Re: Re: Wicket Spring boot - use spring devtools

[Martin Grigorov]

On Wed, Aug 28, 2019 at 12:04 PM Per Newgro  wrote:

> Hello Martin,
>
> the problem is that i assign a model in request cycle metadata by using
> the key
>
> public class IdentityInstance extends MetaDataKey> {
>
> public static IdentityInstance KEY = new IdentityInstance();
>
> private IdentityInstance() {
> super();
> }
> }
>
> Page:
> getRequestCycle().setMetaData(IdentityInstance.KEY, identityModel);
>
> Widget:
> IModel identity =
> getRequestCycle().getMetaData(IdentityInstance.KEY);
>
> But the model in Widget is always null. While debugging i found that
> object identity is used in Class#equals(Object o), what is ok for me.
> But with different classloaders class is loaded multiple times.
>
> I could provide a quickstart for this & create an issue, if you like. (?)
>

No, I don't.
I don't see why Wicket should be responsible for the way other libraries
work.
If you create a quickstart that does not use any third party libraries then
we will take a look!


>
> I would like to adapt my configuration so that devtools are still
> available.
>
> (DCEVM i need to inspect :-).)
>
> Thanks for your support.
> Regards
> Per
>
> > Gesendet: Mittwoch, 28. August 2019 um 10:37 Uhr
> > Von: "Martin Grigorov" 
> > An: "users@wicket.apache.org" 
> > Betreff: Re: Wicket Spring boot - use spring devtools
> >
> > Hi,
> >
> > This is how Spring Dev Tools work. When it detects a change it removes
> the
> > old application class loader and creates a new one.
> > Why this is a problem for you ?
> >
> > I personally prefer to use DCEVM (https://dcevm.github.io/). It is able
> to
> > redefine a specific class in the current class loader.
> > When I change a Spring @Configuration or Hibernate mapping I just restart
> > the application manually.
> >
> > On Wed, Aug 28, 2019 at 11:25 AM Per Newgro  wrote:
> >
> > > Hello *,
> > >
> > > I migrate my current wicket app to spring boot version (
> > > https://github.com/MarcGiffing/wicket-spring-boot).
> > >
> > > So far it was straightforward. But now i experience a problem with
> > > inclusion of
> > > 
> > >
> > > org.springframework.boot
> > >
> > > spring-boot-devtools
> > > 
> > >
> > > It seems that the "restart / reload feature" of devtools loads my
> classes
> > > multiple times, so that they are not equal anymore (x.class <>
> x.class).
> > > I understand that this is happening. But i would like to know if there
> is
> > > another option for me beside - removing spring-boot-devtools.
> > >
> > > Would be nice to here from you
> > > Thanks
> > > Per
> > >
> > > -
> > > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> > > For additional commands, e-mail: users-h...@wicket.apache.org
> > >
> > >
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>

Aw: Re: Wicket Spring boot - use spring devtools

[Per Newgro]

Hello Martin,

the problem is that i assign a model in request cycle metadata by using the key

public class IdentityInstance extends MetaDataKey> {

public static IdentityInstance KEY = new IdentityInstance();

private IdentityInstance() {
super();
}
}

Page:
getRequestCycle().setMetaData(IdentityInstance.KEY, identityModel);

Widget:
IModel identity = getRequestCycle().getMetaData(IdentityInstance.KEY);

But the model in Widget is always null. While debugging i found that object 
identity is used in Class#equals(Object o), what is ok for me.
But with different classloaders class is loaded multiple times.

I could provide a quickstart for this & create an issue, if you like. (?)

I would like to adapt my configuration so that devtools are still available.

(DCEVM i need to inspect :-).)

Thanks for your support.
Regards
Per

> Gesendet: Mittwoch, 28. August 2019 um 10:37 Uhr
> Von: "Martin Grigorov" 
> An: "users@wicket.apache.org" 
> Betreff: Re: Wicket Spring boot - use spring devtools
>
> Hi,
>
> This is how Spring Dev Tools work. When it detects a change it removes the
> old application class loader and creates a new one.
> Why this is a problem for you ?
>
> I personally prefer to use DCEVM (https://dcevm.github.io/). It is able to
> redefine a specific class in the current class loader.
> When I change a Spring @Configuration or Hibernate mapping I just restart
> the application manually.
>
> On Wed, Aug 28, 2019 at 11:25 AM Per Newgro  wrote:
>
> > Hello *,
> >
> > I migrate my current wicket app to spring boot version (
> > https://github.com/MarcGiffing/wicket-spring-boot).
> >
> > So far it was straightforward. But now i experience a problem with
> > inclusion of
> > 
> >
> > org.springframework.boot
> >
> > spring-boot-devtools
> > 
> >
> > It seems that the "restart / reload feature" of devtools loads my classes
> > multiple times, so that they are not equal anymore (x.class <> x.class).
> > I understand that this is happening. But i would like to know if there is
> > another option for me beside - removing spring-boot-devtools.
> >
> > Would be nice to here from you
> > Thanks
> > Per
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> > For additional commands, e-mail: users-h...@wicket.apache.org
> >
> >
>

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Re: Wicket Spring boot - use spring devtools

[Martin Grigorov]

Hi,

This is how Spring Dev Tools work. When it detects a change it removes the
old application class loader and creates a new one.
Why this is a problem for you ?

I personally prefer to use DCEVM (https://dcevm.github.io/). It is able to
redefine a specific class in the current class loader.
When I change a Spring @Configuration or Hibernate mapping I just restart
the application manually.

On Wed, Aug 28, 2019 at 11:25 AM Per Newgro  wrote:

> Hello *,
>
> I migrate my current wicket app to spring boot version (
> https://github.com/MarcGiffing/wicket-spring-boot).
>
> So far it was straightforward. But now i experience a problem with
> inclusion of
> 
>
> org.springframework.boot
>
> spring-boot-devtools
> 
>
> It seems that the "restart / reload feature" of devtools loads my classes
> multiple times, so that they are not equal anymore (x.class <> x.class).
> I understand that this is happening. But i would like to know if there is
> another option for me beside - removing spring-boot-devtools.
>
> Would be nice to here from you
> Thanks
> Per
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>

Re: Wicket Spring boot versus actuator (wicket 8.2.0) + spring security (boot 2.1.2)

[Zbynek Vavros]

I did it using  BundleStringResourceLoader in the end.

Well that's the point of having two WebSecurityConfigurerAdapters.
One takes care about your actuator using HTTP Basic

http.antMatcher("/actuator/**").authorizeRequests().anyRequest().hasRole("ACTUATOR_ROLE").and().httpBasic();

and the one one takes care about Wicket

http.antMatcher("/wicket/**").authorizeRequests()
.antMatchers("/wicket/page/login**").permitAll()
.antMatchers("/wicket/page/**").hasRole("WICKET")

.and().formLogin().loginPage("/wicket/page/login").loginProcessingUrl("/fake-url")
.and().csrf().disable();

this will redirect to login page in case you are not logged in.

Regarding lack of privileges (roles) that's another story and you should
probably read
Spring Security docs on how to properly handle those since it's not really
related (i.e.
user is already logged in, you sure you want to re-login?).

Zbynek

On Fri, Jan 25, 2019 at 11:05 AM nino martinez wael <
nino.martinez.w...@gmail.com> wrote:

> Have you gone through this :
>
>
> https://ci.apache.org/projects/wicket/guide/8.x/single.html#_extending_the_default_lookup_algorithm
> (which seems you have, please show a little code)
>
> And could you tell med howto make Spring redirect to my wicket login page
> for all urls except /actuator (which is handled by basic auth)? Also every
> wicket page which requires authentication should redirect to /login page if
> you either lack permissions or arent logged in..
>
> -Nino
>
>
>
> On Fri, Jan 25, 2019 at 8:18 AM Zbynek Vavros 
> wrote:
>
> > Took me some time to understand as well so I'm glad share :)
> >
> > I'm in process of tuning this setup so just out of curiosity how did you
> > set up the Wicket properties file(s)? I don't like the idea to having
> > properties in src/main/java and looking for proper way to load them from
> > custom location like
> > src/main/resources/properties/MyWicketApplication.properties.
> >
> > In out previous project we used I18n.init() method but I'm thinking more
> > Wicket-y way,
> > maybe using BundleStringResourceLoader ? But so far no luck making that
> > work...
> >
> > Zbynek
> >
> > On Fri, Jan 25, 2019 at 6:34 AM nino martinez wael <
> > nino.martinez.w...@gmail.com> wrote:
> >
> > > Yes this is exactly how I've done it :) Thanks for taking time to
> help...
> > >
> > > @WicketSignInPage
> > > @MountPath("page/login")
> > > public class LoginPage extends BasePage {
> > >
> > > public LoginPage(PageParameters parameters) {
> > > super(parameters);
> > >
> > > if (((AbstractAuthenticatedWebSession) getSession()).isSignedIn()) {
> > > continueToOriginalDestination();
> > > }
> > > add(new LoginForm("loginForm"));
> > > }
> > >
> > > private class LoginForm extends StatelessForm {
> > >
> > > private String username;
> > > private String password;
> > >
> > > public LoginForm(String id) {
> > > super(id);
> > > setModel(new CompoundPropertyModel<>(this));
> > > add(new FeedbackPanel("feedback"));
> > > add(new RequiredTextField("username"));
> > > add(new PasswordTextField("password"));
> > > }
> > >
> > > @Override
> > > protected void onSubmit() {
> > > AuthenticatedWebSession session = AuthenticatedWebSession.get();
> > > if (session.signIn(username, password)) {
> > > setResponsePage(HomePage.class);
> > > } else {
> > > error("Login failed");
> > > }
> > > }
> > > }
> > > }
> > >
> > >
> > > On Thu, Jan 24, 2019 at 4:17 PM Zbynek Vavros 
> > > wrote:
> > >
> > > > Is seems you have mixed my code with your code somehow.
> > > > You must configure formLogin() and specify loginPage() pointing to
> your
> > > > Wicket login page (maybe using @MountPath?).
> > > > The .loginProcessingUrl() points to "/fake-url" because the
> > > authentication
> > > > itself is called from Wicket login page
> > > > via AuthenticatedWebSession.get().signIn(). Or do you use other
> > mechanism
> > > > in your Wicket login page?
> > > >
> > > > Zbynek
> > > >
> > > > On Thu, Jan 24, 2019 at 4:13 PM nino martinez wael <
> > > > nino.martinez.w...@gmail.com> wrote:
> > > >
> > > > > It sort of works, If I go to the actuator I get the http basic
> auth,
> > > if I
> > > > > on the same session goto my pages.. I get an "ugly" access denied
> > page
> > > > and
> > > > > not the configured wicket login page. So it sort of works..
> > > > >
> > > > > If I just goto localhost:8080/ I get an default spring login page
> not
> > > the
> > > > > wicket one.. Upon succesfull login it forwards me to the wicket
> login
> > > > page,
> > > > > where I can login again and then get to the real application..
> > > > >
> > > > > Below my current code:
> > > > >
> > > > >
> > > > > package dk.netdesign.ccadmin.frontend.security;
> > > > >
> > > > > import org.springframework.context.annotation.Bean;
> > > > > import org.springframework.context.annotation.Configuration;
> > > > > import org.springframework.core.annotation.Order;
> > > > > import
> > > 

Re: Wicket Spring boot versus actuator (wicket 8.2.0) + spring security (boot 2.1.2)

[nino martinez wael]

Have you gone through this :

https://ci.apache.org/projects/wicket/guide/8.x/single.html#_extending_the_default_lookup_algorithm
(which seems you have, please show a little code)

And could you tell med howto make Spring redirect to my wicket login page
for all urls except /actuator (which is handled by basic auth)? Also every
wicket page which requires authentication should redirect to /login page if
you either lack permissions or arent logged in..

-Nino



On Fri, Jan 25, 2019 at 8:18 AM Zbynek Vavros 
wrote:

> Took me some time to understand as well so I'm glad share :)
>
> I'm in process of tuning this setup so just out of curiosity how did you
> set up the Wicket properties file(s)? I don't like the idea to having
> properties in src/main/java and looking for proper way to load them from
> custom location like
> src/main/resources/properties/MyWicketApplication.properties.
>
> In out previous project we used I18n.init() method but I'm thinking more
> Wicket-y way,
> maybe using BundleStringResourceLoader ? But so far no luck making that
> work...
>
> Zbynek
>
> On Fri, Jan 25, 2019 at 6:34 AM nino martinez wael <
> nino.martinez.w...@gmail.com> wrote:
>
> > Yes this is exactly how I've done it :) Thanks for taking time to help...
> >
> > @WicketSignInPage
> > @MountPath("page/login")
> > public class LoginPage extends BasePage {
> >
> > public LoginPage(PageParameters parameters) {
> > super(parameters);
> >
> > if (((AbstractAuthenticatedWebSession) getSession()).isSignedIn()) {
> > continueToOriginalDestination();
> > }
> > add(new LoginForm("loginForm"));
> > }
> >
> > private class LoginForm extends StatelessForm {
> >
> > private String username;
> > private String password;
> >
> > public LoginForm(String id) {
> > super(id);
> > setModel(new CompoundPropertyModel<>(this));
> > add(new FeedbackPanel("feedback"));
> > add(new RequiredTextField("username"));
> > add(new PasswordTextField("password"));
> > }
> >
> > @Override
> > protected void onSubmit() {
> > AuthenticatedWebSession session = AuthenticatedWebSession.get();
> > if (session.signIn(username, password)) {
> > setResponsePage(HomePage.class);
> > } else {
> > error("Login failed");
> > }
> > }
> > }
> > }
> >
> >
> > On Thu, Jan 24, 2019 at 4:17 PM Zbynek Vavros 
> > wrote:
> >
> > > Is seems you have mixed my code with your code somehow.
> > > You must configure formLogin() and specify loginPage() pointing to your
> > > Wicket login page (maybe using @MountPath?).
> > > The .loginProcessingUrl() points to "/fake-url" because the
> > authentication
> > > itself is called from Wicket login page
> > > via AuthenticatedWebSession.get().signIn(). Or do you use other
> mechanism
> > > in your Wicket login page?
> > >
> > > Zbynek
> > >
> > > On Thu, Jan 24, 2019 at 4:13 PM nino martinez wael <
> > > nino.martinez.w...@gmail.com> wrote:
> > >
> > > > It sort of works, If I go to the actuator I get the http basic auth,
> > if I
> > > > on the same session goto my pages.. I get an "ugly" access denied
> page
> > > and
> > > > not the configured wicket login page. So it sort of works..
> > > >
> > > > If I just goto localhost:8080/ I get an default spring login page not
> > the
> > > > wicket one.. Upon succesfull login it forwards me to the wicket login
> > > page,
> > > > where I can login again and then get to the real application..
> > > >
> > > > Below my current code:
> > > >
> > > >
> > > > package dk.netdesign.ccadmin.frontend.security;
> > > >
> > > > import org.springframework.context.annotation.Bean;
> > > > import org.springframework.context.annotation.Configuration;
> > > > import org.springframework.core.annotation.Order;
> > > > import
> > org.springframework.security.authentication.AuthenticationManager;
> > > > import
> > > >
> > > >
> > >
> >
> org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
> > > > import
> > > >
> > org.springframework.security.config.annotation.web.builders.HttpSecurity;
> > > > import
> > > >
> > > >
> > >
> >
> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
> > > > import
> org.springframework.security.config.http.SessionCreationPolicy;
> > > > import org.springframework.security.core.Authentication;
> > > > import
> org.springframework.security.core.context.SecurityContextHolder;
> > > > import org.springframework.security.core.userdetails.User;
> > > > import
> > org.springframework.security.core.userdetails.UserDetailsService;
> > > > import
> > org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
> > > > import
> > > > org.springframework.security.provisioning.InMemoryUserDetailsManager;
> > > > import org.springframework.stereotype.Component;
> > > >
> > > > @Configuration
> > > > public class WicketWebSecurityAdapterConfig extends
> > > > WebSecurityConfigurerAdapter {
> > > >
> > > >
> > > > @Configuration
> > > > @Order(1)
> > > > public static class RestSecurityConfig 

Re: Wicket Spring boot versus actuator (wicket 8.2.0) + spring security (boot 2.1.2)

[Zbynek Vavros]

Took me some time to understand as well so I'm glad share :)

I'm in process of tuning this setup so just out of curiosity how did you
set up the Wicket properties file(s)? I don't like the idea to having
properties in src/main/java and looking for proper way to load them from
custom location like
src/main/resources/properties/MyWicketApplication.properties.

In out previous project we used I18n.init() method but I'm thinking more
Wicket-y way,
maybe using BundleStringResourceLoader ? But so far no luck making that
work...

Zbynek

On Fri, Jan 25, 2019 at 6:34 AM nino martinez wael <
nino.martinez.w...@gmail.com> wrote:

> Yes this is exactly how I've done it :) Thanks for taking time to help...
>
> @WicketSignInPage
> @MountPath("page/login")
> public class LoginPage extends BasePage {
>
> public LoginPage(PageParameters parameters) {
> super(parameters);
>
> if (((AbstractAuthenticatedWebSession) getSession()).isSignedIn()) {
> continueToOriginalDestination();
> }
> add(new LoginForm("loginForm"));
> }
>
> private class LoginForm extends StatelessForm {
>
> private String username;
> private String password;
>
> public LoginForm(String id) {
> super(id);
> setModel(new CompoundPropertyModel<>(this));
> add(new FeedbackPanel("feedback"));
> add(new RequiredTextField("username"));
> add(new PasswordTextField("password"));
> }
>
> @Override
> protected void onSubmit() {
> AuthenticatedWebSession session = AuthenticatedWebSession.get();
> if (session.signIn(username, password)) {
> setResponsePage(HomePage.class);
> } else {
> error("Login failed");
> }
> }
> }
> }
>
>
> On Thu, Jan 24, 2019 at 4:17 PM Zbynek Vavros 
> wrote:
>
> > Is seems you have mixed my code with your code somehow.
> > You must configure formLogin() and specify loginPage() pointing to your
> > Wicket login page (maybe using @MountPath?).
> > The .loginProcessingUrl() points to "/fake-url" because the
> authentication
> > itself is called from Wicket login page
> > via AuthenticatedWebSession.get().signIn(). Or do you use other mechanism
> > in your Wicket login page?
> >
> > Zbynek
> >
> > On Thu, Jan 24, 2019 at 4:13 PM nino martinez wael <
> > nino.martinez.w...@gmail.com> wrote:
> >
> > > It sort of works, If I go to the actuator I get the http basic auth,
> if I
> > > on the same session goto my pages.. I get an "ugly" access denied page
> > and
> > > not the configured wicket login page. So it sort of works..
> > >
> > > If I just goto localhost:8080/ I get an default spring login page not
> the
> > > wicket one.. Upon succesfull login it forwards me to the wicket login
> > page,
> > > where I can login again and then get to the real application..
> > >
> > > Below my current code:
> > >
> > >
> > > package dk.netdesign.ccadmin.frontend.security;
> > >
> > > import org.springframework.context.annotation.Bean;
> > > import org.springframework.context.annotation.Configuration;
> > > import org.springframework.core.annotation.Order;
> > > import
> org.springframework.security.authentication.AuthenticationManager;
> > > import
> > >
> > >
> >
> org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
> > > import
> > >
> org.springframework.security.config.annotation.web.builders.HttpSecurity;
> > > import
> > >
> > >
> >
> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
> > > import org.springframework.security.config.http.SessionCreationPolicy;
> > > import org.springframework.security.core.Authentication;
> > > import org.springframework.security.core.context.SecurityContextHolder;
> > > import org.springframework.security.core.userdetails.User;
> > > import
> org.springframework.security.core.userdetails.UserDetailsService;
> > > import
> org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
> > > import
> > > org.springframework.security.provisioning.InMemoryUserDetailsManager;
> > > import org.springframework.stereotype.Component;
> > >
> > > @Configuration
> > > public class WicketWebSecurityAdapterConfig extends
> > > WebSecurityConfigurerAdapter {
> > >
> > >
> > > @Configuration
> > > @Order(1)
> > > public static class RestSecurityConfig extends
> > > WebSecurityConfigurerAdapter {
> > >
> > > @Override
> > > protected void configure(HttpSecurity http) throws Exception {
> > >
> > >
> > >
> > >
> >
> http.antMatcher("/actuator/**").authorizeRequests().anyRequest().hasRole("ACTUATOR")
> > > .and().csrf().disable()
> > >
> > >
> > >
> >
> .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
> > > .and().httpBasic();
> > > }
> > > }
> > >
> > > @Configuration
> > > @Order(2)
> > > public static class WicketSecurityConfig extends
> > > WebSecurityConfigurerAdapter {
> > > @Override
> > > protected void configure(HttpSecurity http) throws Exception {
> > > 

Re: Wicket Spring boot versus actuator (wicket 8.2.0) + spring security (boot 2.1.2)

[nino martinez wael]

Yes this is exactly how I've done it :) Thanks for taking time to help...

@WicketSignInPage
@MountPath("page/login")
public class LoginPage extends BasePage {

public LoginPage(PageParameters parameters) {
super(parameters);

if (((AbstractAuthenticatedWebSession) getSession()).isSignedIn()) {
continueToOriginalDestination();
}
add(new LoginForm("loginForm"));
}

private class LoginForm extends StatelessForm {

private String username;
private String password;

public LoginForm(String id) {
super(id);
setModel(new CompoundPropertyModel<>(this));
add(new FeedbackPanel("feedback"));
add(new RequiredTextField("username"));
add(new PasswordTextField("password"));
}

@Override
protected void onSubmit() {
AuthenticatedWebSession session = AuthenticatedWebSession.get();
if (session.signIn(username, password)) {
setResponsePage(HomePage.class);
} else {
error("Login failed");
}
}
}
}


On Thu, Jan 24, 2019 at 4:17 PM Zbynek Vavros 
wrote:

> Is seems you have mixed my code with your code somehow.
> You must configure formLogin() and specify loginPage() pointing to your
> Wicket login page (maybe using @MountPath?).
> The .loginProcessingUrl() points to "/fake-url" because the authentication
> itself is called from Wicket login page
> via AuthenticatedWebSession.get().signIn(). Or do you use other mechanism
> in your Wicket login page?
>
> Zbynek
>
> On Thu, Jan 24, 2019 at 4:13 PM nino martinez wael <
> nino.martinez.w...@gmail.com> wrote:
>
> > It sort of works, If I go to the actuator I get the http basic auth, if I
> > on the same session goto my pages.. I get an "ugly" access denied page
> and
> > not the configured wicket login page. So it sort of works..
> >
> > If I just goto localhost:8080/ I get an default spring login page not the
> > wicket one.. Upon succesfull login it forwards me to the wicket login
> page,
> > where I can login again and then get to the real application..
> >
> > Below my current code:
> >
> >
> > package dk.netdesign.ccadmin.frontend.security;
> >
> > import org.springframework.context.annotation.Bean;
> > import org.springframework.context.annotation.Configuration;
> > import org.springframework.core.annotation.Order;
> > import org.springframework.security.authentication.AuthenticationManager;
> > import
> >
> >
> org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
> > import
> > org.springframework.security.config.annotation.web.builders.HttpSecurity;
> > import
> >
> >
> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
> > import org.springframework.security.config.http.SessionCreationPolicy;
> > import org.springframework.security.core.Authentication;
> > import org.springframework.security.core.context.SecurityContextHolder;
> > import org.springframework.security.core.userdetails.User;
> > import org.springframework.security.core.userdetails.UserDetailsService;
> > import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
> > import
> > org.springframework.security.provisioning.InMemoryUserDetailsManager;
> > import org.springframework.stereotype.Component;
> >
> > @Configuration
> > public class WicketWebSecurityAdapterConfig extends
> > WebSecurityConfigurerAdapter {
> >
> >
> > @Configuration
> > @Order(1)
> > public static class RestSecurityConfig extends
> > WebSecurityConfigurerAdapter {
> >
> > @Override
> > protected void configure(HttpSecurity http) throws Exception {
> >
> >
> >
> >
> http.antMatcher("/actuator/**").authorizeRequests().anyRequest().hasRole("ACTUATOR")
> > .and().csrf().disable()
> >
> >
> >
> .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
> > .and().httpBasic();
> > }
> > }
> >
> > @Configuration
> > @Order(2)
> > public static class WicketSecurityConfig extends
> > WebSecurityConfigurerAdapter {
> > @Override
> > protected void configure(HttpSecurity http) throws Exception {
> > http.antMatcher("/page/**").authorizeRequests()
> > .antMatchers("/page/login**").permitAll()
> > .antMatchers("/page/**").hasAnyAuthority("USER",
> > "ADMIN")
> >
> >
> >
> .and().formLogin().loginPage("/page/login").loginProcessingUrl("/fake-url")
> >
> > .and().csrf().disable();
> > }
> > }
> >
> > @Bean
> > public static BCryptPasswordEncoder passwordEncoder() {
> > return new BCryptPasswordEncoder();
> > }
> >
> > @Bean(name = "authenticationManager")
> > @Override
> > public AuthenticationManager authenticationManagerBean() throws
> > Exception {
> >
> > return super.authenticationManagerBean();
> > }
> > public interface IAuthenticationFacade {
> > Authentication getAuthentication();
> > }
> > @Component
> > public class AuthenticationFacade 

Re: Wicket Spring boot versus actuator (wicket 8.2.0) + spring security (boot 2.1.2)

[Zbynek Vavros]

Is seems you have mixed my code with your code somehow.
You must configure formLogin() and specify loginPage() pointing to your
Wicket login page (maybe using @MountPath?).
The .loginProcessingUrl() points to "/fake-url" because the authentication
itself is called from Wicket login page
via AuthenticatedWebSession.get().signIn(). Or do you use other mechanism
in your Wicket login page?

Zbynek

On Thu, Jan 24, 2019 at 4:13 PM nino martinez wael <
nino.martinez.w...@gmail.com> wrote:

> It sort of works, If I go to the actuator I get the http basic auth, if I
> on the same session goto my pages.. I get an "ugly" access denied page and
> not the configured wicket login page. So it sort of works..
>
> If I just goto localhost:8080/ I get an default spring login page not the
> wicket one.. Upon succesfull login it forwards me to the wicket login page,
> where I can login again and then get to the real application..
>
> Below my current code:
>
>
> package dk.netdesign.ccadmin.frontend.security;
>
> import org.springframework.context.annotation.Bean;
> import org.springframework.context.annotation.Configuration;
> import org.springframework.core.annotation.Order;
> import org.springframework.security.authentication.AuthenticationManager;
> import
>
> org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
> import
> org.springframework.security.config.annotation.web.builders.HttpSecurity;
> import
>
> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
> import org.springframework.security.config.http.SessionCreationPolicy;
> import org.springframework.security.core.Authentication;
> import org.springframework.security.core.context.SecurityContextHolder;
> import org.springframework.security.core.userdetails.User;
> import org.springframework.security.core.userdetails.UserDetailsService;
> import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
> import
> org.springframework.security.provisioning.InMemoryUserDetailsManager;
> import org.springframework.stereotype.Component;
>
> @Configuration
> public class WicketWebSecurityAdapterConfig extends
> WebSecurityConfigurerAdapter {
>
>
> @Configuration
> @Order(1)
> public static class RestSecurityConfig extends
> WebSecurityConfigurerAdapter {
>
> @Override
> protected void configure(HttpSecurity http) throws Exception {
>
>
>
> http.antMatcher("/actuator/**").authorizeRequests().anyRequest().hasRole("ACTUATOR")
> .and().csrf().disable()
>
>
> .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
> .and().httpBasic();
> }
> }
>
> @Configuration
> @Order(2)
> public static class WicketSecurityConfig extends
> WebSecurityConfigurerAdapter {
> @Override
> protected void configure(HttpSecurity http) throws Exception {
> http.antMatcher("/page/**").authorizeRequests()
> .antMatchers("/page/login**").permitAll()
> .antMatchers("/page/**").hasAnyAuthority("USER",
> "ADMIN")
>
>
> .and().formLogin().loginPage("/page/login").loginProcessingUrl("/fake-url")
>
> .and().csrf().disable();
> }
> }
>
> @Bean
> public static BCryptPasswordEncoder passwordEncoder() {
> return new BCryptPasswordEncoder();
> }
>
> @Bean(name = "authenticationManager")
> @Override
> public AuthenticationManager authenticationManagerBean() throws
> Exception {
>
> return super.authenticationManagerBean();
> }
> public interface IAuthenticationFacade {
> Authentication getAuthentication();
> }
> @Component
> public class AuthenticationFacade implements IAuthenticationFacade {
>
> @Override
> public Authentication getAuthentication() {
> return SecurityContextHolder.getContext().getAuthentication();
> }
> }
>
> @Bean
> public UserDetailsService userDetailsService() {
> InMemoryUserDetailsManager manager = new
> InMemoryUserDetailsManager();
> manager.createUser(
> User.withUsername("admin")
>
> .password(passwordEncoder().encode("admin")).authorities("USER", "ADMIN")
> .build());
>
> manager.createUser(
> User.withUsername("actuator")
>
> .password(passwordEncoder().encode("actuator")).roles("ACTUATOR")
> .build());
>
> return manager;
> }
> }
>
>
> On Thu, Jan 24, 2019 at 3:19 PM nino martinez wael <
> nino.martinez.w...@gmail.com> wrote:
>
> > Thanks will try it:)
> >
> > On Thu, Jan 24, 2019 at 3:14 PM Zbynek Vavros 
> > wrote:
> >
> >> In my case it works something like this:
> >>
> >> @Configuration
> >> @EnableWebSecurity
> >> public class SecurityConfiguration {
> >>
> >> @Configuration
> >> @Order(1)
> >> public static 

Re: Wicket Spring boot versus actuator (wicket 8.2.0) + spring security (boot 2.1.2)

[nino martinez wael]

It sort of works, If I go to the actuator I get the http basic auth, if I
on the same session goto my pages.. I get an "ugly" access denied page and
not the configured wicket login page. So it sort of works..

If I just goto localhost:8080/ I get an default spring login page not the
wicket one.. Upon succesfull login it forwards me to the wicket login page,
where I can login again and then get to the real application..

Below my current code:


package dk.netdesign.ccadmin.frontend.security;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import
org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import
org.springframework.security.config.annotation.web.builders.HttpSecurity;
import
org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.stereotype.Component;

@Configuration
public class WicketWebSecurityAdapterConfig extends
WebSecurityConfigurerAdapter {


@Configuration
@Order(1)
public static class RestSecurityConfig extends
WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity http) throws Exception {


http.antMatcher("/actuator/**").authorizeRequests().anyRequest().hasRole("ACTUATOR")
.and().csrf().disable()


.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().httpBasic();
}
}

@Configuration
@Order(2)
public static class WicketSecurityConfig extends
WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/page/**").authorizeRequests()
.antMatchers("/page/login**").permitAll()
.antMatchers("/page/**").hasAnyAuthority("USER",
"ADMIN")


.and().formLogin().loginPage("/page/login").loginProcessingUrl("/fake-url")

.and().csrf().disable();
}
}

@Bean
public static BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}

@Bean(name = "authenticationManager")
@Override
public AuthenticationManager authenticationManagerBean() throws
Exception {

return super.authenticationManagerBean();
}
public interface IAuthenticationFacade {
Authentication getAuthentication();
}
@Component
public class AuthenticationFacade implements IAuthenticationFacade {

@Override
public Authentication getAuthentication() {
return SecurityContextHolder.getContext().getAuthentication();
}
}

@Bean
public UserDetailsService userDetailsService() {
InMemoryUserDetailsManager manager = new
InMemoryUserDetailsManager();
manager.createUser(
User.withUsername("admin")

.password(passwordEncoder().encode("admin")).authorities("USER", "ADMIN")
.build());

manager.createUser(
User.withUsername("actuator")

.password(passwordEncoder().encode("actuator")).roles("ACTUATOR")
.build());

return manager;
}
}


On Thu, Jan 24, 2019 at 3:19 PM nino martinez wael <
nino.martinez.w...@gmail.com> wrote:

> Thanks will try it:)
>
> On Thu, Jan 24, 2019 at 3:14 PM Zbynek Vavros 
> wrote:
>
>> In my case it works something like this:
>>
>> @Configuration
>> @EnableWebSecurity
>> public class SecurityConfiguration {
>>
>> @Configuration
>> @Order(1)
>> public static class RestSecurityConfig extends
>> WebSecurityConfigurerAdapter {
>>
>> .. user details service, auth providers etc
>>
>> @Override
>> protected void configure(HttpSecurity http) throws Exception {
>>
>>
>> http.antMatcher("/api/**").authorizeRequests().anyRequest().authenticated()
>> .and().csrf().disable()
>>
>>
>> .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
>> .and().httpBasic();
>> }
>> }
>>
>> @Configuration
>> @Order(2)
>> public static class WicketSecurityConfig extends
>> WebSecurityConfigurerAdapter {
>>
>> .. user details service, auth providers etc
>>
>> @Override
>> 

Re: Wicket Spring boot versus actuator (wicket 8.2.0) + spring security (boot 2.1.2)

[nino martinez wael]

Thanks will try it:)

On Thu, Jan 24, 2019 at 3:14 PM Zbynek Vavros 
wrote:

> In my case it works something like this:
>
> @Configuration
> @EnableWebSecurity
> public class SecurityConfiguration {
>
> @Configuration
> @Order(1)
> public static class RestSecurityConfig extends
> WebSecurityConfigurerAdapter {
>
> .. user details service, auth providers etc
>
> @Override
> protected void configure(HttpSecurity http) throws Exception {
>
> http.antMatcher("/api/**").authorizeRequests().anyRequest().authenticated()
> .and().csrf().disable()
>
> .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
> .and().httpBasic();
> }
> }
>
> @Configuration
> @Order(2)
> public static class WicketSecurityConfig extends
> WebSecurityConfigurerAdapter {
>
> .. user details service, auth providers etc
>
> @Override
> protected void configure(AuthenticationManagerBuilder auth) throws
> Exception {
> auth.authenticationProvider(wicketAuthenticationProvider);
> }
>
> @Override
> protected void configure(HttpSecurity http) throws Exception {
> http.antMatcher("/page/**").authorizeRequests()
> .antMatchers("/page/login**").permitAll()
> .antMatchers("/page/**").hasRole("ROLE")
>
> .and().formLogin().loginPage("/page/login").loginProcessingUrl("/fake-url")
> .and().csrf().disable();
> }
>
> @Override
> @Bean(name = "authenticationManager")
> public AuthenticationManager authenticationManagerBean() throws
> Exception {
> return super.authenticationManagerBean();
> }
> }
> }
>
> The RestSecurityConfigwould be what you would do for actuators, for me
> thats the REST API.
> Not the order of "antMatcher", "authorizeRequests" and " antMatchers".
>
> Zbynek
>
> On Thu, Jan 24, 2019 at 3:09 PM nino martinez wael <
> nino.martinez.w...@gmail.com> wrote:
>
> > do you have an example? OR is it just to cut them into two like:
> > WebSecurityConfigurerAdapter A:
> >
> >
> http.authorizeRequests().antMatchers("/actuator/**","/actuator").hasRole("ACTUATOR").and().httpBasic();
> >
> > WebSecurityConfigurerAdapter B:
> >  http
> >  .csrf().disable()
> >  .authorizeRequests().anyRequest().permitAll()
> >  .and()
> >  .logout()
> >  .permitAll();
> >  http.headers().frameOptions().disable();
> >
> >
> > On Thu, Jan 24, 2019 at 3:06 PM Zbynek Vavros 
> > wrote:
> >
> > > Hi,
> > >
> > > I did similar thing, the trick here is to use two
> > > WebSecurityConfigurerAdaptes.
> > >
> > > Zbynek
> > >
> > > On Thu, Jan 24, 2019 at 2:55 PM nino martinez wael <
> > > nino.martinez.w...@gmail.com> wrote:
> > >
> > > > Hope its okay to use the wicket user mailing list for this:)
> > > >
> > > > First of all thanks to MarcGiffing for making the project. But I
> cannot
> > > get
> > > > actuator endpoints to work with spring security and wicket spring
> > boot..
> > > > I've tried a lot of things..
> > > >
> > > > IN my WebSecurityConfigurerAdapter:
> > > >
> > > >  http
> > > >
> > > >
> > > >
> > >
> >
> .authorizeRequests().antMatchers("/actuator/**","/actuator").hasRole("ACTUATOR").and().httpBasic();
> > > >
> > > > http
> > > > .csrf().disable()
> > > > .authorizeRequests().anyRequest().permitAll()
> > > > .and()
> > > > .logout()
> > > > .permitAll();
> > > > http.headers().frameOptions().disable();
> > > >
> > > > But that just disables actuator and messes with the Wicket side of
> the
> > > > security.. Any one have some clues=
> > > >
> > > > --
> > > > Best regards / Med venlig hilsen
> > > > Nino Martinez
> > > >
> > >
> >
> >
> > --
> > Best regards / Med venlig hilsen
> > Nino Martinez
> >
>


-- 
Best regards / Med venlig hilsen
Nino Martinez

Re: Wicket Spring boot versus actuator (wicket 8.2.0) + spring security (boot 2.1.2)

[Zbynek Vavros]

In my case it works something like this:

@Configuration
@EnableWebSecurity
public class SecurityConfiguration {

@Configuration
@Order(1)
public static class RestSecurityConfig extends
WebSecurityConfigurerAdapter {

.. user details service, auth providers etc

@Override
protected void configure(HttpSecurity http) throws Exception {

http.antMatcher("/api/**").authorizeRequests().anyRequest().authenticated()
.and().csrf().disable()

.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().httpBasic();
}
}

@Configuration
@Order(2)
public static class WicketSecurityConfig extends
WebSecurityConfigurerAdapter {

.. user details service, auth providers etc

@Override
protected void configure(AuthenticationManagerBuilder auth) throws
Exception {
auth.authenticationProvider(wicketAuthenticationProvider);
}

@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/page/**").authorizeRequests()
.antMatchers("/page/login**").permitAll()
.antMatchers("/page/**").hasRole("ROLE")

.and().formLogin().loginPage("/page/login").loginProcessingUrl("/fake-url")
.and().csrf().disable();
}

@Override
@Bean(name = "authenticationManager")
public AuthenticationManager authenticationManagerBean() throws
Exception {
return super.authenticationManagerBean();
}
}
}

The RestSecurityConfigwould be what you would do for actuators, for me
thats the REST API.
Not the order of "antMatcher", "authorizeRequests" and " antMatchers".

Zbynek

On Thu, Jan 24, 2019 at 3:09 PM nino martinez wael <
nino.martinez.w...@gmail.com> wrote:

> do you have an example? OR is it just to cut them into two like:
> WebSecurityConfigurerAdapter A:
>
>  
> http.authorizeRequests().antMatchers("/actuator/**","/actuator").hasRole("ACTUATOR").and().httpBasic();
>
> WebSecurityConfigurerAdapter B:
>  http
>  .csrf().disable()
>  .authorizeRequests().anyRequest().permitAll()
>  .and()
>  .logout()
>  .permitAll();
>  http.headers().frameOptions().disable();
>
>
> On Thu, Jan 24, 2019 at 3:06 PM Zbynek Vavros 
> wrote:
>
> > Hi,
> >
> > I did similar thing, the trick here is to use two
> > WebSecurityConfigurerAdaptes.
> >
> > Zbynek
> >
> > On Thu, Jan 24, 2019 at 2:55 PM nino martinez wael <
> > nino.martinez.w...@gmail.com> wrote:
> >
> > > Hope its okay to use the wicket user mailing list for this:)
> > >
> > > First of all thanks to MarcGiffing for making the project. But I cannot
> > get
> > > actuator endpoints to work with spring security and wicket spring
> boot..
> > > I've tried a lot of things..
> > >
> > > IN my WebSecurityConfigurerAdapter:
> > >
> > >  http
> > >
> > >
> > >
> >
> .authorizeRequests().antMatchers("/actuator/**","/actuator").hasRole("ACTUATOR").and().httpBasic();
> > >
> > > http
> > > .csrf().disable()
> > > .authorizeRequests().anyRequest().permitAll()
> > > .and()
> > > .logout()
> > > .permitAll();
> > > http.headers().frameOptions().disable();
> > >
> > > But that just disables actuator and messes with the Wicket side of the
> > > security.. Any one have some clues=
> > >
> > > --
> > > Best regards / Med venlig hilsen
> > > Nino Martinez
> > >
> >
>
>
> --
> Best regards / Med venlig hilsen
> Nino Martinez
>

Re: Wicket Spring boot versus actuator (wicket 8.2.0) + spring security (boot 2.1.2)

[Zbynek Vavros]

Hi,

I did similar thing, the trick here is to use two
WebSecurityConfigurerAdaptes.

Zbynek

On Thu, Jan 24, 2019 at 2:55 PM nino martinez wael <
nino.martinez.w...@gmail.com> wrote:

> Hope its okay to use the wicket user mailing list for this:)
>
> First of all thanks to MarcGiffing for making the project. But I cannot get
> actuator endpoints to work with spring security and wicket spring boot..
> I've tried a lot of things..
>
> IN my WebSecurityConfigurerAdapter:
>
>  http
>
>
> .authorizeRequests().antMatchers("/actuator/**","/actuator").hasRole("ACTUATOR").and().httpBasic();
>
> http
> .csrf().disable()
> .authorizeRequests().anyRequest().permitAll()
> .and()
> .logout()
> .permitAll();
> http.headers().frameOptions().disable();
>
> But that just disables actuator and messes with the Wicket side of the
> security.. Any one have some clues=
>
> --
> Best regards / Med venlig hilsen
> Nino Martinez
>

Re: Wicket Spring boot versus actuator (wicket 8.2.0) + spring security (boot 2.1.2)

[nino martinez wael]

do you have an example? OR is it just to cut them into two like:
WebSecurityConfigurerAdapter A:
 
http.authorizeRequests().antMatchers("/actuator/**","/actuator").hasRole("ACTUATOR").and().httpBasic();

WebSecurityConfigurerAdapter B:
 http
 .csrf().disable()
 .authorizeRequests().anyRequest().permitAll()
 .and()
 .logout()
 .permitAll();
 http.headers().frameOptions().disable();


On Thu, Jan 24, 2019 at 3:06 PM Zbynek Vavros 
wrote:

> Hi,
>
> I did similar thing, the trick here is to use two
> WebSecurityConfigurerAdaptes.
>
> Zbynek
>
> On Thu, Jan 24, 2019 at 2:55 PM nino martinez wael <
> nino.martinez.w...@gmail.com> wrote:
>
> > Hope its okay to use the wicket user mailing list for this:)
> >
> > First of all thanks to MarcGiffing for making the project. But I cannot
> get
> > actuator endpoints to work with spring security and wicket spring boot..
> > I've tried a lot of things..
> >
> > IN my WebSecurityConfigurerAdapter:
> >
> >  http
> >
> >
> >
> .authorizeRequests().antMatchers("/actuator/**","/actuator").hasRole("ACTUATOR").and().httpBasic();
> >
> > http
> > .csrf().disable()
> > .authorizeRequests().anyRequest().permitAll()
> > .and()
> > .logout()
> > .permitAll();
> > http.headers().frameOptions().disable();
> >
> > But that just disables actuator and messes with the Wicket side of the
> > security.. Any one have some clues=
> >
> > --
> > Best regards / Med venlig hilsen
> > Nino Martinez
> >
>


-- 
Best regards / Med venlig hilsen
Nino Martinez

Re: Wicket Spring boot versus actuator (wicket 8.2.0) + spring security (boot 2.1.2)

[nino martinez wael]

Already done that.. Thanks for the idea.. On my webservice project I am
doing this:

http
.authorizeRequests()

.antMatchers("/services/**").hasRole("USER").and().httpBasic().and().
csrf().disable();
http
.authorizeRequests()

.antMatchers("/actuator/**").hasRole("ACTUATOR").and().httpBasic().and().
csrf().disable();

And its working fine, I am wondering if its because my mountpoints for
wicket all are mapped to root like /home /login .. Which could conflict
with /actuator?

On Thu, Jan 24, 2019 at 3:01 PM Andrea Del Bene 
wrote:

> I had a problem with Spring Boot 2 and actuator as many of them are
> disabled by default in the new version. I don't know if this is the case
> for you, but I would try enabling all of them via config file. For example
> with yml is something like:
>
> management:
>   endpoints:
> web:
>   exposure:
> include: "*"
>
> On Thu, Jan 24, 2019 at 2:55 PM nino martinez wael <
> nino.martinez.w...@gmail.com> wrote:
>
> > Hope its okay to use the wicket user mailing list for this:)
> >
> > First of all thanks to MarcGiffing for making the project. But I cannot
> get
> > actuator endpoints to work with spring security and wicket spring boot..
> > I've tried a lot of things..
> >
> > IN my WebSecurityConfigurerAdapter:
> >
> >  http
> >
> >
> >
> .authorizeRequests().antMatchers("/actuator/**","/actuator").hasRole("ACTUATOR").and().httpBasic();
> >
> > http
> > .csrf().disable()
> > .authorizeRequests().anyRequest().permitAll()
> > .and()
> > .logout()
> > .permitAll();
> > http.headers().frameOptions().disable();
> >
> > But that just disables actuator and messes with the Wicket side of the
> > security.. Any one have some clues=
> >
> > --
> > Best regards / Med venlig hilsen
> > Nino Martinez
> >
>
>
> --
> Andrea Del Bene.
> Apache Wicket committer.
>


-- 
Best regards / Med venlig hilsen
Nino Martinez

Re: Wicket Spring boot versus actuator (wicket 8.2.0) + spring security (boot 2.1.2)

[Andrea Del Bene]

I had a problem with Spring Boot 2 and actuator as many of them are
disabled by default in the new version. I don't know if this is the case
for you, but I would try enabling all of them via config file. For example
with yml is something like:

management:
  endpoints:
web:
  exposure:
include: "*"

On Thu, Jan 24, 2019 at 2:55 PM nino martinez wael <
nino.martinez.w...@gmail.com> wrote:

> Hope its okay to use the wicket user mailing list for this:)
>
> First of all thanks to MarcGiffing for making the project. But I cannot get
> actuator endpoints to work with spring security and wicket spring boot..
> I've tried a lot of things..
>
> IN my WebSecurityConfigurerAdapter:
>
>  http
>
>
> .authorizeRequests().antMatchers("/actuator/**","/actuator").hasRole("ACTUATOR").and().httpBasic();
>
> http
> .csrf().disable()
> .authorizeRequests().anyRequest().permitAll()
> .and()
> .logout()
> .permitAll();
> http.headers().frameOptions().disable();
>
> But that just disables actuator and messes with the Wicket side of the
> security.. Any one have some clues=
>
> --
> Best regards / Med venlig hilsen
> Nino Martinez
>


-- 
Andrea Del Bene.
Apache Wicket committer.

Re: Wicket Spring Boot open entity manager in view config

[Per Newgro]

Hi,

i can answer myself :-)

    public @Bean FilterRegistrationBean openEntityManagerInViewFilter() {
        FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setFilter(new OpenEntityManagerInViewFilter());
        registration.setName("openEntityManagerInView");
        registration.addUrlPatterns("/*");
        return registration;
    }

If some1 else looks for this.

Cheers
Per

Am 23.03.2018 um 19:47 schrieb Per Newgro:

Hello,

we would like to use the open-entitymanager-in-view pattern. It was 
working in our "old fashioned" spring application by configuring 
filter in web.xml.


But we can not find the appropriate config for wicket spring boot. 
Enable spring.jpa.open-entitymanager-in-view=true seems not to be enough.


We still get LazyInitException - no session.

Can one of you please provide a short comment, what we can still check?


Thanks for your support.

Per


-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Re: Wicket Spring Boot Article

[Andrea Del Bene]

On 02/04/2017 22:00, Marc wrote:

Hey

sorry Tobias, I've had some problems with the Spring intetration. I don't
remember exactly what the problem was but it was a little bit frustrating so
that I'm lost the sight of it (Spring AOP / AspectJ related - no direct
relation to your project) .

@Andrea I've subscribed the mailing list :). Thanks for the article!


I suspected it :-)



Btw I've just released version 2.0.1 which uses Wicket 8.0.0-M5.


Thanks for your work!




--
View this message in context: 
http://apache-wicket.1842946.n4.nabble.com/Wicket-Spring-Boot-Article-tp4677570p4677575.html
Sent from the Users forum mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Re: Wicket Spring Boot Article

[Marc]

Hey

sorry Tobias, I've had some problems with the Spring intetration. I don't
remember exactly what the problem was but it was a little bit frustrating so
that I'm lost the sight of it (Spring AOP / AspectJ related - no direct
relation to your project) .

@Andrea I've subscribed the mailing list :). Thanks for the article! 

Btw I've just released version 2.0.1 which uses Wicket 8.0.0-M5.



--
View this message in context: 
http://apache-wicket.1842946.n4.nabble.com/Wicket-Spring-Boot-Article-tp4677570p4677575.html
Sent from the Users forum mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Re: Wicket Spring Boot Article

[Tobias Soloschenko]

sadly not. I was just in contact with him, because of metrics, but that is some 
time ago.

kind regards

Tobias

> Am 02.04.2017 um 16:58 schrieb Andrea Del Bene :
> 
> You're welcome!
> ps: anybody is in contact with Marc
> ?
> 
> On 2 Apr 2017 16:55, "Tobias Soloschenko" 
> wrote:
> 
> Hi,
> 
> just wanted to point out that this is really great:
> 
> https://mobile.twitter.com/apache_wicket/status/847763903249600513
> 
> I think for Spring - Spring Boot is the future. Thanks for it Marc Giffing
> and Andrea Del Bene for the article! I am going to play around with this
> soon. :-)
> 
> kind regards
> 
> Tobias

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Re: Wicket Spring Boot Article

[Andrea Del Bene]

You're welcome!
ps: anybody is in contact with Marc
?

On 2 Apr 2017 16:55, "Tobias Soloschenko" 
wrote:

Hi,

just wanted to point out that this is really great:

https://mobile.twitter.com/apache_wicket/status/847763903249600513

I think for Spring - Spring Boot is the future. Thanks for it Marc Giffing
and Andrea Del Bene for the article! I am going to play around with this
soon. :-)

kind regards

Tobias

Re: Wicket & Spring Boot

[Andrew Geery]

Hi Marc

That's cool!

I made a Wicket + Spring Boot "Getting Started"-style guide a couple of
months ago: https://github.com/ageery/getting-started-guides/tree/wicket.
The code is on the wicket branch in the complete directory.

It's a filterable data table with ajax CRUD functionality, built on Spring
Boot, Spring Data JPA, Wicket 7, Java 8 and Wicket Bootstrap.

It was inspired by the Vaadin + Spring Boot CRUD example:
https://spring.io/guides/gs/crud-with-vaadin/

Andrew


On Thu, Nov 12, 2015 at 5:20 PM, Martin Grigorov 
wrote:

> Hi Marc,
>
> Welcome to the mailing list and thank you for sharing your project with us!
> I have seen some Wicket+SpringBoot apps both in Wicket and Wicket-Bootstrap
> issue trackers but as far as I can see your project doesn't just use SB but
> actually integrates with it.
> I'll keep an eye on it!
>
> P.S. I guess you know that web.de mail client is based on Wicket too ? :-)
>
> Martin Grigorov
> Wicket Training and Consulting
> https://twitter.com/mtgrigorov
>
> On Thu, Nov 12, 2015 at 10:56 PM, Marc  wrote:
>
> > Hi all,
> > it's my first post, so I'm hopefully subscribed to the mailing list.
> >
> > Is there currently any Spring Boot integration support?
> >
> > I've started with a Spring Boot Wicket integration:  wicket-spring-boot
> >   .
> >
> > Besides the maven pom.xml you currently only need thisconfiguration
> class:
> > WicketApplication.java
> > <
> >
> https://github.com/MarcGiffing/wicket-spring-boot/blob/master/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/WicketApplication.java
> > >
> > to get a full working wicket application. You only have to execute the
> main
> > method. You should get a default login page and a simple home page.
> Spring
> > security is automatically configured in a default configuration. Within a
> > property file you can switch between deployment or development
> > configruation
> >
> > wicket.configurationType=DEPLOYMENT
> > wicket.compressHTMLEnabled=true  HTMLCompressingConfig.java
> > <
> >
> https://github.com/MarcGiffing/wicket-spring-boot/blob/master/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/configuration/extensions/HTMLCompressingConfig.java
> > >
> > wicket.statelessCheckerEnabled=true  StatelessCheckerConfig.java
> > <
> >
> https://github.com/MarcGiffing/wicket-spring-boot/blob/master/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/configuration/extensions/StatelessCheckerConfig.java
> > >
> >
> > My main goal was to learn a bit about Spring Boot but maybe its
> interessing
> > for somone in the Wicket community
> >
> > GreetsMarc
> >
> > --
> > View this message in context:
> >
> http://apache-wicket.1842946.n4.nabble.com/Wicket-Spring-Boot-tp4672591.html
> > Sent from the Users forum mailing list archive at Nabble.com.
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> > For additional commands, e-mail: users-h...@wicket.apache.org
> >
> >
>

Re: Wicket & Spring Boot

[Martin Grigorov]

Hi Marc,

Welcome to the mailing list and thank you for sharing your project with us!
I have seen some Wicket+SpringBoot apps both in Wicket and Wicket-Bootstrap
issue trackers but as far as I can see your project doesn't just use SB but
actually integrates with it.
I'll keep an eye on it!

P.S. I guess you know that web.de mail client is based on Wicket too ? :-)

Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov

On Thu, Nov 12, 2015 at 10:56 PM, Marc  wrote:

> Hi all,
> it's my first post, so I'm hopefully subscribed to the mailing list.
>
> Is there currently any Spring Boot integration support?
>
> I've started with a Spring Boot Wicket integration:  wicket-spring-boot
>   .
>
> Besides the maven pom.xml you currently only need thisconfiguration class:
> WicketApplication.java
> <
> https://github.com/MarcGiffing/wicket-spring-boot/blob/master/wicket-spring-boot-starter-example/src/main/java/com/giffing/wicket/spring/boot/example/WicketApplication.java
> >
> to get a full working wicket application. You only have to execute the main
> method. You should get a default login page and a simple home page. Spring
> security is automatically configured in a default configuration. Within a
> property file you can switch between deployment or development
> configruation
>
> wicket.configurationType=DEPLOYMENT
> wicket.compressHTMLEnabled=true  HTMLCompressingConfig.java
> <
> https://github.com/MarcGiffing/wicket-spring-boot/blob/master/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/configuration/extensions/HTMLCompressingConfig.java
> >
> wicket.statelessCheckerEnabled=true  StatelessCheckerConfig.java
> <
> https://github.com/MarcGiffing/wicket-spring-boot/blob/master/wicket-spring-boot-starter/src/main/java/com/giffing/wicket/spring/boot/starter/configuration/extensions/StatelessCheckerConfig.java
> >
>
> My main goal was to learn a bit about Spring Boot but maybe its interessing
> for somone in the Wicket community
>
> GreetsMarc
>
> --
> View this message in context:
> http://apache-wicket.1842946.n4.nabble.com/Wicket-Spring-Boot-tp4672591.html
> Sent from the Users forum mailing list archive at Nabble.com.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>