Re: setting and reading a JS variable from Wicket?

2011-11-03 Thread anantasthana 
You can pass variables to wicket using 
wcall
like:
var wcall =
wicketAjaxGet('${url}'+'?&lat='+p.coords.latitude.toFixed(2)+'&lon='+p.coords.longitude.toFixed(2));

now in my wicket web page i have a AbstractDefaultAjaxBehavior which
receives this value 

i am embedding this url for the AbstractDefaultAjaxBehavior
using 

vars.put("url",geo.getCallbackUrl().toString());
add(TextTemplateHeaderContributor.forJavaScript(MasterPage.class,"setLocation.js",Model.valueOf(vars)));

where vars is a hashmap.

--
View this message in context: 
http://apache-wicket.1842946.n4.nabble.com/setting-and-reading-a-JS-variable-from-Wicket-tp3989058p3989074.html
Sent from the Users forum mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

setting and reading a JS variable from Wicket?

2011-11-03 Thread infiniter 
I've got simple wizard implemented as a JS slider. In some steps there is a
skip button and in the last step you can save the data. So this is actually
just a form with controls in every slide, and the data in the steps that
were skipped must not be saved when submitting the form.
What I wanna do is to set up a flag when the skip button is clicked and
check it when submitting the form. So how can I accomplish this without
using Ajax or workarounds like creating a hidden field and setting it a
value when the skip button is clicked?
So basically I want to avoid an unnecessary trips to server via Ajax or
extra fields in the form.

--
View this message in context: 
http://apache-wicket.1842946.n4.nabble.com/setting-and-reading-a-JS-variable-from-Wicket-tp3989058p3989058.html
Sent from the Users forum mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Why would this cause an error, session sharing and session classcast issues

2011-11-03 Thread Brown, Berlin [GCG-PFS] 
Using wicket 1.4.13 (yea, I know I need to upgrade)
 
I am getting a classcastexception error on wicket session classes with
session sharing between webapps.  This feature is supported by our web
application server, IBM WebSphere
 
Most of the time this works fine but for some reason, we get the error.
 
Here is the setup.
 
WebApp1:
 
web.xml:
 
   
   WebApp1
   /WebApp1/*
   
 
WebApp2:
 
web.xml:
 
   
   WebApp2
   /WebApp2/*
   
 
 
  WebApp2
 
org.apache.wicket.protocol.http.WicketServlet
 
...
 
When I look at the session attributes, I get a list like this:  There
are distinct instances of wicket sessions for the two applications.
 
wicket:WebApp1:session com.WebApp1Session@760e760e
 
wicket:WebApp2:session com.WebApp2Session@560e760e
 
 
But for some reason, if a user visits WebApp1 and then WebApp2,  a call
to:
 
Java code from WebApp1
 
(WebApp2Session) Session.get():
 
That code above will generate a classcastexception.
 
What do you think could be going on?  Why would it work most of the time
but why would I get the error some of the time.  How does Session.get()
work?
 
My only theory is that there is some kind of static class variable
within wicket that is shared between the two web apps that is the
causing some kind of issue.

Re: Hiding subclass components

2011-11-03 Thread Igor Vaynberg 
its not in 1.5

-igor

On Thu, Nov 3, 2011 at 3:01 PM, Allen Gilbert  wrote:
> Override MarkupContainer.add()? It's final, so I can't...
>
> On Thu, Nov 3, 2011 at 4:46 PM, Igor Vaynberg  wrote:
>> override add() and funnel everything into a non-transparent 
>> webmarkupcontainer.
>>
>> -igor
>>
>> On Thu, Nov 3, 2011 at 2:40 PM, Allen Gilbert  
>> wrote:
>>> Hello,
>>>
>>> I've defined an abstract subclass of WebPage (BasePage) that knows
>>> whether or not a user can access the content of any concrete page.  If
>>> a user does not have access, I don't want to block them from landing
>>> on the page; instead, I'd like to show some page-specific content
>>> instructing them how they can gain access to it.  The structure of
>>> that content is the same across all of my pages, so I'd like BasePage
>>> to a) define the markup necessary to display it, and b) hide its
>>> subclass's content when necessary.  I came up with the following
>>> approach, defining childContent as a transparent resolver:
>>>
>>> BasePage.html
>>> ...
>>> 
>>>    
>>> 
>>> ...
>>>
>>> BasePage.java
>>> ...
>>> WebMarkupContainer childContent = new WebMarkupContainer("childContent") {
>>>   @Override
>>>   public boolean isTransparentResolver() {
>>>      return true;
>>>   }
>>> };
>>> childContent.setVisible(isAccessible);
>>> add(childContent);
>>> ...
>>>
>>> Although this works, I have run into problems related to the
>>> transparent resolver (e.g.
>>> http://wicket-users.markmail.org/search/?q=#query:+page:1+mid:3gmjcjrggaxdrek2+state:results).
>>>  The only other approach I can think of is to add code to each
>>> BasePage subclass that will hide its components when isAccessible is
>>> false, but that seems fairly redundant.  Any other ideas?  Aside from
>>> defining a transparent resolver (not recommended, and apparently
>>> removed in 1.5), is there a design flaw to this approach?
>>>
>>> I'm using Wicket 1.4.18.
>>>
>>> Thanks for your help!
>>>
>>> -Allen
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>>> For additional commands, e-mail: users-h...@wicket.apache.org
>>>
>>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>> For additional commands, e-mail: users-h...@wicket.apache.org
>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Re: Hiding subclass components

2011-11-03 Thread Allen Gilbert 
Override MarkupContainer.add()? It's final, so I can't...

On Thu, Nov 3, 2011 at 4:46 PM, Igor Vaynberg  wrote:
> override add() and funnel everything into a non-transparent 
> webmarkupcontainer.
>
> -igor
>
> On Thu, Nov 3, 2011 at 2:40 PM, Allen Gilbert  wrote:
>> Hello,
>>
>> I've defined an abstract subclass of WebPage (BasePage) that knows
>> whether or not a user can access the content of any concrete page.  If
>> a user does not have access, I don't want to block them from landing
>> on the page; instead, I'd like to show some page-specific content
>> instructing them how they can gain access to it.  The structure of
>> that content is the same across all of my pages, so I'd like BasePage
>> to a) define the markup necessary to display it, and b) hide its
>> subclass's content when necessary.  I came up with the following
>> approach, defining childContent as a transparent resolver:
>>
>> BasePage.html
>> ...
>> 
>>    
>> 
>> ...
>>
>> BasePage.java
>> ...
>> WebMarkupContainer childContent = new WebMarkupContainer("childContent") {
>>   @Override
>>   public boolean isTransparentResolver() {
>>      return true;
>>   }
>> };
>> childContent.setVisible(isAccessible);
>> add(childContent);
>> ...
>>
>> Although this works, I have run into problems related to the
>> transparent resolver (e.g.
>> http://wicket-users.markmail.org/search/?q=#query:+page:1+mid:3gmjcjrggaxdrek2+state:results).
>>  The only other approach I can think of is to add code to each
>> BasePage subclass that will hide its components when isAccessible is
>> false, but that seems fairly redundant.  Any other ideas?  Aside from
>> defining a transparent resolver (not recommended, and apparently
>> removed in 1.5), is there a design flaw to this approach?
>>
>> I'm using Wicket 1.4.18.
>>
>> Thanks for your help!
>>
>> -Allen
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>> For additional commands, e-mail: users-h...@wicket.apache.org
>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Re: Hiding subclass components

2011-11-03 Thread Igor Vaynberg 
override add() and funnel everything into a non-transparent webmarkupcontainer.

-igor

On Thu, Nov 3, 2011 at 2:40 PM, Allen Gilbert  wrote:
> Hello,
>
> I've defined an abstract subclass of WebPage (BasePage) that knows
> whether or not a user can access the content of any concrete page.  If
> a user does not have access, I don't want to block them from landing
> on the page; instead, I'd like to show some page-specific content
> instructing them how they can gain access to it.  The structure of
> that content is the same across all of my pages, so I'd like BasePage
> to a) define the markup necessary to display it, and b) hide its
> subclass's content when necessary.  I came up with the following
> approach, defining childContent as a transparent resolver:
>
> BasePage.html
> ...
> 
>    
> 
> ...
>
> BasePage.java
> ...
> WebMarkupContainer childContent = new WebMarkupContainer("childContent") {
>   @Override
>   public boolean isTransparentResolver() {
>      return true;
>   }
> };
> childContent.setVisible(isAccessible);
> add(childContent);
> ...
>
> Although this works, I have run into problems related to the
> transparent resolver (e.g.
> http://wicket-users.markmail.org/search/?q=#query:+page:1+mid:3gmjcjrggaxdrek2+state:results).
>  The only other approach I can think of is to add code to each
> BasePage subclass that will hide its components when isAccessible is
> false, but that seems fairly redundant.  Any other ideas?  Aside from
> defining a transparent resolver (not recommended, and apparently
> removed in 1.5), is there a design flaw to this approach?
>
> I'm using Wicket 1.4.18.
>
> Thanks for your help!
>
> -Allen
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Hiding subclass components

2011-11-03 Thread Allen Gilbert 
Hello,

I've defined an abstract subclass of WebPage (BasePage) that knows
whether or not a user can access the content of any concrete page.  If
a user does not have access, I don't want to block them from landing
on the page; instead, I'd like to show some page-specific content
instructing them how they can gain access to it.  The structure of
that content is the same across all of my pages, so I'd like BasePage
to a) define the markup necessary to display it, and b) hide its
subclass's content when necessary.  I came up with the following
approach, defining childContent as a transparent resolver:

BasePage.html
...

   

...

BasePage.java
...
WebMarkupContainer childContent = new WebMarkupContainer("childContent") {
   @Override
   public boolean isTransparentResolver() {
  return true;
   }
};
childContent.setVisible(isAccessible);
add(childContent);
...

Although this works, I have run into problems related to the
transparent resolver (e.g.
http://wicket-users.markmail.org/search/?q=#query:+page:1+mid:3gmjcjrggaxdrek2+state:results).
 The only other approach I can think of is to add code to each
BasePage subclass that will hide its components when isAccessible is
false, but that seems fairly redundant.  Any other ideas?  Aside from
defining a transparent resolver (not recommended, and apparently
removed in 1.5), is there a design flaw to this approach?

I'm using Wicket 1.4.18.

Thanks for your help!

-Allen

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Re: invalid URL when using a pageparameter that contains a quote

2011-11-03 Thread Ryan 
1.5.2 works as expected (no backslash in the url).

Ryan

On Thu, Nov 03, 2011 at 01:07:33PM -0700, Igor Vaynberg exclaimed:

>Does it happen with 1.5.x?
>
>-igor
>On Nov 3, 2011 12:20 PM, "Ryan"  wrote:
>
>> Using Wicket 1.4.19 and doing something simple such as this:
>>
>> public HomePage(final PageParameters parameters) {
>>parameters.add("meh", "someone's link");
>>add(new BookmarkablePageLink("link",HomePage.class,
>> parameters));
>> }
>>
>> The url that is generated for the link is:
>> 127.0.0.1:8080/myproject/test/meh/someone\'s link
>>
>> If you then click the link the new url is:
>> 127.0.0.1:8080/myproject/test/meh/someone\\'s link/meh/someone\'s link
>>
>> This happens because JavascriptUtils.escapeQuotes() gets called on the
>> pageparameters. Am I missing something or is this just a bug? If it is a
>> bug I am happy to file a jira issue with a quickstart attached.
>>
>> Thanks,
>> Ryan
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>> For additional commands, e-mail: users-h...@wicket.apache.org
>>
>>

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Re: invalid URL when using a pageparameter that contains a quote

2011-11-03 Thread Igor Vaynberg 
Does it happen with 1.5.x?

-igor
On Nov 3, 2011 12:20 PM, "Ryan"  wrote:

> Using Wicket 1.4.19 and doing something simple such as this:
>
> public HomePage(final PageParameters parameters) {
>parameters.add("meh", "someone's link");
>add(new BookmarkablePageLink("link",HomePage.class,
> parameters));
> }
>
> The url that is generated for the link is:
> 127.0.0.1:8080/myproject/test/meh/someone\'s link
>
> If you then click the link the new url is:
> 127.0.0.1:8080/myproject/test/meh/someone\\'s link/meh/someone\'s link
>
> This happens because JavascriptUtils.escapeQuotes() gets called on the
> pageparameters. Am I missing something or is this just a bug? If it is a
> bug I am happy to file a jira issue with a quickstart attached.
>
> Thanks,
> Ryan
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>

invalid URL when using a pageparameter that contains a quote

2011-11-03 Thread Ryan 
Using Wicket 1.4.19 and doing something simple such as this:

public HomePage(final PageParameters parameters) {
parameters.add("meh", "someone's link");
add(new BookmarkablePageLink("link",HomePage.class, parameters));
}

The url that is generated for the link is:
127.0.0.1:8080/myproject/test/meh/someone\'s link

If you then click the link the new url is:
127.0.0.1:8080/myproject/test/meh/someone\\'s link/meh/someone\'s link

This happens because JavascriptUtils.escapeQuotes() gets called on the
pageparameters. Am I missing something or is this just a bug? If it is a
bug I am happy to file a jira issue with a quickstart attached. 

Thanks,
Ryan

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Re: abort loading lazy components

2011-11-03 Thread Martin Grigorov 
Here is something that I didn't know so far:
http://stackoverflow.com/questions/930237/javascript-cancel-stop-image-requests/1468452#1468452

It seems there is a way to simulate browser's stop button with JavaScript.
Try to use that code from IAjaxCallDecorator#decorateScript() for your
AjaxLink.

On Thu, Nov 3, 2011 at 3:00 PM, Michal Wegrzyn  wrote:
> I've just debugged and indeed problem is that there is no component with id 
> "29".
> So clearly Wicket looks for an lazy "children" component from outdated 
> DataView component.
>
> Michal
>
>> -Original Message-
>> From: Michal Wegrzyn [mailto:michal.wegr...@onior.com]
>> Sent: Wednesday, November 02, 2011 16:11
>> To: users@wicket.apache.org
>> Subject: RE: abort loading lazy components
>>
>> It is triggered when there is already new "itemList" (it extends
>> DataView), so I suppose that
>> PageAndComponentProvider looks for "itemList:29", which does not exists
>> anymore.
>>
>> Scenario:
>>
>> - Page is loaded but lazy components
>> ('folders:listContainer:itemList:itemPanel:folder:children') are still
>> loading
>> - User triggers folder change (itemList is replaced)
>> - Exception occurs
>>
>> If user triggers folder change when lazy components are completely
>> loaded (or during loading the last one) there is no exception at all.
>>
>> Best Regards,
>> Michal Wegrzyn
>>
>> -Original Message-
>> From: Martin Grigorov [mailto:mgrigo...@apache.org]
>> Sent: Wednesday, November 02, 2011 15:54
>> To: users@wicket.apache.org
>> Subject: Re: abort loading lazy components
>>
>> On Wed, Nov 2, 2011 at 4:49 PM, Michal Wegrzyn
>>  wrote:
>> > 15:32:24.028 user [http--5] ERROR
>> o.a.wicket.DefaultExceptionMapper - Unexpected error occurred
>> > org.apache.wicket.request.handler.ComponentNotFoundException: Could
>> not find component
>> 'folders:listContainer:itemList:29:itemPanel:folder:children' on page
>> 'class package.MyPage
>>
>> Do you know how this is triggered ?
>
>



-- 
Martin Grigorov
jWeekend
Training, Consulting, Development
http://jWeekend.com

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Re: what could have caused this: a page ID in listener URL getting a wrong page instance

2011-11-03 Thread Kent Tong 
Hi Martijn,

Thanks for the pointer! I'll give it a go.




-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Re: HTTP Response Splitting issue when reaching Wicket through AJP

2011-11-03 Thread Igor Vaynberg 
please create a jira issue.

-igor

On Thu, Nov 3, 2011 at 7:02 AM, Gert-Jan Schouten
 wrote:
> Hello!
>
> The problem is that a hacker can now post URL's that look like they're going
> to your site on some forum or in an email. But when the user actually clicks
> on the link, a custom header could redirect the user to a malicious site. In
> the example, I used "EvilHeader", but it could be any header, like an HTTP
> 301 redirect. Basically, the hacker can include any header he wants in the
> response that the user is going to get when he clicks on the link.
>
> For a more detailed description of HTTP Response Splitting (which is on the
> OWASP list of security vulnerabilities), you can check:
>
> https://www.owasp.org/index.php/HTTP_Response_Splitting
> http://www.acunetix.com/vulnerabilities/CRLF-injectionHTTP-respon.htm
> http://packetstormsecurity.org/papers/general/whitepaper_httpresponse.pdf
> http://www.infosecwriters.com/text_resources/pdf/HTTP_Response.pdf
>
> Cheers,
>
> Gert-Jan
>
>
>
> *Gert-Jan Schouten
> Java Developer*
>
> Roboreus
> 175 High Holborn
> London WC1V 7AA
> T: +44 (0) 7832916802
> E: gert-jan.schou...@roboreus.com
> Skype: gert.jan.schouten
>
>
> On 03/11/11 12:49, Martin Grigorov wrote:
>>
>> Hi,
>>
>> Can you describe what exactly is the problem with these custom headers ?
>>
>> On Thu, Nov 3, 2011 at 2:04 PM, Gert-Jan Schouten
>>   wrote:
>>>
>>> Hello all,
>>>
>>> When having a Wicket application installed on Tomcat and you call that
>>> application through HTTP, Wicket is protected against HTTP Response
>>> Splitting. However, when you call Tomcat through AJP (for example through
>>> an
>>> apache httpd proxy), HTTP Response Splitting becomes possible.
>>>
>>> To demonstrate, I created a simple application and called it through an
>>> AJP
>>> proxy with the curl command:
>>>
>>> curl --max-redirs 0 -Dfoo
>>>
>>> 'http:///myapp/home?wicket:bookmarkablePage=:org.apache.wicket.markup.html.pages.BrowserInfoPage&cto=Foobar%3f%0d%0aEvilHeader:%20SPLIT%2f-%0d%0aAnotherEvilHeader:%20HEADER'
>>>
>>> Note the '%0d%0a', a CRLF in the request. When calling Wicket through
>>> Tomcat, these are replaced by spaces, but when calling Wicket through
>>> AJP,
>>> these are left intact, getting us the following response:
>>>
>>> HTTP/1.1 302 Moved Temporarily
>>> Date: Wed, 02 Nov 2011 14:34:32 GMT
>>> Server: Apache
>>> Set-Cookie: JSESSIONID=4F403B53D091B40F6C3FBC2321A2E348.pub-app04;
>>> Path=/myapp; HttpOnly Location:
>>>
>>> http:///myapp/Foobar;jsessionid=4F403B53D091B40F6C3FBC2321A2E348.pub-app04?
>>> EvilHeader: SPLIT/-
>>> AnotherEvilHeader: HEADER
>>> Content-Length: 0
>>> Connection: close
>>> Content-Type: text/plain; charset=UTF-8
>>>
>>> Here we have 2 Evil Headers, that could be inserted by hackers by adding
>>> %0d%0a to the get-request.
>>>
>>> Is there anything we can do about this? We use mod_jk 1.2.31 on our httpd
>>> server.
>>>
>>> Cheers!
>>>
>>> Gert-Jan
>>>
>>>
>>>
>>> --
>>>
>>> *Gert-Jan Schouten
>>> Java Developer*
>>>
>>>
>>
>>
>

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Re: Is there a way to be notified when a tab in a TabbedPanel is selected?

2011-11-03 Thread armandoxxx 
Just a question ... 

what happens with other instances ? are they "forgotten" (null-ed) ? 

My problem is that I'm trying to put a PDFObject (displays PDF file in a div
in a browser ) panel and JWPlayer (flash video player) into tab panel. So I
have to know if "older" versions of these panels are destroyed (nulled) when
I switch the tab or whenever i reload my wrapping  panel (meaning panel
containing these panels). 

Kind regards

Armando



Martin Makundi wrote:
> 
> Yes, simply every time your panel is instantiated, it means someone
> navigated to the particular tab. You can monitor this also in your
> panel class.
> 
> **
> Martin
> 
> 


--
View this message in context: 
http://apache-wicket.1842946.n4.nabble.com/Is-there-a-way-to-be-notified-when-a-tab-in-a-TabbedPanel-is-selected-tp1877249p3986163.html
Sent from the Users forum mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Orders of CSS files

2011-11-03 Thread Илья Нарыжный 
Hello,

Is there some way to specify "final" CSS file which will be used by
browsers at the end - and that's why can rewrite some CSS rules?

We have following case: we use "wicketstuff tagit autocomplite" component.
This component contribute some CSS to the header. But we need to overwrite
some css rules: the best solution for this to place some overwriting rules
at the end of list of CSS files. But the problem is in that fact, that
Wicket adds all contributed to the header things at the end of the HEAD
file.

Thanks,

Ilia

Re: HTTP Response Splitting issue when reaching Wicket through AJP

2011-11-03 Thread Gert-Jan Schouten 

Hello!

The problem is that a hacker can now post URL's that look like they're 
going to your site on some forum or in an email. But when the user 
actually clicks on the link, a custom header could redirect the user to 
a malicious site. In the example, I used "EvilHeader", but it could be 
any header, like an HTTP 301 redirect. Basically, the hacker can include 
any header he wants in the response that the user is going to get when 
he clicks on the link.


For a more detailed description of HTTP Response Splitting (which is on 
the OWASP list of security vulnerabilities), you can check:


https://www.owasp.org/index.php/HTTP_Response_Splitting
http://www.acunetix.com/vulnerabilities/CRLF-injectionHTTP-respon.htm
http://packetstormsecurity.org/papers/general/whitepaper_httpresponse.pdf
http://www.infosecwriters.com/text_resources/pdf/HTTP_Response.pdf

Cheers,

Gert-Jan



*Gert-Jan Schouten
Java Developer*

Roboreus
175 High Holborn
London WC1V 7AA
T: +44 (0) 7832916802
E: gert-jan.schou...@roboreus.com
Skype: gert.jan.schouten


On 03/11/11 12:49, Martin Grigorov wrote:

Hi,

Can you describe what exactly is the problem with these custom headers ?

On Thu, Nov 3, 2011 at 2:04 PM, Gert-Jan Schouten
  wrote:

Hello all,

When having a Wicket application installed on Tomcat and you call that
application through HTTP, Wicket is protected against HTTP Response
Splitting. However, when you call Tomcat through AJP (for example through an
apache httpd proxy), HTTP Response Splitting becomes possible.

To demonstrate, I created a simple application and called it through an AJP
proxy with the curl command:

curl --max-redirs 0 -Dfoo
'http:///myapp/home?wicket:bookmarkablePage=:org.apache.wicket.markup.html.pages.BrowserInfoPage&cto=Foobar%3f%0d%0aEvilHeader:%20SPLIT%2f-%0d%0aAnotherEvilHeader:%20HEADER'

Note the '%0d%0a', a CRLF in the request. When calling Wicket through
Tomcat, these are replaced by spaces, but when calling Wicket through AJP,
these are left intact, getting us the following response:

HTTP/1.1 302 Moved Temporarily
Date: Wed, 02 Nov 2011 14:34:32 GMT
Server: Apache
Set-Cookie: JSESSIONID=4F403B53D091B40F6C3FBC2321A2E348.pub-app04;
Path=/myapp; HttpOnly Location:
http:///myapp/Foobar;jsessionid=4F403B53D091B40F6C3FBC2321A2E348.pub-app04?
EvilHeader: SPLIT/-
AnotherEvilHeader: HEADER
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Here we have 2 Evil Headers, that could be inserted by hackers by adding
%0d%0a to the get-request.

Is there anything we can do about this? We use mod_jk 1.2.31 on our httpd
server.

Cheers!

Gert-Jan



--

*Gert-Jan Schouten
Java Developer*

RE: abort loading lazy components

2011-11-03 Thread Michal Wegrzyn 
I've just debugged and indeed problem is that there is no component with id 
"29".
So clearly Wicket looks for an lazy "children" component from outdated DataView 
component.

Michal

> -Original Message-
> From: Michal Wegrzyn [mailto:michal.wegr...@onior.com]
> Sent: Wednesday, November 02, 2011 16:11
> To: users@wicket.apache.org
> Subject: RE: abort loading lazy components
> 
> It is triggered when there is already new "itemList" (it extends
> DataView), so I suppose that
> PageAndComponentProvider looks for "itemList:29", which does not exists
> anymore.
> 
> Scenario:
> 
> - Page is loaded but lazy components
> ('folders:listContainer:itemList:itemPanel:folder:children') are still
> loading
> - User triggers folder change (itemList is replaced)
> - Exception occurs
> 
> If user triggers folder change when lazy components are completely
> loaded (or during loading the last one) there is no exception at all.
> 
> Best Regards,
> Michal Wegrzyn
> 
> -Original Message-
> From: Martin Grigorov [mailto:mgrigo...@apache.org]
> Sent: Wednesday, November 02, 2011 15:54
> To: users@wicket.apache.org
> Subject: Re: abort loading lazy components
> 
> On Wed, Nov 2, 2011 at 4:49 PM, Michal Wegrzyn
>  wrote:
> > 15:32:24.028 user [http--5] ERROR
> o.a.wicket.DefaultExceptionMapper - Unexpected error occurred
> > org.apache.wicket.request.handler.ComponentNotFoundException: Could
> not find component
> 'folders:listContainer:itemList:29:itemPanel:folder:children' on page
> 'class package.MyPage
> 
> Do you know how this is triggered ?

Re: HTTP Response Splitting issue when reaching Wicket through AJP

2011-11-03 Thread Martin Grigorov 
Hi,

Can you describe what exactly is the problem with these custom headers ?

On Thu, Nov 3, 2011 at 2:04 PM, Gert-Jan Schouten
 wrote:
> Hello all,
>
> When having a Wicket application installed on Tomcat and you call that
> application through HTTP, Wicket is protected against HTTP Response
> Splitting. However, when you call Tomcat through AJP (for example through an
> apache httpd proxy), HTTP Response Splitting becomes possible.
>
> To demonstrate, I created a simple application and called it through an AJP
> proxy with the curl command:
>
> curl --max-redirs 0 -Dfoo
> 'http:///myapp/home?wicket:bookmarkablePage=:org.apache.wicket.markup.html.pages.BrowserInfoPage&cto=Foobar%3f%0d%0aEvilHeader:%20SPLIT%2f-%0d%0aAnotherEvilHeader:%20HEADER'
>
> Note the '%0d%0a', a CRLF in the request. When calling Wicket through
> Tomcat, these are replaced by spaces, but when calling Wicket through AJP,
> these are left intact, getting us the following response:
>
> HTTP/1.1 302 Moved Temporarily
> Date: Wed, 02 Nov 2011 14:34:32 GMT
> Server: Apache
> Set-Cookie: JSESSIONID=4F403B53D091B40F6C3FBC2321A2E348.pub-app04;
> Path=/myapp; HttpOnly Location:
> http:///myapp/Foobar;jsessionid=4F403B53D091B40F6C3FBC2321A2E348.pub-app04?
> EvilHeader: SPLIT/-
> AnotherEvilHeader: HEADER
> Content-Length: 0
> Connection: close
> Content-Type: text/plain; charset=UTF-8
>
> Here we have 2 Evil Headers, that could be inserted by hackers by adding
> %0d%0a to the get-request.
>
> Is there anything we can do about this? We use mod_jk 1.2.31 on our httpd
> server.
>
> Cheers!
>
> Gert-Jan
>
>
>
> --
>
> *Gert-Jan Schouten
> Java Developer*
>
>



-- 
Martin Grigorov
jWeekend
Training, Consulting, Development
http://jWeekend.com

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

HTTP Response Splitting issue when reaching Wicket through AJP

2011-11-03 Thread Gert-Jan Schouten 

Hello all,

When having a Wicket application installed on Tomcat and you call that 
application through HTTP, Wicket is protected against HTTP Response 
Splitting. However, when you call Tomcat through AJP (for example 
through an apache httpd proxy), HTTP Response Splitting becomes possible.


To demonstrate, I created a simple application and called it through an 
AJP proxy with the curl command:


curl --max-redirs 0 -Dfoo 
'http:///myapp/home?wicket:bookmarkablePage=:org.apache.wicket.markup.html.pages.BrowserInfoPage&cto=Foobar%3f%0d%0aEvilHeader:%20SPLIT%2f-%0d%0aAnotherEvilHeader:%20HEADER'


Note the '%0d%0a', a CRLF in the request. When calling Wicket through 
Tomcat, these are replaced by spaces, but when calling Wicket through 
AJP, these are left intact, getting us the following response:


HTTP/1.1 302 Moved Temporarily
Date: Wed, 02 Nov 2011 14:34:32 GMT
Server: Apache
Set-Cookie: JSESSIONID=4F403B53D091B40F6C3FBC2321A2E348.pub-app04; 
Path=/myapp; HttpOnly Location: 
http:///myapp/Foobar;jsessionid=4F403B53D091B40F6C3FBC2321A2E348.pub-app04?

EvilHeader: SPLIT/-
AnotherEvilHeader: HEADER
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Here we have 2 Evil Headers, that could be inserted by hackers by adding 
%0d%0a to the get-request.


Is there anything we can do about this? We use mod_jk 1.2.31 on our 
httpd server.


Cheers!

Gert-Jan



--

*Gert-Jan Schouten
Java Developer*

Re: Capturing requests to bookmarkable page and respond with 'static' page

2011-11-03 Thread Dirk Forchel 
Yes, but not on my local machine. Strange enough, only the Panel example
updates the name attribute correctly ... 
Oh dear, I found the problem. My local IDE made the String "name" final. So
the PropertyModel could not update the value correctly. Now it works.
Cheers.

--
View this message in context: 
http://apache-wicket.1842946.n4.nabble.com/Capturing-requests-to-bookmarkable-page-and-respond-with-static-page-tp3984679p3985101.html
Sent from the Users forum mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Re: what could have caused this: a page ID in listener URL getting a wrong page instance

2011-11-03 Thread Martijn Dashorst 
Upgrade to latest in 1.4.x. AFAIK there were some issues with session
sharing due to lingering thread locals.

Martijn

On Thu, Nov 3, 2011 at 10:47 AM, Kent Tong  wrote:
> Hi,
>
> My users are frequently getting "internal errors" after a few minutes
> of inactivity. From the log I can see that mostly this is caused by:
>
> org.apache.wicket.WicketRuntimeException: component foo not found
> on page XYZ[id = 3], listener interface...
>
> The weird thing is that there is no "foo" component on page XYZ, but
> it is on page ABC. It means that while the browser believes that page
> 3 is an instance of ABC, actually it is an instance of XYZ.
>
> What could have caused this? I know this is a long shot, but just to
> see if there is any (remote) ideas. I can rule out session expiration
> as it only took a few minutes to occur.
>
> We're using Wicket 1.4.9.
>
> Thanks in advance!
>
> --
> Kent Tong
> Useful & FREE software at http://www2.cpttm.org.mo/cyberlab/freeware
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>



-- 
Become a Wicket expert, learn from the best: http://wicketinaction.com

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Re: Capturing requests to bookmarkable page and respond with 'static' page

2011-11-03 Thread Martin Grigorov 
On Thu, Nov 3, 2011 at 12:04 PM, Martin Grigorov  wrote:
> On Thu, Nov 3, 2011 at 12:01 PM, Dirk Forchel  wrote:
>> Hi Martin,
>> do you mean the "asemail" package with the MailTemplate page? Unfortunately
>> this example is not visible live (see
>> http://www.wicket-library.com/wicket-examples/index.html). But I'm able to
>
> I'll update that site soon.
>
>> run these examples locally with the latest checkout. But if you type in your
>> name into the input field, the generated markup with WebPage and with
>> TextTemplate has no name included (works only with Panel).
>
> All demos work OK here.
Also work fine at http://www.wicket-library.com/wicket-examples/mailtemplate/
>
>>
>> I know, that the UrlCodingStrategies are gone in Wicket 1.5 but it would be
>> great to have the simple examples from the "staticpages" package back.
>
> Patches are welcome!
>
>>
>> --
>> View this message in context: 
>> http://apache-wicket.1842946.n4.nabble.com/Capturing-requests-to-bookmarkable-page-and-respond-with-static-page-tp3984679p3984880.html
>> Sent from the Users forum mailing list archive at Nabble.com.
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>> For additional commands, e-mail: users-h...@wicket.apache.org
>>
>>
>
>
>
> --
> Martin Grigorov
> jWeekend
> Training, Consulting, Development
> http://jWeekend.com
>



-- 
Martin Grigorov
jWeekend
Training, Consulting, Development
http://jWeekend.com

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Re: Capturing requests to bookmarkable page and respond with 'static' page

2011-11-03 Thread Martin Grigorov 
On Thu, Nov 3, 2011 at 12:01 PM, Dirk Forchel  wrote:
> Hi Martin,
> do you mean the "asemail" package with the MailTemplate page? Unfortunately
> this example is not visible live (see
> http://www.wicket-library.com/wicket-examples/index.html). But I'm able to

I'll update that site soon.

> run these examples locally with the latest checkout. But if you type in your
> name into the input field, the generated markup with WebPage and with
> TextTemplate has no name included (works only with Panel).

All demos work OK here.

>
> I know, that the UrlCodingStrategies are gone in Wicket 1.5 but it would be
> great to have the simple examples from the "staticpages" package back.

Patches are welcome!

>
> --
> View this message in context: 
> http://apache-wicket.1842946.n4.nabble.com/Capturing-requests-to-bookmarkable-page-and-respond-with-static-page-tp3984679p3984880.html
> Sent from the Users forum mailing list archive at Nabble.com.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>



-- 
Martin Grigorov
jWeekend
Training, Consulting, Development
http://jWeekend.com

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Re: Capturing requests to bookmarkable page and respond with 'static' page

2011-11-03 Thread Dirk Forchel 
Hi Martin,
do you mean the "asemail" package with the MailTemplate page? Unfortunately
this example is not visible live (see
http://www.wicket-library.com/wicket-examples/index.html). But I'm able to
run these examples locally with the latest checkout. But if you type in your
name into the input field, the generated markup with WebPage and with
TextTemplate has no name included (works only with Panel).

I know, that the UrlCodingStrategies are gone in Wicket 1.5 but it would be
great to have the simple examples from the "staticpages" package back. 

--
View this message in context: 
http://apache-wicket.1842946.n4.nabble.com/Capturing-requests-to-bookmarkable-page-and-respond-with-static-page-tp3984679p3984880.html
Sent from the Users forum mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

what could have caused this: a page ID in listener URL getting a wrong page instance

2011-11-03 Thread Kent Tong 

Hi,

My users are frequently getting "internal errors" after a few minutes
of inactivity. From the log I can see that mostly this is caused by:

org.apache.wicket.WicketRuntimeException: component foo not found
on page XYZ[id = 3], listener interface...

The weird thing is that there is no "foo" component on page XYZ, but
it is on page ABC. It means that while the browser believes that page
3 is an instance of ABC, actually it is an instance of XYZ.

What could have caused this? I know this is a long shot, but just to
see if there is any (remote) ideas. I can rule out session expiration
as it only took a few minutes to occur.

We're using Wicket 1.4.9.

Thanks in advance!

--
Kent Tong
Useful & FREE software at http://www2.cpttm.org.mo/cyberlab/freeware

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Re: Determine the latest page in multi tabbed browsing

2011-11-03 Thread Martin Grigorov 
Hi,

In my application we also had similar needs and here is how we solved it.
When an Ajax event is handled we also update the URL's hash with all
necessary information to redo the same event
(target.appendJavaScript('updateHash("someValue")')).
When back button is clicked
http://tkyk.github.com/jquery-history-plugin/ notifies us and gives us
the hash of the previous state. Then we send the hash value to the
server side (a special AjaxHistoryBehavior is added to each page) and
#onAjaxBackButton() sends a Wicket 1.5 event with payload the hash
value + the AjaxRequestTarget to the behavior's component (the page)
which broadcasts it to all components inside it and they decide
whether they need to update themselves depending on the hash value.
So it is not exactly "going back". It is more "move to a state".

HTH

On Thu, Nov 3, 2011 at 10:25 AM, Dirk Arnoldt  wrote:
> there are two reasons:
>
> 1) our wicket 1.5 application makes heavy use of AJAX e.g. switching
> panels. As far as I know the wicket back button support has problems with
> AJAX - the DOM modifications are not reflected correctly (see
> https://issues.apache.org/jira/browse/WICKET-271)
>
> 2) our application has workflows and we must ensure that these stay
> consistent such as billing events are not triggered twice.
>
> Dirk
>
>
>> since wicket provides backbutton support why are you fighting it?
>>
>> -igor
>>
>> On Fri, Oct 28, 2011 at 2:22 AM, Dirk Arnoldt 
>> wrote:
>>> Hi,
>>>
>>> I'm facing a problem with multi tabbed browsing.
>>>
>>> In a wicket application I currently detect browser navigation (back
>>> button)
>>> by means of timestamps. As a result I display a warning to the user
>>> telling
>>> him that he should not use the back button and subsequently forward him
>>> to
>>> the next page in the browser history.
>>>
>>> This works for me as long as the user doesn't use multiple browser tabs
>>> or
>>> windows. Is there a way to determine which pages belongs to the same
>>> browser
>>> tab/window?
>>>
>>> Another problem with my current solution is, that the user can jump
>>> between
>>> arbitray pages in browser history. I want to redirect the user to the
>>> latest
>>> page from my application - which must not be the newest page in browser
>>> history. Is there a way to determine the latest page in a wicket
>>> session?
>>>
>>> Thanks
>>> Dirk
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>>> For additional commands, e-mail: users-h...@wicket.apache.org
>>>
>>>
>>
>>
>
>
> --
> Dirk Arnoldt   Senior Software Engineer
> Tel: +49 721 96448-0   Fax: +49 721 96448-286   dirk.arno...@fun.de
> fun communications GmbH   Lorenzstraße 29   D-76135 Karlsruhe
> Geschäftsführer Johannes Feulner
> Amtsgericht Mannheim HRB 106906   www.fun.de
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>



-- 
Martin Grigorov
jWeekend
Training, Consulting, Development
http://jWeekend.com

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

RE: abort loading lazy components

2011-11-03 Thread Michal Wegrzyn 
Disabling request logger didn't help, however if this only a trace issue then 
it does not matter through.

Even if not, then still this is caused by the main issue, which is that 
probably Wicket tries to get lazy component that should be dropped.

Best regards,
Michal Wegrzyn

> -Original Message-
> From: Martin Grigorov [mailto:mgrigo...@apache.org]
> Sent: Wednesday, November 02, 2011 15:54
> To: users@wicket.apache.org
> Subject: Re: abort loading lazy components
>
> On Wed, Nov 2, 2011 at 4:49 PM, Michal Wegrzyn
>  wrote:
> > I've updated to Wicket 1.5.2 and I can see also some warnings
> surrounding exceptions.
> > Is it a bug or am I missing something?
> >
> > Below full log:
> >
> > 15:31:11.847 user [http--2] WARN
>  o.a.w.r.h.render.WebPageRenderer - The Buffered response should be
> handled by BufferedResponseRequestHandler
>
> WICKET-4163
> More or less harmless.
>
> > 15:32:24.028 user [http--5] ERROR
> o.a.wicket.DefaultExceptionMapper - Unexpected error occurred
> > org.apache.wicket.request.handler.ComponentNotFoundException: Could
> not find component
> 'folders:listContainer:itemList:29:itemPanel:folder:children' on page
> 'class package.MyPage
>
> Do you know how this is triggered ?
>
> >at
> org.apache.wicket.request.handler.PageAndComponentProvider.getComponent
> (PageAndComponentProvider.java:167)
> >at
> org.apache.wicket.request.handler.ListenerInterfaceRequestHandler.getCo
> mponent(ListenerInterfaceRequestHandler.java:92)
> >at
> org.apache.wicket.request.handler.ListenerInterfaceRequestHandler.respo
> nd(ListenerInterfaceRequestHandler.java:169)
> >at
> org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(Re
> questCycle.java:750)
> >at
> org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerSta
> ck.java:64)
> >at
> org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:
> 252)
> >at
> org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycl
> e.java:209)
> >at
> org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(Re
> questCycle.java:280)
> >at
> org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilte
> r.java:162)
> >at
> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java
> :218)
> >at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applic
> ationFilterChain.java:235)
> >at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFil
> terChain.java:206)
> >at
> package.MyRequestContextFilter.doFilter(MyRequestContextFilter.java:43)
> >at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applic
> ationFilterChain.java:235)
> >at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFil
> terChain.java:206)
> >at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.do
> Filter(FilterChainProxy.java:368)
> >at
> org.springframework.security.web.access.intercept.FilterSecurityInterce
> ptor.invoke(FilterSecurityInterceptor.java:109)
> >at
> org.springframework.security.web.access.intercept.FilterSecurityInterce
> ptor.doFilter(FilterSecurityInterceptor.java:83)
> >at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.do
> Filter(FilterChainProxy.java:380)
> >at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFi
> lter(ExceptionTranslationFilter.java:97)
> >at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.do
> Filter(FilterChainProxy.java:380)
> >at
> org.springframework.security.web.session.SessionManagementFilter.doFilt
> er(SessionManagementFilter.java:100)
> >at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.do
> Filter(FilterChainProxy.java:380)
> >at
> org.springframework.security.web.authentication.AnonymousAuthentication
> Filter.doFilter(AnonymousAuthenticationFilter.java:78)
> >at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.do
> Filter(FilterChainProxy.java:380)
> >at
> org.springframework.security.web.servletapi.SecurityContextHolderAwareR
> equestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> >at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.do
> Filter(FilterChainProxy.java:380)
> >at
> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.d
> oFilter(RequestCacheAwareFilter.java:35)
> >at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.do
> Filter(FilterChainProxy.java:380)
> >at
> org.springframework.security.web.authentication.AbstractAuthenticationP
> rocessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:18
> 7)
> >at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.do
> Fil

Re: Determine the latest page in multi tabbed browsing

2011-11-03 Thread Dirk Arnoldt 
there are two reasons:

1) our wicket 1.5 application makes heavy use of AJAX e.g. switching
panels. As far as I know the wicket back button support has problems with
AJAX - the DOM modifications are not reflected correctly (see
https://issues.apache.org/jira/browse/WICKET-271)

2) our application has workflows and we must ensure that these stay
consistent such as billing events are not triggered twice.

Dirk


> since wicket provides backbutton support why are you fighting it?
>
> -igor
>
> On Fri, Oct 28, 2011 at 2:22 AM, Dirk Arnoldt 
> wrote:
>> Hi,
>>
>> I'm facing a problem with multi tabbed browsing.
>>
>> In a wicket application I currently detect browser navigation (back
>> button)
>> by means of timestamps. As a result I display a warning to the user
>> telling
>> him that he should not use the back button and subsequently forward him
>> to
>> the next page in the browser history.
>>
>> This works for me as long as the user doesn't use multiple browser tabs
>> or
>> windows. Is there a way to determine which pages belongs to the same
>> browser
>> tab/window?
>>
>> Another problem with my current solution is, that the user can jump
>> between
>> arbitray pages in browser history. I want to redirect the user to the
>> latest
>> page from my application - which must not be the newest page in browser
>> history. Is there a way to determine the latest page in a wicket
>> session?
>>
>> Thanks
>> Dirk
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>> For additional commands, e-mail: users-h...@wicket.apache.org
>>
>>
>
>


-- 
Dirk Arnoldt   Senior Software Engineer
Tel: +49 721 96448-0   Fax: +49 721 96448-286   dirk.arno...@fun.de
fun communications GmbH   Lorenzstraße 29   D-76135 Karlsruhe
Geschäftsführer Johannes Feulner
Amtsgericht Mannheim HRB 106906   www.fun.de


-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Re: Capturing requests to bookmarkable page and respond with 'static' page

2011-11-03 Thread Martin Grigorov 
Hi,

On Thu, Nov 3, 2011 at 10:35 AM, Dirk Forchel  wrote:
> Based on the staticpages examples in Wicket 1.4 we used a
> CapturingBookmarkablePageRequestTargetUrlCodingStrategy to capture requests
> to a bookmarkable page with page parameters and respond with a 'static' page
> afterwards. During the capture phase
> (CapturingBookmarkablePageRequestTarget#onCapture()) we did some logic in
> here (sending an email, generating some stuff etc.).
>
> public abstract class CapturingBookmarkablePageRequestTarget extends
> BookmarkablePageRequestTarget
> {
>        @Override
>        public void respond(RequestCycle requestCycle)
>        {
>                final StringResponse stringResponse = new StringResponse();
>                final WebResponse originalResponse =
> (WebResponse)RequestCycle.get().getResponse();
>                RequestCycle.get().setResponse(emailResponse);
>                super.respond(requestCycle);
>                // handle the string response e.g. send email
>                onCapture(emailResponse);
>                RequestCycle.get().setResponse(originalResponse);
>                RequestCycle.get().setRequestTarget(new
> BookmarkablePageRequestTarget(displayedPageClass));
>        }
>
>        protected abstract void onCapture(StringResponse emailResponse);
> }
>
> In Wicket 1.5 the staticpages examples are removed completely, why?

Because UrlCodingStrategies are gone.

> I'm not really sure how to migrate our code from Wicket 1.4 to Wicket 1.5,
> but would assume I must provide my own RequestHandler and/or RequestMapper
> or is there another solution I'm not aware? What would be the preferred way
> to provide the same functionallity as with Wicket 1.4?
> Thank you.

See "Mail Template" example in Wicket 1.5.
There are examples how to generate templates for mail out of Page
(1.5.2), Panel (trunk) and TextTemplate (1.5.2).

>
> --
> View this message in context: 
> http://apache-wicket.1842946.n4.nabble.com/Capturing-requests-to-bookmarkable-page-and-respond-with-static-page-tp3984679p3984679.html
> Sent from the Users forum mailing list archive at Nabble.com.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>



-- 
Martin Grigorov
jWeekend
Training, Consulting, Development
http://jWeekend.com

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Capturing requests to bookmarkable page and respond with 'static' page

2011-11-03 Thread Dirk Forchel 
Based on the staticpages examples in Wicket 1.4 we used a
CapturingBookmarkablePageRequestTargetUrlCodingStrategy to capture requests
to a bookmarkable page with page parameters and respond with a 'static' page
afterwards. During the capture phase
(CapturingBookmarkablePageRequestTarget#onCapture()) we did some logic in
here (sending an email, generating some stuff etc.). 

public abstract class CapturingBookmarkablePageRequestTarget extends
BookmarkablePageRequestTarget
{
@Override
public void respond(RequestCycle requestCycle)
{
final StringResponse stringResponse = new StringResponse();
final WebResponse originalResponse =
(WebResponse)RequestCycle.get().getResponse();
RequestCycle.get().setResponse(emailResponse);
super.respond(requestCycle);
// handle the string response e.g. send email
onCapture(emailResponse);
RequestCycle.get().setResponse(originalResponse);
RequestCycle.get().setRequestTarget(new
BookmarkablePageRequestTarget(displayedPageClass));
}

protected abstract void onCapture(StringResponse emailResponse);
}

In Wicket 1.5 the staticpages examples are removed completely, why? 
I'm not really sure how to migrate our code from Wicket 1.4 to Wicket 1.5,
but would assume I must provide my own RequestHandler and/or RequestMapper
or is there another solution I'm not aware? What would be the preferred way
to provide the same functionallity as with Wicket 1.4?
Thank you.

--
View this message in context: 
http://apache-wicket.1842946.n4.nabble.com/Capturing-requests-to-bookmarkable-page-and-respond-with-static-page-tp3984679p3984679.html
Sent from the Users forum mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Re: template navigation using ajax

2011-11-03 Thread Martin Grigorov 
AjaxLink#onClick(AjaxRequestTarget target) {

   rightPanel = rightPanel.replaceWith(new SomePanel(rightPanel.getId()));
   target.add(rightPanel);
}

On Thu, Nov 3, 2011 at 3:32 AM, pen  wrote:
> This is the wicket page example
> http://www.wicket-library.com/wicket-examples/template/wicket/bookmarkable/org.apache.wicket.examples.template.pageinheritance.Page1?0
>
> --
> View this message in context: 
> http://apache-wicket.1842946.n4.nabble.com/template-navigation-using-ajax-tp3983962p3983966.html
> Sent from the Users forum mailing list archive at Nabble.com.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>



-- 
Martin Grigorov
jWeekend
Training, Consulting, Development
http://jWeekend.com

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Re: How to clear PageMap in Wicket 1.5?

2011-11-03 Thread Martin Grigorov 
Hi Matthias,

On Thu, Nov 3, 2011 at 9:30 AM, Matthias Keller
 wrote:
> Hi Martin
>
> I see this is getting in the same direction as it was with Wicket 1.4 - it
> just doesn't work as expected.
> The method you propose results in the next page shown as expected and going
> back is not possible anymore. But so is clicking on anything on the next
> page then - those links seem to be invalid then too...
>
> The problem seems to be in the order of events:
> 1) The flow wishes to invalidate all current pages, so calls Session.clear()
> 2) Then the user is redirected to a new page with setResponsePage(new
> NextPage())
> 3) Then the request ends and if cleaning up is performed at this stage, it
> doesn't know to keep the NextPage and its links but clean everything else
>
> No 3 could be addressed in wicket 1.4 using the internal untouch method to
> tell wicket NOT to store that page anymore.

One question: what should happen when the user is redirected to
NextPage (because of setResponsePage(new NextPage())) and
the user clicks on a Link ?
Wicket will try to find the page to execute Link#onClick() but since
the page is not stored Wicket will throw PageExpiredException.
The same will happen if the user refreshes the page with F5.
How do you handle that case ?

Session.clear() removes all pages stored so far. If you use
setResponsePage(anInstance) then a new page will be stored afterwards.
If you really want to clear all pages even the NextPage instance then
you can do:

class MyRequestCycle extends RequestCycle {
  private boolean fullClean;

  public void fullClean() {
fullClean = true;
  }

  @Override
  public void detach() {
super.detach();

if (fullClean) {
   fullClean = false;
   Session.get().clean();
}
  }
}

>
> What appears to work is create a public method in my session which calls:
>    getSessionStore().invalidate(RequestCycle.get().getRequest());
>
> This seems to work (and is part of what replaceSession() does) but I don't
> know the internals of the new PageManager et al so I'm not sure if this is
> already enough and correct?
>
> Matt
>
> On 2011-11-02 13:27, Martin Grigorov wrote:
>>
>> On Wed, Nov 2, 2011 at 2:09 PM, Matthias Keller
>>   wrote:
>>>
>>> Hi Martin
>>>
>>> Thanks for the quick reply.
>>> The fix doesn't work for me though, I can still go back and press reload
>>> or
>>> do anything I like.
>>> If I use session.replaceSession() it works as expected but as a side
>>> effect
>>> also changes the JSESSIONID which usually isn't what you want...
>>>
>>> I'm using it like that in an onClick event of a button (and the session
>>> is
>>> NOT temporary):
>>>
>>>        if (getSession().isTemporary() == false) {
>>>            getSession().getPageManager().sessionExpired(getId());
>>>        }
>>
>> This code does the same as in 1.4 with page maps.
>> #untouchPage() as internal API in 1.4 and is not ported to 1.5.
>>
>> Try by override Session#detach() and do:
>> super.detach();
>> clear();
>>
>>>        setResponsePage(new ConfirmationPage(...));
>>>
>>> Maybe it could be some kind of special situation like it was in Wicket
>>> 1.4
>>> where I manually had to untouch the current page to avoid it still being
>>> stored at the end of the request...?
>>>
>>> Matt
>>>
>>>
>>> On 2011-11-02 10:40, Martin Grigorov wrote:

 I implemented the feature in the ticket Matt created.
 Please try it.

 On Wed, Nov 2, 2011 at 11:35 AM, Andrea Del Bene
  wrote:
>
> Have you tried session.invalidate()? If you have an
> AuthenticatedWebSession
> you can also use signOut()
>>
>> Hi
>>
>> Upon logging out we need to keep the current user's session to still
>> display some information but we want to remove all previous pages from
>> the
>> PageMap (or however that is solved in Wicket 1.5 now) so that he
>> cannot
>> go
>> back and continue on these pages.
>> In Wicket 1.4 we found a way to achieve that, basically with
>>  session.clear()  (plus  session.untouch(getPage())  ). In Wicket
>> 1.5.2
>> the
>> clear() method ist still there, but only contains an empty TODO
>> comment
>>
>> How do we clear the previous pages now so that if he goes back, the
>> user
>> receives a PageExpiredError ?
>>
>> Thanks a lot
>>
>> Matt
>
>
>
>



-- 
Martin Grigorov
jWeekend
Training, Consulting, Development
http://jWeekend.com

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Re: How to clear PageMap in Wicket 1.5?

2011-11-03 Thread Matthias Keller 

Hi Martin

I see this is getting in the same direction as it was with Wicket 1.4 - 
it just doesn't work as expected.
The method you propose results in the next page shown as expected and 
going back is not possible anymore. But so is clicking on anything on 
the next page then - those links seem to be invalid then too...


The problem seems to be in the order of events:
1) The flow wishes to invalidate all current pages, so calls Session.clear()
2) Then the user is redirected to a new page with setResponsePage(new 
NextPage())
3) Then the request ends and if cleaning up is performed at this stage, 
it doesn't know to keep the NextPage and its links but clean everything else


No 3 could be addressed in wicket 1.4 using the internal untouch method 
to tell wicket NOT to store that page anymore.


What appears to work is create a public method in my session which calls:
getSessionStore().invalidate(RequestCycle.get().getRequest());

This seems to work (and is part of what replaceSession() does) but I 
don't know the internals of the new PageManager et al so I'm not sure if 
this is already enough and correct?


Matt

On 2011-11-02 13:27, Martin Grigorov wrote:

On Wed, Nov 2, 2011 at 2:09 PM, Matthias Keller
  wrote:

Hi Martin

Thanks for the quick reply.
The fix doesn't work for me though, I can still go back and press reload or
do anything I like.
If I use session.replaceSession() it works as expected but as a side effect
also changes the JSESSIONID which usually isn't what you want...

I'm using it like that in an onClick event of a button (and the session is
NOT temporary):

if (getSession().isTemporary() == false) {
getSession().getPageManager().sessionExpired(getId());
}

This code does the same as in 1.4 with page maps.
#untouchPage() as internal API in 1.4 and is not ported to 1.5.

Try by override Session#detach() and do:
super.detach();
clear();


setResponsePage(new ConfirmationPage(...));

Maybe it could be some kind of special situation like it was in Wicket 1.4
where I manually had to untouch the current page to avoid it still being
stored at the end of the request...?

Matt


On 2011-11-02 10:40, Martin Grigorov wrote:

I implemented the feature in the ticket Matt created.
Please try it.

On Wed, Nov 2, 2011 at 11:35 AM, Andrea Del Bene
  wrote:

Have you tried session.invalidate()? If you have an
AuthenticatedWebSession
you can also use signOut()

Hi

Upon logging out we need to keep the current user's session to still
display some information but we want to remove all previous pages from
the
PageMap (or however that is solved in Wicket 1.5 now) so that he cannot
go
back and continue on these pages.
In Wicket 1.4 we found a way to achieve that, basically with
  session.clear()  (plus  session.untouch(getPage())  ). In Wicket 1.5.2
the
clear() method ist still there, but only contains an empty TODO
comment

How do we clear the previous pages now so that if he goes back, the user
receives a PageExpiredError ?

Thanks a lot

Matt






smime.p7s
Description: S/MIME Cryptographic Signature