed, Dec 2, 2009 at 10:03 PM, vinay.karmar...@wipro.com wrote: Hi, I have a List View. I want to display the items in this list view in 2 columns. The logic for this is as follows: If only 1 item in list then there will 1 item in left columns, and no right column. For 2 items there will be 1 item in left and 1 in right. For 3 items there will be 1st item in left and then 2nd in right and in the next line 3rd in left. For 4 items there will be 1st item in left and then 2nd in right and in the next line 3rd in left and 4th in right. And so on for N items. How can I achieve this? I am interested in both, the HTML markup code. Thanks. Regards, Vinay Karmarkar Please do not print this email unless it is absolutely necessary. The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Query related to displaying ListView items in a particular way
take a look at gridview On Thu, Dec 3, 2009 at 11:33 AM, vinay.karmar...@wipro.com wrote: Hi, I have a List View. I want to display the items in this list view in 2 columns. The logic for this is as follows: If only 1 item in list then there will 1 item in left columns, and no right column. For 2 items there will be 1 item in left and 1 in right. For 3 items there will be 1st item in left and then 2nd in right and in the next line 3rd in left. For 4 items there will be 1st item in left and then 2nd in right and in the next line 3rd in left and 4th in right. And so on for N items. How can I achieve this? I am interested in both, the HTML markup code. Thanks. Regards, Vinay Karmarkar Please do not print this email unless it is absolutely necessary. The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com -- regards, Vineet Semwal
Re: Has anybody seen this before?
using OSGi or some other weird thing? Ernesto On Thu, Dec 3, 2009 at 1:11 AM, Douglas Ferguson doug...@douglasferguson.us wrote: [Ljava.lang.String; cannot be cast to java.lang.String java.lang.ClassCastException:[Ljava.lang.String; cannot be cast to java.lang.String org.apache.wicket.request.target.coding.BookmarkablePageRequestTargetUrlCodingStrategy.decode(BookmarkablePageRequestTargetUrlCodingStrategy.java:91) org.apache.wicket.protocol.http.request.WebRequestCodingStrategy.targetForRequest(WebRequestCodingStrategy.java:507) - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Has anybody seen this before?
do you have two query string parameters with the same name? -igor On Wed, Dec 2, 2009 at 4:11 PM, Douglas Ferguson doug...@douglasferguson.us wrote: [Ljava.lang.String; cannot be cast to java.lang.String java.lang.ClassCastException:[Ljava.lang.String; cannot be cast to java.lang.String org.apache.wicket.request.target.coding.BookmarkablePageRequestTargetUrlCodingStrategy.decode(BookmarkablePageRequestTargetUrlCodingStrategy.java:91) org.apache.wicket.protocol.http.request.WebRequestCodingStrategy.targetForRequest(WebRequestCodingStrategy.java:507) - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org