Re: Access denied
Thanks for the advice. But I realized that there was a glitch in my WebSocket code: I didn't send the UI update code to the right page. Now that this is sorted out, the editable label works again. Thanks a lot for the tip! Regards, Pierre On Thu, Mar 9, 2017 at 10:17 AM, Martin Grigorov <mgrigo...@apache.org> wrote: > The error says "behavior not enabled" so there is some logic that sets > 'enabled' to false. > I'd suggest to put a breakpoint and see what happens. > > > Martin Grigorov > Wicket Training and Consulting > https://twitter.com/mtgrigorov > > On Wed, Mar 8, 2017 at 5:22 PM, Zala Pierre GOUPIL <goupilpie...@gmail.com > > > wrote: > > > Mmmmh actually, the access denied page appears as soon as the component > is > > clicked! Not just when a value is submitted. > > > > On Wed, Mar 8, 2017 at 5:19 PM, Zala Pierre GOUPIL < > goupilpie...@gmail.com > > > > > wrote: > > > > > No, it doesn't have such calculations. Could the problem be > > > websockets-related? > > > > > > On Wed, Mar 8, 2017 at 5:14 PM, Martin Grigorov <mgrigo...@apache.org> > > > wrote: > > > > > >> Hi, > > >> > > >> I think your AjaxEditableLabel has logic to calculate whether it is > > >> enabled > > >> or not. > > >> It seems it is enabled for the initial rendering but later when Wicket > > >> tries to post the new value after edit it calculates to 'disabled' > > >> > > >> Martin Grigorov > > >> Wicket Training and Consulting > > >> https://twitter.com/mtgrigorov > > >> > > >> On Wed, Mar 8, 2017 at 4:54 PM, Zala Pierre GOUPIL < > > >> goupilpie...@gmail.com> > > >> wrote: > > >> > > >> > Good afternoon, > > >> > > > >> > I use Wicket 7.6.0. When clicking on an AjaxEditableLabel, I get the > > >> > following message in the logs: > > >> > > > >> > behavior not enabled; ignore call. Behavior > > >> > org.apache.wicket.extensions.ajax.markup.html.AjaxEditableLabel$ > > >> > LabelAjaxBehavior@1bab91c8 > > >> > at component [Component id = label] > > >> > > > >> > And there's an access denied in the browser. What am I supposed to > do, > > >> > please? It is related to the resource guards, I guess, but I can't > > >> figure > > >> > out what to provide them. > > >> > > > >> > Thanks a lot, > > >> > > > >> > Pierre > > >> > > > >> > > > >> > > > >> > -- > > >> > Je n'aime pas seulement ma vie, mais aussi celle des autres. > > >> > > > >> > (Blade Runner) > > >> > > > >> > > > > > > > > > > > > -- > > > Je n'aime pas seulement ma vie, mais aussi celle des autres. > > > > > > (Blade Runner) > > > > > > > > > > > -- > > Je n'aime pas seulement ma vie, mais aussi celle des autres. > > > > (Blade Runner) > > > -- Je n'aime pas seulement ma vie, mais aussi celle des autres. (Blade Runner)
Re: Access denied
The error says "behavior not enabled" so there is some logic that sets 'enabled' to false. I'd suggest to put a breakpoint and see what happens. Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Wed, Mar 8, 2017 at 5:22 PM, Zala Pierre GOUPIL <goupilpie...@gmail.com> wrote: > Mmmmh actually, the access denied page appears as soon as the component is > clicked! Not just when a value is submitted. > > On Wed, Mar 8, 2017 at 5:19 PM, Zala Pierre GOUPIL <goupilpie...@gmail.com > > > wrote: > > > No, it doesn't have such calculations. Could the problem be > > websockets-related? > > > > On Wed, Mar 8, 2017 at 5:14 PM, Martin Grigorov <mgrigo...@apache.org> > > wrote: > > > >> Hi, > >> > >> I think your AjaxEditableLabel has logic to calculate whether it is > >> enabled > >> or not. > >> It seems it is enabled for the initial rendering but later when Wicket > >> tries to post the new value after edit it calculates to 'disabled' > >> > >> Martin Grigorov > >> Wicket Training and Consulting > >> https://twitter.com/mtgrigorov > >> > >> On Wed, Mar 8, 2017 at 4:54 PM, Zala Pierre GOUPIL < > >> goupilpie...@gmail.com> > >> wrote: > >> > >> > Good afternoon, > >> > > >> > I use Wicket 7.6.0. When clicking on an AjaxEditableLabel, I get the > >> > following message in the logs: > >> > > >> > behavior not enabled; ignore call. Behavior > >> > org.apache.wicket.extensions.ajax.markup.html.AjaxEditableLabel$ > >> > LabelAjaxBehavior@1bab91c8 > >> > at component [Component id = label] > >> > > >> > And there's an access denied in the browser. What am I supposed to do, > >> > please? It is related to the resource guards, I guess, but I can't > >> figure > >> > out what to provide them. > >> > > >> > Thanks a lot, > >> > > >> > Pierre > >> > > >> > > >> > > >> > -- > >> > Je n'aime pas seulement ma vie, mais aussi celle des autres. > >> > > >> > (Blade Runner) > >> > > >> > > > > > > > > -- > > Je n'aime pas seulement ma vie, mais aussi celle des autres. > > > > (Blade Runner) > > > > > > -- > Je n'aime pas seulement ma vie, mais aussi celle des autres. > > (Blade Runner) >
Re: Access denied
Mmmmh actually, the access denied page appears as soon as the component is clicked! Not just when a value is submitted. On Wed, Mar 8, 2017 at 5:19 PM, Zala Pierre GOUPIL <goupilpie...@gmail.com> wrote: > No, it doesn't have such calculations. Could the problem be > websockets-related? > > On Wed, Mar 8, 2017 at 5:14 PM, Martin Grigorov <mgrigo...@apache.org> > wrote: > >> Hi, >> >> I think your AjaxEditableLabel has logic to calculate whether it is >> enabled >> or not. >> It seems it is enabled for the initial rendering but later when Wicket >> tries to post the new value after edit it calculates to 'disabled' >> >> Martin Grigorov >> Wicket Training and Consulting >> https://twitter.com/mtgrigorov >> >> On Wed, Mar 8, 2017 at 4:54 PM, Zala Pierre GOUPIL < >> goupilpie...@gmail.com> >> wrote: >> >> > Good afternoon, >> > >> > I use Wicket 7.6.0. When clicking on an AjaxEditableLabel, I get the >> > following message in the logs: >> > >> > behavior not enabled; ignore call. Behavior >> > org.apache.wicket.extensions.ajax.markup.html.AjaxEditableLabel$ >> > LabelAjaxBehavior@1bab91c8 >> > at component [Component id = label] >> > >> > And there's an access denied in the browser. What am I supposed to do, >> > please? It is related to the resource guards, I guess, but I can't >> figure >> > out what to provide them. >> > >> > Thanks a lot, >> > >> > Pierre >> > >> > >> > >> > -- >> > Je n'aime pas seulement ma vie, mais aussi celle des autres. >> > >> > (Blade Runner) >> > >> > > > > -- > Je n'aime pas seulement ma vie, mais aussi celle des autres. > > (Blade Runner) > -- Je n'aime pas seulement ma vie, mais aussi celle des autres. (Blade Runner)
Re: Access denied
No, it doesn't have such calculations. Could the problem be websockets-related? On Wed, Mar 8, 2017 at 5:14 PM, Martin Grigorov <mgrigo...@apache.org> wrote: > Hi, > > I think your AjaxEditableLabel has logic to calculate whether it is enabled > or not. > It seems it is enabled for the initial rendering but later when Wicket > tries to post the new value after edit it calculates to 'disabled' > > Martin Grigorov > Wicket Training and Consulting > https://twitter.com/mtgrigorov > > On Wed, Mar 8, 2017 at 4:54 PM, Zala Pierre GOUPIL <goupilpie...@gmail.com > > > wrote: > > > Good afternoon, > > > > I use Wicket 7.6.0. When clicking on an AjaxEditableLabel, I get the > > following message in the logs: > > > > behavior not enabled; ignore call. Behavior > > org.apache.wicket.extensions.ajax.markup.html.AjaxEditableLabel$ > > LabelAjaxBehavior@1bab91c8 > > at component [Component id = label] > > > > And there's an access denied in the browser. What am I supposed to do, > > please? It is related to the resource guards, I guess, but I can't figure > > out what to provide them. > > > > Thanks a lot, > > > > Pierre > > > > > > > > -- > > Je n'aime pas seulement ma vie, mais aussi celle des autres. > > > > (Blade Runner) > > > -- Je n'aime pas seulement ma vie, mais aussi celle des autres. (Blade Runner)
Re: Access denied
Hi, I think your AjaxEditableLabel has logic to calculate whether it is enabled or not. It seems it is enabled for the initial rendering but later when Wicket tries to post the new value after edit it calculates to 'disabled' Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Wed, Mar 8, 2017 at 4:54 PM, Zala Pierre GOUPIL <goupilpie...@gmail.com> wrote: > Good afternoon, > > I use Wicket 7.6.0. When clicking on an AjaxEditableLabel, I get the > following message in the logs: > > behavior not enabled; ignore call. Behavior > org.apache.wicket.extensions.ajax.markup.html.AjaxEditableLabel$ > LabelAjaxBehavior@1bab91c8 > at component [Component id = label] > > And there's an access denied in the browser. What am I supposed to do, > please? It is related to the resource guards, I guess, but I can't figure > out what to provide them. > > Thanks a lot, > > Pierre > > > > -- > Je n'aime pas seulement ma vie, mais aussi celle des autres. > > (Blade Runner) >
Access denied
Good afternoon, I use Wicket 7.6.0. When clicking on an AjaxEditableLabel, I get the following message in the logs: behavior not enabled; ignore call. Behavior org.apache.wicket.extensions.ajax.markup.html.AjaxEditableLabel$LabelAjaxBehavior@1bab91c8 at component [Component id = label] And there's an access denied in the browser. What am I supposed to do, please? It is related to the resource guards, I guess, but I can't figure out what to provide them. Thanks a lot, Pierre -- Je n'aime pas seulement ma vie, mais aussi celle des autres. (Blade Runner)
Re: [7.2] multiple pages Access Denied
Our backend threw a null, which gave problems in other places..SO this is not a wicket problem :) On Fri, Mar 11, 2016 at 11:47 AM, nino martinez wael <nino.martinez.w...@gmail.com> wrote: > IT would appear so. BUT we actually do not have a direct link between > A and B, in our testing we manually open a secondary tab and put in an > url for the mounted page B which.. After page B are loaded this error > happens on page A when the link are pressed.. > > On Fri, Mar 11, 2016 at 11:28 AM, Martin Grigorov <mgrigo...@apache.org> > wrote: >> It looks like you have logic that changes addcontactButton's visibility or >> enable-bility in some conditions. >> Check what exactly changes when you open page B. >> >> Martin Grigorov >> Wicket Training and Consulting >> https://twitter.com/mtgrigorov >> >> On Fri, Mar 11, 2016 at 9:25 AM, nino martinez wael < >> nino.martinez.w...@gmail.com> wrote: >> >>> Hi >>> >>> I have something strange (as always). Two pages A and B >>> >>> If I open the two pages in the same session on two different tabs. >>> Invoking an ajax behavior (wicket modal panel) yields >>> >>> Access Denied >>> >>> stack tells me this: >>> >>> Behavior rejected interface invocation. Component: [AjaxLink >>> [Component id = addcontactButton]] Behavior: >>> org.apache.wicket.ajax.markup.html.AjaxLink$1@79f8700 Listener: >>> [RequestListenerInterface name=IBehaviorListener, method=public >>> abstract void org.apache.wicket.behavior.IBehaviorListener.onRequest()] >>> >>> If I only mess around with page A there are no problems. But opening >>> Page B in another tab apparently triggers this. It does not matter if >>> there is ajax or not on page B >>> >>> >>> -- >>> Best regards / Med venlig hilsen >>> Nino Martinez >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>> For additional commands, e-mail: users-h...@wicket.apache.org >>> >>> > > > > -- > Best regards / Med venlig hilsen > Nino Martinez -- Best regards / Med venlig hilsen Nino Martinez - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: [7.2] multiple pages Access Denied
IT would appear so. BUT we actually do not have a direct link between A and B, in our testing we manually open a secondary tab and put in an url for the mounted page B which.. After page B are loaded this error happens on page A when the link are pressed.. On Fri, Mar 11, 2016 at 11:28 AM, Martin Grigorov <mgrigo...@apache.org> wrote: > It looks like you have logic that changes addcontactButton's visibility or > enable-bility in some conditions. > Check what exactly changes when you open page B. > > Martin Grigorov > Wicket Training and Consulting > https://twitter.com/mtgrigorov > > On Fri, Mar 11, 2016 at 9:25 AM, nino martinez wael < > nino.martinez.w...@gmail.com> wrote: > >> Hi >> >> I have something strange (as always). Two pages A and B >> >> If I open the two pages in the same session on two different tabs. >> Invoking an ajax behavior (wicket modal panel) yields >> >> Access Denied >> >> stack tells me this: >> >> Behavior rejected interface invocation. Component: [AjaxLink >> [Component id = addcontactButton]] Behavior: >> org.apache.wicket.ajax.markup.html.AjaxLink$1@79f8700 Listener: >> [RequestListenerInterface name=IBehaviorListener, method=public >> abstract void org.apache.wicket.behavior.IBehaviorListener.onRequest()] >> >> If I only mess around with page A there are no problems. But opening >> Page B in another tab apparently triggers this. It does not matter if >> there is ajax or not on page B >> >> >> -- >> Best regards / Med venlig hilsen >> Nino Martinez >> >> - >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> -- Best regards / Med venlig hilsen Nino Martinez - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: [7.2] multiple pages Access Denied
It looks like you have logic that changes addcontactButton's visibility or enable-bility in some conditions. Check what exactly changes when you open page B. Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Fri, Mar 11, 2016 at 9:25 AM, nino martinez wael < nino.martinez.w...@gmail.com> wrote: > Hi > > I have something strange (as always). Two pages A and B > > If I open the two pages in the same session on two different tabs. > Invoking an ajax behavior (wicket modal panel) yields > > Access Denied > > stack tells me this: > > Behavior rejected interface invocation. Component: [AjaxLink > [Component id = addcontactButton]] Behavior: > org.apache.wicket.ajax.markup.html.AjaxLink$1@79f8700 Listener: > [RequestListenerInterface name=IBehaviorListener, method=public > abstract void org.apache.wicket.behavior.IBehaviorListener.onRequest()] > > If I only mess around with page A there are no problems. But opening > Page B in another tab apparently triggers this. It does not matter if > there is ajax or not on page B > > > -- > Best regards / Med venlig hilsen > Nino Martinez > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > >
[7.2] multiple pages Access Denied
Hi I have something strange (as always). Two pages A and B If I open the two pages in the same session on two different tabs. Invoking an ajax behavior (wicket modal panel) yields Access Denied stack tells me this: Behavior rejected interface invocation. Component: [AjaxLink [Component id = addcontactButton]] Behavior: org.apache.wicket.ajax.markup.html.AjaxLink$1@79f8700 Listener: [RequestListenerInterface name=IBehaviorListener, method=public abstract void org.apache.wicket.behavior.IBehaviorListener.onRequest()] If I only mess around with page A there are no problems. But opening Page B in another tab apparently triggers this. It does not matter if there is ajax or not on page B -- Best regards / Med venlig hilsen Nino Martinez - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Access denied to (static) package resource
I'm getting the exception below occurring occasionally and I can't figure out why. I have read the javadoc for IPackageResourceGuard but still not really enlightened as to why this is occurring. Under what circumstances will access be denied? In Application init(): getJavaScriptLibrarySettings().setJQueryReference(new DynamicJQueryResourceReference()); 2013-09-06 14:59:47,417 [jk-listener(2)] DEBUG o.a.w.r.m.CompoundRequestMapper - One compatible mapper found for URL 'wicket/resource/org.apache.wicket.resource.DynamicJQueryResourceReference/jquery/jquery-2.0.2.min.map' - 'Mapper: org.apache.wicket.core.request.mapper.ResourceReferenceMapper; Score: 1' 2013-09-06 14:59:47,418 [jk-listener(2)] ERROR o.a.w.DefaultExceptionMapper - Unexpected error occurred org.apache.wicket.request.resource.PackageResource$PackageResourceBlockedException: Access denied to (static) package resource org/apache/wicket/resource/jquery/jquery-2.0.2.min.map. See IPackageResourceGuard at org.apache.wicket.request.resource.PackageResource.internalGetResourceStream(PackageResource.java:460) ~[wicket-core-6.10.0.jar:6.10.0] at org.apache.wicket.request.resource.PackageResource.getResourceStream(PackageResource.java:405) ~[wicket-core-6.10.0.jar:6.10.0] at org.apache.wicket.request.resource.PackageResource.newResourceResponse(PackageResource.java:267) ~[wicket-core-6.10.0.jar:6.10.0] at org.apache.wicket.request.resource.AbstractResource.respond(AbstractResource.java:498) ~[wicket-core-6.10.0.jar:6.10.0] at org.apache.wicket.request.handler.resource.ResourceRequestHandler.respond(ResourceRequestHandler.java:75) ~[wicket-core-6.10.0.jar:6.10.0] - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Access denied to (static) package resource
you should add the file type you want to load to the set of allowed extensions. Take a look here: http://wicketguide.comsysto.com/guide/chapter19.html#chapter19_4 I'm getting the exception below occurring occasionally and I can't figure out why. I have read the javadoc for IPackageResourceGuard but still not really enlightened as to why this is occurring. Under what circumstances will access be denied? In Application init(): getJavaScriptLibrarySettings().setJQueryReference(new DynamicJQueryResourceReference()); 2013-09-06 14:59:47,417 [jk-listener(2)] DEBUG o.a.w.r.m.CompoundRequestMapper - One compatible mapper found for URL 'wicket/resource/org.apache.wicket.resource.DynamicJQueryResourceReference/jquery/jquery-2.0.2.min.map' - 'Mapper: org.apache.wicket.core.request.mapper.ResourceReferenceMapper; Score: 1' 2013-09-06 14:59:47,418 [jk-listener(2)] ERROR o.a.w.DefaultExceptionMapper - Unexpected error occurred org.apache.wicket.request.resource.PackageResource$PackageResourceBlockedException: Access denied to (static) package resource org/apache/wicket/resource/jquery/jquery-2.0.2.min.map. See IPackageResourceGuard at org.apache.wicket.request.resource.PackageResource.internalGetResourceStream(PackageResource.java:460) ~[wicket-core-6.10.0.jar:6.10.0] at org.apache.wicket.request.resource.PackageResource.getResourceStream(PackageResource.java:405) ~[wicket-core-6.10.0.jar:6.10.0] at org.apache.wicket.request.resource.PackageResource.newResourceResponse(PackageResource.java:267) ~[wicket-core-6.10.0.jar:6.10.0] at org.apache.wicket.request.resource.AbstractResource.respond(AbstractResource.java:498) ~[wicket-core-6.10.0.jar:6.10.0] at org.apache.wicket.request.handler.resource.ResourceRequestHandler.respond(ResourceRequestHandler.java:75) ~[wicket-core-6.10.0.jar:6.10.0] - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Access denied to (static) package resource
Thanks that's handy and explains it well. The resource is part of the Wicket internals though and not something of my making. On 6 Sep 2013, at 16:48, Andrea Del Bene wrote: you should add the file type you want to load to the set of allowed extensions. Take a look here: http://wicketguide.comsysto.com/guide/chapter19.html#chapter19_4 I'm getting the exception below occurring occasionally and I can't figure out why. I have read the javadoc for IPackageResourceGuard but still not really enlightened as to why this is occurring. Under what circumstances will access be denied? In Application init(): getJavaScriptLibrarySettings().setJQueryReference(new DynamicJQueryResourceReference()); 2013-09-06 14:59:47,417 [jk-listener(2)] DEBUG o.a.w.r.m.CompoundRequestMapper - One compatible mapper found for URL 'wicket/resource/org.apache.wicket.resource.DynamicJQueryResourceReference/jquery/jquery-2.0.2.min.map' - 'Mapper: org.apache.wicket.core.request.mapper.ResourceReferenceMapper; Score: 1' 2013-09-06 14:59:47,418 [jk-listener(2)] ERROR o.a.w.DefaultExceptionMapper - Unexpected error occurred org.apache.wicket.request.resource.PackageResource$PackageResourceBlockedException: Access denied to (static) package resource org/apache/wicket/resource/jquery/jquery-2.0.2.min.map. See IPackageResourceGuard at org.apache.wicket.request.resource.PackageResource.internalGetResourceStream(PackageResource.java:460) ~[wicket-core-6.10.0.jar:6.10.0] at org.apache.wicket.request.resource.PackageResource.getResourceStream(PackageResource.java:405) ~[wicket-core-6.10.0.jar:6.10.0] at org.apache.wicket.request.resource.PackageResource.newResourceResponse(PackageResource.java:267) ~[wicket-core-6.10.0.jar:6.10.0] at org.apache.wicket.request.resource.AbstractResource.respond(AbstractResource.java:498) ~[wicket-core-6.10.0.jar:6.10.0] at org.apache.wicket.request.handler.resource.ResourceRequestHandler.respond(ResourceRequestHandler.java:75) ~[wicket-core-6.10.0.jar:6.10.0] - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Access denied to (static) package resource
Yep! Right, is part of the framework. I will ask in dev list if we should ad .map to the set of default allowed file. Thanks that's handy and explains it well. The resource is part of the Wicket internals though and not something of my making. On 6 Sep 2013, at 16:48, Andrea Del Bene wrote: - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
access denied to Resource
I want to give access to a file *.xslt I tried SecurePackageResourceGuard guard = new SecurePackageResourceGuard(); guard.addPattern(+*.xslt); getResourceSettings().setPackageResourceGuard(guard); but no success always the error WARN - PackageResourceGuard.acceptAbsolutePath(176) | Access to root directory is by default disabled for shared resources: test4.xslt org.apache.wicket.request.resource.PackageResource$PackageResourceBlockedException: Access denied to (static) package resource test4.xslt. See IPackageResourceGuard - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: access denied to Resource
On Wed, Jul 24, 2013 at 10:52 AM, Piratenvisier hansheinrichbr...@yahoo.dewrote: I want to give access to a file *.xslt I tried SecurePackageResourceGuard guard = new SecurePackageResourceGuard(); guard.addPattern(+*.xslt); Add guard.setAllowAccessToRootResources(true); getResourceSettings().**setPackageResourceGuard(guard)**; but no success always the error WARN - PackageResourceGuard.**acceptAbsolutePath(176) | Access to root directory is by default disabled for shared resources: test4.xslt org.apache.wicket.request.**resource.PackageResource$** PackageResourceBlockedExceptio**n: Access denied to (static) package resource test4.xslt. See IPackageResourceGuard --**--**- To unsubscribe, e-mail: users-unsubscribe@wicket.**apache.orgusers-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: access denied to Resource
I now have SecurePackageResourceGuard guard = new SecurePackageResourceGuard(); guard.addPattern(+*.xslt); guard.setAllowAccessToRootResources(true); getResourceSettings().setPackageResourceGuard(guard); and I get the following results for System.err.println(here.getClass()); System.err.println(here.getClass().getResource(/test4.xslt)); PackageResourceReference rs=new PackageResourceReference(here.getClass(),/test4.xslt); System.err.println(rs); class braunimmobilien.webapp.pages.AngebotForm null scope: braunimmobilien.webapp.pages.AngebotForm; name: /test4.xslt; locale: null; style: null; variation: null java.lang.NullPointerException at braunimmobilien.webapp.pages.AngebotForm$EditForm$6.onClick(AngebotForm.java:357) Am 24.07.2013 09:55, schrieb Martin Grigorov: On Wed, Jul 24, 2013 at 10:52 AM, Piratenvisier hansheinrichbr...@yahoo.dewrote: I want to give access to a file *.xslt I tried SecurePackageResourceGuard guard = new SecurePackageResourceGuard(); guard.addPattern(+*.xslt); Add guard.setAllowAccessToRootResources(true); getResourceSettings().**setPackageResourceGuard(guard)**; but no success always the error WARN - PackageResourceGuard.**acceptAbsolutePath(176) | Access to root directory is by default disabled for shared resources: test4.xslt org.apache.wicket.request.**resource.PackageResource$** PackageResourceBlockedExceptio**n: Access denied to (static) package resource test4.xslt. See IPackageResourceGuard --**--**- To unsubscribe, e-mail: users-unsubscribe@wicket.**apache.orgusers-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: access denied to Resource
Problem is solved! Am 24.07.2013 14:32, schrieb Piratenvisier: I now have SecurePackageResourceGuard guard = new SecurePackageResourceGuard(); guard.addPattern(+*.xslt); guard.setAllowAccessToRootResources(true); getResourceSettings().setPackageResourceGuard(guard); and I get the following results for System.err.println(here.getClass()); System.err.println(here.getClass().getResource(/test4.xslt)); PackageResourceReference rs=new PackageResourceReference(here.getClass(),/test4.xslt); System.err.println(rs); class braunimmobilien.webapp.pages.AngebotForm null scope: braunimmobilien.webapp.pages.AngebotForm; name: /test4.xslt; locale: null; style: null; variation: null java.lang.NullPointerException at braunimmobilien.webapp.pages.AngebotForm$EditForm$6.onClick(AngebotForm.java:357) Am 24.07.2013 09:55, schrieb Martin Grigorov: On Wed, Jul 24, 2013 at 10:52 AM, Piratenvisier hansheinrichbr...@yahoo.dewrote: I want to give access to a file *.xslt I tried SecurePackageResourceGuard guard = new SecurePackageResourceGuard(); guard.addPattern(+*.xslt); Add guard.setAllowAccessToRootResources(true); getResourceSettings().**setPackageResourceGuard(guard)**; but no success always the error WARN - PackageResourceGuard.**acceptAbsolutePath(176) | Access to root directory is by default disabled for shared resources: test4.xslt org.apache.wicket.request.**resource.PackageResource$** PackageResourceBlockedExceptio**n: Access denied to (static) package resource test4.xslt. See IPackageResourceGuard --**--**- To unsubscribe, e-mail: users-unsubscribe@wicket.**apache.orgusers-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: AbstractAjaxRestartableTimerBehavior while stop the behavior Access denied page is appeared in wicket 1.5.8
Hi, I haven't looked at your app but I think I know what is the problem. AccessDeniedPage will be shown if you try to use a disabled Behavior. I.e. your custom behavior schedules JavaScript timer (setTimeout) that will trigger after 2 secs, then you stop it, then the timer fires and at the server side Wicket realizes that the behavior is not enabled (stopped). This problem is solved in Wicket 6. AbstractAjaxTimerBehavior is not restartable. Each time you call #stop() on it it will remove the timer (clearTimeout) at the client side too. Next time you (re-)start it it will schedule a completely new timer. On Thu, Oct 4, 2012 at 10:27 AM, Vignesh Palanisamy vign...@mcruncher.com wrote: Hi every one AbstractAjaxRestartableTimerBehavior - patched up version of AbstractAjaxTimerBehavior to provide restart functionality. we are using the AbstractAjaxRestartableTimerBehaviour it works fine in the previous version right now we are upgrading wicket to 1.5.8 in that while stopping the Auto Refresh timerBehavior shows the Access denied page i had attach an quick start program with it.. in that i set the duration as 2 seconds. every 2 seconds it will update the feedback panel... click stop link that error will appears.. is there any other solution for it.. thanks in advance Vignesh Palanisamy - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: AbstractAjaxRestartableTimerBehavior while stop the behavior Access denied page is appeared in wicket 1.5.8
thanks martin for the quick reply.. is there any other way to solve the problem in wicket 1.5.8. because right now only we are upgraded to 1.5.8 On Thu, Oct 4, 2012 at 3:34 PM, Martin Grigorov mgrigo...@apache.orgwrote: Hi, I haven't looked at your app but I think I know what is the problem. AccessDeniedPage will be shown if you try to use a disabled Behavior. I.e. your custom behavior schedules JavaScript timer (setTimeout) that will trigger after 2 secs, then you stop it, then the timer fires and at the server side Wicket realizes that the behavior is not enabled (stopped). This problem is solved in Wicket 6. AbstractAjaxTimerBehavior is not restartable. Each time you call #stop() on it it will remove the timer (clearTimeout) at the client side too. Next time you (re-)start it it will schedule a completely new timer. On Thu, Oct 4, 2012 at 10:27 AM, Vignesh Palanisamy vign...@mcruncher.com wrote: Hi every one AbstractAjaxRestartableTimerBehavior - patched up version of AbstractAjaxTimerBehavior to provide restart functionality. we are using the AbstractAjaxRestartableTimerBehaviour it works fine in the previous version right now we are upgrading wicket to 1.5.8 in that while stopping the Auto Refresh timerBehavior shows the Access denied page i had attach an quick start program with it.. in that i set the duration as 2 seconds. every 2 seconds it will update the feedback panel... click stop link that error will appears.. is there any other solution for it.. thanks in advance Vignesh Palanisamy - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: AbstractAjaxRestartableTimerBehavior while stop the behavior Access denied page is appeared in wicket 1.5.8
See the impl in 6.x and merge the improvements in your custom behavior. On Thu, Oct 4, 2012 at 10:55 AM, Vignesh Palanisamy vign...@mcruncher.com wrote: thanks martin for the quick reply.. is there any other way to solve the problem in wicket 1.5.8. because right now only we are upgraded to 1.5.8 On Thu, Oct 4, 2012 at 3:34 PM, Martin Grigorov mgrigo...@apache.orgwrote: Hi, I haven't looked at your app but I think I know what is the problem. AccessDeniedPage will be shown if you try to use a disabled Behavior. I.e. your custom behavior schedules JavaScript timer (setTimeout) that will trigger after 2 secs, then you stop it, then the timer fires and at the server side Wicket realizes that the behavior is not enabled (stopped). This problem is solved in Wicket 6. AbstractAjaxTimerBehavior is not restartable. Each time you call #stop() on it it will remove the timer (clearTimeout) at the client side too. Next time you (re-)start it it will schedule a completely new timer. On Thu, Oct 4, 2012 at 10:27 AM, Vignesh Palanisamy vign...@mcruncher.com wrote: Hi every one AbstractAjaxRestartableTimerBehavior - patched up version of AbstractAjaxTimerBehavior to provide restart functionality. we are using the AbstractAjaxRestartableTimerBehaviour it works fine in the previous version right now we are upgrading wicket to 1.5.8 in that while stopping the Auto Refresh timerBehavior shows the Access denied page i had attach an quick start program with it.. in that i set the duration as 2 seconds. every 2 seconds it will update the feedback panel... click stop link that error will appears.. is there any other solution for it.. thanks in advance Vignesh Palanisamy - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: AbstractAjaxRestartableTimerBehavior while stop the behavior Access denied page is appeared in wicket 1.5.8
Thanks martin.. we are planing to upgrade to wicket 6.x On Thu, Oct 4, 2012 at 3:59 PM, Martin Grigorov mgrigo...@apache.orgwrote: See the impl in 6.x and merge the improvements in your custom behavior. On Thu, Oct 4, 2012 at 10:55 AM, Vignesh Palanisamy vign...@mcruncher.com wrote: thanks martin for the quick reply.. is there any other way to solve the problem in wicket 1.5.8. because right now only we are upgraded to 1.5.8 On Thu, Oct 4, 2012 at 3:34 PM, Martin Grigorov mgrigo...@apache.org wrote: Hi, I haven't looked at your app but I think I know what is the problem. AccessDeniedPage will be shown if you try to use a disabled Behavior. I.e. your custom behavior schedules JavaScript timer (setTimeout) that will trigger after 2 secs, then you stop it, then the timer fires and at the server side Wicket realizes that the behavior is not enabled (stopped). This problem is solved in Wicket 6. AbstractAjaxTimerBehavior is not restartable. Each time you call #stop() on it it will remove the timer (clearTimeout) at the client side too. Next time you (re-)start it it will schedule a completely new timer. On Thu, Oct 4, 2012 at 10:27 AM, Vignesh Palanisamy vign...@mcruncher.com wrote: Hi every one AbstractAjaxRestartableTimerBehavior - patched up version of AbstractAjaxTimerBehavior to provide restart functionality. we are using the AbstractAjaxRestartableTimerBehaviour it works fine in the previous version right now we are upgrading wicket to 1.5.8 in that while stopping the Auto Refresh timerBehavior shows the Access denied page i had attach an quick start program with it.. in that i set the duration as 2 seconds. every 2 seconds it will update the feedback panel... click stop link that error will appears.. is there any other solution for it.. thanks in advance Vignesh Palanisamy - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: wicketstuff-simile-timeline (1.5.5) Access denied to resource error..
On Tue, Jun 12, 2012 at 12:11 AM, chrome1235 kemal.m...@gmail.com wrote: I could solve the wicket problem. original code like this. (org.wicketstuff.simile.timeline.Timeline.java) // response.renderJavaScriptReference(new PackageResourceReference(getClass(), // ./timeline_js/timeline-api.js?timeline-use-local-resources=truebundle=true)); I changed by this code. So, that problem was solved. PageParameters pp= new PageParameters(); pp.add(timeline-use-local-resources, true); pp.add(bundle, true); response.renderJavaScriptReference(new PackageResourceReference(getClass(), ./timeline_js/timeline-api.js),pp,MY_JS); Please make a Pull request for this fix, -- But my problem was not solved:( I think, the problem is about simile.mit.edu.. Now, it gives this error: Error: Failed to derive URL prefix for Timeline API code files -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/wicketstuff-simile-timeline-1-5-5-Access-denied-to-resource-error-tp4649855p4649862.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: wicketstuff-simile-timeline (1.5.5) Access denied to resource error..
I created. This was my first report, I hope, I didnt make any mistake. :) https://issues.apache.org/jira/browse/WICKET-4602 I think, org.wicketstuff.simile.timeline.Timeline class has a bug. I solved the Timeline problem by replacing this line at renderHead. // PageParameters pp= new PageParameters(); // pp.add(timeline-use-local-resources, true); // pp.add(bundle, true); // response.renderJavaScriptReference(new PackageResourceReference(getClass(), // ./timeline_js/timeline-api.js),pp,MY_JS); // response.renderJavaScriptReference(http://static.simile.mit.edu/timeline/api-2.3.0/timeline-api.js?bundle=true;); how can I report to wicketstuff ? -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/wicketstuff-simile-timeline-1-5-5-Access-denied-to-resource-error-tp4649855p4649870.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: wicketstuff-simile-timeline (1.5.5) Access denied to resource error..
On Tue, Jun 12, 2012 at 10:42 AM, chrome1235 kemal.m...@gmail.com wrote: I created. This was my first report, I hope, I didnt make any mistake. :) Thanks! And sorry, you filed it at the wrong Issue tracker :-) Details are in the ticket. https://issues.apache.org/jira/browse/WICKET-4602 I think, org.wicketstuff.simile.timeline.Timeline class has a bug. I solved the Timeline problem by replacing this line at renderHead. // PageParameters pp= new PageParameters(); // pp.add(timeline-use-local-resources, true); // pp.add(bundle, true); // response.renderJavaScriptReference(new PackageResourceReference(getClass(), // ./timeline_js/timeline-api.js),pp,MY_JS); // response.renderJavaScriptReference(http://static.simile.mit.edu/timeline/api-2.3.0/timeline-api.js?bundle=true;); how can I report to wicketstuff ? -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/wicketstuff-simile-timeline-1-5-5-Access-denied-to-resource-error-tp4649855p4649870.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: wicketstuff-simile-timeline (1.5.5) Access denied to resource error..
You are right, Thanks for your reminding. :) -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/wicketstuff-simile-timeline-1-5-5-Access-denied-to-resource-error-tp4649855p4649872.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: wicketstuff-simile-timeline (1.5.5) Access denied to resource error..
Hi, Check http://wicket.apache.org/2012/03/22/wicket-cve-2012-1089.html On Mon, Jun 11, 2012 at 7:23 PM, chrome1235 kemal.m...@gmail.com wrote: Hi, I want to use wicketstuff-simile-timeline. Bu it gives an error. is this a bug, or what is my mistake? thanks.. Kemal, my code is: private TimelineModel timelineModel; public HomePage(final PageParameters parameters) { super(); timelineModel= new TimelineModel(); Date t2= new Date(); Date t1= DateUtils.addWeeks(t2, -7); timelineModel.addEvent(new TimelineEventModel(T1, C1, t1, t2,www.google.com,true)); Timeline panel1= new Timeline(panel1, new IModelTimelineModel(){ public TimelineModel getObject() { return timelineModel; //To change body of implemented methods use File | Settings | File Templates. } public void setObject(TimelineModel timelineModel) { //To change body of implemented methods use File | Settings | File Templates. } public void detach() { //To change body of implemented methods use File | Settings | File Templates. } }); add(panel1); } ERROR - DefaultExceptionMapper - Unexpected error occurred org.apache.wicket.request.resource.PackageResource$PackageResourceBlockedException: Access denied to (static) package resource org/wicketstuff/simile/timeline/./timeline_js/timeline-api.js?timeline-use-local-resources=truebundle=true. See IPackageResourceGuard at org.apache.wicket.request.resource.PackageResource.internalGetResourceStream(PackageResource.java:418) at org.apache.wicket.request.resource.PackageResource.getCacheableResourceStream(PackageResource.java:338) at org.apache.wicket.request.resource.PackageResource.getCacheKey(PackageResource.java:170) at org.apache.wicket.request.resource.caching.version.RequestCycleCachedResourceVersion.getVersion(RequestCycleCachedResourceVersion.java:80) at org.apache.wicket.request.resource.caching.FilenameWithVersionResourceCachingStrategy.decorateUrl(FilenameWithVersionResourceCachingStrategy.java:96) at org.apache.wicket.request.mapper.BasicResourceReferenceMapper.mapHandler(BasicResourceReferenceMapper.java:219) at org.apache.wicket.request.mapper.ParentPathReferenceRewriter.mapHandler(ParentPathReferenceRewriter.java:89) at org.apache.wicket.request.mapper.CompoundRequestMapper.mapHandler(CompoundRequestMapper.java:157) at org.apache.wicket.request.cycle.RequestCycle.mapUrlFor(RequestCycle.java:404) at org.apache.wicket.request.cycle.RequestCycle.urlFor(RequestCycle.java:491) at org.apache.wicket.markup.html.internal.HeaderResponse.renderJavaScriptReference(HeaderResponse.java:203) at org.apache.wicket.markup.html.internal.HeaderResponse.renderJavaScriptReference(HeaderResponse.java:192) at org.apache.wicket.markup.html.internal.HeaderResponse.renderJavaScriptReference(HeaderResponse.java:186) at org.apache.wicket.markup.html.internal.HeaderResponse.renderJavaScriptReference(HeaderResponse.java:180) at org.apache.wicket.markup.html.internal.HeaderResponse.renderJavaScriptReference(HeaderResponse.java:171) at org.wicketstuff.simile.timeline.Timeline.renderHead(Timeline.java:137) at org.apache.wicket.Component.renderHead(Component.java:4459) at org.apache.wicket.Component.renderHead(Component.java:2678) at org.apache.wicket.markup.renderStrategy.ChildFirstHeaderRenderStrategy$1.component(ChildFirstHeaderRenderStrategy.java:82) at org.apache.wicket.markup.renderStrategy.DeepChildFirstVisitor.visit(DeepChildFirstVisitor.java:96) at org.apache.wicket.markup.renderStrategy.DeepChildFirstVisitor.visit(DeepChildFirstVisitor.java:87) at org.apache.wicket.markup.renderStrategy.DeepChildFirstVisitor.visit(DeepChildFirstVisitor.java:51) at org.apache.wicket.markup.renderStrategy.ChildFirstHeaderRenderStrategy.renderChildHeaders(ChildFirstHeaderRenderStrategy.java:77) at org.apache.wicket.markup.renderStrategy.ChildFirstHeaderRenderStrategy.renderHeader(ChildFirstHeaderRenderStrategy.java:56) at org.apache.wicket.markup.html.internal.HtmlHeaderContainer.onComponentTagBody(HtmlHeaderContainer.java:134) at org.apache.wicket.markup.html.panel.DefaultMarkupSourcingStrategy.onComponentTagBody(DefaultMarkupSourcingStrategy.java:72) at org.apache.wicket.Component.internalRenderComponent(Component.java:2539) at org.apache.wicket.MarkupContainer.onRender(MarkupContainer.java:1534) at org.apache.wicket.Component.internalRender(Component.java:2369
Re: wicketstuff-simile-timeline (1.5.5) Access denied to resource error..
Martin, thanks for your reply. But I could not succeed. I tried all of these lines. But I have same error.:( --- public void init() { super.init(); SecurePackageResourceGuard guard = new SecurePackageResourceGuard(); guard.addPattern(+*.js); guard.addPattern(+timeline-api.js?timeline-use-local-resources=truebundle=true); guard.addPattern(+org/wicketstuff/simile/timeline/./timeline_js/timeline-api.js?timeline-use-local-resources=truebundle=true); getResourceSettings().setPackageResourceGuard(guard); } -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/wicketstuff-simile-timeline-1-5-5-Access-denied-to-resource-error-tp4649855p4649858.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: wicketstuff-simile-timeline (1.5.5) Access denied to resource error..
guard.addPattern(+*timeline-api.js*); On Mon, Jun 11, 2012 at 9:34 PM, chrome1235 kemal.m...@gmail.com wrote: Martin, thanks for your reply. But I could not succeed. I tried all of these lines. But I have same error.:( --- public void init() { super.init(); SecurePackageResourceGuard guard = new SecurePackageResourceGuard(); guard.addPattern(+*.js); guard.addPattern(+timeline-api.js?timeline-use-local-resources=truebundle=true); guard.addPattern(+org/wicketstuff/simile/timeline/./timeline_js/timeline-api.js?timeline-use-local-resources=truebundle=true); getResourceSettings().setPackageResourceGuard(guard); } -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/wicketstuff-simile-timeline-1-5-5-Access-denied-to-resource-error-tp4649855p4649858.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: wicketstuff-simile-timeline (1.5.5) Access denied to resource error..
Security problem was solved by your response. But, I could not see timeline output. When I look source of html, it gives this error. body HTTP ERROR 404 pProblem accessing /wicket/resource/org.wicketstuff.simile.timeline.Timeline/timeline_js/timeline-api.js%3Ftimeline-use-local-resources=trueamp;bundle=true. Reason: preNot Found/pre/phr //smallPowered by Jetty:///small/br/ -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/wicketstuff-simile-timeline-1-5-5-Access-denied-to-resource-error-tp4649855p4649860.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: wicketstuff-simile-timeline (1.5.5) Access denied to resource error..
I mean, when I click this link. It gives 404 error.. -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/wicketstuff-simile-timeline-1-5-5-Access-denied-to-resource-error-tp4649855p4649861.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: wicketstuff-simile-timeline (1.5.5) Access denied to resource error..
I could solve the wicket problem. original code like this. (org.wicketstuff.simile.timeline.Timeline.java) // response.renderJavaScriptReference(new PackageResourceReference(getClass(), // ./timeline_js/timeline-api.js?timeline-use-local-resources=truebundle=true)); I changed by this code. So, that problem was solved. PageParameters pp= new PageParameters(); pp.add(timeline-use-local-resources, true); pp.add(bundle, true); response.renderJavaScriptReference(new PackageResourceReference(getClass(), ./timeline_js/timeline-api.js),pp,MY_JS); -- But my problem was not solved:( I think, the problem is about simile.mit.edu.. Now, it gives this error: Error: Failed to derive URL prefix for Timeline API code files -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/wicketstuff-simile-timeline-1-5-5-Access-denied-to-resource-error-tp4649855p4649862.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Access Denied Page
Hi, AccessDeniedPage is being shown only when either org.apache.wicket.authorization.AuthorizationException or org.apache.wicket.request.handler.ListenerInvocationNotAllowedException is thrown. I think the latter is cause in your case. But I have no idea why there is nothing in the log files. Make sure you have enabled INFO level logging for org.apache.wicket.RequestListenerInterface On Fri, Apr 13, 2012 at 6:02 PM, Satrix satrix...@gmail.com wrote: Hello, I'm facing really strange behaviour and I can't find out what's causing this. Let me describe this scenario: 1. We have an external hosting and the wicket app is running out there. 2. There is a form to upload a file to FTP. 3. When I try to upload a file I get Access Denied Page. However I dont use any authorize strategies etc. My logs are clear and there are no exceptions in the logs. The interesting thing is that on my local machine it's working like a charm but on the external hosting sometimes it's working and sometimes it's not. So any idea what can cause such a problem ? Regards, Satrix -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Access-Denied-Page-tp4555096p4555096.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Access Denied Page
Hi, Yeah, the INFO logging is ON so that's not the case. I've resolved the problem... but I don't know what was causing it. Two reasons: 1. Multipart set to true on form 2. Nested form But the problem is that it was only occuring on external hosting. Locally it was working like a charm. Regards, Satrix -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Access-Denied-Page-tp4555096p4560780.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Access Denied Page
Hello, I'm facing really strange behaviour and I can't find out what's causing this. Let me describe this scenario: 1. We have an external hosting and the wicket app is running out there. 2. There is a form to upload a file to FTP. 3. When I try to upload a file I get Access Denied Page. However I dont use any authorize strategies etc. My logs are clear and there are no exceptions in the logs. The interesting thing is that on my local machine it's working like a charm but on the external hosting sometimes it's working and sometimes it's not. So any idea what can cause such a problem ? Regards, Satrix -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Access-Denied-Page-tp4555096p4555096.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Wicket 1.4.20 : error message Access denied to (static) package resource
Hello, After upgrading from Wicket 1.4.19 to Wicket 1.4.20 I get exceptions in TinyMCE. We're using the Wicketstuff integration. When opening TinyMCE lightboxes I get exception like : org.apache.wicket.markup.html.PackageResource$PackageResourceBlockedException: Access denied to (static) package resource com/interview/tool/wicketstuff/tinymce/themes/advanced/image.htm. See IPackageResourceGuard It works perfectly in Wicket 1.4.18 or 1.4.19, but when updating in the pom to the 1.4.20 version we get that exception. I can't figure what ticket could be related in the 1.4.20 changelog (https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310561version=12317570) Any idea ? - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Wicket 1.4.20 : error message Access denied to (static) package resource
Hi, Yes, in 1.4.20 Wicket uses SecurePackageResourceGuard by default because there was a security related issue. We will send an official mail soon. Many of the common extensions are allowed by default but .htm is not one of them. You need to add this to YourApp#init(): IPackageResourceGuard packageResourceGuard = getResourceSettings().getPackageResourceGuard(); if (packageResourceGuard instanceof SecurePackageResourceGuard) { SecurePackageResourceGuard guard = (SecurePackageResourceGuard) packageResourceGuard; guard.addPattern(+*.htm); } On Wed, Mar 21, 2012 at 12:42 PM, Pierre Goiffon pierre.goif...@interview-efm.com wrote: Hello, After upgrading from Wicket 1.4.19 to Wicket 1.4.20 I get exceptions in TinyMCE. We're using the Wicketstuff integration. When opening TinyMCE lightboxes I get exception like : org.apache.wicket.markup.html.PackageResource$PackageResourceBlockedException: Access denied to (static) package resource com/interview/tool/wicketstuff/tinymce/themes/advanced/image.htm. See IPackageResourceGuard It works perfectly in Wicket 1.4.18 or 1.4.19, but when updating in the pom to the 1.4.20 version we get that exception. I can't figure what ticket could be related in the 1.4.20 changelog (https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310561version=12317570) Any idea ? - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Wicket 1.4.20 : error message Access denied to (static) package resource
Hi ! I faced a similar issue, but with PDF files used as PackageResource. It boils down to wicket relying now by default on SecurePackageResourceGuard which only authorizes file with some extensions (defined in the SecurePackageResourceGuard constructor). What I did was create my own subclass of SecurePackageResourceGuard as follows: public class MyResourceGuard extends SecurePackageResourceGuard { /** * Default constructor */ public EDCResourceGuard() { super(new SimpleCache(100)); addPattern(+*.pdf); } } And then in my Application subclass, in the init method, I do getResourceSettings().setPackageResourceGuard(new MyResourceGuard ()); I guess if you simply add the following line addPattern(+*.htm) to your MyResourceGuard constructor, your error will go away. Hope this helps ! Antoine. Le 21/03/2012 11:42, Pierre Goiffon a écrit : Hello, After upgrading from Wicket 1.4.19 to Wicket 1.4.20 I get exceptions in TinyMCE. We're using the Wicketstuff integration. When opening TinyMCE lightboxes I get exception like : org.apache.wicket.markup.html.PackageResource$PackageResourceBlockedException: Access denied to (static) package resource com/interview/tool/wicketstuff/tinymce/themes/advanced/image.htm. See IPackageResourceGuard It works perfectly in Wicket 1.4.18 or 1.4.19, but when updating in the pom to the 1.4.20 version we get that exception. I can't figure what ticket could be related in the 1.4.20 changelog (https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310561version=12317570) Any idea ? - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Wicket 1.4.20 : error message Access denied to (static) package resource
Martin and Antoine, thanks very much for your quick answers, it solves of course my problem ! SecurePackageResourceGuard has already a lot of common extensions, and it's easy to add the ones you eventualy need ! Martin, I still can't see in the 1.4.20 changelog (https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310561version=12318545) what ticket could be related to this change ? And nothing in the version announcement : http://wicket.apache.org/2012/03/12/wicket-1.4.20-released.html. For us this is a major regression and I just discovered it by chance... I recommend to have a word maybe in the 1.4.20 announcement, and change the title of the related 1.4.20 ticket to be more comprehensive ? Thanks ! - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Wicket 1.4.20 : error message Access denied to (static) package resource
As I said this change is due to a security related problem. An official announcement will come very soon. We haven't sent it so far because we wanted to give you some time to upgrade to 1.4.20/1.5.5 before making the problem public. Sorry for the troubles! On Wed, Mar 21, 2012 at 1:19 PM, Pierre Goiffon pierre.goif...@interview-efm.com wrote: Martin and Antoine, thanks very much for your quick answers, it solves of course my problem ! SecurePackageResourceGuard has already a lot of common extensions, and it's easy to add the ones you eventualy need ! Martin, I still can't see in the 1.4.20 changelog (https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310561version=12318545) what ticket could be related to this change ? And nothing in the version announcement : http://wicket.apache.org/2012/03/12/wicket-1.4.20-released.html. For us this is a major regression and I just discovered it by chance... I recommend to have a word maybe in the 1.4.20 announcement, and change the title of the related 1.4.20 ticket to be more comprehensive ? Thanks ! - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Wicket 1.4.20 : error message Access denied to (static) package resource
Le 21/03/2012 12:24, Martin Grigorov a écrit : As I said this change is due to a security related problem. An official announcement will come very soon. We haven't sent it so far because we wanted to give you some time to upgrade to 1.4.20/1.5.5 before making the problem public. Sorry for the troubles! I understand your concern about revealing details of a security problem. As a wicket user, I'd rather be aware of the details when the version is out, and make my own decision beceause almost everytime you have to choose the best compromise between changing your code and the risk your application is exposed to. Upgrading and finding out that you have to change your code without knowing why, you just feel inconfortable and fear that there are lots of things you miss, that will brings you some extra bugs. But this is a long debate :) Thanks anyway very much for your almost immediate help, it was much appreciate ! Best regards, P. Goiffon - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Access Denied with AjaxEditableLabel ant AjaxEditableMultiLineLabel under chrome and safari #wicket1.5
I had this problem during the migration from wicket 1.4 to wicket 1.5 The problems occurs under chrome, safari and wicket 1.5 Scenario with an AjaxEditableMultiLineLabel : 1. The user puts the focus on the AjaxEditableMultiLineLabel and edit the field. 2. Without focusing out of the editable label, the user clicks on another tab of chrome. = coming back to the first tab, the browser shows an Access Denied Page. The log shows the warn : WARN - RequestListenerInterface - behavior not enabled; ignore call. Behavior org.apache.wicket.extensions.ajax.markup.html.AjaxEditableMultiLineLabel$5@18fa85at component [ [Component id = editor]] At that time, Martin proposed me a first workaround : http://markmail.org/message/uyjns2njjpo22xoj#query:+page:1+mid:laq7whb4urciyz6n+state:results The problem appeared again because of my migration to wicket 1.5.3. I tried to further analyze the problem. It seems that the AJAX call is done 2 times. When the user switches tabs chrome, the updating of the html triggers another onblur event and a new ajax call: Wicket.replaceOuterHtmlSafari = function(element, text) { // if we are replacing a single script element if (element.tagName == SCRIPT) { // create temporal div and add script as inner HTML var tempDiv = document.createElement(div); tempDiv.innerHTML = text; // try to get script content var script = tempDiv.childNodes[0].innerHTML; if (typeof(script) != string) { script = tempDiv.childNodes[0].text; } element.outerHTML = text; Trigger another blur event when the user has already changed of tab. try { eval(script); } catch (e) { Wicket.Log.error(Wicket.replaceOuterHtmlSafari: + e + : eval - + script); } return; }... As I'm not a javascript expert, does anybody know how to correct the problem in javascript instead of using a workaround? Thanks, Gaetan,
Re: Spring secury + auth-roles authentication and authorization: access denied
Hello Andrew, that was the solution! You saved my day! Thank you a lot! -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Spring-secury-auth-roles-authentication-and-authorization-access-denied-tp4004013p4019263.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Spring secury + auth-roles authentication and authorization: access denied
Thank you Moèz for your reply. I looked at the blog you sent, but it didn't helped either. Indeed the application in the blog does not differ substantially from mine. I updated my codes with the example implementation and the problem still remains. The only differences are the versions of wicket, spring and spring security and the following methods: *CustomAuthenticatedWebSession:* *LoginForm*: -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Spring-secury-auth-roles-authentication-and-authorization-access-denied-tp4004013p4015730.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Spring secury + auth-roles authentication and authorization: access denied
Take a look at wicketopia's example app. It has spring security integration. Sent from tablet device. Please excuse typos and brevity. On Nov 7, 2011 11:24 AM, massizigao fha...@online.de wrote:
Re: Spring secury + auth-roles authentication and authorization: access denied
See this: http://apache-wicket.1842946.n4.nabble.com/Acegi-and-Wicket-auth-roles-td1846051.html I would be willing to bet the problem is the order of your filter-mappings in the web.xml -- Spring Security has to be first. Andrew On Tue, Nov 8, 2011 at 8:05 PM, James Carman jcar...@carmanconsulting.comwrote: Take a look at wicketopia's example app. It has spring security integration. Sent from tablet device. Please excuse typos and brevity. On Nov 7, 2011 11:24 AM, massizigao fha...@online.de wrote:
Spring secury + auth-roles authentication and authorization: access denied
Hello together, I am trying to implement an authentication+authorization using Spring security and wicket-auth-roles based on this https://cwiki.apache.org/WICKET/spring-security-and-wicket-auth-roles.html article . The application is working, that means i can authencate and can see some pages. But then after more clicking, i receive an access denied error. The strange think is, when i logout and login again, thinks seem to work fine. So it happens only at the first time login. Debugging shows me that the authentication object is null. I try to identify the place it is set to null but without success. Hier a little code from my implementation. I am using wicket 1.5.2 tomcat 6.0.33 spring 3.0.6 spring security 3.0.7 The page is mounted to /index. *spring-security-context.xml:* *web.xml* *CustomAuthenticatedWebSession.java* *A secured page: Index.java* Thank you for your help. -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Spring-secury-auth-roles-authentication-and-authorization-access-denied-tp4004013p4004013.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Spring secury + auth-roles authentication and authorization: access denied
http://javajeedevelopment.blogspot.com/2011/03/integrating-spring-security-3-with.html 2011/11/7 massizigao fha...@online.de Hello together, I am trying to implement an authentication+authorization using Spring security and wicket-auth-roles based on this https://cwiki.apache.org/WICKET/spring-security-and-wicket-auth-roles.html article . The application is working, that means i can authencate and can see some pages. But then after more clicking, i receive an access denied error. The strange think is, when i logout and login again, thinks seem to work fine. So it happens only at the first time login. Debugging shows me that the authentication object is null. I try to identify the place it is set to null but without success. Hier a little code from my implementation. I am using wicket 1.5.2 tomcat 6.0.33 spring 3.0.6 spring security 3.0.7 The page is mounted to /index. *spring-security-context.xml:* *web.xml* *CustomAuthenticatedWebSession.java* *A secured page: Index.java* Thank you for your help. -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Spring-secury-auth-roles-authentication-and-authorization-access-denied-tp4004013p4004013.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Cdt Moèz
Re: Access Denied with AjaxEditableLabel ant AjaxEditableMultiLineLabel under chrome and safari #wicket1.5
So is it a bug or a regression (because it was working on W1.4)? Even, if the event is fired when leaving the tab, I don't understand why the server reacts differently. How can it knows that the component isn't visible anymoree??? Should I drop all these widget from my app? We use them a lot in my backoffice app. Gaetan, 2011/10/19 Martin Grigorov mgrigo...@apache.org Hi, The EditableLabel's editor (the text field/area) saves the value on 'blur' event. It is interesting when this event is fired - when the user leaves the first tab or when she comes back. On Wed, Oct 19, 2011 at 12:48 AM, Gaetan Zoritchak g.zoritc...@moncoachfinance.com wrote: The problems occurs under chrome, safari and wicket 1.5. Scenario with an AjaxEditableLabel : 1. The user puts the focus on the AjaxEditableLabel and edit the field. 2. Without focusing out of the editable label, the user clicks on another tab of chrome. = the value is not put in the model. Scenario with an AjaxEditableMultiLineLabel : 1. The user puts the focus on the AjaxEditableMultiLineLabel and edit the field. 2. Without focusing out of the editable label, the user clicks on another tab of chrome. = coming back to the first tab, the browser shows an Access Denied Page. The log shows the warn : WARN - RequestListenerInterface - behavior not enabled; ignore call. Behavior org.apache.wicket.extensions.ajax.markup.html.AjaxEditableMultiLineLabel$5@18fa85 at component [ [Component id = editor]] After some debugs it appears that under chrome the call on isVisibleInHierarchie() returns false. These scenario were ok with wicket 1.4 Gaetan, - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Access Denied with AjaxEditableLabel ant AjaxEditableMultiLineLabel under chrome and safari #wicket1.5
There is an improvement in Wicket 1.5 to not allow execution of invisible component or even worse on disabled behavior for security reasons. It is possible to extend AjaxEditableLabel and configure it to allow such executions. Override org.apache.wicket.extensions.ajax.markup.html.AjaxEditableLabel.newEditor(MarkupContainer, String, IModelT) and instead of adding org.apache.wicket.extensions.ajax.markup.html.AjaxEditableLabel.EditorAjaxBehavior you'll have to extend that Behavior and override its org.apache.wicket.behavior.Behavior.canCallListenerInterface(Component) On Thu, Oct 20, 2011 at 10:44 AM, Gaetan Zoritchak g.zoritc...@moncoachfinance.com wrote: So is it a bug or a regression (because it was working on W1.4)? Even, if the event is fired when leaving the tab, I don't understand why the server reacts differently. How can it knows that the component isn't visible anymoree??? Should I drop all these widget from my app? We use them a lot in my backoffice app. Gaetan, 2011/10/19 Martin Grigorov mgrigo...@apache.org Hi, The EditableLabel's editor (the text field/area) saves the value on 'blur' event. It is interesting when this event is fired - when the user leaves the first tab or when she comes back. On Wed, Oct 19, 2011 at 12:48 AM, Gaetan Zoritchak g.zoritc...@moncoachfinance.com wrote: The problems occurs under chrome, safari and wicket 1.5. Scenario with an AjaxEditableLabel : 1. The user puts the focus on the AjaxEditableLabel and edit the field. 2. Without focusing out of the editable label, the user clicks on another tab of chrome. = the value is not put in the model. Scenario with an AjaxEditableMultiLineLabel : 1. The user puts the focus on the AjaxEditableMultiLineLabel and edit the field. 2. Without focusing out of the editable label, the user clicks on another tab of chrome. = coming back to the first tab, the browser shows an Access Denied Page. The log shows the warn : WARN - RequestListenerInterface - behavior not enabled; ignore call. Behavior org.apache.wicket.extensions.ajax.markup.html.AjaxEditableMultiLineLabel$5@18fa85 at component [ [Component id = editor]] After some debugs it appears that under chrome the call on isVisibleInHierarchie() returns false. These scenario were ok with wicket 1.4 Gaetan, - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Access Denied with AjaxEditableLabel ant AjaxEditableMultiLineLabel under chrome and safari #wicket1.5
Thank you, It's working but the code is quite ugly (lot of duplication just to override the canCallListenerInterface() ). I still doesn't understand how wicket is able to know that the component is not visible in the browser. Furthermore, I find problematic the fact that the behavior depends on the browser implementation. Gaetan, 2011/10/20 Martin Grigorov mgrigo...@apache.org There is an improvement in Wicket 1.5 to not allow execution of invisible component or even worse on disabled behavior for security reasons. It is possible to extend AjaxEditableLabel and configure it to allow such executions. Override org.apache.wicket.extensions.ajax.markup.html.AjaxEditableLabel.newEditor(MarkupContainer, String, IModelT) and instead of adding org.apache.wicket.extensions.ajax.markup.html.AjaxEditableLabel.EditorAjaxBehavior you'll have to extend that Behavior and override its org.apache.wicket.behavior.Behavior.canCallListenerInterface(Component) On Thu, Oct 20, 2011 at 10:44 AM, Gaetan Zoritchak g.zoritc...@moncoachfinance.com wrote: So is it a bug or a regression (because it was working on W1.4)? Even, if the event is fired when leaving the tab, I don't understand why the server reacts differently. How can it knows that the component isn't visible anymoree??? Should I drop all these widget from my app? We use them a lot in my backoffice app. Gaetan, 2011/10/19 Martin Grigorov mgrigo...@apache.org Hi, The EditableLabel's editor (the text field/area) saves the value on 'blur' event. It is interesting when this event is fired - when the user leaves the first tab or when she comes back. On Wed, Oct 19, 2011 at 12:48 AM, Gaetan Zoritchak g.zoritc...@moncoachfinance.com wrote: The problems occurs under chrome, safari and wicket 1.5. Scenario with an AjaxEditableLabel : 1. The user puts the focus on the AjaxEditableLabel and edit the field. 2. Without focusing out of the editable label, the user clicks on another tab of chrome. = the value is not put in the model. Scenario with an AjaxEditableMultiLineLabel : 1. The user puts the focus on the AjaxEditableMultiLineLabel and edit the field. 2. Without focusing out of the editable label, the user clicks on another tab of chrome. = coming back to the first tab, the browser shows an Access Denied Page. The log shows the warn : WARN - RequestListenerInterface - behavior not enabled; ignore call. Behavior org.apache.wicket.extensions.ajax.markup.html.AjaxEditableMultiLineLabel$5@18fa85 at component [ [Component id = editor]] After some debugs it appears that under chrome the call on isVisibleInHierarchie() returns false. These scenario were ok with wicket 1.4 Gaetan, - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Access Denied with AjaxEditableLabel ant AjaxEditableMultiLineLabel under chrome and safari #wicket1.5
On Thu, Oct 20, 2011 at 4:17 PM, Gaetan Zoritchak g.zoritc...@moncoachfinance.com wrote: Thank you, It's working but the code is quite ugly (lot of duplication just to override the canCallListenerInterface() ). I still doesn't understand how wicket is able to know that the component is not visible in the browser. Wicket doesn't know that. Wicket knows the visibility at the server side and rejects any requests against invisible/disabled components/behaviors. Furthermore, I find problematic the fact that the behavior depends on the browser implementation. It seems Chrome sends the blur event differently than the other browsers when the tab/window is changed. Gaetan, 2011/10/20 Martin Grigorov mgrigo...@apache.org There is an improvement in Wicket 1.5 to not allow execution of invisible component or even worse on disabled behavior for security reasons. It is possible to extend AjaxEditableLabel and configure it to allow such executions. Override org.apache.wicket.extensions.ajax.markup.html.AjaxEditableLabel.newEditor(MarkupContainer, String, IModelT) and instead of adding org.apache.wicket.extensions.ajax.markup.html.AjaxEditableLabel.EditorAjaxBehavior you'll have to extend that Behavior and override its org.apache.wicket.behavior.Behavior.canCallListenerInterface(Component) On Thu, Oct 20, 2011 at 10:44 AM, Gaetan Zoritchak g.zoritc...@moncoachfinance.com wrote: So is it a bug or a regression (because it was working on W1.4)? Even, if the event is fired when leaving the tab, I don't understand why the server reacts differently. How can it knows that the component isn't visible anymoree??? Should I drop all these widget from my app? We use them a lot in my backoffice app. Gaetan, 2011/10/19 Martin Grigorov mgrigo...@apache.org Hi, The EditableLabel's editor (the text field/area) saves the value on 'blur' event. It is interesting when this event is fired - when the user leaves the first tab or when she comes back. On Wed, Oct 19, 2011 at 12:48 AM, Gaetan Zoritchak g.zoritc...@moncoachfinance.com wrote: The problems occurs under chrome, safari and wicket 1.5. Scenario with an AjaxEditableLabel : 1. The user puts the focus on the AjaxEditableLabel and edit the field. 2. Without focusing out of the editable label, the user clicks on another tab of chrome. = the value is not put in the model. Scenario with an AjaxEditableMultiLineLabel : 1. The user puts the focus on the AjaxEditableMultiLineLabel and edit the field. 2. Without focusing out of the editable label, the user clicks on another tab of chrome. = coming back to the first tab, the browser shows an Access Denied Page. The log shows the warn : WARN - RequestListenerInterface - behavior not enabled; ignore call. Behavior org.apache.wicket.extensions.ajax.markup.html.AjaxEditableMultiLineLabel$5@18fa85 at component [ [Component id = editor]] After some debugs it appears that under chrome the call on isVisibleInHierarchie() returns false. These scenario were ok with wicket 1.4 Gaetan, - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
AW: Access Denied with AjaxEditableLabel ant AjaxEditableMultiLineLabel under chrome and safari #wicket1.5
I still doesn't understand how wicket is able to know that the component is not visible in the browser. We don't understand this either. Could you create a quickstart? Sven -Ursprüngliche Nachricht- Von: Gaetan Zoritchak [mailto:g.zoritc...@moncoachfinance.com] Gesendet: Donnerstag, 20. Oktober 2011 15:18 An: users@wicket.apache.org Betreff: Re: Access Denied with AjaxEditableLabel ant AjaxEditableMultiLineLabel under chrome and safari #wicket1.5 Thank you, It's working but the code is quite ugly (lot of duplication just to override the canCallListenerInterface() ). I still doesn't understand how wicket is able to know that the component is not visible in the browser. Furthermore, I find problematic the fact that the behavior depends on the browser implementation. Gaetan, 2011/10/20 Martin Grigorov mgrigo...@apache.org There is an improvement in Wicket 1.5 to not allow execution of invisible component or even worse on disabled behavior for security reasons. It is possible to extend AjaxEditableLabel and configure it to allow such executions. Override org.apache.wicket.extensions.ajax.markup.html.AjaxEditableLabel.newEditor(Ma rkupContainer, String, IModelT) and instead of adding org.apache.wicket.extensions.ajax.markup.html.AjaxEditableLabel.EditorAjaxBe havior you'll have to extend that Behavior and override its org.apache.wicket.behavior.Behavior.canCallListenerInterface(Component) On Thu, Oct 20, 2011 at 10:44 AM, Gaetan Zoritchak g.zoritc...@moncoachfinance.com wrote: So is it a bug or a regression (because it was working on W1.4)? Even, if the event is fired when leaving the tab, I don't understand why the server reacts differently. How can it knows that the component isn't visible anymoree??? Should I drop all these widget from my app? We use them a lot in my backoffice app. Gaetan, 2011/10/19 Martin Grigorov mgrigo...@apache.org Hi, The EditableLabel's editor (the text field/area) saves the value on 'blur' event. It is interesting when this event is fired - when the user leaves the first tab or when she comes back. On Wed, Oct 19, 2011 at 12:48 AM, Gaetan Zoritchak g.zoritc...@moncoachfinance.com wrote: The problems occurs under chrome, safari and wicket 1.5. Scenario with an AjaxEditableLabel : 1. The user puts the focus on the AjaxEditableLabel and edit the field. 2. Without focusing out of the editable label, the user clicks on another tab of chrome. = the value is not put in the model. Scenario with an AjaxEditableMultiLineLabel : 1. The user puts the focus on the AjaxEditableMultiLineLabel and edit the field. 2. Without focusing out of the editable label, the user clicks on another tab of chrome. = coming back to the first tab, the browser shows an Access Denied Page. The log shows the warn : WARN - RequestListenerInterface - behavior not enabled; ignore call. Behavior org.apache.wicket.extensions.ajax.markup.html.AjaxEditableMultiLineLabel$5@1 8fa85 at component [ [Component id = editor]] After some debugs it appears that under chrome the call on isVisibleInHierarchie() returns false. These scenario were ok with wicket 1.4 Gaetan, - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Access Denied with AjaxEditableLabel ant AjaxEditableMultiLineLabel under chrome and safari #wicket1.5
Hi, The EditableLabel's editor (the text field/area) saves the value on 'blur' event. It is interesting when this event is fired - when the user leaves the first tab or when she comes back. On Wed, Oct 19, 2011 at 12:48 AM, Gaetan Zoritchak g.zoritc...@moncoachfinance.com wrote: The problems occurs under chrome, safari and wicket 1.5. Scenario with an AjaxEditableLabel : 1. The user puts the focus on the AjaxEditableLabel and edit the field. 2. Without focusing out of the editable label, the user clicks on another tab of chrome. = the value is not put in the model. Scenario with an AjaxEditableMultiLineLabel : 1. The user puts the focus on the AjaxEditableMultiLineLabel and edit the field. 2. Without focusing out of the editable label, the user clicks on another tab of chrome. = coming back to the first tab, the browser shows an Access Denied Page. The log shows the warn : WARN - RequestListenerInterface - behavior not enabled; ignore call. Behavior org.apache.wicket.extensions.ajax.markup.html.AjaxEditableMultiLineLabel$5@18fa85 at component [ [Component id = editor]] After some debugs it appears that under chrome the call on isVisibleInHierarchie() returns false. These scenario were ok with wicket 1.4 Gaetan, - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Access denied page shows
Hi, Im not familiar with the wicket. I don't undestand why my project's SecureWebPage work occasionally. It throws access denied page. All should be ok. Is it in my development enviroment? I working with m2eclipse. t. jussi
SV: More than one access denied page
I would like to have two access denied pages according to some parameters. Is this possible? In your implementation of IUnauthorizedComponentInstantiationListener check for the parameters (e.g. placed into the request or the like) and set a different responsepage or redirect to a different page based on this. - Tor Iver - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: More than one access denied page
I implemented the interface you mention on my own xxxAuthorizationStrategy, but It doesnt work. I think this is because the user isnt authenticated and he is trying to access a protected page. On Tue, Jan 5, 2010 at 7:50 AM, Wilhelmsen Tor Iver toriv...@arrive.nowrote: I would like to have two access denied pages according to some parameters. Is this possible? In your implementation of IUnauthorizedComponentInstantiationListener check for the parameters (e.g. placed into the request or the like) and set a different responsepage or redirect to a different page based on this. - Tor Iver - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Fernando Wermus. www.linkedin.com/in/fernandowermus
More than one access denied page
I would like to have two access denied pages according to some parameters. Is this possible? -- Fernando Wermus. www.linkedin.com/in/fernandowermus
Re: More than one access denied page
what causes the page to be displayed? -igor On Mon, Jan 4, 2010 at 1:43 PM, Fernando Wermus fernando.wer...@gmail.com wrote: I would like to have two access denied pages according to some parameters. Is this possible? -- Fernando Wermus. www.linkedin.com/in/fernandowermus - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Swarm: SecureWebPage Access denied Message
On Thu, May 29, 2008 at 12:57 AM, Monica D'Arcy [EMAIL PROTECTED] wrote: Hello, I am currently trying to implement some authorization/authentication using SWARM and am running into some problems. After Logging on with a class that extends the UsernamePasswordContext class, I attempt to redirect to a secure page (a page that extends SecureWebPage). At login, I create a DefaultSubject, and add a SimplePrincipal with admin permissions (if appropriate) to the DefaultSubject. I get the Access Denied page regardless of whether I am the correct user (admin) and should therefore be authorized to view the page or am not an authorized user. I had also tried something similar with the SecurePageLink. The link is never rendered regardless of whether all users are granted permission to view the link, the correct user is logged on, or an unauthorized user is logged on. My very basic understanding of logging in to view a secureWebPage via SWARM is as follows: 1) application must extend SwarmWebApplication (following instructions listed @ http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm) 2) create a class that extends UsernamePasswordContext which is created when attempting to logon Or extend LoginContext and implement your own authentication. 3) there is a hive file that delineates which permissions are associated with which principals??? Each principal that can be assigned to a user/subject should be specified in a hive file (aka policy file) Each principal holds one or more permissions for pages/components/data/ whatever you can think of. 4) when logging on, a Subject is created and a principal is given to that subject One or more. 5) pages that are to be secure extend SecureWebPage Or implement ISecurePage, SecureWebPage is just a default implementation. Is there something very basic I am missing here? I apologize if this is an ignorant question... I am very new to the wicket Swarm scene. Any help would be greatly appreciated. Below is what appears in my hive file grant principal org.apache.wicket.security.hive.authorization.SimplePrincipal admin { permission org.apache.wicket.security.hive.authorization.permissions.ComponentPermission ${cnv}.MyCNV, inherit, render; permission org.apache.wicket.security.hive.authorization.permissions.ComponentPermission ${cnv}.MyCNV, enable; }; Like Gabriel said, ${cnv}.MyCNV should be quoted like this ${cnv}.MyCNV Also you can shorten the line a bit by using ${ComponentPermission} instead of org.apache.wicket.security.hive.authorization.permissions.ComponentPermission So optimally your file looks like this: grant principal org.apache.wicket.security.hive.authorization.SimplePrincipal admin { permission ${ComponentPermission} ${cnv}.MyCNV, inherit, render; permission ${ComponentPermission} ${cnv}.MyCNV, enable; }; The enable permission is used by your SecurePageLink, the render permission for rendering the page. Maurice - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Swarm: SecureWebPage Access denied Message
Thanks Maurice and Gabriel... it was a matter of missing quotes!!! On May 29, 2008, at 2:47 AM, Maurice Marrink wrote: On Thu, May 29, 2008 at 12:57 AM, Monica D'Arcy [EMAIL PROTECTED] wrote: Hello, I am currently trying to implement some authorization/ authentication using SWARM and am running into some problems. After Logging on with a class that extends the UsernamePasswordContext class, I attempt to redirect to a secure page (a page that extends SecureWebPage). At login, I create a DefaultSubject, and add a SimplePrincipal with admin permissions (if appropriate) to the DefaultSubject. I get the Access Denied page regardless of whether I am the correct user (admin) and should therefore be authorized to view the page or am not an authorized user. I had also tried something similar with the SecurePageLink. The link is never rendered regardless of whether all users are granted permission to view the link, the correct user is logged on, or an unauthorized user is logged on. My very basic understanding of logging in to view a secureWebPage via SWARM is as follows: 1) application must extend SwarmWebApplication (following instructions listed @ http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started +with+Swarm) 2) create a class that extends UsernamePasswordContext which is created when attempting to logon Or extend LoginContext and implement your own authentication. 3) there is a hive file that delineates which permissions are associated with which principals??? Each principal that can be assigned to a user/subject should be specified in a hive file (aka policy file) Each principal holds one or more permissions for pages/components/data/ whatever you can think of. 4) when logging on, a Subject is created and a principal is given to that subject One or more. 5) pages that are to be secure extend SecureWebPage Or implement ISecurePage, SecureWebPage is just a default implementation. Is there something very basic I am missing here? I apologize if this is an ignorant question... I am very new to the wicket Swarm scene. Any help would be greatly appreciated. Below is what appears in my hive file grant principal org.apache.wicket.security.hive.authorization.SimplePrincipal admin { permission org.apache.wicket.security.hive.authorization.permissions.ComponentPe rmission ${cnv}.MyCNV, inherit, render; permission org.apache.wicket.security.hive.authorization.permissions.ComponentPe rmission ${cnv}.MyCNV, enable; }; Like Gabriel said, ${cnv}.MyCNV should be quoted like this $ {cnv}.MyCNV Also you can shorten the line a bit by using ${ComponentPermission} instead of org.apache.wicket.security.hive.authorization.permissions.ComponentPer mission So optimally your file looks like this: grant principal org.apache.wicket.security.hive.authorization.SimplePrincipal admin { permission ${ComponentPermission} ${cnv}.MyCNV, inherit, render; permission ${ComponentPermission} ${cnv}.MyCNV, enable; }; The enable permission is used by your SecurePageLink, the render permission for rendering the page. Maurice - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Swarm: SecureWebPage Access denied Message
Hello, I am currently trying to implement some authorization/authentication using SWARM and am running into some problems. After Logging on with a class that extends the UsernamePasswordContext class, I attempt to redirect to a secure page (a page that extends SecureWebPage). At login, I create a DefaultSubject, and add a SimplePrincipal with admin permissions (if appropriate) to the DefaultSubject. I get the Access Denied page regardless of whether I am the correct user (admin) and should therefore be authorized to view the page or am not an authorized user. I had also tried something similar with the SecurePageLink. The link is never rendered regardless of whether all users are granted permission to view the link, the correct user is logged on, or an unauthorized user is logged on. My very basic understanding of logging in to view a secureWebPage via SWARM is as follows: 1) application must extend SwarmWebApplication (following instructions listed @ http://wicketstuff.org/confluence/display/ STUFFWIKI/Getting+started+with+Swarm) 2) create a class that extends UsernamePasswordContext which is created when attempting to logon 3) there is a hive file that delineates which permissions are associated with which principals??? 4) when logging on, a Subject is created and a principal is given to that subject 5) pages that are to be secure extend SecureWebPage Is there something very basic I am missing here? I apologize if this is an ignorant question... I am very new to the wicket Swarm scene. Any help would be greatly appreciated. Below is what appears in my hive file grant principal org.apache.wicket.security.hive.authorization.SimplePrincipal admin { permission org.apache.wicket.security.hive.authorization.permissions.ComponentPermi ssion ${cnv}.MyCNV, inherit, render; permission org.apache.wicket.security.hive.authorization.permissions.ComponentPermi ssion ${cnv}.MyCNV, enable; }; - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Swarm: SecureWebPage Access denied Message
hi, to check if the policy file is loaded correctly, set the loglevel of org.apache.wicket.security.hive to DEBUG check if you have any 'skipping line' when you start your application what i think is missing in your policy file is a arount your page permission org.apache.wicket.security.hive.authorization.permissions.ComponentPermission ${cnv}.MyCNV, inherit, render; cheers gab Monica D'Arcy wrote: Hello, I am currently trying to implement some authorization/authentication using SWARM and am running into some problems. After Logging on with a class that extends the UsernamePasswordContext class, I attempt to redirect to a secure page (a page that extends SecureWebPage). At login, I create a DefaultSubject, and add a SimplePrincipal with admin permissions (if appropriate) to the DefaultSubject. I get the Access Denied page regardless of whether I am the correct user (admin) and should therefore be authorized to view the page or am not an authorized user. I had also tried something similar with the SecurePageLink. The link is never rendered regardless of whether all users are granted permission to view the link, the correct user is logged on, or an unauthorized user is logged on. My very basic understanding of logging in to view a secureWebPage via SWARM is as follows: 1) application must extend SwarmWebApplication (following instructions listed @ http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm) 2) create a class that extends UsernamePasswordContext which is created when attempting to logon 3) there is a hive file that delineates which permissions are associated with which principals??? 4) when logging on, a Subject is created and a principal is given to that subject 5) pages that are to be secure extend SecureWebPage Is there something very basic I am missing here? I apologize if this is an ignorant question... I am very new to the wicket Swarm scene. Any help would be greatly appreciated. Below is what appears in my hive file grant principal org.apache.wicket.security.hive.authorization.SimplePrincipal admin { permission org.apache.wicket.security.hive.authorization.permissions.ComponentPermission ${cnv}.MyCNV, inherit, render; permission org.apache.wicket.security.hive.authorization.permissions.ComponentPermission ${cnv}.MyCNV, enable; }; - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] !DSPAM:483ddf8354671222944467! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: wicket-security Custom Access Denied Page
Just finished testing your classes using my 1.3.1 development code and both your way and my way work, as it should. I don't get why using the permission instead of the permission name does not work for you. I did however just think of 1 caveat in using the permission name instead of the permission. This might not be relevant for you (since you have a very small policy file), but if anybody else is following this thread it might be relevant to them. If your policy file contains a principal foo with action render for principal p1 and a permission foo with action enable for principal p2 your hive will return both principals p1 and p2 eventhough you did hive.getPrincipals(new ...Permission(foo,enable). In this scenario it should only return p2 and not p1. Maurice On Feb 16, 2008 1:53 PM, Maurice Marrink [EMAIL PROTECTED] wrote: On Feb 15, 2008 6:38 PM, Warren [EMAIL PROTECTED] wrote: Maurice, Here is my SimpleCachingHive and my Principal. I did not extend Permissin, I didn't think I had to. I pretty much based my implementation on you tabs example minus the tabs. Should I extend Permission and override hashCode() and equals(Object obj). And if I do, how do I force my hive to use my extended Permission? No you don't have to extend permission, it is optional. You could for example create a ResourcePermission to check for permissions on file uploads or downloads. For example: permission org.ResourcePermission /*.*, read, write; //enables write permission on the root and every subdir Your hive would not have to have explicit knowledge of this new permission, it is sufficient if you declare it in your policy file and in an ISecurityCheck do something like SwarmStrategy.hasPermission(new ResourcePermission(/somefile.file)); Anyway moving away from this theoretical exercise and to your problem. Your principal looks fine, if i have some time I'll try and run it myself. One small difference i noticed (which should have no impact at all) is you also use the class to generate the hash and in my simpleprincipal i don't. But like i said this should not matter at all. Maurice - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: wicket-security Custom Access Denied Page
Maurice, Can you show me your code? I would rather do it your way than mine. My policy file will be much more complicated than the one I am testing with. -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Sunday, February 17, 2008 6:27 AM To: users@wicket.apache.org Subject: Re: wicket-security Custom Access Denied Page Just finished testing your classes using my 1.3.1 development code and both your way and my way work, as it should. I don't get why using the permission instead of the permission name does not work for you. I did however just think of 1 caveat in using the permission name instead of the permission. This might not be relevant for you (since you have a very small policy file), but if anybody else is following this thread it might be relevant to them. If your policy file contains a principal foo with action render for principal p1 and a permission foo with action enable for principal p2 your hive will return both principals p1 and p2 eventhough you did hive.getPrincipals(new ...Permission(foo,enable). In this scenario it should only return p2 and not p1. Maurice On Feb 16, 2008 1:53 PM, Maurice Marrink [EMAIL PROTECTED] wrote: On Feb 15, 2008 6:38 PM, Warren [EMAIL PROTECTED] wrote: Maurice, Here is my SimpleCachingHive and my Principal. I did not extend Permissin, I didn't think I had to. I pretty much based my implementation on you tabs example minus the tabs. Should I extend Permission and override hashCode() and equals(Object obj). And if I do, how do I force my hive to use my extended Permission? No you don't have to extend permission, it is optional. You could for example create a ResourcePermission to check for permissions on file uploads or downloads. For example: permission org.ResourcePermission /*.*, read, write; //enables write permission on the root and every subdir Your hive would not have to have explicit knowledge of this new permission, it is sufficient if you declare it in your policy file and in an ISecurityCheck do something like SwarmStrategy.hasPermission(new ResourcePermission(/somefile.file)); Anyway moving away from this theoretical exercise and to your problem. Your principal looks fine, if i have some time I'll try and run it myself. One small difference i noticed (which should have no impact at all) is you also use the class to generate the hash and in my simpleprincipal i don't. But like i said this should not matter at all. Maurice - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: wicket-security Custom Access Denied Page
On Feb 15, 2008 6:38 PM, Warren [EMAIL PROTECTED] wrote: Maurice, Here is my SimpleCachingHive and my Principal. I did not extend Permissin, I didn't think I had to. I pretty much based my implementation on you tabs example minus the tabs. Should I extend Permission and override hashCode() and equals(Object obj). And if I do, how do I force my hive to use my extended Permission? No you don't have to extend permission, it is optional. You could for example create a ResourcePermission to check for permissions on file uploads or downloads. For example: permission org.ResourcePermission /*.*, read, write; //enables write permission on the root and every subdir Your hive would not have to have explicit knowledge of this new permission, it is sufficient if you declare it in your policy file and in an ISecurityCheck do something like SwarmStrategy.hasPermission(new ResourcePermission(/somefile.file)); Anyway moving away from this theoretical exercise and to your problem. Your principal looks fine, if i have some time I'll try and run it myself. One small difference i noticed (which should have no impact at all) is you also use the class to generate the hash and in my simpleprincipal i don't. But like i said this should not matter at all. Maurice - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: wicket-security Custom Access Denied Page
That is very strange, it should work doing it your way but my way should work too since that is exactly what the hive itself is doing. It might be caused by the equal or hashcode of your permission / principal but then the authorization by the hive should fail too. Would you mind pasting your principal and permission class here? The hive file should not matter but could you paste it too. Thanks, Maurice On Fri, Feb 15, 2008 at 4:14 AM, Warren [EMAIL PROTECTED] wrote: Maurice, I had to make some changes in order for it to work. I added the Permission names to the ManyToManyMap instead of the Permission itself and then query the map by the Permission name. It would not return any Principals the original way. The hive file I am testing with only has three Principals with one Permission each. Will there be a problem doing it this way? Other than that it seems to be working ok. I am doing this: public void addPrincipal(Principal principal, Collection permissions) { super.addPrincipal(principal, permissions); boolean debug = log.isDebugEnabled(); Iterator iterator = permissions.iterator(); Permission permission = null; while (iterator.hasNext()) { permission = (Permission)iterator.next(); hivePrincipalsAndPermissions.add(permission.getName(), principal); } } public void addPermission(Principal principal, Permission permission) { super.addPermission(principal, permission); hivePrincipalsAndPermissions.add(permission.getName(), principal); } public SetPrincipal getPrincipals(Permission p) { return hivePrincipalsAndPermissions.get(p.getName()); } Instead of this: public void addPrincipal(Principal principal, Collection permissions) { super.addPrincipal(principal, permissions); boolean debug = log.isDebugEnabled(); Iterator iterator = permissions.iterator(); Permission permission = null; while (iterator.hasNext()) { permission = (Permission)iterator.next(); hivePrincipalsAndPermissions.add(permission, principal); } } public void addPermission(Principal principal, Permission permission) { super.addPermission(principal, permission); hivePrincipalsAndPermissions.add(permission, principal); } public SetPrincipal getPrincipals(Permission p) { return hivePrincipalsAndPermissions.get(p); } Thanks, -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Thursday, February 14, 2008 11:37 AM To: users@wicket.apache.org Subject: Re: wicket-security Custom Access Denied Page Nope, you are correct. My mind must have been on vacation when i wrote that :) Sorry for the confusion. Maurice On Thu, Feb 14, 2008 at 8:32 PM, Warren [EMAIL PROTECTED] wrote: Maurice, When you say: Also don't forget to filter the principals from the hive with the principals contained in your subject. you are only interested in the principals not contained in your hive. Haven't we allready done that when we check if the permission has failed when the super.hasPermission(...) returns false. And when we call ((MySimpleCachingHive)getHive()).getPrincipals(p) we are going to get all the Principals that have the Permission p in it from the hive that do not belong to the Subject since that Permission has allready been checked to see if it belongs to a Principal that belongs to the Subect in the super.hasPermission(...). Or am I missing how this all works? -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Thursday, February 14, 2008 10:49 AM To: users@wicket.apache.org Subject: Re: wicket-security Custom Access Denied Page On Thu, Feb 14, 2008 at 7:13 PM, Warren [EMAIL PROTECTED] wrote: Maurice, I have a couple more questions. In my MySwarmStrategy hasPermission(...) method I only have to look up the principals that have the denied permission in them, correct? Correct Here is my overide hasPermission(...) method: public boolean hasPermission(Permission p) { if (!super.hasPermission(p)) { if (getHive().getClass().isInstance(MySimpleCachingHive.class
RE: wicket-security Custom Access Denied Page
Subject: Re: wicket-security Custom Access Denied Page That is very strange, it should work doing it your way but my way should work too since that is exactly what the hive itself is doing. It might be caused by the equal or hashcode of your permission / principal but then the authorization by the hive should fail too. Would you mind pasting your principal and permission class here? The hive file should not matter but could you paste it too. Thanks, Maurice On Fri, Feb 15, 2008 at 4:14 AM, Warren [EMAIL PROTECTED] wrote: Maurice, I had to make some changes in order for it to work. I added the Permission names to the ManyToManyMap instead of the Permission itself and then query the map by the Permission name. It would not return any Principals the original way. The hive file I am testing with only has three Principals with one Permission each. Will there be a problem doing it this way? Other than that it seems to be working ok. I am doing this: public void addPrincipal(Principal principal, Collection permissions) { super.addPrincipal(principal, permissions); boolean debug = log.isDebugEnabled(); Iterator iterator = permissions.iterator(); Permission permission = null; while (iterator.hasNext()) { permission = (Permission)iterator.next(); hivePrincipalsAndPermissions.add(permission.getName(), principal); } } public void addPermission(Principal principal, Permission permission) { super.addPermission(principal, permission); hivePrincipalsAndPermissions.add(permission.getName(), principal); } public SetPrincipal getPrincipals(Permission p) { return hivePrincipalsAndPermissions.get(p.getName()); } Instead of this: public void addPrincipal(Principal principal, Collection permissions) { super.addPrincipal(principal, permissions); boolean debug = log.isDebugEnabled(); Iterator iterator = permissions.iterator(); Permission permission = null; while (iterator.hasNext()) { permission = (Permission)iterator.next(); hivePrincipalsAndPermissions.add(permission, principal); } } public void addPermission(Principal principal, Permission permission) { super.addPermission(principal, permission); hivePrincipalsAndPermissions.add(permission, principal); } public SetPrincipal getPrincipals(Permission p) { return hivePrincipalsAndPermissions.get(p); } Thanks, -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Thursday, February 14, 2008 11:37 AM To: users@wicket.apache.org Subject: Re: wicket-security Custom Access Denied Page Nope, you are correct. My mind must have been on vacation when i wrote that :) Sorry for the confusion. Maurice On Thu, Feb 14, 2008 at 8:32 PM, Warren [EMAIL PROTECTED] wrote: Maurice, When you say: Also don't forget to filter the principals from the hive with the principals contained in your subject. you are only interested in the principals not contained in your hive. Haven't we allready done that when we check if the permission has failed when the super.hasPermission(...) returns false. And when we call ((MySimpleCachingHive)getHive()).getPrincipals(p) we are going to get all the Principals that have the Permission p in it from the hive that do not belong to the Subject since that Permission has allready been checked to see if it belongs to a Principal that belongs to the Subect in the super.hasPermission(...). Or am I missing how this all works? -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Thursday, February 14, 2008 10:49 AM To: users@wicket.apache.org Subject: Re: wicket-security Custom Access Denied Page On Thu, Feb 14, 2008 at 7:13 PM, Warren [EMAIL PROTECTED] wrote: Maurice, I have a couple more questions. In my MySwarmStrategy hasPermission(...) method I only have to look up the principals that have the denied permission in them, correct? Correct Here is my overide hasPermission(...) method: public boolean hasPermission(Permission p) { if (!super.hasPermission
RE: wicket-security Custom Access Denied Page
Maurice, I have a couple more questions. In my MySwarmStrategy hasPermission(...) method I only have to look up the principals that have the denied permission in them, correct? Here is my overide hasPermission(...) method: public boolean hasPermission(Permission p) { if (!super.hasPermission(p)) { if (getHive().getClass().isInstance(MySimpleCachingHive.class)) { SetPrincipal hivePrincipals = ((MySimpleCachingHive)getHive()).getPrincipals(p); // Place Set of Principals in the requestcycle or should I just place the Principal names in // requestcycle ? } return false; } return true; } I had to copy the whole PolicyFileHiveFactory I don't think I could get to private Set inputStreams or private Set inputReaders correctly. Here is my createHive() method: public Hive createHive() { BasicHive hive; if (isUsingHiveCache()) hive = new MySimpleCachingHive(); else hive = new BasicHive(); ... } I only changed the one line above. In my app I am doing this: MyPolicyFileHiveFactory factory = new MyPolicyFileHiveFactory(); factory.useHiveCache(true); Will the line above make sure that my MySimpleCachingHive will be used or is it possible for useHiveCache(false) to be used somewhere else? Last question. I am not quite sure what to do in MySimpleCachingHive. I know this is an unrelated question, but I am not sure how to use your ManyToManyMap. I also am not sure when the addPrincipal(...) and addPermission(...) methods are called. Do one or the other get called per Principal that is in the hive? And, will I Load up the ManyToManyMap within these two methods ending up with this ManyToManyMap that will have all the Pricipals of the hive with their associated Permissions in them? Here is my MySimpleCachingHive: public class MySimpleCachingHive extends SimpleCachingHive { ... private ManyToManyMap hivePrincipalsAndPermissions; public void addPrincipal(Principal principal, Collection permissions) { super.addPrincipal(principal, permissions); // Load hivePrincipalsAndPermissions ? } public void addPermission(Principal principal, Permission permission) { super.addPermission(principal, permission); // Load hivePrincipalsAndPermissions ? } public SetPrincipal getPrincipals(Permission p) { // Return Set of Principals related to permission } } Thank you for your time, you have been a great help. Warren, -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 13, 2008 11:57 PM To: users@wicket.apache.org Subject: Re: wicket-security Custom Access Denied Page Use cache is default true (i think by the constructor but i don't have the code with me right now) So you don't have to worry about that. Maurice thod On Thu, Feb 14, 2008 at 4:04 AM, Warren [EMAIL PROTECTED] wrote: I have started implementing your sugestions and I have a question. When I overide the method createHive() in PolicyFileHiveFactory do I need to set useHiveCache(true) if I am extending SimpleCachingHive. public Hive createHive() { // Do I need to do this super.useHiveCache(true); BasicHive hive = new MySimpleCachingHive(); ... } Or should I set this method in my app after I create the factory. MyPolicyFileHiveFactory factory = new MyPolicyFileHiveFactory(); factory.useHiveCache(true); Or should I even worry about this? -Original Message- From: Warren [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 13, 2008 4:30 PM To: users@wicket.apache.org Subject: RE: wicket-security Custom Access Denied Page I think I am following your example correctly. What I will end up with is the names of one or more principals that have the permission that was denied. Those one or more principals will not belong to the current subject. Then I can use the names of those principals to construct a message. You could end up with a permission that does not belong to any principal. Strike that, that would mean that no one would be able to access that component. I will give this a try. I am sure I will have more questions. Thanks, -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 13, 2008 2:56 PM To: users@wicket.apache.org
Re: wicket-security Custom Access Denied Page
On Thu, Feb 14, 2008 at 7:13 PM, Warren [EMAIL PROTECTED] wrote: Maurice, I have a couple more questions. In my MySwarmStrategy hasPermission(...) method I only have to look up the principals that have the denied permission in them, correct? Correct Here is my overide hasPermission(...) method: public boolean hasPermission(Permission p) { if (!super.hasPermission(p)) { if (getHive().getClass().isInstance(MySimpleCachingHive.class)) { SetPrincipal hivePrincipals = ((MySimpleCachingHive)getHive()).getPrincipals(p); // Place Set of Principals in the requestcycle or should I just place the Principal names in // requestcycle ? This depends on how much information you want to use in your accessdenied page if the name is all you need then by all means just pass the names. Also don't forget to filter the principals from the hive with the principals contained in your subject. you are only interested in the principals not contained in your hive. } return false; } return true; } I had to copy the whole PolicyFileHiveFactory I don't think I could get to private Set inputStreams or private Set inputReaders correctly. There are getStreams and getReaders methods but they return a read only view and thus will not allow you to clear them, ok. Here is my createHive() method: public Hive createHive() { BasicHive hive; if (isUsingHiveCache()) hive = new MySimpleCachingHive(); else hive = new BasicHive(); ... } I only changed the one line above. In my app I am doing this: MyPolicyFileHiveFactory factory = new MyPolicyFileHiveFactory(); factory.useHiveCache(true); Will the line above make sure that my MySimpleCachingHive will be used or is it possible for useHiveCache(false) to be used somewhere else? This will do fine, remember you are the only one in control of the policy factory. As soon as you pass it to HiveMind.registerHive the createHive method is called, after that it is discarded. BTW the default setting for useCache is true, but it does not hurt to explicitly set it. Last question. I am not quite sure what to do in MySimpleCachingHive. I know this is an unrelated question, but I am not sure how to use your ManyToManyMap. I also am not sure when the addPrincipal(...) and addPermission(...) methods are called. Do one or the other get called per Principal that is in the hive? And, will I Load up the ManyToManyMap within these two methods ending up with this ManyToManyMap that will have all the Pricipals of the hive with their associated Permissions in them? Either or both are called once or multiple times for each principal, depending on how your policy is set up. Anyway it does not matter how often each method is called since the ManyToManyMap will fold everything together for you. Here is my MySimpleCachingHive: public class MySimpleCachingHive extends SimpleCachingHive { ... private ManyToManyMap hivePrincipalsAndPermissions; public void addPrincipal(Principal principal, Collection permissions) { super.addPrincipal(principal, permissions); // Load hivePrincipalsAndPermissions ? Iterator it = permissions.iterator(); Permission next = null; boolean debug = log.isDebugEnabled(); while (it.hasNext()) { next = (Permission)it.next(); hivePrincipalsAndPermissions.add(next, principal); } } public void addPermission(Principal principal, Permission permission) { super.addPermission(principal, permission); // Load hivePrincipalsAndPermissions ? hivePrincipalsAndPermissions .add(permission, principal); } public SetPrincipal getPrincipals(Permission p) { // Return Set of Principals related to permission return hivePrincipalsAndPermissions.get(p) } } Maurice - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: wicket-security Custom Access Denied Page
Maurice, When you say: Also don't forget to filter the principals from the hive with the principals contained in your subject. you are only interested in the principals not contained in your hive. Haven't we allready done that when we check if the permission has failed when the super.hasPermission(...) returns false. And when we call ((MySimpleCachingHive)getHive()).getPrincipals(p) we are going to get all the Principals that have the Permission p in it from the hive that do not belong to the Subject since that Permission has allready been checked to see if it belongs to a Principal that belongs to the Subect in the super.hasPermission(...). Or am I missing how this all works? -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Thursday, February 14, 2008 10:49 AM To: users@wicket.apache.org Subject: Re: wicket-security Custom Access Denied Page On Thu, Feb 14, 2008 at 7:13 PM, Warren [EMAIL PROTECTED] wrote: Maurice, I have a couple more questions. In my MySwarmStrategy hasPermission(...) method I only have to look up the principals that have the denied permission in them, correct? Correct Here is my overide hasPermission(...) method: public boolean hasPermission(Permission p) { if (!super.hasPermission(p)) { if (getHive().getClass().isInstance(MySimpleCachingHive.class)) { SetPrincipal hivePrincipals = ((MySimpleCachingHive)getHive()).getPrincipals(p); // Place Set of Principals in the requestcycle or should I just place the Principal names in // requestcycle ? This depends on how much information you want to use in your accessdenied page if the name is all you need then by all means just pass the names. Also don't forget to filter the principals from the hive with the principals contained in your subject. you are only interested in the principals not contained in your hive. } return false; } return true; } I had to copy the whole PolicyFileHiveFactory I don't think I could get to private Set inputStreams or private Set inputReaders correctly. There are getStreams and getReaders methods but they return a read only view and thus will not allow you to clear them, ok. Here is my createHive() method: public Hive createHive() { BasicHive hive; if (isUsingHiveCache()) hive = new MySimpleCachingHive(); else hive = new BasicHive(); ... } I only changed the one line above. In my app I am doing this: MyPolicyFileHiveFactory factory = new MyPolicyFileHiveFactory(); factory.useHiveCache(true); Will the line above make sure that my MySimpleCachingHive will be used or is it possible for useHiveCache(false) to be used somewhere else? This will do fine, remember you are the only one in control of the policy factory. As soon as you pass it to HiveMind.registerHive the createHive method is called, after that it is discarded. BTW the default setting for useCache is true, but it does not hurt to explicitly set it. Last question. I am not quite sure what to do in MySimpleCachingHive. I know this is an unrelated question, but I am not sure how to use your ManyToManyMap. I also am not sure when the addPrincipal(...) and addPermission(...) methods are called. Do one or the other get called per Principal that is in the hive? And, will I Load up the ManyToManyMap within these two methods ending up with this ManyToManyMap that will have all the Pricipals of the hive with their associated Permissions in them? Either or both are called once or multiple times for each principal, depending on how your policy is set up. Anyway it does not matter how often each method is called since the ManyToManyMap will fold everything together for you. Here is my MySimpleCachingHive: public class MySimpleCachingHive extends SimpleCachingHive { ... private ManyToManyMap hivePrincipalsAndPermissions; public void addPrincipal(Principal principal, Collection permissions) { super.addPrincipal(principal, permissions); // Load hivePrincipalsAndPermissions ? Iterator it = permissions.iterator(); Permission next = null; boolean debug = log.isDebugEnabled(); while (it.hasNext()) { next = (Permission)it.next(); hivePrincipalsAndPermissions.add(next, principal); } } public void
Re: wicket-security Custom Access Denied Page
Nope, you are correct. My mind must have been on vacation when i wrote that :) Sorry for the confusion. Maurice On Thu, Feb 14, 2008 at 8:32 PM, Warren [EMAIL PROTECTED] wrote: Maurice, When you say: Also don't forget to filter the principals from the hive with the principals contained in your subject. you are only interested in the principals not contained in your hive. Haven't we allready done that when we check if the permission has failed when the super.hasPermission(...) returns false. And when we call ((MySimpleCachingHive)getHive()).getPrincipals(p) we are going to get all the Principals that have the Permission p in it from the hive that do not belong to the Subject since that Permission has allready been checked to see if it belongs to a Principal that belongs to the Subect in the super.hasPermission(...). Or am I missing how this all works? -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Thursday, February 14, 2008 10:49 AM To: users@wicket.apache.org Subject: Re: wicket-security Custom Access Denied Page On Thu, Feb 14, 2008 at 7:13 PM, Warren [EMAIL PROTECTED] wrote: Maurice, I have a couple more questions. In my MySwarmStrategy hasPermission(...) method I only have to look up the principals that have the denied permission in them, correct? Correct Here is my overide hasPermission(...) method: public boolean hasPermission(Permission p) { if (!super.hasPermission(p)) { if (getHive().getClass().isInstance(MySimpleCachingHive.class)) { SetPrincipal hivePrincipals = ((MySimpleCachingHive)getHive()).getPrincipals(p); // Place Set of Principals in the requestcycle or should I just place the Principal names in // requestcycle ? This depends on how much information you want to use in your accessdenied page if the name is all you need then by all means just pass the names. Also don't forget to filter the principals from the hive with the principals contained in your subject. you are only interested in the principals not contained in your hive. } return false; } return true; } I had to copy the whole PolicyFileHiveFactory I don't think I could get to private Set inputStreams or private Set inputReaders correctly. There are getStreams and getReaders methods but they return a read only view and thus will not allow you to clear them, ok. Here is my createHive() method: public Hive createHive() { BasicHive hive; if (isUsingHiveCache()) hive = new MySimpleCachingHive(); else hive = new BasicHive(); ... } I only changed the one line above. In my app I am doing this: MyPolicyFileHiveFactory factory = new MyPolicyFileHiveFactory(); factory.useHiveCache(true); Will the line above make sure that my MySimpleCachingHive will be used or is it possible for useHiveCache(false) to be used somewhere else? This will do fine, remember you are the only one in control of the policy factory. As soon as you pass it to HiveMind.registerHive the createHive method is called, after that it is discarded. BTW the default setting for useCache is true, but it does not hurt to explicitly set it. Last question. I am not quite sure what to do in MySimpleCachingHive. I know this is an unrelated question, but I am not sure how to use your ManyToManyMap. I also am not sure when the addPrincipal(...) and addPermission(...) methods are called. Do one or the other get called per Principal that is in the hive? And, will I Load up the ManyToManyMap within these two methods ending up with this ManyToManyMap that will have all the Pricipals of the hive with their associated Permissions in them? Either or both are called once or multiple times for each principal, depending on how your policy is set up. Anyway it does not matter how often each method is called since the ManyToManyMap will fold everything together for you. Here is my MySimpleCachingHive: public class MySimpleCachingHive extends SimpleCachingHive { ... private ManyToManyMap hivePrincipalsAndPermissions; public void addPrincipal(Principal principal, Collection permissions) { super.addPrincipal(principal, permissions
RE: wicket-security Custom Access Denied Page
Maurice, I had to make some changes in order for it to work. I added the Permission names to the ManyToManyMap instead of the Permission itself and then query the map by the Permission name. It would not return any Principals the original way. The hive file I am testing with only has three Principals with one Permission each. Will there be a problem doing it this way? Other than that it seems to be working ok. I am doing this: public void addPrincipal(Principal principal, Collection permissions) { super.addPrincipal(principal, permissions); boolean debug = log.isDebugEnabled(); Iterator iterator = permissions.iterator(); Permission permission = null; while (iterator.hasNext()) { permission = (Permission)iterator.next(); hivePrincipalsAndPermissions.add(permission.getName(), principal); } } public void addPermission(Principal principal, Permission permission) { super.addPermission(principal, permission); hivePrincipalsAndPermissions.add(permission.getName(), principal); } public SetPrincipal getPrincipals(Permission p) { return hivePrincipalsAndPermissions.get(p.getName()); } Instead of this: public void addPrincipal(Principal principal, Collection permissions) { super.addPrincipal(principal, permissions); boolean debug = log.isDebugEnabled(); Iterator iterator = permissions.iterator(); Permission permission = null; while (iterator.hasNext()) { permission = (Permission)iterator.next(); hivePrincipalsAndPermissions.add(permission, principal); } } public void addPermission(Principal principal, Permission permission) { super.addPermission(principal, permission); hivePrincipalsAndPermissions.add(permission, principal); } public SetPrincipal getPrincipals(Permission p) { return hivePrincipalsAndPermissions.get(p); } Thanks, -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Thursday, February 14, 2008 11:37 AM To: users@wicket.apache.org Subject: Re: wicket-security Custom Access Denied Page Nope, you are correct. My mind must have been on vacation when i wrote that :) Sorry for the confusion. Maurice On Thu, Feb 14, 2008 at 8:32 PM, Warren [EMAIL PROTECTED] wrote: Maurice, When you say: Also don't forget to filter the principals from the hive with the principals contained in your subject. you are only interested in the principals not contained in your hive. Haven't we allready done that when we check if the permission has failed when the super.hasPermission(...) returns false. And when we call ((MySimpleCachingHive)getHive()).getPrincipals(p) we are going to get all the Principals that have the Permission p in it from the hive that do not belong to the Subject since that Permission has allready been checked to see if it belongs to a Principal that belongs to the Subect in the super.hasPermission(...). Or am I missing how this all works? -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Thursday, February 14, 2008 10:49 AM To: users@wicket.apache.org Subject: Re: wicket-security Custom Access Denied Page On Thu, Feb 14, 2008 at 7:13 PM, Warren [EMAIL PROTECTED] wrote: Maurice, I have a couple more questions. In my MySwarmStrategy hasPermission(...) method I only have to look up the principals that have the denied permission in them, correct? Correct Here is my overide hasPermission(...) method: public boolean hasPermission(Permission p) { if (!super.hasPermission(p)) { if (getHive().getClass().isInstance(MySimpleCachingHive.class)) { SetPrincipal hivePrincipals = ((MySimpleCachingHive)getHive()).getPrincipals(p); // Place Set of Principals in the requestcycle or should I just place the Principal names in // requestcycle ? This depends on how much information you want to use in your accessdenied page if the name is all you need then by all means just pass the names. Also don't forget to filter the principals from the hive with the principals contained in your subject. you are only interested in the principals not contained in your hive
RE: wicket-security Custom Access Denied Page
I understand that, but what I want to do is create a message on that page that reads Users in group xxx do not have access to yyy where yyy would be the name of the principal that triggered the access denied. I need to get the name of that principal. -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 13, 2008 12:12 AM To: users@wicket.apache.org Subject: Re: wicket-security Custom Access Denied Page In the init of your webapp do getApplicationSettings().setAccessDeniedPage(MyPage.class) This is a wicket setting and not related to the security framework. Maurice On Feb 12, 2008 7:50 PM, Warren [EMAIL PROTECTED] wrote: How do you set-up a custom access denied page that has a message on it like Users in group xxx do not have access to yyy? I also want to have this page return to the previous page the user was on. I am using wicket-security (wasp and swarm). Thanks, Warren Bell - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: wicket-security Custom Access Denied Page
stick that name into requestcycle's metadata, and pull it out in yoru implementation of access denied page -igor On Feb 13, 2008 8:31 AM, Warren [EMAIL PROTECTED] wrote: I understand that, but what I want to do is create a message on that page that reads Users in group xxx do not have access to yyy where yyy would be the name of the principal that triggered the access denied. I need to get the name of that principal. -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 13, 2008 12:12 AM To: users@wicket.apache.org Subject: Re: wicket-security Custom Access Denied Page In the init of your webapp do getApplicationSettings().setAccessDeniedPage(MyPage.class) This is a wicket setting and not related to the security framework. Maurice On Feb 12, 2008 7:50 PM, Warren [EMAIL PROTECTED] wrote: How do you set-up a custom access denied page that has a message on it like Users in group xxx do not have access to yyy? I also want to have this page return to the previous page the user was on. I am using wicket-security (wasp and swarm). Thanks, Warren Bell - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: wicket-security Custom Access Denied Page
I have started implementing your sugestions and I have a question. When I overide the method createHive() in PolicyFileHiveFactory do I need to set useHiveCache(true) if I am extending SimpleCachingHive. public Hive createHive() { // Do I need to do this super.useHiveCache(true); BasicHive hive = new MySimpleCachingHive(); ... } Or should I set this method in my app after I create the factory. MyPolicyFileHiveFactory factory = new MyPolicyFileHiveFactory(); factory.useHiveCache(true); Or should I even worry about this? -Original Message- From: Warren [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 13, 2008 4:30 PM To: users@wicket.apache.org Subject: RE: wicket-security Custom Access Denied Page I think I am following your example correctly. What I will end up with is the names of one or more principals that have the permission that was denied. Those one or more principals will not belong to the current subject. Then I can use the names of those principals to construct a message. You could end up with a permission that does not belong to any principal. Strike that, that would mean that no one would be able to access that component. I will give this a try. I am sure I will have more questions. Thanks, -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 13, 2008 2:56 PM To: users@wicket.apache.org Subject: Re: wicket-security Custom Access Denied Page It actually is a bit more trickier then that. Swarm does not check for principals it checks for permissions. The same permission might be shared by multiple principals. To get that information you need to dig deep. You can't wait for the wicket UnAuthorizedActionException since all it will tell you is the component and what wicket action was not authorized (although if you have a really simple policy you might figure it out with this information). Swarm can tell you, but truthfull the api lacks in that area, i'll see if i can fix this for 1.3.1. For now your best bet is probably to Subclass SwarmStrategy, override hasPermission(Permission). Most checks use this method but it is always possible for a custom ISecurityCheck to bypass this. public boolean hasPermission(Permission p) { if(!super.hasPermission(p) { //now we now the permission and we can find out which principals have it //since the hive api does not give that info we need to use a custom hive, more on that later //for now do something like getHive().getPrincipals(p); //then we need to get the subject and check if it has any of those principals, the one (or more) that are missing are the one(s) we are interested in //use getSubject().getPrincipals() //store those principals somewhere in the requestcycle return false; } return true; } In order to use this new Strategy you need to extend SwarmStrategyFactory and overide newStrategy to return your subclass. Then you need to override setupStrategyFactory in your application to do setStrategyFactory(new MySwarmStrategyFactory(getHiveKey())); Next we need to extend our hive so we can ask it which principals belong to which permission (offcourse the hive already has this information but you can not access it) If you are using 1.3.0 rc1 you are probably using the SimpleCachingHive, extend it and override 2 methods addPrincipal(Principal , Collection ) and addPermission(Principal , Permission ) to record which principal has which permissions you can use a ManyToManyMap for this, it is also used internally the information recorded can then be exposed in a method like public SetPrincipal getPrincipals(Permission) This will duplicate all recordings but your other option is to copy BasicHive and SimpleCachingHive entirely and create the getPrincipals method. Either way you will need to use this new hive and to do that we need to extend PolicyFileHiveFactory (or SwarmPolicyFileHiveFactory if you are using the latest 1.3-snapshots), override the createHive() method. You can pretty much copy everything from PolicyFileHiveFactory except for the first 5 lines you need to create your own hive there. Also while copying you will run into a few private variables but you should be able to replace those with there getters (although i might have missed some, if that is the case you have to copy the entire class). In your application's setupHive method you are already creating the hivefactory, simply replace it with this custom one. And that should do the trick. Sorry the api is not more accommodating to your needs i'll see if i can make some improvements anytime soon for the 1.3-snapshot (1.3.1), but i also have to release 1.3.0 final sometime soon. Maurice P.S. i did not cover the part about providing the application with your own
Re: wicket-security Custom Access Denied Page
Use cache is default true (i think by the constructor but i don't have the code with me right now) So you don't have to worry about that. Maurice On Thu, Feb 14, 2008 at 4:04 AM, Warren [EMAIL PROTECTED] wrote: I have started implementing your sugestions and I have a question. When I overide the method createHive() in PolicyFileHiveFactory do I need to set useHiveCache(true) if I am extending SimpleCachingHive. public Hive createHive() { // Do I need to do this super.useHiveCache(true); BasicHive hive = new MySimpleCachingHive(); ... } Or should I set this method in my app after I create the factory. MyPolicyFileHiveFactory factory = new MyPolicyFileHiveFactory(); factory.useHiveCache(true); Or should I even worry about this? -Original Message- From: Warren [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 13, 2008 4:30 PM To: users@wicket.apache.org Subject: RE: wicket-security Custom Access Denied Page I think I am following your example correctly. What I will end up with is the names of one or more principals that have the permission that was denied. Those one or more principals will not belong to the current subject. Then I can use the names of those principals to construct a message. You could end up with a permission that does not belong to any principal. Strike that, that would mean that no one would be able to access that component. I will give this a try. I am sure I will have more questions. Thanks, -Original Message- From: Maurice Marrink [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 13, 2008 2:56 PM To: users@wicket.apache.org Subject: Re: wicket-security Custom Access Denied Page It actually is a bit more trickier then that. Swarm does not check for principals it checks for permissions. The same permission might be shared by multiple principals. To get that information you need to dig deep. You can't wait for the wicket UnAuthorizedActionException since all it will tell you is the component and what wicket action was not authorized (although if you have a really simple policy you might figure it out with this information). Swarm can tell you, but truthfull the api lacks in that area, i'll see if i can fix this for 1.3.1. For now your best bet is probably to Subclass SwarmStrategy, override hasPermission(Permission). Most checks use this method but it is always possible for a custom ISecurityCheck to bypass this. public boolean hasPermission(Permission p) { if(!super.hasPermission(p) { //now we now the permission and we can find out which principals have it //since the hive api does not give that info we need to use a custom hive, more on that later //for now do something like getHive().getPrincipals(p); //then we need to get the subject and check if it has any of those principals, the one (or more) that are missing are the one(s) we are interested in //use getSubject().getPrincipals() //store those principals somewhere in the requestcycle return false; } return true; } In order to use this new Strategy you need to extend SwarmStrategyFactory and overide newStrategy to return your subclass. Then you need to override setupStrategyFactory in your application to do setStrategyFactory(new MySwarmStrategyFactory(getHiveKey())); Next we need to extend our hive so we can ask it which principals belong to which permission (offcourse the hive already has this information but you can not access it) If you are using 1.3.0 rc1 you are probably using the SimpleCachingHive, extend it and override 2 methods addPrincipal(Principal , Collection ) and addPermission(Principal , Permission ) to record which principal has which permissions you can use a ManyToManyMap for this, it is also used internally the information recorded can then be exposed in a method like public SetPrincipal getPrincipals(Permission) This will duplicate all recordings but your other option is to copy BasicHive and SimpleCachingHive entirely and create the getPrincipals method. Either way you will need to use this new hive and to do that we need to extend PolicyFileHiveFactory (or SwarmPolicyFileHiveFactory if you are using the latest 1.3-snapshots), override the createHive() method. You can pretty much copy everything from PolicyFileHiveFactory except for the first 5 lines you need to create your own hive there. Also while copying you will run into a few private variables but you should be able to replace those with there getters (although i might have missed some, if that is the case you have to copy the entire class). In your application's setupHive
wicket-security Custom Access Denied Page
How do you set-up a custom access denied page that has a message on it like Users in group xxx do not have access to yyy? I also want to have this page return to the previous page the user was on. I am using wicket-security (wasp and swarm). Thanks, Warren Bell - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]