from:"Maurice Marrink"

[Wicket-user] feature suggestion component instantiation

2007-07-18 Thread Maurice Marrink

Hi,
In my project we often have the case where a user initially is allowed
to construct a certain component (pages mostly) but whether he really
can depends on the model of the page.
So my request / suggestion is to enhance IAuthorizationStrategy with
the following method isInstantiationAuthorized(Class, IModel). whether
this methods is made available next to
isInstantiationAuthorized(Class) or replaces it is not important.

As far as i can see the following changes need to be made
-Application.notifyComponentInstantiationListeners needs to be
upgraded to receive the model to, or the component should not call
notify untill the model has been set on the component (which happens
on the next line)
-the default listener needs to pass the model to the strategy.

For regular models this should not be a problem but IWrapModels might
have a problem when accessing anything else from the component but the
id. Not passing the wrappedmodel but the original model is imo not an
option because the main point of passing the model is to be able to
use the getObject method.

What do you think?

Maurice

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] feature suggestion component instantiation

2007-07-18 Thread Maurice Marrink

After having Johan explain to me that It is only the
IComponentAssignedModel that will cause serious problems and models
like CompoundPropertyModel will work just fine. And since we do not
use those.
I have no objection to this restriction.

Maurice

On 7/18/07, Johan Compagner [EMAIL PROTECTED] wrote:
 i can see the value of having the model in the authorizationstrategy
 this is pretty handy. But the problem is with wrapmodels  because we
 just can't give those to the outside world withing a constructor of a
 component
 because we have a big warning in the wrapOnAssigment(Component) call
 that in that method you shouldn't really touch the component because it is
 not
 fully constructed yet. But we can't have it that the component is still not
 fully constructed
 in the getObject() call of the wrapped model.

 So i am +1 for such a change except that the model param will be null of not
 given and
 null if it is wrapped model.

 johan


 On 7/18/07, Maurice Marrink [EMAIL PROTECTED] wrote:
 
  Hi,
  In my project we often have the case where a user initially is allowed
  to construct a certain component (pages mostly) but whether he really
  can depends on the model of the page.
  So my request / suggestion is to enhance IAuthorizationStrategy with
  the following method isInstantiationAuthorized(Class, IModel). whether
  this methods is made available next to
  isInstantiationAuthorized(Class) or replaces it is not important.
 
  As far as i can see the following changes need to be made
  -Application.notifyComponentInstantiationListeners needs to be
  upgraded to receive the model to, or the component should not call
  notify untill the model has been set on the component (which happens
  on the next line)
  -the default listener needs to pass the model to the strategy.
 
  For regular models this should not be a problem but IWrapModels might
  have a problem when accessing anything else from the component but the
  id. Not passing the wrappedmodel but the original model is imo not an
  option because the main point of passing the model is to be able to
  use the getObject method.
 
  What do you think?
 
  Maurice
 
  -
  This SF.net email is sponsored by DB2 Express
  Download DB2 Express C - the FREE version of DB2 express and take
  control of your XML. No limits. Just data. Click to get it now.
  http://sourceforge.net/powerbar/db2/
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 
 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] feature suggestion component instantiation

2007-07-18 Thread Maurice Marrink

True you can't do setModel(foo) and expect your instantiation check to
work. Which imho is perfectly logical if you want to use your model in
the instantiation check you need to pass it in the constructor.

As for the example
We have a search page for students, uppon clicking on one of those
students, you go to a detail page for that student. that page also
contains several tabs to go to other relevant pages for the student
(like it's school grades). on these pages we made a quicksearch
function with contains amongst other things 2 buttons to navigate
forth and back between the searchresults of the search page, while
keeping the same view. Suppose i have sufficient rights to see the
detail pages of all students but only enough rights to see the grades
of my own students.

So if i make the search wide enough to get all students and then
select one of my own, going to the grades. That's fine. But if i then
navigate to another student i am not allowed to see the grades
(creating a new instance of the grades page in the process) i need to
know if the page in combination with the student is allowed, because
the page itself is basically allowed.

Maurice

On 7/18/07, Eelco Hillenius [EMAIL PROTECTED] wrote:
 I don't think I agree with that.

 MyComponent c = new MyComponent(); c.setModel(foo) wouldn't work for
 starters, and you can even set models mutliple times. Not to mention
 the other problems you mentioned in this thread. And finally, it would
 just invite people to go crazy with this functionality.

 But give us a good example of where using the model to determine an
 access restriction would actually be useful?

 Eelco

 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] feature suggestion component instantiation

2007-07-18 Thread Maurice Marrink

Right now i manually need to trigger
isActionAuthorized(Component.RENDER); after the component has been
fully initialized. I would like to abort as soon as possible.

Maurice

On 7/18/07, Johan Compagner [EMAIL PROTECTED] wrote:
 cant you test this with the render action check?
 that is always done also if the model is changed

 johan


 On 7/18/07, Maurice Marrink [EMAIL PROTECTED] wrote:
 
  True you can't do setModel(foo) and expect your instantiation check to
  work. Which imho is perfectly logical if you want to use your model in
  the instantiation check you need to pass it in the constructor.
 
  As for the example
  We have a search page for students, uppon clicking on one of those
  students, you go to a detail page for that student. that page also
  contains several tabs to go to other relevant pages for the student
  (like it's school grades). on these pages we made a quicksearch
  function with contains amongst other things 2 buttons to navigate
  forth and back between the searchresults of the search page, while
  keeping the same view. Suppose i have sufficient rights to see the
  detail pages of all students but only enough rights to see the grades
  of my own students.
 
  So if i make the search wide enough to get all students and then
  select one of my own, going to the grades. That's fine. But if i then
  navigate to another student i am not allowed to see the grades
  (creating a new instance of the grades page in the process) i need to
  know if the page in combination with the student is allowed, because
  the page itself is basically allowed.
 
  Maurice
 
  On 7/18/07, Eelco Hillenius [EMAIL PROTECTED] wrote:
   I don't think I agree with that.
  
   MyComponent c = new MyComponent(); c.setModel(foo) wouldn't work for
   starters, and you can even set models mutliple times. Not to mention
   the other problems you mentioned in this thread. And finally, it would
   just invite people to go crazy with this functionality.
  
   But give us a good example of where using the model to determine an
   access restriction would actually be useful?
  
   Eelco
  
  
  -
   This SF.net email is sponsored by DB2 Express
   Download DB2 Express C - the FREE version of DB2 express and take
   control of your XML. No limits. Just data. Click to get it now.
   http://sourceforge.net/powerbar/db2/
   ___
   Wicket-user mailing list
   Wicket-user@lists.sourceforge.net
   https://lists.sourceforge.net/lists/listinfo/wicket-user
  
 
  -
  This SF.net email is sponsored by DB2 Express
  Download DB2 Express C - the FREE version of DB2 express and take
  control of your XML. No limits. Just data. Click to get it now.
  http://sourceforge.net/powerbar/db2/
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 
 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] feature suggestion component instantiation

2007-07-18 Thread Maurice Marrink

However besides the benefit of being more efficient it also prevents a
lot of nasty stuff like throwing custom exceptions / NPE in the page
constructor or redirecting, which i now have to take into account
because the page is fully constructed. When the strategy can tell me
for certain if the page is allowed i would not have to do that.

Maurice

On 7/18/07, Maurice Marrink [EMAIL PROTECTED] wrote:
 Right now i manually need to trigger
 isActionAuthorized(Component.RENDER); after the component has been
 fully initialized. I would like to abort as soon as possible.

 Maurice

 On 7/18/07, Johan Compagner [EMAIL PROTECTED] wrote:
  cant you test this with the render action check?
  that is always done also if the model is changed
 
  johan
 
 
  On 7/18/07, Maurice Marrink [EMAIL PROTECTED] wrote:
  
   True you can't do setModel(foo) and expect your instantiation check to
   work. Which imho is perfectly logical if you want to use your model in
   the instantiation check you need to pass it in the constructor.
  
   As for the example
   We have a search page for students, uppon clicking on one of those
   students, you go to a detail page for that student. that page also
   contains several tabs to go to other relevant pages for the student
   (like it's school grades). on these pages we made a quicksearch
   function with contains amongst other things 2 buttons to navigate
   forth and back between the searchresults of the search page, while
   keeping the same view. Suppose i have sufficient rights to see the
   detail pages of all students but only enough rights to see the grades
   of my own students.
  
   So if i make the search wide enough to get all students and then
   select one of my own, going to the grades. That's fine. But if i then
   navigate to another student i am not allowed to see the grades
   (creating a new instance of the grades page in the process) i need to
   know if the page in combination with the student is allowed, because
   the page itself is basically allowed.
  
   Maurice
  
   On 7/18/07, Eelco Hillenius [EMAIL PROTECTED] wrote:
I don't think I agree with that.
   
MyComponent c = new MyComponent(); c.setModel(foo) wouldn't work for
starters, and you can even set models mutliple times. Not to mention
the other problems you mentioned in this thread. And finally, it would
just invite people to go crazy with this functionality.
   
But give us a good example of where using the model to determine an
access restriction would actually be useful?
   
Eelco
   
   
   -
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
   
  
   -
   This SF.net email is sponsored by DB2 Express
   Download DB2 Express C - the FREE version of DB2 express and take
   control of your XML. No limits. Just data. Click to get it now.
   http://sourceforge.net/powerbar/db2/
   ___
   Wicket-user mailing list
   Wicket-user@lists.sourceforge.net
   https://lists.sourceforge.net/lists/listinfo/wicket-user
  
  -
  This SF.net email is sponsored by DB2 Express
  Download DB2 Express C - the FREE version of DB2 express and take
  control of your XML. No limits. Just data. Click to get it now.
  http://sourceforge.net/powerbar/db2/
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] feature suggestion component instantiation

2007-07-18 Thread Maurice Marrink

Ok, thanks for your input guys, no hard feelings :)
There are indeed workarounds, i just thought it would be an elegant
solution if wicket supported it. But i guess you are right, there are
too many caveats.

Maurice

On 7/18/07, Eelco Hillenius [EMAIL PROTECTED] wrote:
  i think its time for you to build something that uses aop and get it out of
  your system :)

 Get it out of my system? I'm not exactly recommending AOP as I think
 other solutions would be better.

 after(Component c) returning: this(c)  execution(Component.new(..)) 
 {
 System.out.println(constructed component with model  + 
 c.getModel());
 }

 Something like that works. I'm sure there's lots of ifs and buts, but
 the point is that it is a possible way out.

 Eelco

 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] SecureTextField rendered as span element?

2007-07-16 Thread Maurice Marrink

Yes that should be possible. Please take a look at
org.apache.wicket.markup.html.link.AbstractLink#disableLink and
org.apache.wicket.markup.html.link.Link#onComponentTag for some ideas.
Basically you need to override onComponentTag and change the tag to a
span there if the textfield is disabled.

If you have the wicket-security-examples you can also take a look at
org.apache.wicket.security.examples.components.navigation.ButtonContainer
which does something similar only for a link. In a link it is easier
because they have build in support for custom disabled behavior/markup
but it is nothing you can not do in any component yourself by
overriding onComponentTag.

Maurice


On 7/16/07, Árni Hermann Reynisson [EMAIL PROTECTED] wrote:
 Hi

 Would it be possible to render an instance of SecureTextField as span
 instead of disabled input if the action isn't authorized?

 Regards,
 Arni Hermann


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] WicketTester does not clean up resources very well

2007-07-16 Thread Maurice Marrink

Well, thats why i asked if maybe i was missing something :)
Anyway an issue has been created
https://issues.apache.org/jira/browse/WICKET-762

Maurice

Oh btw like Martijn said there might be a legit reason to keep the
session and stuff around after the processing thingy but i really
think they should be gone after destroy has been called.


On 7/16/07, Martijn Dashorst [EMAIL PROTECTED] wrote:
 I thought that not all resources were cleaned up so that test cases
 can query the response and other things. The responsibility is on the
 tester to initiate a new fresh RequestCycle iiuc.

 That said, it may be that we don't provide enough hooks to perform the clean 
 up.

 Martijn

 On 7/15/07, Maurice Marrink [EMAIL PROTECTED] wrote:
  I just noticed that running the following minimal junittest fails.
  WicketTester mock=new WicketTester();
  mock.setupRequestAndResponse();
  mock.processRequestCycle();
  mock.destroy();
  assertNull(Session.get()); //actually should throw
  IllegalStateException but 
 
  I would expect the threadlocal Session to be gone after the request
  had been processed but it is even available after the application has
  been destroyed.
  Or am i missing something?
 
  Maurice
 
  -
  This SF.net email is sponsored by DB2 Express
  Download DB2 Express C - the FREE version of DB2 express and take
  control of your XML. No limits. Just data. Click to get it now.
  http://sourceforge.net/powerbar/db2/
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 


 --
 Wicket joins the Apache Software Foundation as Apache Wicket
 Apache Wicket 1.3.0-beta2 is released
 Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.0-beta2/

 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

[Wicket-user] WicketTester does not clean up resources very well

2007-07-15 Thread Maurice Marrink

I just noticed that running the following minimal junittest fails.
WicketTester mock=new WicketTester();
mock.setupRequestAndResponse();
mock.processRequestCycle();
mock.destroy();
assertNull(Session.get()); //actually should throw
IllegalStateException but 

I would expect the threadlocal Session to be gone after the request
had been processed but it is even available after the application has
been destroyed.
Or am i missing something?

Maurice

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Editable grid

2007-07-11 Thread Maurice Marrink

Actually we have gone completely Ajax for the grid, so i have no idea
what problems you are going to run into when using forms, especially
in combination with a moving editor. our grid was based on a listview
using wicket 1.2.6 but 1.3 might have better alternatives.

Maurice

On 7/11/07, Eelco Hillenius [EMAIL PROTECTED] wrote:
  I have recently started playing with wicket to see if we can use it to
  rewrite a legacy enterprise. I really like the simplicity of the
  architecture. A good chunk of our screens (35%) require editable grid.
  For example maintenance screens for small tables. I have seen bunch of
  examples in wicket on how to do grid views but just one example on how
  to make editable grid (Contacts editor - though it is not complete). I
  also found an example of an editable tree view and it is not complete
  either. Are there any examples out there that can help me get started?
  Any help would be greatly appreciated.

 You can. If you need to clone a spreadsheet (like I know Maurice did
 for his project) you might want to think about optimizations. For more
 simple cases, just remember that anything you nest in a form, no
 matter how deeply nested, will take part in form processing. You can
 probably best start with DefaultDataTable.

 Eelco

 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Displaying Modal Window to capture and display error message

2007-07-10 Thread Maurice Marrink

The button has a setDefaultFormProcessing option, if you turn it off,
you manually have to do whatever form.process now does for you, which
is amongst other things form validation.

Maurice

On 7/10/07, Dipu Seminlal [EMAIL PROTECTED] wrote:
 Hi All,

 Is there a way to display a modal window when a submit button is clicked

 Use Case is

 Button button = new Button(bbutton)
 {
   protected void onSubmit()
   {
 if(isValidInput())
 {
  // do process and traverse to next screen
 }
 else
 {
   // show a modal dialog with messages
 }
   }
 }


 Thanks
 Dipu

 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user



-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Editable grid

2007-07-10 Thread Maurice Marrink

An editable grid is certainly possible in wicket. I've build one of
those monsters in our application. Unfortunately for you it has grown
so much to be able to do everything you ever wanted and everything you
never even knew you wanted that it is completely useless as an
example. I can however give you some tips.
- Do not use textfields or dropdowns in every cell, especially with
larger grids this is going to hurt you performance wise (ie more than
firefox but still)
-instead use one moving textfield (or a dropdown for each different
type you need)
-use spans to create editable labels (showing the textfield or other
editor on click)
-if you are going to use ajax, send multiple changes each time using
the time delay
-if you use something of a form submit you will need to collect the
changes in a custom way since you don't have textfields.
-get ready for some serious javascripting (i have some javascript to
navigate a table in javascript you should be able to reuse).
-make good use of the component structure of wicket building on cells,
rows and tables (off course you need to build these yourself).
-really think your underlying datamodel through, we are using 1 custom
model to dispatch models for each cell. but i'm not sure this is
ideal.
-inline attribute changes on your cells by overriding the
oncomponenttag to minimize your footprint.
-Keep it simple

Maurice

On 7/10/07, Sanjay Gupta [EMAIL PROTECTED] wrote:
 I have recently started playing with wicket to see if we can use it to
 rewrite a legacy enterprise. I really like the simplicity of the
 architecture. A good chunk of our screens (35%) require editable grid.
 For example maintenance screens for small tables. I have seen bunch of
 examples in wicket on how to do grid views but just one example on how
 to make editable grid (Contacts editor - though it is not complete). I
 also found an example of an editable tree view and it is not complete
 either. Are there any examples out there that can help me get started?
 Any help would be greatly appreciated.
 Thanks
 Sanjay

 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Wicket security

2007-07-06 Thread Maurice Marrink

I think it has to do with your wicket version. Only recently they made
that method public.
If you are using the snapshot version of wicket, try updating it. Note
that some versions of maven have a problem updating snapshots so go
into your local repository and delete wicket from it. then you should
have no problem updating to the latest snapshot.
Alternatively the beta2 version should also work.
Or if you can not upgrade to the latest wicket i suggest downloading
wasp and swarm here
http://sourceforge.net/project/showfiles.php?group_id=134391 It is a
slightly older version but the only changes between this version and
the snapshots are the clustering changes (which is causing your
problem), some code restructuring, some apidoc changes and i changed
the eclipse project settings to eclipse 3.3.

Just let me know if this does not solve your problem.

Maurice

On 7/5/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi

First off, I really like where wicket security is heading, the JAAS smell of
it is just fantastic! :)

I've been trying to experiment with wicket security and I've hit a wall. I'm
pretty sure I got the configuration right, I get redirected to the login page
and when I press login I get this exception:

java.lang.IllegalAccessError: tried to access method
org.apache.wicket.Session.dirty()V from class
org.apache.wicket.security.hive.authentication.LoginContainer
at
org.apache.wicket.security.hive.authentication.LoginContainer.login(LoginContainer.java:87)
at
org.apache.wicket.security.swarm.strategies.SwarmStrategy.login(SwarmStrategy.java:190)
at org.apache.wicket.security.WaspSession.login(WaspSession.java:74)
at is.sja.pages.auth.LoginPage$2.signIn(LoginPage.java:38)

I was hoping you would have some idea what's happening there since my
searches turned up almost moot on how to fix this. I'm running this on wicket
1.3-beta2 and wicket-security 0.1-SNAPSHOT through maven.

Regards,
Arni Hermann Reynisson

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Extending WebApplication in related projects problem

2007-07-06 Thread Maurice Marrink

Perhaps a bit late but you also do not need to extend
SwarmWebApplication (it just takes care of the grunt work for you) You
could use Swarm and not use the SwarmWebApplication by implementing
the WaspApplication interface for an example of this check out the
ExtendsTest in the test directory of swarm.

Maurice

On 7/5/07, Daniel Stoch [EMAIL PROTECTED] wrote:
 Hi,

 There is a problem with using different Wicket related projects in one
 application, because in many cases each project defines its own
 implementation of WebApplication class (and sometimes WebSession too).
 For example:
 - wicket-spring: SpringWebApplication
 - wicket-auth-roles: AuthenticatedWebApplication
 - wicket-swarm: SwarmWebApplication
 etc...

 If I want to use wicket-spring and wicket-swarm, there is a problem:
 from which class should I extend my application class:
 SpringWebApplication or SwarmWebApplication?

 So I think it is not a good pattern to implement such things by
 extending an application and a session base classes, because this
 closes the door for integration different projects into one
 application.

 --
 Daniel

 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] 401 HTTP authentication?

2007-07-04 Thread Maurice Marrink

Very interesting question indeed.
I did some digging in the code and found the following: using the
RequestCycle you can get the Response. which is most likely a
WebResponse from there you can get the HttpServletResponse and set the
statuscode to 401. Question remains how to tell wicket to stop
processing and simply return the statuscode.

If any of the core committers could respond with a proper way of doing this :)

Maurice



On 7/4/07, Jesse Barnum [EMAIL PROTECTED] wrote:
 What is the right way to use basic HTTP authentication? I know how to
 read the headers to extract the username and password, but if they
 don't match, or if they're not supplied, what is the best way to send
 the 401 response to the user?

 It seems like the
 ISecuritySettings.setUnauthorizedComponentInstantiationListener()
 method assumes that you want to present an HTML login component to
 the user.

 --Jesse Barnum, President, 360Works
 http://www.360works.com
 (770) 234-9293



 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] suggestion: have Wicket SVN searchable with FishEye

2007-07-02 Thread Maurice Marrink

If FishEye can cause problems, so might ohloh
http://www.ohloh.net/projects/3958.

Just thinking out loud.

Maurice

On 7/2/07, Eelco Hillenius [EMAIL PROTECTED] wrote:
  You _must_ do this in association with the Apache Infrastructure group.
 
  The ASF's repository is large. There have been occasions when FishEye
  has put the ASF SVN server under an unnecessary load.
 
  It _should_ be possible, but _must_ be done in consultation with the
  infrastructure team.

 Ok. Peter, if you want this, could you open a feature request for
 this. We can chat with infra after that.

 Cheers,

 Eelco

 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] wicket security and acl files

2007-06-30 Thread Maurice Marrink

  A subject is the root/ abstract entity for a user, principals are
  views or identities of a subject

Well I'm glad we all agree on that one :)
However as Eelco said a principal can be much more than just a role.
So i am a little reluctant to rename Principal to Role.

If i wanted to i could even use the Swarm Subjects as Roles (although
that would be a really long stretch, and certainly not recommended :)
). And although the fact that you can use principals / subjects in
several ways might make it less clear from the start how to use them,
that is also there power as it gives you greater flexibility on how to
set up your security.

That being said i am still open for renaming suggestions, i just don't
think role should be it.

 an application that is more fluid and tenants can create their own structure
 of roles.
I am sorry that you feel swarm does not accommodate you enough in this
field. But I welcome you to build upon wasp and enrich the wicket
community with your work.
Looking at swarm should have given you a pretty clear picture of the
security building blocks in wicket.

Maurice



On 6/29/07, Craig Lenzen [EMAIL PROTECTED] wrote:

  A subject is the root/ abstract entity for a user, principals are
  views or identities of a subject and in JAAS you would represent a
  role as a principal.

 I agree with your statement which leads me to the fact that the principal
 should really be a role in swarm and the hive file is a mapping of a role to
 given permissions and actions.  So back to what I said before, swarm is
 really nice when you have an application with pre-defined roles instead of
 an application that is more fluid and tenants can create their own structure
 of roles.

 -Craig


 Eelco Hillenius wrote:
 
  Right now swarm operates the following way: A user is associated with
  1 or more Subjects, each Subject has 0 or more Principals.
 
  This sounds right to me, and is like how JAAS works.
 
  A subject is the root/ abstract entity for a user, principals are
  views or identities of a subject and in JAAS you would represent a
  role as a principal.
 
  As JAAS is the default authorization mechnism in Java, it is arguably
  the 'industry standard' (for Java). Whether it is what you prefer is
  another question. I think people find users/ roles easier to
  understand, but personally I like the more abstracted model of JAAS;
  whether you want to model groups, roles a combination of the two or
  even something different, it fits seamlessly.
 
  My 2c,
 
  Eelco
 
  -
  This SF.net email is sponsored by DB2 Express
  Download DB2 Express C - the FREE version of DB2 express and take
  control of your XML. No limits. Just data. Click to get it now.
  http://sourceforge.net/powerbar/db2/
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 
 

 --
 View this message in context: 
 http://www.nabble.com/wicket-security-and-acl-files-tf3960558.html#a11364093
 Sent from the Wicket - User mailing list archive at Nabble.com.


 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] RestartResponseAtInterceptPageException / continueToOriginalDestination

2007-06-30 Thread Maurice Marrink

I don't think that is possible but why can't you do the following:
user enters username and password on sign in page.
form successfully authenticates user.
try to continueToOriginalDestination or if there is none, set the
responsepage to a homepage or something
do the password change check
if required throw restart..exception

then on the password change page use continueTo again.

Theoretical this should send your user after the password change to
the page he wanted to go to before he was forced to login, or at the
very least to the homepage and not back to the login page.

Maurice


On 6/29/07, Mark Southern [EMAIL PROTECTED] wrote:




 I have an authorization scheme where by the user is presented with a sign in
 page. After signing in, a check is made to see if they need to change their
 password. If so, they are redirected to a change password page. After that
 they should be redirected back to their intended page.



 However, if I use a
 RestartResponseAtInterceptPageException(); to go to the
 password change page from the sign in page, after submission I get directed
 back to the sign in page. Can I specify the intended original destination
 without setting a response page and passing it as a page parameter?



 Thank you,



 ~Mark
 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user



-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] wicket security and acl files

2007-06-29 Thread Maurice Marrink

Neither am i :) And you could be right about me misusing the
principal, but using the actions of a permission for read write and
then logically separating permissions with read from permissions with
write in different principals does not seem like stretch to me.

Maurice

On 6/29/07, craigdd [EMAIL PROTECTED] wrote:

I understand what you are saying and I see how you have accomplished
something similar to what I'm trying to do, however it seems to me that you
are miss using the concept of a Principal. I'm not a security expert but a
principal seems to point to an individual and not with something called
write. Write fits a little better into the concepts of ACL.

-Craig

Mr Mean wrote:

By the way, I'm not saying wicket security is bad, other than my example
I
think it is a well put together framework that beats the hell out of
using
JAAS.

Thanks, i appreciate that :)

I've had a pretty good look at wicket security but the conclusion that
I've
come to with that is it only supports the fact that you have pre defined
roles within your application.

Well i am not saying it is impossible to declare and add new
permissions / principals at runtime but i think it is generally
undesirable to do so. Instead you should make your principals fine
grained enough to be used as building blocks for roles.

I'm currently working on a multi tenant web application where the
application provided a set of permission, such and read / write access to
an
object and each tenant in the application defines their own role heirachy
based on those permissions.

This is exactly what we are doing in our application. We have
literally +- 1000 principals defined in our system. By allowing the
users to group principals together they can build there own roles. We
have multiple organizations in our application and each of them can
completely redesign there user roles in the system (well only up to a
point because we could not allow that, but that aside they could). We
provide each organization with a set of default roles as we think will
suit most of them but they are completely free to alter/ rename/
delete/ whatever do with those roles because we do not depend on the
roles but on the underlying principals, which are controlled by us. A
big help is the fact that we made our principals imply each other
(write implies read, etc) So when a user designs there roles they
don't have to check read access to page A and write access to page A
but can suffice with write access to page A. Although most of our
principals handle a couple of related pages we also have principals
going as deep as individual components. For instance we have a large
data grid, the principals are fine grained enough to give you read or
write access up to the individual cell.

Correct me if i am wrong but this seems to be what you want too.

Maurice

On 6/28/07, craigdd [EMAIL PROTECTED] wrote:

I've had a pretty good look at wicket security but the conclusion that
I've
come to with that is it only supports the fact that you have pre defined
roles within your application.

We are currently using acegi and I'm trying to figure out the best way to
bake acl into wicket's components. Example, a link is set to invisible
if
the authenticated use doesn't contain a role with the given permission of
that link. So lets say the link is to delete an object, the user must
have
a role with the permission to delete that object or the link will not
show
on the page.

By the way, I'm not saying wicket security is bad, other than my example
I
think it is a well put together framework that beats the hell out of
using
JAAS.

-Craig

Mr Mean wrote:

If you mean java Jaas like acl than swarm is what you are looking for.
Optionally if you really want to use jaas and not some look alike i
made up you could practically copy swarm and replace most objects with
there jaas counterparts.
However i chose not to use jaas because we are using that in one of
our projects right now and although it works it is less than optimal
:) As soon as we make the switch to wicket 1.3.0 jaas will be replaced
by swarm.

You can also check out the example project here

https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-examples

Maurice

On 6/21/07, Igor Vaynberg [EMAIL PROTECTED] wrote:
wicket's security model is completely generic

see IAuthorizationStrategy - it is very abstract and thus can be used
to
implement any kind of authorization

wicket-auth is just an example that implements basic role-based model

see

Re: [Wicket-user] wicket security and acl files

2007-06-29 Thread Maurice Marrink

Actually that is already how they work. Even though the Principal
class does not have methods for getting and setting the Permissions.
The mapping is done in the policy file like this.

grant principal ${RechtenSet} PageA.read
{
//read permission for all of page A
permission ${ComponentPermission}
nl.topicus.krypton.web.pages.PageA, inherit, render;
};
grant principal ${RechtenSet} PageA.write
{
//write permission for all form components on page A
permission ${ComponentPermission}
nl.topicus.krypton.web.pages.PageA:form, inherit, enable;
};
grant principal ${RechtenSet} PageA.delete
{
//allow separate delete links to be clicked
permission ${ComponentPermission}
nl.topicus.krypton.web.pages.PageA:deleteLink1, enable;
permission ${ComponentPermission}
nl.topicus.krypton.web.pages.PageA:deleteLink2, enable;
};

I know the api doc for principal states which can be used to
represent any entity, such as an individual, a corporation, or a login
id. I admit it is shamelessly copied from java.security.Principal :)
And now that i think about i can see the way we use principals like
permissions now actually comes from our dealings with jaas. But i
still feel it is not a big issue. I'll just rewrite the api doc ;)

Maurice

On 6/29/07, Igor Vaynberg [EMAIL PROTECTED] wrote:
 take maurice's post and substitute word permission for word principal,
 define user/principal as an object that has a set of permissions, and it
 makes perfect sense.

 -igor




  On 6/28/07, craigdd [EMAIL PROTECTED] wrote:
 
  I understand what you are saying and I see how you have accomplished
  something similar to what I'm trying to do, however it seems to me that
 you
  are miss using the concept of a Principal.  I'm not a security expert but
 a
  principal seems to point to an individual and not with something called
  write.  Write fits a little better into the concepts of ACL.
 
  -Craig
 
 
  Mr Mean wrote:
  
   By the way, I'm not saying wicket security is bad, other than my
 example
   I
   think it is a well put together framework that beats the hell out of
   using
   JAAS.
  
   Thanks, i appreciate that :)
  
   I've had a pretty good look at wicket security but the conclusion that
   I've
   come to with that is it only supports the fact that you have pre
 defined
   roles within your application.
  
  
   Well i am not saying it is impossible to declare and add new
   permissions / principals at runtime but i think it is generally
   undesirable to do so. Instead you should make your principals fine
   grained enough to be used as building blocks for  roles.
  
   I'm currently working on a multi tenant web application where the
   application provided a set of permission, such and read / write access
 to
   an
   object and each tenant in the application defines their own role
 heirachy
   based on those permissions.
  
   This is exactly what we are doing in our application. We have
   literally +- 1000 principals defined in our system. By allowing the
   users to group principals together they can build there own roles. We
   have multiple organizations in our application and each of them can
   completely redesign there user roles in the system (well only up to a
   point because we could not allow that, but that aside they could). We
   provide each organization with a set of default roles as we think will
   suit most of them but they are completely free to alter/ rename/
   delete/ whatever do with those roles because we do not depend on the
   roles but on the underlying principals, which are controlled by us. A
   big help is the fact that we made our principals imply each other
   (write implies read, etc)  So when a user designs there roles they
   don't have to check read access to page A and write access to page A
   but can suffice with write access to page A. Although most of our
   principals handle a couple of related pages we also have principals
   going as deep as individual components. For instance we have a large
   data grid, the principals are fine grained enough to give you read or
   write access up to the individual cell.
  
   Correct me if i am wrong but this seems to be what you want too.
  
   Maurice
  
  
   On 6/28/07, craigdd [EMAIL PROTECTED] wrote:
  
   I've had a pretty good look at wicket security but the conclusion that
   I've
   come to with that is it only supports the fact that you have pre
 defined
   roles within your application.
  
   I'm currently working on a multi tenant web application where the
   application provided a set of permission, such and read / write access
 to
   an
   object and each tenant in the application defines their own role
 heirachy
   based on those permissions.
  
   We are currently using acegi and I'm trying to figure out the best way
 to
   bake acl into wicket's components.  Example, a link is set to invisible
   if
   the authenticated use doesn't contain a role with the given permission
 of
   that link.  So lets

Re: [Wicket-user] wicket security and acl files

2007-06-29 Thread Maurice Marrink

I am open to suggestions for alternate names, or if someone could
point me to the naming standards :)

Right now swarm operates the following way: A user is associated with
1 or more Subjects, each Subject has 0 or more Principals. Each
Principal is mapped to 1 or more Permissions.
Each Permission has 0 or more Actions.

Permissions and actions are named pretty straight forward i think.

Maurice

On 6/29/07, craigdd [EMAIL PROTECTED] wrote:

 Just my two cents but I think the API should change, or I guess not really
 the API but the implementation(swarm) to better reflect industry naming
 standards which will hopefully cut down on the confusion and hopefully make
 it a little easier to integrate other security frameworks.

 I use acegi as an example, they have an Authentication object that has a
 method getPrincipal which if you read their javadoc makes it pretty clear
 that an authenticated entity has one principal, which also seems to fit with
 JAAS.

 -Craig


 Mr Mean wrote:
 
  Neither am i :) And you could be right about me misusing the
  principal, but using the actions of a permission for read write and
  then logically separating permissions with read from permissions with
  write in different principals does not seem like stretch to me.
 
  Maurice
 
  On 6/29/07, craigdd [EMAIL PROTECTED] wrote:
 
  I understand what you are saying and I see how you have accomplished
  something similar to what I'm trying to do, however it seems to me that
  you
  are miss using the concept of a Principal.  I'm not a security expert but
  a
  principal seems to point to an individual and not with something called
  write.  Write fits a little better into the concepts of ACL.
 
  -Craig
 
 
  Mr Mean wrote:
  
   By the way, I'm not saying wicket security is bad, other than my
  example
   I
   think it is a well put together framework that beats the hell out of
   using
   JAAS.
  
   Thanks, i appreciate that :)
  
   I've had a pretty good look at wicket security but the conclusion that
   I've
   come to with that is it only supports the fact that you have pre
  defined
   roles within your application.
  
  
   Well i am not saying it is impossible to declare and add new
   permissions / principals at runtime but i think it is generally
   undesirable to do so. Instead you should make your principals fine
   grained enough to be used as building blocks for  roles.
  
   I'm currently working on a multi tenant web application where the
   application provided a set of permission, such and read / write access
  to
   an
   object and each tenant in the application defines their own role
  heirachy
   based on those permissions.
  
   This is exactly what we are doing in our application. We have
   literally +- 1000 principals defined in our system. By allowing the
   users to group principals together they can build there own roles. We
   have multiple organizations in our application and each of them can
   completely redesign there user roles in the system (well only up to a
   point because we could not allow that, but that aside they could). We
   provide each organization with a set of default roles as we think will
   suit most of them but they are completely free to alter/ rename/
   delete/ whatever do with those roles because we do not depend on the
   roles but on the underlying principals, which are controlled by us. A
   big help is the fact that we made our principals imply each other
   (write implies read, etc)  So when a user designs there roles they
   don't have to check read access to page A and write access to page A
   but can suffice with write access to page A. Although most of our
   principals handle a couple of related pages we also have principals
   going as deep as individual components. For instance we have a large
   data grid, the principals are fine grained enough to give you read or
   write access up to the individual cell.
  
   Correct me if i am wrong but this seems to be what you want too.
  
   Maurice
  
  
   On 6/28/07, craigdd [EMAIL PROTECTED] wrote:
  
   I've had a pretty good look at wicket security but the conclusion that
   I've
   come to with that is it only supports the fact that you have pre
  defined
   roles within your application.
  
   I'm currently working on a multi tenant web application where the
   application provided a set of permission, such and read / write access
  to
   an
   object and each tenant in the application defines their own role
  heirachy
   based on those permissions.
  
   We are currently using acegi and I'm trying to figure out the best way
  to
   bake acl into wicket's components.  Example, a link is set to
  invisible
   if
   the authenticated use doesn't contain a role with the given permission
  of
   that link.  So lets say the link is to delete an object, the user must
   have
   a role with the permission to delete that object or the link will not
   show
   on the page.
  
   By the way, I'm not saying wicket

Re: [Wicket-user] wicket security and acl files

2007-06-28 Thread Maurice Marrink

By the way, I'm not saying wicket security is bad, other than my example I
think it is a well put together framework that beats the hell out of using
JAAS.

Thanks, i appreciate that :)

I've had a pretty good look at wicket security but the conclusion that I've
come to with that is it only supports the fact that you have pre defined
roles within your application.

I'm currently working on a multi tenant web application where the
application provided a set of permission, such and read / write access to an
object and each tenant in the application defines their own role heirachy
based on those permissions.

Correct me if i am wrong but this seems to be what you want too.

Maurice

On 6/28/07, craigdd [EMAIL PROTECTED] wrote:

I've had a pretty good look at wicket security but the conclusion that I've
come to with that is it only supports the fact that you have pre defined
roles within your application.

I'm currently working on a multi tenant web application where the
application provided a set of permission, such and read / write access to an
object and each tenant in the application defines their own role heirachy
based on those permissions.

We are currently using acegi and I'm trying to figure out the best way to
bake acl into wicket's components. Example, a link is set to invisible if
the authenticated use doesn't contain a role with the given permission of
that link. So lets say the link is to delete an object, the user must have
a role with the permission to delete that object or the link will not show
on the page.

By the way, I'm not saying wicket security is bad, other than my example I
think it is a well put together framework that beats the hell out of using
JAAS.

-Craig

Mr Mean wrote:

You can also check out the example project here
https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-examples

Maurice

On 6/21/07, Igor Vaynberg [EMAIL PROTECTED] wrote:
wicket's security model is completely generic

see IAuthorizationStrategy - it is very abstract and thus can be used to
implement any kind of authorization

wicket-auth is just an example that implements basic role-based model

see wicket-stuff wasp and swarm projects

http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security

-igor

On 6/21/07, craigdd [EMAIL PROTECTED] wrote:

Is wicket security based only on role based authorization or could it
somehow
be used with a more traditional ACL type of file / logic.

-Craig
--
View this message in context:
http://www.nabble.com/wicket-security-and-acl-files-tf3960558.html#a11239024
Sent from the Wicket - User mailing list archive at Nabble.com.

[Wicket-user] Session.dirty()

2007-06-28 Thread Maurice Marrink

Hi,
I am in the process of making wasp and swarm play nicer within a
clustered environment.
Johan suggested calling dirty() whenever i make a change in the
session (which is where i store everything indirectly). But because i
have login method on my authorization strategy (which should call
dirty after a login) and Session.dirty() is protected i can not call
dirty unless i expose it in my WaspSession. Before i do that however i
thought i check here if there was a special reason not to make dirty()
public. I could not come up with one especially since bind is also
public which kind of has the same (side)effect.

So my question, what is the reason dirty() is not public and if there
is no reason could you make it public.

Thanks,

Maurice

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] newbie-Question

2007-06-26 Thread Maurice Marrink

You need to pass a reference for page 1 to page 2 and then instead of
using a pagelink on page2 to return to page1 use a regular link which
sets the responsepage to the instance of page 1 you passed to page 2.

Maurice

On 6/26/07, Leucht, Axel [EMAIL PROTECTED] wrote:
 Sorry if this is a dumb question and has been answered hundred times but I 
 couldn't find any answer to the following question.

 I do have two HTML pages. Page one contains a link which displays the number 
 on clicks the user executed. The second link jumps to page 2. Page 2 just 
 displays a link to go back to page 1.

 Assume that user clicks 5 times on the ClickCounter link in page 1 and hence 
 the link displays as 'This link is clicked 5 times'. When the user the 
 switches to page 2 and immediately goes back to page 1 the counter is reset 
 to 0 and rendered as 'This link is clicked 0 times'.

 What am I doing wrong here? I assumed that clicking on the return-button on 
 page 2 goes back to the original session in page 1 ?!

 Here is my Java classes:
 -- page 1 ---
 public class HelloWorld extends WebPage implements Serializable {
 public HelloWorld() {
 add(new Label(message, Foo World!));
 add(new PageLink(start, Foo.class));
 final ClickCount count1 = new ClickCount();
 Link link1 = new Link(link1) {
 public void onClick() {
 count1.clicks++;
 }
 };
 link1.add(new Label(label1, new Model() {
 public java.lang.Object getObject(Component 
 component) {
 return Integer.toString(count1.clicks);
 }
 }));
 add(link1);
 }

 class ClickCount implements Serializable {
 private int clicks = 0;
 }
 }
 --- page 2 ---
 public class Foo extends WebPage {
 public Foo() {
 add(new Label(message, Foo page));
 Link pl = new PageLink(return, HelloWorld.class);
 pl.add(new AttributeAppender(class, new Model(return),  
 ));
 add(pl);
 }
 }
 /Axel

 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] newbie-Question

2007-06-26 Thread Maurice Marrink

Sure :)

In page 1 you do add(new PageLink(start, Foo.class));
because you are using the class reference to your 2nd page here wicket
always creates a new instance, the same happens with the pagelink on
page2 where you go back to page 1.

The trick is to tell wicket to use an existing page.
so on page 1 we could do this
add(new PageLink(start, new IPageLink()
{
 public Page getPage()
{
 //now we can decide which instance / constructor we use
 //in this case a new page is fine
 return new Foo(HelloWorld.this);
}
public Class getPageIdentity()
{
 return Foo.class;
}
}));

Because we now pass the first page to the 2nd page we need to alter
the constructor of the 2nd page

 public Foo(Page returnPage) {
   add(new Label(message, Foo page));
//this basically wraps your page in an IPageLink like we did manually on page 1
   Link pl = new PageLink(return, returnPage);
   pl.add(new AttributeAppender(class, new Model(return),  ));
   add(pl);
   }

And thats all there is to it.
And i did not even have to use a regular link like i though we would
have to in my previous response :)

Maurice

On 6/26/07, Leucht, Axel [EMAIL PROTECTED] wrote:
 Thx for the quick answer, but being a newbie can I ask you to elaborate it a 
 little bit more?

 Regards

 /Axel


 -Ursprüngliche Nachricht-
 Von: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Auftrag
 von Maurice
 Marrink
 Gesendet: Dienstag, 26. Juni 2007 11:07
 An: wicket-user@lists.sourceforge.net
 Betreff: Re: [Wicket-user] newbie-Question
 
 
 You need to pass a reference for page 1 to page 2 and then instead of
 using a pagelink on page2 to return to page1 use a regular link which
 sets the responsepage to the instance of page 1 you passed to page 2.
 
 Maurice
 
 On 6/26/07, Leucht, Axel [EMAIL PROTECTED] wrote:
  Sorry if this is a dumb question and has been answered
 hundred times but I couldn't find any answer to the following
 question.
 
  I do have two HTML pages. Page one contains a link which
 displays the number on clicks the user executed. The second
 link jumps to page 2. Page 2 just displays a link to go back
 to page 1.
 
  Assume that user clicks 5 times on the ClickCounter link in
 page 1 and hence the link displays as 'This link is clicked 5
 times'. When the user the switches to page 2 and immediately
 goes back to page 1 the counter is reset to 0 and rendered as
 'This link is clicked 0 times'.
 
  What am I doing wrong here? I assumed that clicking on the
 return-button on page 2 goes back to the original session
 in page 1 ?!
 
  Here is my Java classes:
  -- page 1 ---
  public class HelloWorld extends WebPage implements Serializable {
  public HelloWorld() {
  add(new Label(message, Foo World!));
  add(new PageLink(start, Foo.class));
  final ClickCount count1 = new ClickCount();
  Link link1 = new Link(link1) {
  public void onClick() {
  count1.clicks++;
  }
  };
  link1.add(new Label(label1, new Model() {
  public java.lang.Object
 getObject(Component component) {
  return
 Integer.toString(count1.clicks);
  }
  }));
  add(link1);
  }
 
  class ClickCount implements Serializable {
  private int clicks = 0;
  }
  }
  --- page 2 ---
  public class Foo extends WebPage {
  public Foo() {
  add(new Label(message, Foo page));
  Link pl = new PageLink(return, HelloWorld.class);
  pl.add(new AttributeAppender(class, new
 Model(return),  ));
  add(pl);
  }
  }
  /Axel
 
 
 --
 ---
  This SF.net email is sponsored by DB2 Express
  Download DB2 Express C - the FREE version of DB2 express and take
  control of your XML. No limits. Just data. Click to get it now.
  http://sourceforge.net/powerbar/db2/
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 
 
 --
 ---
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user
 

 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take

Re: [Wicket-user] newbie-Question

2007-06-26 Thread Maurice Marrink

Thanks, for this additional info Martijn, i guess i am so used to
using IPageLink i sometimes forget the pitfalls for new wicket users.

The trick with the IPageLink is that it does not use the getPage
method until the link is actually clicked. And therefore your Pages
will always be constructed lazily.

But like Martijn says Link is in this case just as easy.

Maurice

On 6/26/07, Martijn Dashorst [EMAIL PROTECTED] wrote:
 Don't use page link!

 Use PageLink only if you actually know what you are doing.

 In this case: you should use the normal Link and set the responsepage
 in the onclick.

 Page1 {
 ... counter ...

 add(new Link(page2) { onclick() { setResponsePage(new
 Page2(Page1.this)); });
 ...
 }


 Page2 {
 private Page returnToPage;
 public Page2(Page returnTo) {
 this.returnToPage = returnTo;

 add(new Link(page1) { onclick() { setResponsePage(returnToPage); 
 }});
 }
 }

 Don't do the following, I repeat: the following is REALLY BAD:

 add(new PageLink(page1, new Page1()));
 add(new PageLink(page2, new Page2()));
 add(new PageLink(page3, new Page3()));

 Don't do that! It will exhaust your memory (you create pages upfront,
 even when they never will be used). Remember what the 'new' keyword
 does?

 Martijn


 On 6/26/07, Maurice Marrink [EMAIL PROTECTED] wrote:
  Sure :)
 
  In page 1 you do add(new PageLink(start, Foo.class));
  because you are using the class reference to your 2nd page here wicket
  always creates a new instance, the same happens with the pagelink on
  page2 where you go back to page 1.
 
  The trick is to tell wicket to use an existing page.
  so on page 1 we could do this
  add(new PageLink(start, new IPageLink()
  {
   public Page getPage()
  {
   //now we can decide which instance / constructor we use
   //in this case a new page is fine
   return new Foo(HelloWorld.this);
  }
  public Class getPageIdentity()
  {
   return Foo.class;
  }
  }));
 
  Because we now pass the first page to the 2nd page we need to alter
  the constructor of the 2nd page
 
   public Foo(Page returnPage) {
 add(new Label(message, Foo page));
  //this basically wraps your page in an IPageLink like we did manually on 
  page 1
 Link pl = new PageLink(return, returnPage);
 pl.add(new AttributeAppender(class, new Model(return),  
  ));
 add(pl);
 }
 
  And thats all there is to it.
  And i did not even have to use a regular link like i though we would
  have to in my previous response :)
 
  Maurice
 
  On 6/26/07, Leucht, Axel [EMAIL PROTECTED] wrote:
   Thx for the quick answer, but being a newbie can I ask you to elaborate 
   it a little bit more?
  
   Regards
  
   /Axel
  
  
   -Ursprüngliche Nachricht-
   Von: [EMAIL PROTECTED]
   [mailto:[EMAIL PROTECTED] Auftrag
   von Maurice
   Marrink
   Gesendet: Dienstag, 26. Juni 2007 11:07
   An: wicket-user@lists.sourceforge.net
   Betreff: Re: [Wicket-user] newbie-Question
   
   
   You need to pass a reference for page 1 to page 2 and then instead of
   using a pagelink on page2 to return to page1 use a regular link which
   sets the responsepage to the instance of page 1 you passed to page 2.
   
   Maurice
   
   On 6/26/07, Leucht, Axel [EMAIL PROTECTED] wrote:
Sorry if this is a dumb question and has been answered
   hundred times but I couldn't find any answer to the following
   question.
   
I do have two HTML pages. Page one contains a link which
   displays the number on clicks the user executed. The second
   link jumps to page 2. Page 2 just displays a link to go back
   to page 1.
   
Assume that user clicks 5 times on the ClickCounter link in
   page 1 and hence the link displays as 'This link is clicked 5
   times'. When the user the switches to page 2 and immediately
   goes back to page 1 the counter is reset to 0 and rendered as
   'This link is clicked 0 times'.
   
What am I doing wrong here? I assumed that clicking on the
   return-button on page 2 goes back to the original session
   in page 1 ?!
   
Here is my Java classes:
-- page 1 ---
public class HelloWorld extends WebPage implements Serializable {
public HelloWorld() {
add(new Label(message, Foo World!));
add(new PageLink(start, Foo.class));
final ClickCount count1 = new ClickCount();
Link link1 = new Link(link1) {
public void onClick() {
count1.clicks++;
}
};
link1.add(new Label(label1, new Model() {
public java.lang.Object
   getObject(Component component) {
return
   Integer.toString(count1.clicks);
}
}));
add(link1);
}
   
class

Re: [Wicket-user] Wicket Helloworld using Tomcat

2007-06-26 Thread Maurice Marrink

The helloworld example quickly steps over the fact that you have to
deploy your example to tomcat. It does mention that you should use the
quickstart project. After you have integrated your helloworld example
in the quickstart you need to deploy it.

Maurice

On 6/26/07, tnjtn1 [EMAIL PROTECTED] wrote:

 HI,

 I am newer to wicket. just i am trying to use HelloWorld program following
 this below url with Tomcat5.0 server.

 http://wicket.sourceforge.net/ExampleHelloWorld.html

 1) I have place java file under  src folder.
 2) I have placed HelloWorld.html file under webContent folder.

 when i run the Helloworld.html file, it display only  --  Message goes
 here . But it won't display the content of label component..

 where i took mistake..?

 Thanks  Regards,
 kumar
 --
 View this message in context: 
 http://www.nabble.com/Wicket-Helloworld-using-Tomcat-tf3982219.html#a11305084
 Sent from the Wicket - User mailing list archive at Nabble.com.


 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

[Wicket-user] Security comparison

2007-06-24 Thread Maurice Marrink

All,

I started a little comparison of Wicket security frameworks on the
Wicket-Stuff wiki:
http://wicketstuff.org/confluence/display/STUFFWIKI/Security+Framework+Comparison
As the article states it is not about who's framework is better but
about giving a summary of the facts.

That being said, I welcome input from others about missing or
incorrect information.
Also if you would like to see another project up there you can let us know here.

Maurice

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Use of Session

2007-06-22 Thread Maurice Marrink

imo your best option is to override the newSession method in
Application and use your own custom session as it allows you to get
your objects back without casting, as you would have to with metadata,
and it allows you to do do some detach logic (if you need to).
Alternatively you could use the requestcycle in the same way.

Maurice

On 6/22/07, Matthieu Casanova [EMAIL PROTECTED] wrote:
 Hi, I'm not familiar with wicket sessions. I understand that I can
 create my own session object that extends the WebSession, and that
 will have some fields containing my sessions datas. In that case I
 have to replace the ISessionFactory of my application.
 The other choice to store datas in the Session is to use the
 getMetaData and setMetaData methods of WebSession ?
 What is the best choice ?
 thanks

 Matthieu

 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] wicket security and acl files

2007-06-21 Thread Maurice Marrink

You can also check out the example project here
https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-examples

Maurice

On 6/21/07, Igor Vaynberg [EMAIL PROTECTED] wrote:
wicket's security model is completely generic

see IAuthorizationStrategy - it is very abstract and thus can be used to
implement any kind of authorization

wicket-auth is just an example that implements basic role-based model

see wicket-stuff wasp and swarm projects

http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security

-igor

On 6/21/07, craigdd [EMAIL PROTECTED] wrote:

Is wicket security based only on role based authorization or could it
somehow
be used with a more traditional ACL type of file / logic.

-Craig
--
View this message in context:
http://www.nabble.com/wicket-security-and-acl-files-tf3960558.html#a11239024
Sent from the Wicket - User mailing list archive at Nabble.com.

Re: [Wicket-user] Is it possible to set visibility in an IBehavior (in 1.3.0 trunk)?

2007-06-19 Thread Maurice Marrink

This sounds more like a security issue than a behavior issue. I expect
you can use any security framework for wicket (Swarm, Auth-Roles,
someone is working on integrating Acegi) to do this. but off course I
would suggest Swarm :) In this particular case it could be as easy as
using for instance the SecureTextField and defining the proper
principals for your usergroups.

You can find more about Swarm here
http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security

Maurice

On 6/19/07, Timo Rantalaiho [EMAIL PROTECTED] wrote:
 Hello Wicket,

 We have to hide a couple of components from certain groups
 of users. We tried doing it with a reusable AbstractBehavior,
 but calling component.setVisible() in IBehavior.beforeRender()
 caused the good old cannot modify component hierarchy
 during render phase exception. There is no onBeforeRender()
 in IBehavior.

 Should it be possible for an IBehavior to control visibility
 (Component.isVisible(), not just HTML or CSS attributes)?

 The code (calling same code in all relevant isVisible()
 methods()) works, but it would be interesting to know if
 there would be a more elegant or reusable solution.

 We develop on 1.3.0 trunk.


 Visiting all relevant components (e.g. marked with an
 interface) from a parent might be possible too.

 Thanks,
 Timo

 --
 Timo Rantalaiho
 Reaktor Innovations OyURL: http://www.ri.fi/ 

 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] handling expiring pages

2007-06-19 Thread Maurice Marrink

  2 (nearly the same, but with a form)
  ---
  User Sarah logs in, searches a song Anton aus Tirol and starts editing the
  song data, but doesn't submit the data. She gets away from her desk and when
  she returns everyting seems fine to her. She continues editing the data of
  Anton aus Tirol and submits. Her session has expired, so she gets
  redirected to the login page. She logs in again and the data she wanted to
  submit get submitted by the application. Sarah is shown the new data of
  Anton aus Tirol, which she submitted.

 Yeah, this is only possible with stateless forms, or using
 bookmarkable pages and code the forms yourself (this might be an
 option for 1.2).

Actually even statelessforms are not going to save you in this case
because you wanted to have the user login first. This is most commonly
achieved by throwing a RestartResponseAtInterceptPage. But that does
not save form postdata in the request, so even though you will get
back to the form you don't have the postdata to save.

Maurice

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] handling expiring pages

2007-06-19 Thread Maurice Marrink

couldn't there be a setting in wicket to turn this on?
autoforward_postdata or something ?

would be useful to lots of people i imagine.

Maurice

On 6/19/07, Eelco Hillenius [EMAIL PROTECTED] wrote:
  Actually even statelessforms are not going to save you in this case
  because you wanted to have the user login first. This is most commonly
  achieved by throwing a RestartResponseAtInterceptPage. But that does
  not save form postdata in the request, so even though you will get
  back to the form you don't have the postdata to save.

 True, but the request parameters are available for you to pass on to
 the next request, so if you think a little bit about it you can do it.

 Eelco

 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Wicket Security Example Time Frame

2007-06-14 Thread Maurice Marrink

Well i finally committed my first example to wicket stuff svn at
https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-examples.
Sorry no live examples at the moment. just an eclipse project ready to
run with the tomcat plugin. I will be making more examples in the
coming weeks/months.
Also if there are any requests as to what you want to see in the
examples, just ask.
Questions / comments let me know.

Maurice

On 6/3/07, Maurice Marrink [EMAIL PROTECTED] wrote:
Indeed GeneralTest is the place to look at right now. I am working on
some examples but there are only so many hours in a day :)
Also there is an (unfinished) getting started section at the wiki
http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm

Thanks for the interest in the project and if you have any questions
just ask them on the mailing list

Maurice

On 6/2/07, craigdd [EMAIL PROTECTED] wrote:

I came across the GeneralTest in the security project, looks like a great
example starter for the security project.

Thanks
Craig

craigdd wrote:

Does anyone know the time frame for the wicket security project to come
out with an examples project or is there some early access code people can
get access to?

The project looks pretty nice, I look forward to doing some evaluation on
it and possibly using in on an upcoming project.

Thanks
Craig

--
View this message in context:
http://www.nabble.com/Wicket-Security-Example-Time-Frame-tf3855250.html#a10922941
Sent from the Wicket - User mailing list archive at Nabble.com.

Re: [Wicket-user] nice url for DownloadLink

2007-06-12 Thread Maurice Marrink

wicket 1.3 is available if you include the following in your
repositories tag of maven 2 pom.xml

repository
idwicket-snaps/id
urlhttp://wicketstuff.org/maven/repository/url
snapshots
enabledtrue/enabled
/snapshots
releases
enabledfalse/enabled
/releases
/repository

Maurice

On 6/12/07, Jean-Baptiste Quenot [EMAIL PROTECTED] wrote:
 * Jan Van Besien:

  Jean-Baptiste Quenot wrote:
 
   If I were you I would look at the static pages examples:
  
   http://wicketstuff.org/wicket13/staticpages/
 
  Looks promising  indeed, but  unfortunattely seems to  be wicket
  1.3 features. I'm  using latest stable  1.2.6, and will  need to
  verify if 1.3 is an option (not in public maven repository?).

 The concepts described in the static pages examples are the same
 in 1.2.6.  You would just have to copy
 URIRequestTargetUrlCodingStrategy in your project, it is
 compatible with 1.2.6.
 --
  Jean-Baptiste Quenot
 aka  John Banana   Qwerty
 http://caraldi.com/jbq/

 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Evaluating Wicket

2007-06-12 Thread Maurice Marrink

It is at
https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/branches/WICKET_1_2/wicket-kronos-cms
to be precise.

Ted maybe you can refresh our memory about kronos again :)

Maurice

On 6/12/07, Igor Vaynberg [EMAIL PROTECTED] wrote:
two students, who were new to wicket, put together a wicket based cms. it is
in wicket-stuff and is called kronos. no need to get gray hair, its probably
a good starting point for building your own.

-igor

On 6/12/07, Francis Amanfo [EMAIL PROTECTED] wrote:

Hi Patrick,

On 6/12/07, Patrick Angeles [EMAIL PROTECTED] wrote:

I'd also like to know if I can mount bookmarkable
pages dynamically... say if someone were to create and publish a new CMS
page from the admin app.

This is a very good question. With Wicket requiring a corresponding Java
class for any dynamic page, this could get tricky. I was faced with a
similar dilema 2 years ago when I was using Wicket for a medium sized
project. Fortunately for me, they decided to drop the CMS for some other
reason not relating to Wicket and could hence save my dark hair. Otherwise I
might have gotten gray hair by now :-)

--
View this message in context:
http://www.nabble.com/Evaluating-Wicket-tf3909204.html#a11084242
Sent from the Wicket - User mailing list archive at Nabble.com.

https://lists.sourceforge.net/lists/listinfo/wicket-user

--
Beware of bugs in the above code;
I have only proved it correct, not tried it.
-Donald Knuth

Re: [Wicket-user] WASPSession.logout(object)

2007-06-09 Thread Maurice Marrink

It isn't fixed on username an password because i want people to be
able to use any kind of authentication. e.g. a card reader or retinal
scan. A credentials object could be used in this case, but then i am
introducing yet another class people need to use / extend. But i
already have an idea how to refactor this.

Maurice

On 6/9/07, craigdd [EMAIL PROTECTED] wrote:

 Just out of curiosity why doesn't the login method take a username/password?
 Or if you want it to be more abstracted create some sort of Credentials
 object and update the WASPSession.login to take a LoginContext and
 Credentials object.  Then update the LoginContext login to take the
 Credential.

 -Craig


 Mr Mean wrote:
 
  I just remembered a little snag, this is not going to work because i
  currently use the context to ask if the component, class, model is
  authenticated by this context. So i really need it atm.
 
  Looks like i need to think this trough a little better. but first i
  gotta grab some sleep.
 
  Maurice
 
  On 6/9/07, craigdd [EMAIL PROTECTED] wrote:
 
  Sounds like a pretty good idea, I like that much better than having the
  user
  need to know they need to cleanup data state in their LoginContext.
 
  Another idea might be to have the LoginContext provide a method that
  returns
  a unique identifier.  That value could be store internally and the user
  can
  pass anything they want, I'd assume the default would be to return the
  username which is completely fair to be in the session.
 
  Without looking too closely at the code you could also use this
  identifier
  during logout.
 
  -Craig
 
 
  Mr Mean wrote:
  
   Just thinking out loud here, but it shouldn't be too difficult to
   change this into holding a hash of the logincontext instead of the
   whole context. Since the equals contract already specifies that equal
   object should have equal hashes The equals check can be easily
   performed on the hash, HashMap actually uses the hash before it uses
   the equal, so i do not see much problems here. And it is not like you
   are gonna have an army of logincontexts in each session.
  
   Ill see if i can implement this sometime tomorrow.
  
   Thanks again for pointing this out, if you think there are more of
   this kind of problems just let me know.
  
   Maurice
  
   P.S. i guess an api for getting the original logincontext is out of
   the question then :)
  
  
   On 6/8/07, craigdd [EMAIL PROTECTED] wrote:
  
   Are you saying then that the instance of LoginContext used to login is
   held
   onto in the WASPSession, via the security framework?
  
   If so then this brings up a huge security issue, as least the way the
  API
   sits and the examples showing that a LoginContext takes a username and
   password in its constructor.  This mean that a password(probably plain
   text)
   is available in the session which is usually a big no no when it comes
  to
   a
   secure application.  I've been through a few security probes from
  banks
   on
   various online applications that that is one of the first thing they
  look
   for / ask. Are you holding onto the password?
  
   -Craig
  
  
   Mr Mean wrote:
   
There is currently no way to grab the login context, so you could
store it yourself (there migh be multiple logintexts though). But
  the
good news is you don't have to store it if you don't want to. The
logoff performs an equals check and currently every logincontext of
the same class and level is equal to another. So if you login using
  a
MySingleLoginContext(username, password) you can logoff with any new
instance of that class (logoff(new MySingleLoginContext());)
   
However if you feel you need to have access to the original
  instance,
for instance because you want to know the username, i can always
include such a method in the api.
   
Maurice
   
On 6/8/07, craigdd [EMAIL PROTECTED] wrote:
   
I see that the WASPSession.logout method takes a LoginContext.  Is
   there
somewhere within the SWARM implementation to grab the LoginContext
   used
to
login?  Or when logging in is it up to the developer to put the
LoginContext
somewhere...say maybe the session itself?
   
Thanks
Craig
--
View this message in context:
   
  
  http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11018551
Sent from the Wicket - User mailing list archive at Nabble.com.
   
   
   
  
  -
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] WASPSession.logout(object)

2007-06-09 Thread Maurice Marrink

:D Well i had to come up with something outrageous didn't i? ;)

Maurice

On 6/9/07, Igor Vaynberg [EMAIL PROTECTED] wrote:
 On 6/9/07, Maurice Marrink [EMAIL PROTECTED] wrote:
  retinal scan.

 :)

 -igor


 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user



-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] WASPSession.logout(object)

2007-06-09 Thread Maurice Marrink

Ok, i just committed some refactoring in the authentication module of
swarm. To make sure we do not store user credentials in the session.
For those of you already depending on swarm, here are the changes.

-All is...Authenticated methods from LoginContext are now in  Subject,
just copy paste the relevant code.
-SingleLoginContext has been folded into LoginContext, simply replace
any occurrence of  the word SingleLoginContext with LoginContext as
the constructors remained the same.
-LoginContext equal and hashcode are final
-LoginContext is now a throw away object and therefor is no longer serializable
-LoginContext no longer implements Comparable interface
-Subjects are now considered readonly, and therefor the interface does
no longer define an addPrincipal method. instead implementations will
provide add/remove methods that honor the readonly flag which is set
by swarm as soon as the subject has been passed on.

I haven't had time to update the getting started yet, so be patient there.

Oh and before anyone else says something about it, I'll do it myself :)
I know Subject now has a dependency on the wicket gui, making it a
less ideal candidate for storing it in a database as before. But my
reasoning is this Subject is part of swarm and therefor of wicket, so
the dependency is allowed. Instead use your own entity for database
storage and wrap them in a Subject that will be thrown away when they
logoff.

Maurice

On 6/9/07, Maurice Marrink [EMAIL PROTECTED] wrote:
 :D Well i had to come up with something outrageous didn't i? ;)

 Maurice

 On 6/9/07, Igor Vaynberg [EMAIL PROTECTED] wrote:
  On 6/9/07, Maurice Marrink [EMAIL PROTECTED] wrote:
   retinal scan.
 
  :)
 
  -igor
 
 
  -
  This SF.net email is sponsored by DB2 Express
  Download DB2 Express C - the FREE version of DB2 express and take
  control of your XML. No limits. Just data. Click to get it now.
  http://sourceforge.net/powerbar/db2/
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 
 


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] WASPSession.logout(object)

2007-06-08 Thread Maurice Marrink

There is currently no way to grab the login context, so you could
store it yourself (there migh be multiple logintexts though). But the
good news is you don't have to store it if you don't want to. The
logoff performs an equals check and currently every logincontext of
the same class and level is equal to another. So if you login using a
MySingleLoginContext(username, password) you can logoff with any new
instance of that class (logoff(new MySingleLoginContext());)

However if you feel you need to have access to the original instance,
for instance because you want to know the username, i can always
include such a method in the api.

Maurice

On 6/8/07, craigdd [EMAIL PROTECTED] wrote:

 I see that the WASPSession.logout method takes a LoginContext.  Is there
 somewhere within the SWARM implementation to grab the LoginContext used to
 login?  Or when logging in is it up to the developer to put the LoginContext
 somewhere...say maybe the session itself?

 Thanks
 Craig
 --
 View this message in context: 
 http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11018551
 Sent from the Wicket - User mailing list archive at Nabble.com.


 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] WASPSession.logout(object)

2007-06-08 Thread Maurice Marrink

The loginContext is indeed stored indirectly in the session. But
neither wasp nor swarm requires you to:
1 pass in a username and password in a constructor, those are just
convenient examples, although you are right and this will be the most
likely use case.
2 use plaintext authentication data (e.g. password)
3 hold onto the username and password (or anything else you use for
authentication) after the login method is called.

As stated in the apidoc the login method is only called once so you
can and probably should clear anything used to authenticate your user.
The current documentation and or example code does not make this very
clear, thanks for pointing that out.

Maurice

On 6/8/07, craigdd [EMAIL PROTECTED] wrote:

 Are you saying then that the instance of LoginContext used to login is held
 onto in the WASPSession, via the security framework?

 If so then this brings up a huge security issue, as least the way the API
 sits and the examples showing that a LoginContext takes a username and
 password in its constructor.  This mean that a password(probably plain text)
 is available in the session which is usually a big no no when it comes to a
 secure application.  I've been through a few security probes from banks on
 various online applications that that is one of the first thing they look
 for / ask. Are you holding onto the password?

 -Craig


 Mr Mean wrote:
 
  There is currently no way to grab the login context, so you could
  store it yourself (there migh be multiple logintexts though). But the
  good news is you don't have to store it if you don't want to. The
  logoff performs an equals check and currently every logincontext of
  the same class and level is equal to another. So if you login using a
  MySingleLoginContext(username, password) you can logoff with any new
  instance of that class (logoff(new MySingleLoginContext());)
 
  However if you feel you need to have access to the original instance,
  for instance because you want to know the username, i can always
  include such a method in the api.
 
  Maurice
 
  On 6/8/07, craigdd [EMAIL PROTECTED] wrote:
 
  I see that the WASPSession.logout method takes a LoginContext.  Is there
  somewhere within the SWARM implementation to grab the LoginContext used
  to
  login?  Or when logging in is it up to the developer to put the
  LoginContext
  somewhere...say maybe the session itself?
 
  Thanks
  Craig
  --
  View this message in context:
  http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11018551
  Sent from the Wicket - User mailing list archive at Nabble.com.
 
 
  -
  This SF.net email is sponsored by DB2 Express
  Download DB2 Express C - the FREE version of DB2 express and take
  control of your XML. No limits. Just data. Click to get it now.
  http://sourceforge.net/powerbar/db2/
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 
 
  -
  This SF.net email is sponsored by DB2 Express
  Download DB2 Express C - the FREE version of DB2 express and take
  control of your XML. No limits. Just data. Click to get it now.
  http://sourceforge.net/powerbar/db2/
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 
 

 --
 View this message in context: 
 http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11033924
 Sent from the Wicket - User mailing list archive at Nabble.com.


 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] WASPSession.logout(object)

2007-06-08 Thread Maurice Marrink

Just thinking out loud here, but it shouldn't be too difficult to
change this into holding a hash of the logincontext instead of the
whole context. Since the equals contract already specifies that equal
object should have equal hashes The equals check can be easily
performed on the hash, HashMap actually uses the hash before it uses
the equal, so i do not see much problems here. And it is not like you
are gonna have an army of logincontexts in each session.

Ill see if i can implement this sometime tomorrow.

Thanks again for pointing this out, if you think there are more of
this kind of problems just let me know.

Maurice

P.S. i guess an api for getting the original logincontext is out of
the question then :)


On 6/8/07, craigdd [EMAIL PROTECTED] wrote:

 Are you saying then that the instance of LoginContext used to login is held
 onto in the WASPSession, via the security framework?

 If so then this brings up a huge security issue, as least the way the API
 sits and the examples showing that a LoginContext takes a username and
 password in its constructor.  This mean that a password(probably plain text)
 is available in the session which is usually a big no no when it comes to a
 secure application.  I've been through a few security probes from banks on
 various online applications that that is one of the first thing they look
 for / ask. Are you holding onto the password?

 -Craig


 Mr Mean wrote:
 
  There is currently no way to grab the login context, so you could
  store it yourself (there migh be multiple logintexts though). But the
  good news is you don't have to store it if you don't want to. The
  logoff performs an equals check and currently every logincontext of
  the same class and level is equal to another. So if you login using a
  MySingleLoginContext(username, password) you can logoff with any new
  instance of that class (logoff(new MySingleLoginContext());)
 
  However if you feel you need to have access to the original instance,
  for instance because you want to know the username, i can always
  include such a method in the api.
 
  Maurice
 
  On 6/8/07, craigdd [EMAIL PROTECTED] wrote:
 
  I see that the WASPSession.logout method takes a LoginContext.  Is there
  somewhere within the SWARM implementation to grab the LoginContext used
  to
  login?  Or when logging in is it up to the developer to put the
  LoginContext
  somewhere...say maybe the session itself?
 
  Thanks
  Craig
  --
  View this message in context:
  http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11018551
  Sent from the Wicket - User mailing list archive at Nabble.com.
 
 
  -
  This SF.net email is sponsored by DB2 Express
  Download DB2 Express C - the FREE version of DB2 express and take
  control of your XML. No limits. Just data. Click to get it now.
  http://sourceforge.net/powerbar/db2/
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 
 
  -
  This SF.net email is sponsored by DB2 Express
  Download DB2 Express C - the FREE version of DB2 express and take
  control of your XML. No limits. Just data. Click to get it now.
  http://sourceforge.net/powerbar/db2/
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 
 

 --
 View this message in context: 
 http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11033924
 Sent from the Wicket - User mailing list archive at Nabble.com.


 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] WASPSession.logout(object)

2007-06-08 Thread Maurice Marrink

I just remembered a little snag, this is not going to work because i
currently use the context to ask if the component, class, model is
authenticated by this context. So i really need it atm.

Looks like i need to think this trough a little better. but first i
gotta grab some sleep.

Maurice

On 6/9/07, craigdd [EMAIL PROTECTED] wrote:

 Sounds like a pretty good idea, I like that much better than having the user
 need to know they need to cleanup data state in their LoginContext.

 Another idea might be to have the LoginContext provide a method that returns
 a unique identifier.  That value could be store internally and the user can
 pass anything they want, I'd assume the default would be to return the
 username which is completely fair to be in the session.

 Without looking too closely at the code you could also use this identifier
 during logout.

 -Craig


 Mr Mean wrote:
 
  Just thinking out loud here, but it shouldn't be too difficult to
  change this into holding a hash of the logincontext instead of the
  whole context. Since the equals contract already specifies that equal
  object should have equal hashes The equals check can be easily
  performed on the hash, HashMap actually uses the hash before it uses
  the equal, so i do not see much problems here. And it is not like you
  are gonna have an army of logincontexts in each session.
 
  Ill see if i can implement this sometime tomorrow.
 
  Thanks again for pointing this out, if you think there are more of
  this kind of problems just let me know.
 
  Maurice
 
  P.S. i guess an api for getting the original logincontext is out of
  the question then :)
 
 
  On 6/8/07, craigdd [EMAIL PROTECTED] wrote:
 
  Are you saying then that the instance of LoginContext used to login is
  held
  onto in the WASPSession, via the security framework?
 
  If so then this brings up a huge security issue, as least the way the API
  sits and the examples showing that a LoginContext takes a username and
  password in its constructor.  This mean that a password(probably plain
  text)
  is available in the session which is usually a big no no when it comes to
  a
  secure application.  I've been through a few security probes from banks
  on
  various online applications that that is one of the first thing they look
  for / ask. Are you holding onto the password?
 
  -Craig
 
 
  Mr Mean wrote:
  
   There is currently no way to grab the login context, so you could
   store it yourself (there migh be multiple logintexts though). But the
   good news is you don't have to store it if you don't want to. The
   logoff performs an equals check and currently every logincontext of
   the same class and level is equal to another. So if you login using a
   MySingleLoginContext(username, password) you can logoff with any new
   instance of that class (logoff(new MySingleLoginContext());)
  
   However if you feel you need to have access to the original instance,
   for instance because you want to know the username, i can always
   include such a method in the api.
  
   Maurice
  
   On 6/8/07, craigdd [EMAIL PROTECTED] wrote:
  
   I see that the WASPSession.logout method takes a LoginContext.  Is
  there
   somewhere within the SWARM implementation to grab the LoginContext
  used
   to
   login?  Or when logging in is it up to the developer to put the
   LoginContext
   somewhere...say maybe the session itself?
  
   Thanks
   Craig
   --
   View this message in context:
  
  http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11018551
   Sent from the Wicket - User mailing list archive at Nabble.com.
  
  
  
  -
   This SF.net email is sponsored by DB2 Express
   Download DB2 Express C - the FREE version of DB2 express and take
   control of your XML. No limits. Just data. Click to get it now.
   http://sourceforge.net/powerbar/db2/
   ___
   Wicket-user mailing list
   Wicket-user@lists.sourceforge.net
   https://lists.sourceforge.net/lists/listinfo/wicket-user
  
  
  
  -
   This SF.net email is sponsored by DB2 Express
   Download DB2 Express C - the FREE version of DB2 express and take
   control of your XML. No limits. Just data. Click to get it now.
   http://sourceforge.net/powerbar/db2/
   ___
   Wicket-user mailing list
   Wicket-user@lists.sourceforge.net
   https://lists.sourceforge.net/lists/listinfo/wicket-user
  
  
 
  --
  View this message in context:
  http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11033924
  Sent from the Wicket - User mailing list archive at Nabble.com.
 
 
  -
  This SF.net email is sponsored by DB2 Express
  Download DB2 Express C - the FREE version of DB2 express and take
  control of your

Re: [Wicket-user] Wicket Security Configuration Question

2007-06-07 Thread Maurice Marrink

Thanks, Craig

I've updated the getting started to include the example for the
default mode, which is what most likely you will be using. I am sorry
to say that as of yet i do not have an ETA for the examples but i will
post it on the mailing list when i have them ready.

Maurice

On 6/7/07, craigdd [EMAIL PROTECTED] wrote:

 This original post was under wicket stuff users list and I've reposted it
 hear for more visibility, as requested by Martijn.  The following is the
 response that I got from Maurice.

 Hi,

 what i mean is this: By default SecurePageLink (and all other links
 with the same securitycheck) checks for an enable action on the page
 the link points to. This check occurs both in the render (where is
 decided if the link should be clickable) and in the onclick (just to
 check if nobody spoofed an url to trigger a link click where it is not
 allowed).

 Maybe an example will make things more clear (note to self to update
 the getting started)
 HomePage contains a SecurePageLink to PageA.
 We should declare at least .HomePage, render; in our policy or
 we will never see the homepage. With just this the link will not be
 rendered because it lacks .PageA, render;
 So if we put that in the policy to we will see a disabled link.
 (wicket turns it into a span by default) but because the component is
 still available on the server side someone could spoof the url and
 trigger wicket into thinking the link was clicked, fortunatly the
 second check i mentioned earlier will detect this and send you to the
 accessdenied page.
 Only if we make sure our policy also contains .PageA, enable;
 the link will be fully operational.

 I hope this answered your question. :)

 But if you want to get realy confused you should read on because there
 is an alternative mode in which it is possible to show the link even
 if we have not granted render to PageA.
 I am actually working on some examples showing this alternate mode,
 but they are not yet available.
 To activate the alternate rendering mode you need to do this:
 ((LinkSecurityCheck)link.getSecurityCheck()).setUseAlternativeRenderCheck(true);
 Given the above example and a policy file only containing
 HomePage, inherit, render;
 the link will render as a disabled link. Note the inherit, this means
 all child components on the homepage are allowed to render. Optionally
 we could replace that one line with the following two lines
 HomePage, render; and HomePage:link, render; Assuming the
 wicket id of our link is link :) To enable the link we would still
 require PageA, enable; in our policy.

 Thanks for checking out swarm and wasp, i hope i did not just confuse
 the hell out you :)

 Maurice



 craigdd wrote:
 
  In look looking the getting started page for wicket security I came across
  the following block on text when describing the configuration of
  principals.
 
  What we just did is grant everyone the right to see (render) our HomePage,
  if there are secure components on the homepage we can see them too
  (inherit). In addition we granted links to our homepage the right to be
  clicked (enable). Because we do not want to give links on our homepage the
  right to be clicked we did not place the enable action on the previous
  line with the inherit. If we know for a fact that there are absolutely no
  links pointing to the homepage we could delete the second line, but
  generally you will want these two lines for any given secure page. If you
  think, what a long line isn't there a shorter way, then i have good news
  for you. Hive supports aliases. This means that besides the build in
  aliases for permissions you can add your own aliases for permissions,
  principals and names, just not for actions!. aliases can be concatenated
  but not nested. sow if we rewrite our policy to use aliases we get
 
  Just to clarify, when you say In addition we granted links to our
  homepage the right to be clicked (enable), does this mean that the link,
  which I assume you mean , is able to be physically clicked? And if it was
  the opposite, as is the next line of the configuration HomePage,
  enable, does this mean that the link is disabled to the user, or that
  it is enabled but you will get an access error exception on the server
  side?
 
  Thanks
  Craig
 

 --
 View this message in context: 
 http://www.nabble.com/Wicket-Security-Configuration-Question-tf3884414.html#a11009846
 Sent from the Wicket - User mailing list archive at Nabble.com.


 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] AuthenticatedWebApplication - Component Level Authentication

2007-06-04 Thread Maurice Marrink

Please do, yesterday i checked in some changes that should redirect
you to the login page if you place secure components on a non secure
page.

All the documentation and examples are still work in progress but you
could check out the junit tests and the documentation here
http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm
and here http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security

Maurice

On 6/3/07, mchack [EMAIL PROTECTED] wrote:

The override of onUnauthorizedPage didn't work because the framework was
throwing the UnauthorizedInstantiationException because the page itself was
not secure, but the component was. I was able to handle this by overriding
the WebRequestCycle to handle exceptions explicitly as indicated in the
previous post:

http://www.nabble.com/Exception-Strategy-in-1.3-tf3793570.html#a10790773

My reason for doing this is that I have a fairly generic bookmarkable page
(single class) that will serve up varied content (markup) depending upon the
URL. I also have a dynamic mechanism using resolve() to detect wicket:id's
that have behavior of my choosing. So, my motivation is that while the pages
themselves are not declared secure, the HTML developer could inadvertantly
reference a secured component. Hence my desire to trap instantiation issues
at the component level and then do proper redirection to either the login
page or error page.

While not a classic use of the framework, I think it has some merit. I will
also check out the WASP and SWARM projects.

Eelco Hillenius wrote:

Hi,

On 6/3/07, Maurice Marrink [EMAIL PROTECTED] wrote:
Not sure if it is the preferred way of doing things (since this is
Eelco's framework)

That part is actually Jonathan's

but you could override the init() method and set up
a different authorizationstrategy and or instantiationlistener, all
you have to do for that is skip the call to super and do something
similar yourself.

Imho, that class is better viewed as an example.

Or you can ask Eelco nice and maybe he will remove the final :)

I don't think that's needed though. How about overriding
onUnauthorizedPage? As long as a user isn't logged in, the strategy
will redirect to the page that is returned by getSignInPageClass.
After that, onUnauthorizedPage is called when a user tries to access a
page he/ she isn't authorized for.

Eelco

--
View this message in context:
http://www.nabble.com/AuthenticatedWebApplication---Component-Level-Authentication-tf3854757.html#a10939875
Sent from the Wicket - User mailing list archive at Nabble.com.

Re: [Wicket-user] AuthenticatedWebApplication - Component Level Authentication

2007-06-03 Thread Maurice Marrink

Not sure if it is the preferred way of doing things (since this is
Eelco's framework) but you could override the init() method and set up
a different authorizationstrategy and or instantiationlistener, all
you have to do for that is skip the call to super and do something
similar yourself.

Or you can ask Eelco nice and maybe he will remove the final :)

Maurice

On 6/2/07, mchack [EMAIL PROTECTED] wrote:

I am using the AuthenticatedWebApplication package. I would like to do
component level authorization. The framework generates an exception for this
that I can't see how I can override. Basic behavior is to be redirected back
to Home Page. My reason for doing this at the component level is to make
sure that a developer does not include an authorized component in a page,
but I would like to direct the conversation back to the login page.

Is this not supported or am I missing the way to capture the exception and
provide my own handling. onUnauthorizedInstantiation is final so i can't
override that.

Thanks
--
View this message in context:
http://www.nabble.com/AuthenticatedWebApplication---Component-Level-Authentication-tf3854757.html#a10921366
Sent from the Wicket - User mailing list archive at Nabble.com.

Re: [Wicket-user] Wicket Security Example Time Frame

2007-06-02 Thread Maurice Marrink

Indeed GeneralTest is the place to look at right now. I am working on
some examples but there are only so many hours in a day :)
Also there is an (unfinished) getting started section at the wiki
http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm

Thanks for the interest in the project and if you have any questions
just ask them on the mailing list

Maurice

On 6/2/07, craigdd [EMAIL PROTECTED] wrote:

 I came across the GeneralTest in the security project, looks like a great
 example starter for the security project.

 Thanks
 Craig


 craigdd wrote:
 
  Does anyone know the time frame for the wicket security project to come
  out with an examples project or is there some early access code people can
  get access to?
 
  The project looks pretty nice, I look forward to doing some evaluation on
  it and possibly using in on an upcoming project.
 
  Thanks
  Craig
 

 --
 View this message in context: 
 http://www.nabble.com/Wicket-Security-Example-Time-Frame-tf3855250.html#a10922941
 Sent from the Wicket - User mailing list archive at Nabble.com.


 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Wicket YUI

2007-06-01 Thread Maurice Marrink

Hi James,

There is a little project coming up for me that will require heavy use
of the yui drag and drop functions, so I'll do some checking some time
soon and will let you know if i have any questions. Since this is
gonna be my first encounter with yui i have no doubt i will come come
up with some :)

Maurice

On 5/31/07, James McLaughlin [EMAIL PROTECTED] wrote:
There is a wicket-contrib-yui project included in wicket-stuff on sourceforge:
http://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-contrib-yui

I've been working on it a little, mostly on the menu module. The drag
and drop is somewhat broken, and I haven't had time to look at it.
This may have happened when I updated the libs to 2.2.2. But the
slider and animation modules work fine.

There is very little in the way of documentation, but there is a
wicket-contrib-yui-examples project that demos each module.
http://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-contrib-yui-examples

If you perform a mvn install on wicket-contrib-yui, then a mvn
jetty:run on wicket-contrib-yui-examples, you should be up and running
in a few minutes.
Once I get the menu working to my satisfaction, I will produce some
documentation.

When I updated the libs, I created a YuiHeaderContributor that will
resolve dependencies for the module you want and include the necessary
files in the proper order (yui is way weaker than dojo in this
respect).

A few months ago, a number of people expressed interest in
contributing, so if any of you are reading this, I would love to have
some help. In particular, i think it would be great if someone could
bring drag and drop back to life. I think it could use some pretty
heavy refactoring as well. Actually, there have been a lot of changes
in wicket since wcy was last worked on, so much of the project could
use modernization. If you don't know where to start, respond to this
email and I can provide a few ideas.

best,
jim

On 5/31/07, howzat [EMAIL PROTECTED] wrote:

Are there any examples/tutorials that re using YUI with Wicket.
I see there is also a wicket YUI project but could not find much getting
started help.
--
View this message in context:
http://www.nabble.com/Wicket---YUI-tf3848786.html#a10901677
Sent from the Wicket - User mailing list archive at Nabble.com.

Re: [Wicket-user] Conditional output

2007-05-30 Thread Maurice Marrink

You should use an attribute modifier on the totals row. like this
totalsRow.add(new AttributeModifier(colspan,myModel));
If you know for a fact the number of columns is not going to change
after a page refresh you could use a new
SimpleAttributeModifier(colspan,length) else you should use a model
to dynamically compute the number of desired columns

Maurice

On 5/30/07, Thies Edeling [EMAIL PROTECTED] wrote:
 All,

 Say that I have an HTML table with data and the last row is a total with
 a colspan to align the value:
 table
 tr
 td wicket:id=prjProject A/td
 td wicket:id=col1stuff/td
 td wicket:id=col2stuff/td
 td wicket:id=col35/td
 /tr

 tr
 td colspan=3nbsp;/td
 td5/td
 /tr
 /table

 When col2 is optional I'd do a col2.setVisible(false) on that label but
 the colspan in the total row needs to be adjusted as well. Should I
 create a colspan property in the Page class and do a td colspan=span
 wicket:id=colspan / or is there another preferred way? Wondering
 how much I've to 'unlearn' from my JSTL way of doing things :)

 Thies
 --
 http://blog.ehour.nl/


 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Wicket Acegi ?

2007-05-29 Thread Maurice Marrink

If you are using wicket 1.3 you could try the new wicket security
framework swarm. unlike acegi it is not url based but component based.
It was designed with simplicity in mind so you should be able to get
started right away.

You can find documentation here
http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security
The documentation is still work in progress but if you have any
question you can always ask them on the mailing list.

I am not sure if there is an existing wicket-acegi framework but i
believe i have heard of people using them together.

Optionally if you are using java 1.5 you could check out the
wicket-auth-roles project.

Maurice

On 5/29/07, Thies Edeling [EMAIL PROTECTED] wrote:
 Hello all,

 I'm migrating an existing Struts app to Wicket and have now reached the
 point where I have to add authentication/authorization to it.
 In the Struts app I used Acegi to add URL-based security. Ideally I'd re-use 
 my
 existing Acegi config for Wicket but I can't find any documentation on how
 to do this. The 'Wicket way' of authentication is mentioned on the Wiki
 somewhere but details are missing.
 What's the best way to add simple role-based security to a Wicket app?

 thanks in advance,

 Thies
 --
 http://blog.ehour.nl/


 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Wicket Acegi ?

2007-05-29 Thread Maurice Marrink

According to your mail, you are only using acegi to do the
authentication and let auth-roles handle the authorization.

Swarm provides functionality to handle both authentication and
authorization and is perfectly capable of delegating to whatever
authentication framework you desire.

Maurice

On 5/29/07, Erik van Oosten [EMAIL PROTECTED] wrote:

 There was a thread some time ago.

 In  http://www.nabble.com/forum/ViewPost.jtp?post=7285394framed=y this
 message  I explained how we use Acegi in combination with wicket-auth-roles.

 Regards,
 Erik.


 Mr Mean wrote:
 
  I am not sure if there is an existing wicket-acegi framework but i
  believe i have heard of people using them together.
 
  Optionally if you are using java 1.5 you could check out the
  wicket-auth-roles project.
 

 --
 Erik van Oosten
 http://2007.rubyenrails.nl/
 http://www.day-to-day-stuff.blogspot.com/
 --
 View this message in context: 
 http://www.nabble.com/Wicket---Acegi---tf3833443.html#a10853872
 Sent from the Wicket - User mailing list archive at Nabble.com.


 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Wicket Acegi ?

2007-05-29 Thread Maurice Marrink

Johan, has an excellent point, but we too have a pre wicket 1.3 app so
i guess i'll have to make a branche for that app anyhow if i want to
replace or old security mechanisme.
I don't think it will be much work to backport to 1.2.6.
Let me know if you plan on staying with wicket 1.2.x or upgrade to 1.3

Maurice

On 5/29/07, Johan Compagner [EMAIL PROTECTED] wrote:
 you could ofcourse upgrade to 1.3!
 Now you rewrite from struts to wicket but we are moving alone and then you
 have to rewrite it again to 1.3.

 johan



 On 5/29/07, Thies Edeling [EMAIL PROTECTED] wrote:
  I'm using 1.2.6 so swarm is not in the picture. Will check out auth-roles
  as I'm on java 1.5, thx!
 
  On Tue, 29 May 2007, Maurice Marrink wrote:
 
   If you are using wicket 1.3 you could try the new wicket security
   framework swarm. unlike acegi it is not url based but component based.
   It was designed with simplicity in mind so you should be able to get
   started right away.
  
   You can find documentation here
  
 http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security
   The documentation is still work in progress but if you have any
   question you can always ask them on the mailing list.
  
   I am not sure if there is an existing wicket-acegi framework but i
   believe i have heard of people using them together.
  
   Optionally if you are using java 1.5 you could check out the
   wicket-auth-roles project.
  
   Maurice
  
   On 5/29/07, Thies Edeling [EMAIL PROTECTED] wrote:
   Hello all,
  
   I'm migrating an existing Struts app to Wicket and have now reached the
   point where I have to add authentication/authorization to it.
   In the Struts app I used Acegi to add URL-based security. Ideally I'd
 re-use my
   existing Acegi config for Wicket but I can't find any documentation on
 how
   to do this. The 'Wicket way' of authentication is mentioned on the Wiki
   somewhere but details are missing.
   What's the best way to add simple role-based security to a Wicket app?
  
   thanks in advance,
  
   Thies
   --
   http://blog.ehour.nl/
  
  
  
 -
   This SF.net email is sponsored by DB2 Express
   Download DB2 Express C - the FREE version of DB2 express and take
   control of your XML. No limits. Just data. Click to get it now.
   http://sourceforge.net/powerbar/db2/
   ___
   Wicket-user mailing list
   Wicket-user@lists.sourceforge.net
  
 https://lists.sourceforge.net/lists/listinfo/wicket-user
  
  
  
 -
   This SF.net email is sponsored by DB2 Express
   Download DB2 Express C - the FREE version of DB2 express and take
   control of your XML. No limits. Just data. Click to get it now.
   http://sourceforge.net/powerbar/db2/
   ___
   Wicket-user mailing list
   Wicket-user@lists.sourceforge.net
  
 https://lists.sourceforge.net/lists/listinfo/wicket-user
  
 
 
 
 -
  This SF.net email is sponsored by DB2 Express
  Download DB2 Express C - the FREE version of DB2 express and take
  control of your XML. No limits. Just data. Click to get it now.
  http://sourceforge.net/powerbar/db2/
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 


 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user



-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Wicket Acegi ?

2007-05-29 Thread Maurice Marrink

Francis,

Swarm does not use apache hivemind. The hivemind reference you saw in
the example code is to an internal class who is coincidentally named
like apache hivemind.
Swarm only requires the following jars besides wicket: Wasp,
commons-logging and Log4j.

Maurice

On 5/29/07, Francis Amanfo [EMAIL PROTECTED] wrote:
 Hi Marice,

 While here may I ask a quick question? I've quickly glanced through the docs
 at Wiki and could see some reference to Hivemind. Does this implementation
 employs Apache HiveMind and if so I assume I have to place yet another jar
 on my classpath. Right or not?

 Regards,
 Francis


 On 5/29/07, Maurice Marrink [EMAIL PROTECTED] wrote:
  Johan, has an excellent point, but we too have a pre wicket 1.3 app so
  i guess i'll have to make a branche for that app anyhow if i want to
  replace or old security mechanisme.
  I don't think it will be much work to backport to 1.2.6.
  Let me know if you plan on staying with wicket 1.2.x or upgrade to 1.3
 
  Maurice
 
  On 5/29/07, Johan Compagner [EMAIL PROTECTED] wrote:
   you could ofcourse upgrade to 1.3!
   Now you rewrite from struts to wicket but we are moving alone and then
 you
   have to rewrite it again to 1.3.
  
   johan
  
  
  
   On 5/29/07, Thies Edeling  [EMAIL PROTECTED] wrote:
I'm using 1.2.6 so swarm is not in the picture. Will check out
 auth-roles
as I'm on java 1.5, thx!
   
On Tue, 29 May 2007, Maurice Marrink wrote:
   
 If you are using wicket 1.3 you could try the new wicket security
 framework swarm. unlike acegi it is not url based but component
 based.
 It was designed with simplicity in mind so you should be able to get
 started right away.

 You can find documentation here

  
 http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security
 The documentation is still work in progress but if you have any
 question you can always ask them on the mailing list.

 I am not sure if there is an existing wicket-acegi framework but i
 believe i have heard of people using them together.

 Optionally if you are using java 1.5 you could check out the
 wicket-auth-roles project.

 Maurice

 On 5/29/07, Thies Edeling [EMAIL PROTECTED] wrote:
 Hello all,

 I'm migrating an existing Struts app to Wicket and have now reached
 the
 point where I have to add authentication/authorization to it.
 In the Struts app I used Acegi to add URL-based security. Ideally
 I'd
   re-use my
 existing Acegi config for Wicket but I can't find any documentation
 on
   how
 to do this. The 'Wicket way' of authentication is mentioned on the
 Wiki
 somewhere but details are missing.
 What's the best way to add simple role-based security to a Wicket
 app?

 thanks in advance,

 Thies
 --
 http://blog.ehour.nl/



  
 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net

  
 https://lists.sourceforge.net/lists/listinfo/wicket-user



  
 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net

  
 https://lists.sourceforge.net/lists/listinfo/wicket-user

   
   
   
  
 -
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
   
 https://lists.sourceforge.net/lists/listinfo/wicket-user
   
  
  
  
 -
   This SF.net email is sponsored by DB2 Express
   Download DB2 Express C - the FREE version of DB2 express and take
   control of your XML. No limits. Just data. Click to get it now.
   http://sourceforge.net/powerbar/db2/
   ___
   Wicket-user mailing list
   Wicket-user@lists.sourceforge.net
  
 https://lists.sourceforge.net/lists/listinfo/wicket-user
  
  
 
 
 -
  This SF.net

Re: [Wicket-user] Wicket Acegi ?

2007-05-29 Thread Maurice Marrink

No problem and thanks.
Have you decided yet if you are going to upgrade to wicket 1.3?

Maurice

On 5/29/07, Francis Amanfo [EMAIL PROTECTED] wrote:
 Yes, I thought so too since I couldn't see any package reference to apache
 hivemind but just the name Hivemind, but to be sure I decided to ask.

 Thanks for the answer and great work.

 Francis


  On 5/29/07, Maurice Marrink [EMAIL PROTECTED] wrote:
 
  Francis,
 
  Swarm does not use apache hivemind. The hivemind reference you saw in
  the example code is to an internal class who is coincidentally named
  like apache hivemind.
  Swarm only requires the following jars besides wicket: Wasp,
  commons-logging and Log4j.
 
  Maurice
 
  On 5/29/07, Francis Amanfo [EMAIL PROTECTED] wrote:
   Hi Marice,
  
   While here may I ask a quick question? I've quickly glanced through the
 docs
   at Wiki and could see some reference to Hivemind. Does this
 implementation
   employs Apache HiveMind and if so I assume I have to place yet another
 jar
   on my classpath. Right or not?
  
   Regards,
   Francis
  
  
   On 5/29/07, Maurice Marrink [EMAIL PROTECTED] wrote:
Johan, has an excellent point, but we too have a pre wicket 1.3 app so
i guess i'll have to make a branche for that app anyhow if i want to
replace or old security mechanisme.
I don't think it will be much work to backport to 1.2.6.
Let me know if you plan on staying with wicket 1.2.x or upgrade to 1.3
   
Maurice
   
On 5/29/07, Johan Compagner [EMAIL PROTECTED] wrote:
 you could ofcourse upgrade to 1.3!
 Now you rewrite from struts to wicket but we are moving alone and
 then
   you
 have to rewrite it again to 1.3.

 johan



 On 5/29/07, Thies Edeling  [EMAIL PROTECTED] wrote:
  I'm using 1.2.6 so swarm is not in the picture. Will check out
   auth-roles
  as I'm on java 1.5, thx!
 
  On Tue, 29 May 2007, Maurice Marrink wrote:
 
   If you are using wicket 1.3 you could try the new wicket
 security
   framework swarm. unlike acegi it is not url based but component
   based.
   It was designed with simplicity in mind so you should be able to
 get
   started right away.
  
   You can find documentation here
  

  
 http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security
   The documentation is still work in progress but if you have any
   question you can always ask them on the mailing list.
  
   I am not sure if there is an existing wicket-acegi framework but
 i
   believe i have heard of people using them together.
  
   Optionally if you are using java 1.5 you could check out the
   wicket-auth-roles project.
  
   Maurice
  
   On 5/29/07, Thies Edeling [EMAIL PROTECTED] wrote:
   Hello all,
  
   I'm migrating an existing Struts app to Wicket and have now
 reached
   the
   point where I have to add authentication/authorization to it.
   In the Struts app I used Acegi to add URL-based security.
 Ideally
   I'd
 re-use my
   existing Acegi config for Wicket but I can't find any
 documentation
   on
 how
   to do this. The 'Wicket way' of authentication is mentioned on
 the
   Wiki
   somewhere but details are missing.
   What's the best way to add simple role-based security to a
 Wicket
   app?
  
   thanks in advance,
  
   Thies
   --
   http://blog.ehour.nl/
  
  
  

  
 -
   This SF.net email is sponsored by DB2 Express
   Download DB2 Express C - the FREE version of DB2 express and
 take
   control of your XML. No limits. Just data. Click to get it now.
   http://sourceforge.net/powerbar/db2/
  
 ___
   Wicket-user mailing list
   Wicket-user@lists.sourceforge.net
  

  
 https://lists.sourceforge.net/lists/listinfo/wicket-user
  
  
  

  
 -
   This SF.net email is sponsored by DB2 Express
   Download DB2 Express C - the FREE version of DB2 express and
 take
   control of your XML. No limits. Just data. Click to get it now.
   http://sourceforge.net/powerbar/db2/
   ___
   Wicket-user mailing list
   Wicket-user@lists.sourceforge.net
  

  
 https://lists.sourceforge.net/lists/listinfo/wicket-user
  
 
 
 

  
 -
  This SF.net email is sponsored by DB2 Express
  Download DB2 Express C - the FREE version of DB2 express and take
  control of your XML. No limits. Just data. Click to get it now.
  http://sourceforge.net/powerbar/db2/
  ___
  Wicket-user mailing

Re: [Wicket-user] Wicket Acegi ?

2007-05-29 Thread Maurice Marrink

I know martijn and i will fix this, in the meantime i would like to
add to my defense that i am not the only stuff project to use log4j :)

Maurice

On 5/29/07, Martijn Dashorst [EMAIL PROTECTED] wrote:
 On 5/29/07, Maurice Marrink [EMAIL PROTECTED] wrote:
  Swarm only requires the following jars besides wicket: Wasp,
  commons-logging and Log4j.

 You did notice that Wicket now uses slf4j instead of clogging?

 Martijn

 --
 Join the wicket community at irc.freenode.net: ##wicket
 Wicket 1.2.6 contains a very important fix. Download Wicket now!
 http://wicketframework.org

 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Wicket Acegi ?

2007-05-29 Thread Maurice Marrink

:) indeed i realized my mistake after i hit the send button :)

Maurice

On 5/29/07, Eelco Hillenius [EMAIL PROTECTED] wrote:
  I know martijn and i will fix this, in the meantime i would like to
  add to my defense that i am not the only stuff project to use log4j :)

 You mean commons-logging :)

 Eelco

 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Swarm - [was Wicket Acegi ?]

2007-05-29 Thread Maurice Marrink

On 5/29/07, Jan Kriesten [EMAIL PROTECTED] wrote:

 Why re-invent the wheel with Wasp/Swarm?

The same question could be asked when acegi was introduced, or any
other security framework for that matter.
The simple answer is because it things differently and hopes to solves
problems not addressed by other frameworks. Without having any further
knowledge of acegi, one of the differences is component oriented
security as opposed to url based. wicket is after all component based
so why fiddle with urls. Second swarm was designed from the ground to
interact with wicket whereas acegi requires you to go through several
hoops just to get some simple stuff done.
Third configuring a security framework is often not a simple task, i
like to think swarm does a better job.
Just to name a few of the selling points without going into a my
framework is better then yours war. :)

Maurice

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Swarm - [was Wicket Acegi ?]

2007-05-29 Thread Maurice Marrink

I am sorry if i made you think i was accusing you of starting a
framework war, i was merely stating i didn't want to start one :).

I am only just reading up on acegi, but what i learned so far is that
acegi was designed for spring just like swarm is for wicket so trying
to integrate either in the other framework should provide for quite a
challenge.

Maurice

On 5/29/07, Jan Kriesten [EMAIL PROTECTED] wrote:

 hi maurice,

 i didn't want to stat a framework war... ;-)

 my point was just to understand why you started a new thing. i'm currently in
 the process of selecting a authentication/authorization framework, too. it
 should be highly flexible, so it can integrated in very different 
 environments.
 still, the component oriented security should be reflectable.

 what i was thinking about was - instead of using acegi as a filter and use it 
 on
 urls - integrate it in the wicket-app and act on top of the components. this
 sounds like the wasp/swarm-concepts, only that acegi is the base.

 what i really dislike about acegi is the spring/xml-stuff. but that's another
 story... ;-)

 best regards, --- jan.



 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Swarm - [was Wicket Acegi ?]

2007-05-29 Thread Maurice Marrink

True, Swarm does not yet provide blackbox authentication against ldap,
cas or whatever else, but it allows you to customize your own
authentication allowing you to implement any of those models. And the
time not spend on fixing all your urls for acegi can now be spend on
implementing cas or ldap for swarm :)

Maurice

On 5/29/07, Jan Kriesten [EMAIL PROTECTED] wrote:

 hi martijn,

  what i really dislike about acegi is the spring/xml-stuff. but that's 
  another
  story... ;-)
 
  If you take the spring/xml and the URL based authorization out of
  Acegi, what is left?
 
  Not a stab at Acegi, just asking.

 hehe - now i'm having to argue pro acegi where i'm not yet finished finding 
 out
 if it really is what i'm looking for. *ggg*

 first of all, what i dislike is the xml-/spring-injection-dependent
 configuration. everything else is not tight to spring, it can be used in any
 other environment.

 everything else is:

 acegi supports a wide range of authentication models. from http basic
 authentication headers, ldap to jaas - you just have to choose.

 also, the authorization is as customizable as is e.g. swarm. like in swarm, 
 you
 have to define your policies. it's just an implementation detail, if you use 
 it
 url- or component-based.

 so, when thinking about authentication/authorization, i don't think of a
 one-time-installation at one defined customer but how it can be integrated 
 into
 a variety of heterogenous systems. having a wicket application running in a
 system using a service-oriented-approach, i might have to use a ticketing 
 system
 (like cas) to handle authorization. acegi delivers such functionality.

 best regards, --- jan.



 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Swarm - [was Wicket Acegi ?]

2007-05-29 Thread Maurice Marrink

I don't mind the competition. But it might be a good idea if we can
all agree on some common api. for that reason i made wasp. Off course
nothing is written in stone so if you have some suggestions I'll be
happy to listen to them. Just take a look at wasp, is all i ask.

Maurice

On 5/29/07, Jan Kriesten [EMAIL PROTECTED] wrote:

 hi eelco,

  Yeah, makes sense. Contributions are welcome of course. We don't mind
  having competing implementations; it'll only make them better :)

 hehe, i'll keep you posted. ;-)

 --- jan.



 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Swarm - [was Wicket Acegi ?]

2007-05-29 Thread Maurice Marrink

Don't worry, i like committees about as much as how far i can throw them :)

Maurice

On 5/29/07, Eelco Hillenius [EMAIL PROTECTED] wrote:
  I don't mind the competition. But it might be a good idea if we can
  all agree on some common api. for that reason i made wasp. Off course
  nothing is written in stone so if you have some suggestions I'll be
  happy to listen to them. Just take a look at wasp, is all i ask.

 Yeah, I agree that that's a good idea. Just don't fall into the design
 by committee trap ;)

 Eelco

 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Bookmarkable pages and transparent login

2007-05-28 Thread Maurice Marrink

On account of the serialization, yes this will become a problem for
your backbutton support.
wicket tries to serialize every page to disk and later retrieve it
when a user used the browsers backbutton and then performs an action
where it is necessary to go back to the server.

On account of the transparent login, like Martijn said if you use a
framework for your security it is already handled automagically for
you. Now i am a bit biased on the new wicket-security framework since
i wrote it :), but you should really check it out sometime.

Maurice

On 5/28/07, Thomas Singer [EMAIL PROTECTED] wrote:
 Hm, by default, I'm getting an error that my page is not serializable. But
 when I set

application.getDebugSettings().setSerializeSessionAttributes(false);

 it works without problems. Could this become a problem when my page still is
 not serializable?

 Tom


 Thomas Singer wrote:
  Never mind. RestartResponseAtInterceptPageException-handling is more
  lightweight than I assumed. Of course the other processing is completely up
  to me.
 
  Tom

 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Bookmarkable pages and transparent login

2007-05-28 Thread Maurice Marrink

P.S you can read more here
http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security

Maurice

On 5/28/07, Maurice Marrink [EMAIL PROTECTED] wrote:
 On account of the serialization, yes this will become a problem for
 your backbutton support.
 wicket tries to serialize every page to disk and later retrieve it
 when a user used the browsers backbutton and then performs an action
 where it is necessary to go back to the server.

 On account of the transparent login, like Martijn said if you use a
 framework for your security it is already handled automagically for
 you. Now i am a bit biased on the new wicket-security framework since
 i wrote it :), but you should really check it out sometime.

 Maurice

 On 5/28/07, Thomas Singer [EMAIL PROTECTED] wrote:
  Hm, by default, I'm getting an error that my page is not serializable. But
  when I set
 
 application.getDebugSettings().setSerializeSessionAttributes(false);
 
  it works without problems. Could this become a problem when my page still is
  not serializable?
 
  Tom
 
 
  Thomas Singer wrote:
   Never mind. RestartResponseAtInterceptPageException-handling is more
   lightweight than I assumed. Of course the other processing is completely 
   up
   to me.
  
   Tom
 
  -
  This SF.net email is sponsored by DB2 Express
  Download DB2 Express C - the FREE version of DB2 express and take
  control of your XML. No limits. Just data. Click to get it now.
  http://sourceforge.net/powerbar/db2/
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Bookmarkable pages and transparent login

2007-05-28 Thread Maurice Marrink

Regarding the backbutton, When you press the backbutton on you're
browser, it is the browser who gets the previous page from cache, the
server is never notified of this.
So regarding wicket, no there is not much you can do on that end. But
you might be able with the help of some javascript to remove the
license page from the browser, this script should go on the license
page but what it should look like i am not entirely sure. might i
suggest google :)

Regarding the license page, I think it will work in swarm (as the
project is called in wicket-security) as you can easily define a new
ISecurityCheck for a page and have that redirect to you're license
page. If you are interested you can mail me at [EMAIL PROTECTED] and
we can see how to customize you're situation.

Maurice

On 5/28/07, Thomas Singer [EMAIL PROTECTED] wrote:
  On account of the transparent login, like Martijn said if you use a
  framework for your security it is already handled automagically for
  you. Now i am a bit biased on the new wicket-security framework since
  i wrote it :), but you should really check it out sometime.

 To be exact, we don't need it for login, but for securing a download by
 accepting a corresponding license agreement (thanks to German laws).

  On account of the serialization, yes this will become a problem for
  your backbutton support.
  wicket tries to serialize every page to disk and later retrieve it
  when a user used the browsers backbutton and then performs an action
  where it is necessary to go back to the server.

 Hmm, looks like I need to do that. :(

 The above mentioned download scenario will look like:
 - select the file to download (e.g. by getting a link by e-mail or by
selecting it on our website)
 - on the file-download page check, whether the session-flag for accepted
license agreement is set; if not, redirect to the license agreement page
and path an IPageLink for the accept button, so the file-download page
gets its right parameters after accepting the license agreement

 Regarding the back-button: it would be the best if the intermediate license
 agreement page would not occur when pressing the back-button, but instead
 the previous page (if any). Is something like that possible?

 Tom


 Maurice Marrink wrote:
  On account of the serialization, yes this will become a problem for
  your backbutton support.
  wicket tries to serialize every page to disk and later retrieve it
  when a user used the browsers backbutton and then performs an action
  where it is necessary to go back to the server.
 
  On account of the transparent login, like Martijn said if you use a
  framework for your security it is already handled automagically for
  you. Now i am a bit biased on the new wicket-security framework since
  i wrote it :), but you should really check it out sometime.
 
  Maurice
 
  On 5/28/07, Thomas Singer [EMAIL PROTECTED] wrote:
  Hm, by default, I'm getting an error that my page is not serializable. But
  when I set
 
 application.getDebugSettings().setSerializeSessionAttributes(false);
 
  it works without problems. Could this become a problem when my page still 
  is
  not serializable?
 
  Tom
 
 
  Thomas Singer wrote:
  Never mind. RestartResponseAtInterceptPageException-handling is more
  lightweight than I assumed. Of course the other processing is completely 
  up
  to me.
 
  Tom
  -
  This SF.net email is sponsored by DB2 Express
  Download DB2 Express C - the FREE version of DB2 express and take
  control of your XML. No limits. Just data. Click to get it now.
  http://sourceforge.net/powerbar/db2/
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 
 
  -
  This SF.net email is sponsored by DB2 Express
  Download DB2 Express C - the FREE version of DB2 express and take
  control of your XML. No limits. Just data. Click to get it now.
  http://sourceforge.net/powerbar/db2/
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 

 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your

Re: [Wicket-user] Exception Strategy in 1.3

2007-05-22 Thread Maurice Marrink

As far as i know the wicket session is mandatory in wicket but that
does not mean you have to use it to store information. Other then that
i see no reason why your proposed strategy should not work.

Maurice

On 5/22/07, craigdd [EMAIL PROTECTED] wrote:

 Basically what I want to do is set the internal error page to my own internal
 page, i.e. my login page, and add a message from the a resource bundle,
 .properties file, that includes an error code that is generated from an
 internal RuntimeException.  Another requirement is that a Session is
 optional, meaning that this should work with or without a Session.

 -Craig


 craigdd wrote:
 
  What is the best way to implement your own exception strategy in wicket
  1.3?  I want to add some added logic to my application when an unexcepted
  exception occurs.  During this added logic I want a handle on the page
  that is being redirected to, ie the internal error page.
 
  Thanks
  Craig
 

 --
 View this message in context: 
 http://www.nabble.com/Exception-Strategy-in-1.3-tf3793570.html#a10730008
 Sent from the Wicket - User mailing list archive at Nabble.com.


 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Header contribution not always rendered

2006-11-14 Thread Maurice Marrink

Its not just pages, i have a panel that adds some javascript to the
header which suffers from this problem.

Matej, ill see if i can put something together.

Maurice

On 11/13/06, Matej Knopp [EMAIL PROTECTED] wrote:
 I've tested this with current 1.3 and couldn't reproduce this. Can you
 please provide a quick-start project? I'd be more than happy to look
 into it.

 -Matej

 Maurice Marrink wrote:
  I am using wicket:1.3-incubating-20061113.111007-1 and also have this
  problem with javascript not being rendered the second time.
  I render a new page and all is rendered fine. i click on a link to
  open a new page. there i click on a link that brings me back to the
  previous page instance. The javascript in the header is missing the
  second time.
 
  Anybody have a solution yet?
 
  Maurice
 
  On 11/10/06, Matej Knopp [EMAIL PROTECTED] wrote:
  That's weird. Which wicket version are you using? Seems that Wicket 1.x
  has already become 1.3 and the latest revision is 473519.
 
  Wicket 1.2 has it's own branch now.
 
  Are you sure you're using the apache repository?
 
  -Matej
 
  Erik van Oosten wrote:
  Hello,
 
  Something is going wrong with my header contributions. A css that was
  added like this
  add(HeaderContributor.forCss(MyPage.class, MyPage.css));
  are only rendered once and then never again.
 
  To be precise:
  - I start jetty.
  - I request the page (it is bookmarkable).
  - I get redirected to the signin page, I log in.
  - The page is displayed correct (with the css).
  - I press reload and the css is gone. The link is actually not in the
  header.
  - Press reload another 50 times, no more css.
 
  I have also seen another scenario: the first time the page is rendered
  it misses the css, the second time it is present and in all following
  renderings it is gone.
  All css added with wicket:head/wicket:link elements renders fine.
 
  I am using Wicket 1.x, revision 470570 (at moment of writing the latest
  revision of 1.x).
 
  Any ideas on what it is going on here?
 
  Regards,
   Erik.
 
 
 
 
  -
  Using Tomcat but need to do more? Need to support web services, security?
  Get stuff done quickly with pre-integrated technology to make your job 
  easier
  Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
  http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 
 
  -
  Using Tomcat but need to do more? Need to support web services, security?
  Get stuff done quickly with pre-integrated technology to make your job 
  easier
  Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
  http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 


 -
 Using Tomcat but need to do more? Need to support web services, security?
 Get stuff done quickly with pre-integrated technology to make your job easier
 Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
 http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Header contribution not always rendered

2006-11-14 Thread Maurice Marrink

Ok

I just finished a simple quickstart showing the problem.
you can get it here https://issues.apache.org/jira/browse/WICKET-68.

Maurice

On 11/14/06, Maurice Marrink [EMAIL PROTECTED] wrote:
 Its not just pages, i have a panel that adds some javascript to the
 header which suffers from this problem.

 Matej, ill see if i can put something together.

 Maurice

 On 11/13/06, Matej Knopp [EMAIL PROTECTED] wrote:
  I've tested this with current 1.3 and couldn't reproduce this. Can you
  please provide a quick-start project? I'd be more than happy to look
  into it.
 
  -Matej
 
  Maurice Marrink wrote:
   I am using wicket:1.3-incubating-20061113.111007-1 and also have this
   problem with javascript not being rendered the second time.
   I render a new page and all is rendered fine. i click on a link to
   open a new page. there i click on a link that brings me back to the
   previous page instance. The javascript in the header is missing the
   second time.
  
   Anybody have a solution yet?
  
   Maurice
  
   On 11/10/06, Matej Knopp [EMAIL PROTECTED] wrote:
   That's weird. Which wicket version are you using? Seems that Wicket 1.x
   has already become 1.3 and the latest revision is 473519.
  
   Wicket 1.2 has it's own branch now.
  
   Are you sure you're using the apache repository?
  
   -Matej
  
   Erik van Oosten wrote:
   Hello,
  
   Something is going wrong with my header contributions. A css that was
   added like this
   add(HeaderContributor.forCss(MyPage.class, MyPage.css));
   are only rendered once and then never again.
  
   To be precise:
   - I start jetty.
   - I request the page (it is bookmarkable).
   - I get redirected to the signin page, I log in.
   - The page is displayed correct (with the css).
   - I press reload and the css is gone. The link is actually not in the
   header.
   - Press reload another 50 times, no more css.
  
   I have also seen another scenario: the first time the page is rendered
   it misses the css, the second time it is present and in all following
   renderings it is gone.
   All css added with wicket:head/wicket:link elements renders fine.
  
   I am using Wicket 1.x, revision 470570 (at moment of writing the latest
   revision of 1.x).
  
   Any ideas on what it is going on here?
  
   Regards,
Erik.
  
  
  
  
   -
   Using Tomcat but need to do more? Need to support web services, security?
   Get stuff done quickly with pre-integrated technology to make your job 
   easier
   Download IBM WebSphere Application Server v.1.0.1 based on Apache 
   Geronimo
   http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
   ___
   Wicket-user mailing list
   Wicket-user@lists.sourceforge.net
   https://lists.sourceforge.net/lists/listinfo/wicket-user
  
  
   -
   Using Tomcat but need to do more? Need to support web services, security?
   Get stuff done quickly with pre-integrated technology to make your job 
   easier
   Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
   http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
   ___
   Wicket-user mailing list
   Wicket-user@lists.sourceforge.net
   https://lists.sourceforge.net/lists/listinfo/wicket-user
  
 
 
  -
  Using Tomcat but need to do more? Need to support web services, security?
  Get stuff done quickly with pre-integrated technology to make your job 
  easier
  Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
  http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 


-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Header contribution not always rendered

2006-11-13 Thread Maurice Marrink

I am using wicket:1.3-incubating-20061113.111007-1 and also have this
problem with javascript not being rendered the second time.
I render a new page and all is rendered fine. i click on a link to
open a new page. there i click on a link that brings me back to the
previous page instance. The javascript in the header is missing the
second time.

Anybody have a solution yet?

Maurice

On 11/10/06, Matej Knopp [EMAIL PROTECTED] wrote:
 That's weird. Which wicket version are you using? Seems that Wicket 1.x
 has already become 1.3 and the latest revision is 473519.

 Wicket 1.2 has it's own branch now.

 Are you sure you're using the apache repository?

 -Matej

 Erik van Oosten wrote:
  Hello,
 
  Something is going wrong with my header contributions. A css that was
  added like this
  add(HeaderContributor.forCss(MyPage.class, MyPage.css));
  are only rendered once and then never again.
 
  To be precise:
  - I start jetty.
  - I request the page (it is bookmarkable).
  - I get redirected to the signin page, I log in.
  - The page is displayed correct (with the css).
  - I press reload and the css is gone. The link is actually not in the
  header.
  - Press reload another 50 times, no more css.
 
  I have also seen another scenario: the first time the page is rendered
  it misses the css, the second time it is present and in all following
  renderings it is gone.
  All css added with wicket:head/wicket:link elements renders fine.
 
  I am using Wicket 1.x, revision 470570 (at moment of writing the latest
  revision of 1.x).
 
  Any ideas on what it is going on here?
 
  Regards,
   Erik.
 
 
 


 -
 Using Tomcat but need to do more? Need to support web services, security?
 Get stuff done quickly with pre-integrated technology to make your job easier
 Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
 http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Header contribution not always rendered

2006-11-13 Thread Maurice Marrink

Unfortunately this is not an option for me as the javascript is
generated dynamically by the java code.

Maurice

On 11/13/06, Erik van Oosten [EMAIL PROTECTED] wrote:
 My current workaround is to include the reference in the markup with
 wicket:head tags around it.

 I am sorry I did not yet have the time to create a quickstart/unit test
 with the problem.

   Erik.


 Maurice Marrink schreef:
  I am using wicket:1.3-incubating-20061113.111007-1 and also have this
  problem with javascript not being rendered the second time.
  I render a new page and all is rendered fine. i click on a link to
  open a new page. there i click on a link that brings me back to the
  previous page instance. The javascript in the header is missing the
  second time.
 
  Anybody have a solution yet?
 
  Maurice
 
  On 11/10/06, Matej Knopp [EMAIL PROTECTED] wrote:
 
  That's weird. Which wicket version are you using? Seems that Wicket 1.x
  has already become 1.3 and the latest revision is 473519.
 
  Wicket 1.2 has it's own branch now.
 
  Are you sure you're using the apache repository?
 
  -Matej
 
  Erik van Oosten wrote:
 
  Hello,
 
  Something is going wrong with my header contributions. A css that was
  added like this
  add(HeaderContributor.forCss(MyPage.class, MyPage.css));
  are only rendered once and then never again.
 
  To be precise:
  - I start jetty.
  - I request the page (it is bookmarkable).
  - I get redirected to the signin page, I log in.
  - The page is displayed correct (with the css).
  - I press reload and the css is gone. The link is actually not in the
  header.
  - Press reload another 50 times, no more css.
 
  I have also seen another scenario: the first time the page is rendered
  it misses the css, the second time it is present and in all following
  renderings it is gone.
  All css added with wicket:head/wicket:link elements renders fine.
 
  I am using Wicket 1.x, revision 470570 (at moment of writing the latest
  revision of 1.x).
 
  Any ideas on what it is going on here?
 
  Regards,
   Erik.
 
 
 
 
  -
  Using Tomcat but need to do more? Need to support web services, security?
  Get stuff done quickly with pre-integrated technology to make your job 
  easier
  Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
  http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 
 
 
  -
  Using Tomcat but need to do more? Need to support web services, security?
  Get stuff done quickly with pre-integrated technology to make your job 
  easier
  Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
  http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 
 

 --
 Erik van Oosten
 http://www.day-to-day-stuff.blogspot.com/


 -
 Using Tomcat but need to do more? Need to support web services, security?
 Get stuff done quickly with pre-integrated technology to make your job easier
 Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
 http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authorization-question

2006-08-01 Thread Maurice Marrink

Ok, so the session is not 100% safe for attaching detaching hibernate
stuff. If there is a better place to store something like a user
object i would love to here about it.

Maurice

On 7/31/06, Johan Compagner [EMAIL PROTECTED] wrote:
 yes but with igors example it is possible
 that the session is used over multiply request we do have a lock
 But that lock doesn't lock globally over everything.
 So it is possible that it gets detached from under your nose. But that is
 not a problem
 But it is also possible that you get a user loaded by another thread ==
 hibernate session.
 Session.detach() is not called in a sync block...

 johan



 On 7/31/06, Maurice Marrink [EMAIL PROTECTED] wrote:
 
  Glad to see it was just a misunderstanding. I was afraid you guys were
 gonna tell me the world isn't flat ;)

 Maurice

 On 7/31/06, Igor Vaynberg [EMAIL PROTECTED]  wrote:
  i wasnt suggesting setting the user on request cycle, i was suggesting
  keeping the id in session and letting requestcycle hold the cache for the
  request.
 
  i didnt realize websession has attach/detach, so this can be made simpler
 
  MySession extends WebSession {
 private long userid;
 private transient User user;
 
 setUser(User u) {
   userid=u.getid();
   user=u;
 }
 
getUser() {
if (user==null) {
 user=loaduserbyid(userid);
}
return user;
}
 
detach() {
   user=null;
 
 }
 
  -Igor
 
 
  On 7/31/06, Maurice Marrink [EMAIL PROTECTED] wrote:
store is detached. second request comes in and it is dealing with
 stale
  data
unless you reload the user object.
   correct that is why you should use an imodel or come up with your own
   attach detach strategy
  
also storing imodel in session wont work because session doesnt have
 an
imodel slot so who is going to be responsible for detaching that model
  at
the end of request?
   session has an onattach and ondetach method you can use.
  
   Also the way i understand how the whole requestcycle stuff happens
   (and i know you guys know way more about that then me) is that a new
   requestcycleobject is created on every request by a factory so how is
   the current user supposed to get set on the requestcycle?
  
   Don't get me wrong i am not criticizing you guys, i am just curious as
   to how the internals of wicket operate.
  
   Maurice
  
   On 7/31/06, Igor Vaynberg  [EMAIL PROTECTED] wrote:
but we are talking about caching here. if you store the instance of
 the
  user
you loaded in session that is fine for the request that loaded it. but
  what
happens after that request ends? the session is closed, the instance
 you
store is detached. second request comes in and it is dealing with
 stale
  data
unless you reload the user object.
   
also storing imodel in session wont work because session doesnt have
 an
imodel slot so who is going to be responsible for detaching that model
  at
the end of request?
   
-Igor
   
   
   
 On 7/31/06, Maurice Marrink  [EMAIL PROTECTED] wrote:

 true, but shouldn't the lock on the session prevent that in like 95%
of all the cases?
   
Maurice
   
On 7/31/06, Johan Compagner [EMAIL PROTECTED] wrote:
  A session can be used by multiply threads/request
 So it will be detached by those when they are finished.
 So another request can be busy with it while another calls detach on
  it.

 johan



  On 7/31/06, Maurice Marrink  [EMAIL PROTECTED] wrote:
  i wouldn't recommend doing this in session because user entity
 will
   become detached, i would instead do it in the requestcycle so
 the
  user is loaded once per request
  Yeah are you sure about this Igor? because we are also attaching
 our
  user object (hibernate object) to our session, lazy loading it
  whenever needed. And we have not noticed it getting detached
 before
  the end of the request. Mats i guess this also answers your
 question
  about if it is possible to put an imodel in the session. however
 if
  you are really concerned about the db access every time you could
  always store the team id in the session.
 
  Maurice
 
  On 7/31/06, Mats Norén  [EMAIL PROTECTED]  wrote:
   On 7/31/06, Igor Vaynberg [EMAIL PROTECTED] wrote:
i wouldnt recommend doint this in session because user entity
  will
 become
detached, i would instead do it in the requestcycle so the
 user
  is
 loaded
once per request
  
   It is? I've used a User-object in session and I haven't noticed
  that
   it gets detached I guess I'll have to look into to that.
  
   Can I still have a getUser() method in Session that in turn uses
  the
 code below?
  
   I think I saw an example (could have been in databinder) where a
   IModel was stored in session. Is that an alternative

Re: [Wicket-user] Authorization-question

2006-07-31 Thread Maurice Marrink

i wouldn't recommend doing this in session because user entity will
become detached, i would instead do it in the requestcycle so the
user is loaded once per request
Yeah are you sure about this Igor? because we are also attaching our
user object (hibernate object) to our session, lazy loading it
whenever needed. And we have not noticed it getting detached before
the end of the request. Mats i guess this also answers your question
about if it is possible to put an imodel in the session. however if
you are really concerned about the db access every time you could
always store the team id in the session.

Maurice

On 7/31/06, Mats Norén [EMAIL PROTECTED] wrote:
 On 7/31/06, Igor Vaynberg [EMAIL PROTECTED] wrote:
  i wouldnt recommend doint this in session because user entity will become
  detached, i would instead do it in the requestcycle so the user is loaded
  once per request

 It is? I've used a User-object in session and I haven't noticed that
 it gets detached I guess I'll have to look into to that.

 Can I still have a getUser() method in Session that in turn uses the code 
 below?

 I think I saw an example (could have been in databinder) where a
 IModel was stored in session. Is that an alternative?

  ((MyRequestCycle)RequestCycle.get()).getUser();
 
  MyRequestCycle {
  private transient User user;
 
getuser() { if (user==null) { user=loaduser(session.get().getuserid()); }
onendrequest() { user=null; }
  }
 
  -Igor
 

 /Mats

 -
 Take Surveys. Earn Cash. Influence the Future of IT
 Join SourceForge.net's Techsay panel and you'll get the chance to share your
 opinions on IT  business topics through brief surveys -- and earn cash
 http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user


-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authorization-question

2006-07-31 Thread Maurice Marrink

true, but shouldn't the lock on the session prevent that in like 95%
of all the cases?

Maurice

On 7/31/06, Johan Compagner [EMAIL PROTECTED] wrote:
 A session can be used by multiply threads/request
 So it will be detached by those when they are finished.
 So another request can be busy with it while another calls detach on it.

 johan



  On 7/31/06, Maurice Marrink [EMAIL PROTECTED] wrote:
  i wouldn't recommend doing this in session because user entity will
  become detached, i would instead do it in the requestcycle so the
  user is loaded once per request
  Yeah are you sure about this Igor? because we are also attaching our
  user object (hibernate object) to our session, lazy loading it
  whenever needed. And we have not noticed it getting detached before
  the end of the request. Mats i guess this also answers your question
  about if it is possible to put an imodel in the session. however if
  you are really concerned about the db access every time you could
  always store the team id in the session.
 
  Maurice
 
  On 7/31/06, Mats Norén [EMAIL PROTECTED]  wrote:
   On 7/31/06, Igor Vaynberg [EMAIL PROTECTED] wrote:
i wouldnt recommend doint this in session because user entity will
 become
detached, i would instead do it in the requestcycle so the user is
 loaded
once per request
  
   It is? I've used a User-object in session and I haven't noticed that
   it gets detached I guess I'll have to look into to that.
  
   Can I still have a getUser() method in Session that in turn uses the
 code below?
  
   I think I saw an example (could have been in databinder) where a
   IModel was stored in session. Is that an alternative?
  
((MyRequestCycle)RequestCycle.get()).getUser();
   
MyRequestCycle {
private transient User user;
   
  getuser() { if (user==null) { user=loaduser(
 session.get().getuserid()); }
  onendrequest() { user=null; }
}
   
-Igor
   
  
   /Mats
  
  
 -
   Take Surveys. Earn Cash. Influence the Future of IT
   Join SourceForge.net's Techsay panel and you'll get the chance to share
 your
   opinions on IT  business topics through brief surveys -- and earn cash
  
 http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
   ___
   Wicket-user mailing list
   Wicket-user@lists.sourceforge.net
  
 https://lists.sourceforge.net/lists/listinfo/wicket-user
  
 
 
 -
  Take Surveys. Earn Cash. Influence the Future of IT
  Join SourceForge.net's Techsay panel and you'll get the chance to share
 your
  opinions on IT  business topics through brief surveys -- and earn cash
 
 http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 


 -
 Take Surveys. Earn Cash. Influence the Future of IT
 Join SourceForge.net's Techsay panel and you'll get the chance to share your
 opinions on IT  business topics through brief surveys -- and earn cash
 http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user




-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authorization-question

2006-07-31 Thread Maurice Marrink

 store is detached. second request comes in and it is dealing with stale data
 unless you reload the user object.
correct that is why you should use an imodel or come up with your own
attach detach strategy

 also storing imodel in session wont work because session doesnt have an
 imodel slot so who is going to be responsible for detaching that model at
 the end of request?
session has an onattach and ondetach method you can use.

Also the way i understand how the whole requestcycle stuff happens
(and i know you guys know way more about that then me) is that a new
requestcycleobject is created on every request by a factory so how is
the current user supposed to get set on the requestcycle?

Don't get me wrong i am not criticizing you guys, i am just curious as
to how the internals of wicket operate.

Maurice

On 7/31/06, Igor Vaynberg [EMAIL PROTECTED] wrote:
 but we are talking about caching here. if you store the instance of the user
 you loaded in session that is fine for the request that loaded it. but what
 happens after that request ends? the session is closed, the instance you
 store is detached. second request comes in and it is dealing with stale data
 unless you reload the user object.

 also storing imodel in session wont work because session doesnt have an
 imodel slot so who is going to be responsible for detaching that model at
 the end of request?

 -Igor



  On 7/31/06, Maurice Marrink [EMAIL PROTECTED] wrote:
 
  true, but shouldn't the lock on the session prevent that in like 95%
 of all the cases?

 Maurice

 On 7/31/06, Johan Compagner [EMAIL PROTECTED] wrote:
   A session can be used by multiply threads/request
  So it will be detached by those when they are finished.
  So another request can be busy with it while another calls detach on it.
 
  johan
 
 
 
   On 7/31/06, Maurice Marrink [EMAIL PROTECTED] wrote:
   i wouldn't recommend doing this in session because user entity will
become detached, i would instead do it in the requestcycle so the
   user is loaded once per request
   Yeah are you sure about this Igor? because we are also attaching our
   user object (hibernate object) to our session, lazy loading it
   whenever needed. And we have not noticed it getting detached before
   the end of the request. Mats i guess this also answers your question
   about if it is possible to put an imodel in the session. however if
   you are really concerned about the db access every time you could
   always store the team id in the session.
  
   Maurice
  
   On 7/31/06, Mats Norén  [EMAIL PROTECTED]  wrote:
On 7/31/06, Igor Vaynberg [EMAIL PROTECTED] wrote:
 i wouldnt recommend doint this in session because user entity will
  become
 detached, i would instead do it in the requestcycle so the user is
  loaded
 once per request
   
It is? I've used a User-object in session and I haven't noticed that
it gets detached I guess I'll have to look into to that.
   
Can I still have a getUser() method in Session that in turn uses the
  code below?
   
I think I saw an example (could have been in databinder) where a
IModel was stored in session. Is that an alternative?
   
 ((MyRequestCycle)RequestCycle.get()).getUser();

 MyRequestCycle {
 private transient User user;

   getuser() { if (user==null) { user=loaduser(
  session.get().getuserid()); }
   onendrequest() { user=null; }
 }

 -Igor

   
/Mats
   
   
 
 -
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net 's Techsay panel and you'll get the chance to
 share
  your
opinions on IT  business topics through brief surveys -- and earn
 cash
   
 
 http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
   
  https://lists.sourceforge.net/lists/listinfo/wicket-user
   
  
  
 
 -
   Take Surveys. Earn Cash. Influence the Future of IT
   Join SourceForge.net's Techsay panel and you'll get the chance to share
  your
   opinions on IT  business topics through brief surveys -- and earn cash
  
 
 http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
   ___
   Wicket-user mailing list
   Wicket-user@lists.sourceforge.net
  
 https://lists.sourceforge.net/lists/listinfo/wicket-user
  
 
 
 
 -
  Take Surveys. Earn Cash. Influence the Future of IT
  Join SourceForge.net's Techsay panel and you'll get the chance to share
 your
  opinions on IT  business topics through brief surveys -- and earn cash
 
 http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

Re: [Wicket-user] Custom number formatting

2006-07-31 Thread Maurice Marrink

You need 3 classes for this. 1 class to convert from string to number.
1 class to convert from number to string. and 1 converterfactory with
both classes registered for your number type.

for instance

private static final class IridiumConverterFactory implements IConverterFactory
{
public IConverter newConverter(Locale locale)
{

DateFormat dateFormat = new 
SimpleDateFormat(dd-MM-);
Locale nl = new Locale(nl, NL);
DateConverter dateConverter = new DateConverter();
dateConverter.setDateFormat(nl, dateFormat);
StringConverter stringConverter = new StringConverter();

DateToStringConverter dateToStringConverter = new 
DateToStringConverter();
dateToStringConverter.setDateFormat(nl, dateFormat);


stringConverter.set(java.util.Date.class, 
dateToStringConverter);
stringConverter.set(java.sql.Date.class, 
dateToStringConverter);
stringConverter.set(java.sql.Timestamp.class, 
dateToStringConverter);

DoubleConverter doubleConverter = new DoubleConverter();

Converter converter = new Converter(locale);
converter.set(java.sql.Timestamp.class, dateConverter);
converter.set(java.sql.Date.class, dateConverter);
converter.set(java.util.Date.class, dateConverter);
converter.set(String.class, stringConverter);
converter.set(Double.class, doubleConverter);

TimeConverter timeConverter = new TimeConverter();
converter.set(Time.class, timeConverter);

return converter;
}
}

Then set this factory in your application.init() like this
applicationSettings.setConverterFactory(new IridiumConverterFactory());
A good starting point for your string to number converter is either
AbstractDecimalConverter or AbstractNumberConverter.

Maurice

On 7/31/06, Paolo Di Tommaso [EMAIL PROTECTED] wrote:
 I need to implement a special numbers formatting in my wicket application.

 Basically I have to round number to the first digit and use a blank space as
 thousand separator.

 For example instead to display number like '1, 000.33' it is required to
 display (and user will input) '1 000'.

 I can do that in Wicket?

 Thank for helping.

 -- Paolo





 -
 Take Surveys. Earn Cash. Influence the Future of IT
 Join SourceForge.net's Techsay panel and you'll get the chance to share your
 opinions on IT  business topics through brief surveys -- and earn cash
 http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user




-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Authorization-question

2006-07-31 Thread Maurice Marrink

Glad to see it was just a misunderstanding. I was afraid you guys were
gonna tell me the world isn't flat ;)

Maurice

On 7/31/06, Igor Vaynberg [EMAIL PROTECTED] wrote:
 i wasnt suggesting setting the user on request cycle, i was suggesting
 keeping the id in session and letting requestcycle hold the cache for the
 request.

 i didnt realize websession has attach/detach, so this can be made simpler

 MySession extends WebSession {
private long userid;
private transient User user;

setUser(User u) {
  userid=u.getid();
  user=u;
}

   getUser() {
   if (user==null) {
user=loaduserbyid(userid);
   }
   return user;
   }

   detach() {
  user=null;

}

 -Igor


 On 7/31/06, Maurice Marrink [EMAIL PROTECTED] wrote:
   store is detached. second request comes in and it is dealing with stale
 data
   unless you reload the user object.
  correct that is why you should use an imodel or come up with your own
  attach detach strategy
 
   also storing imodel in session wont work because session doesnt have an
   imodel slot so who is going to be responsible for detaching that model
 at
   the end of request?
  session has an onattach and ondetach method you can use.
 
  Also the way i understand how the whole requestcycle stuff happens
  (and i know you guys know way more about that then me) is that a new
  requestcycleobject is created on every request by a factory so how is
  the current user supposed to get set on the requestcycle?
 
  Don't get me wrong i am not criticizing you guys, i am just curious as
  to how the internals of wicket operate.
 
  Maurice
 
  On 7/31/06, Igor Vaynberg  [EMAIL PROTECTED] wrote:
   but we are talking about caching here. if you store the instance of the
 user
   you loaded in session that is fine for the request that loaded it. but
 what
   happens after that request ends? the session is closed, the instance you
   store is detached. second request comes in and it is dealing with stale
 data
   unless you reload the user object.
  
   also storing imodel in session wont work because session doesnt have an
   imodel slot so who is going to be responsible for detaching that model
 at
   the end of request?
  
   -Igor
  
  
  
On 7/31/06, Maurice Marrink [EMAIL PROTECTED] wrote:
   
true, but shouldn't the lock on the session prevent that in like 95%
   of all the cases?
  
   Maurice
  
   On 7/31/06, Johan Compagner [EMAIL PROTECTED] wrote:
 A session can be used by multiply threads/request
So it will be detached by those when they are finished.
So another request can be busy with it while another calls detach on
 it.
   
johan
   
   
   
 On 7/31/06, Maurice Marrink  [EMAIL PROTECTED] wrote:
 i wouldn't recommend doing this in session because user entity will
  become detached, i would instead do it in the requestcycle so the
 user is loaded once per request
 Yeah are you sure about this Igor? because we are also attaching our
 user object (hibernate object) to our session, lazy loading it
 whenever needed. And we have not noticed it getting detached before
 the end of the request. Mats i guess this also answers your question
 about if it is possible to put an imodel in the session. however if
 you are really concerned about the db access every time you could
 always store the team id in the session.

 Maurice

 On 7/31/06, Mats Norén  [EMAIL PROTECTED]  wrote:
  On 7/31/06, Igor Vaynberg [EMAIL PROTECTED] wrote:
   i wouldnt recommend doint this in session because user entity
 will
become
   detached, i would instead do it in the requestcycle so the user
 is
loaded
   once per request
 
  It is? I've used a User-object in session and I haven't noticed
 that
  it gets detached I guess I'll have to look into to that.
 
  Can I still have a getUser() method in Session that in turn uses
 the
code below?
 
  I think I saw an example (could have been in databinder) where a
  IModel was stored in session. Is that an alternative?
 
   ((MyRequestCycle)RequestCycle.get()).getUser();
  
   MyRequestCycle {
   private transient User user;
  
 getuser() { if (user==null) { user=loaduser(
session.get().getuserid()); }
 onendrequest() { user=null; }
   }
  
   -Igor
  
 
  /Mats
 
 
   
  
 -
  Take Surveys. Earn Cash. Influence the Future of IT
  Join SourceForge.net 's Techsay panel and you'll get the chance to
   share
your
  opinions on IT  business topics through brief surveys -- and earn
   cash
 
   
  
 http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net

Re: [Wicket-user] Deployment / Development mode

2006-07-21 Thread Maurice Marrink

Johan, I don't know what you have been drinking, but it must have
contained alot of alcohol ;).

To determine at runtime if the application is running in development
mode we use the following code in Application.init. Note that this
code runs before super.init(), unfortunately we cannot place this code
in the constructor because it uses some field that have not been set
at that time.

WicketServlet wicketServlet = getWicketServlet();
String configuration =
wicketServlet.getInitParameter(Application.CONFIGURATION);
if (configuration == null)
configuration =
wicketServlet.getServletContext().getInitParameter(Application.CONFIGURATION);
development = configuration != null 
configuration.equals(Application.DEVELOPMENT);

development is a global boolean field we added so we can now ask the
application at anytime if we are in development mode.
This code btw came from Johan.

On 7/21/06, Johan Compagner [EMAIL PROTECTED] wrote:
 The problem is that you want to know at code time

 This is also something Maurice wanted to know. He does it do now by checking
 another value
 that he knows is there in development but not in deployment.

 johan



 On 7/21/06, Martijn Dashorst [EMAIL PROTECTED] wrote:
  I think it is logged in the log4j log.
 
  Martijn
 
  On 7/21/06, Johan Compagner [EMAIL PROTECTED] wrote:
   This can't be done that easily at the moment.
   If you don't alter this:
   getAjaxSettings().setAjaxDebugModeEnabled(true);
   yourself then you could ask for the ajax debug model enable property..
  
   We should have an settings.getModel() i guess would be nice.
   Can you make a RFE for this?
  
   johan
  
  
  
   On 7/21/06, Paolo Di Tommaso  [EMAIL PROTECTED] wrote:
   
  
   How to know if an application is in Deployment or Development mode?
  
   Thank for helping.
  
   - Paolo
  
  
  
 -
   Take Surveys. Earn Cash. Influence the Future of IT
   Join SourceForge.net's Techsay panel and you'll get the chance to share
 your
   opinions on IT  business topics through brief surveys -- and earn cash
  
 http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
  
   ___
   Wicket-user mailing list
Wicket-user@lists.sourceforge.net
  
 https://lists.sourceforge.net/lists/listinfo/wicket-user
  
  
  
  
  
 -
   Take Surveys. Earn Cash. Influence the Future of IT
   Join SourceForge.net's Techsay panel and you'll get the chance to share
 your
   opinions on IT  business topics through brief surveys -- and earn cash
  
 http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
  
   ___
   Wicket-user mailing list
   Wicket-user@lists.sourceforge.net
  
 https://lists.sourceforge.net/lists/listinfo/wicket-user
  
  
  
 
 
  --
  Download Wicket 1.2 now! Write Ajax applications without touching
 JavaScript!
  -- http://wicketframework.org
 
 
 -
  Take Surveys. Earn Cash. Influence the Future of IT
  Join SourceForge.net's Techsay panel and you'll get the chance to share
 your
  opinions on IT  business topics through brief surveys -- and earn cash
 
 http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 


 -
 Take Surveys. Earn Cash. Influence the Future of IT
 Join SourceForge.net's Techsay panel and you'll get the chance to share your
 opinions on IT  business topics through brief surveys -- and earn cash
 http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user




-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Sessions?

2006-05-16 Thread Maurice Marrink


The wicket way of storing objects in your session is by extending the
wicket session. For example if you want to store somekind of User
object in your session, you would create a getter and setter for it in
your custom wicket session.
For wicket to work with your custom session you should either
overwrite newSession() in WebApplication or provide your own
ISessionFactory.

Maurice

On 5/16/06, Nino Wael [EMAIL PROTECTED] wrote:




Hi



I have an object I would like to have stored in session, so that I may pass
it between pages. I've been looking at some sniplets and created this code
for setting the object:



HttpServletRequest request =
((WebRequest)RequestCycle.get().getRequest()).getHttpServletRequest();



request.setAttribute(here, Hello world);



I am setting the value on the base of a panel which holds a button that
contains the below code in a onsubmit override.



And this piece for getting the value:



HttpServletRequest request = ((WebRequest)
RequestCycle.get().getRequest()).getHttpServletRequest();

String Message = (String) request.getAttribute(here);

info(Message);



I am getting the value on a onsubmit of a button.



However my String(message) are null how can that be, does it have something
to do with the scope?? If I paste the getting code in the same place as my
setting code it works just fine.





I do also feel that this is not 100% the wicket way to do it, so I must have
overlooked the better way?







---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid0709bid3057dat1642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] More on refreshing page contents

2006-04-04 Thread Maurice Marrink

Hi,

I am also wrestling with the matrix beast and am still exploring my options.
However i might be able to help you out.
In your code the label is given a string as diplay value. This string
is not updated when the item model is. So you should give the label
the model of the item.
If you want some fancy numberformatting to take place you can always
overwrite the getConverter() method of your label to convert the
bigdecimal to a string there.

Hope this helps.

Maurice

On 4/4/06, Anders Peterson [EMAIL PROTECTED] wrote:
 Hi All,

 With one page I'm displaying a matrix of numbers and I have a problem
 updating/refreshing it. I roughly understand why it doesn't work, but I
 don't know what the best/correct way to make it work is.

 Basically I have a ListView of rows and the last column in each row is
 in turn a ListView creating more columns to the right. That final
 ListView is implemented with the code you can see below.

 How was I supposed to have done this to have updating/refreshing happen
 as automagically as possible?

 (I'm using Wicket 1.1.1)

 /Anders

 ListView tmpCorrList = new ListView(ID_CORRELATIONS,
 tmpInstrument.getCorrelations()) {

BigDecimal tmpCoefficient;

public void populateItem(final ListItem anItem) {

tmpCoefficient = (BigDecimal) anItem.getModelObject();

anItem.add(new Label(ID_COEFFICIENT, tmpCoefficient.toString()));

 }


 ---
 This SF.Net email is sponsored by xPML, a groundbreaking scripting language
 that extends applications into web and mobile media. Attend the live webcast
 and join the prime developer group breaking into this new coding territory!
 http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user



---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] adding required validator to a a component in the list view

2006-04-03 Thread Maurice Marrink

Unless i am mistaken, wicket searches for several keys. You should be
able to use myPanel.firstName or simply firstName.

Maurice

On 4/3/06, Dipu [EMAIL PROTECTED] wrote:

 Hi ,

 Is there a way to add required validator to a component in the list view
 If i add a required validator to a component in the list view how will i
 specify the resource key in the properties file.


 With  the current version wicket is complaining with the following message.
 Caused by: java.util.MissingResourceException: Unable to
 find resource: RequiredValidator for component:
 myForm:myList:0:myPanel:firstName

 Thanks
 Dipu



---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] IAuthorizationStrategy and TabbedPanel

2006-03-14 Thread Maurice Marrink

dammit johan why did you have to reply so fast, i was writing an entire novel :P
Well perhaps i can elaborate some more on your short answer.
isInstantiationAuthorized is only called when the constructor is used.
So if you created all the tabs up front in your page's constructor
they won't get called when you change panels. If you create the new
panel when you switch panels it should work, but like johna said you
are better of not showing the link that will switch to that panel at
all. to do that you need to use the isActionAuthorized method from the
IAuthorisation strategy and check for an action of RENDER on that
link.
Or if you do want to show the link just not be able to click it you
should check for ENABLE.

Maurice

On 3/14/06, Johan Compagner [EMAIL PROTECTED] wrote:
 then you already did create that panel
 But in my eyes the problem is earlier.. Why can you click on the link that
 makes that tab panel visible?
 The link shouldn't be there..

 johan



 On 3/14/06, R.A [EMAIL PROTECTED] wrote:
 
  Hi,
 
  I have a question about IAuthorizationStrategy.
  I create a class for authentication that implements
 IAuthorizationStrategy.
  isInstantiationAuthorized in the class is not called when jump one Panel
  to another Panel using TabbedPanel in one WebPage class.
  I want to autenticate when using TabbedPanel too.
  How do I do?
 
  I use wickt1.2-beta1.
 
  Thank you.
  R.A
  --
  View this message in context:
 http://www.nabble.com/IAuthorizationStrategy-and-TabbedPanel-t1277505.html#a3393074
  Sent from the Wicket - User forum at Nabble.com.
 
 
 
  ---
  This SF.Net email is sponsored by xPML, a groundbreaking scripting
 language
  that extends applications into web and mobile media. Attend the live
 webcast
  and join the prime developer group breaking into this new coding
 territory!
 
 http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 




---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] IAuthorizationStrategy and TabbedPanel

2006-03-14 Thread Maurice Marrink

Then you need as johan and i both said: authorize on the link click
just have your strategy check the ENABLE action in the
isActionAuthorized method for those tab links. there you should check
if they have enough points and if not throw an exception to redirect
the to a page explaining why they can not click on that tab.

Also i think you should put this same check on the RENDER action that
way once it has been established the user does not have enough points
the tab won't show up again.

Maurice

On 3/14/06, R.A [EMAIL PROTECTED] wrote:

 Hi Maurice and Johan,

 I understand you both.
 I spell out.
 One of my authenticate logic is whether logged in user can to use my
 services, for example the user has enough points or not.
 If user's points are not enough, I shut the user out of some service.
 User's points are in the database and fluctuant by another system.
 So I want to check user's points every time user accesses a page and tab
 panel.
 Even if when the user accesses first tab the user's points are enough, the
 user's points may not enough when the user accesses second tab.
 I want to authenticate every click tab link.

 Thank you.
 R.A
 --
 View this message in context: 
 http://www.nabble.com/IAuthorizationStrategy-and-TabbedPanel-t1277505.html#a3394354
 Sent from the Wicket - User forum at Nabble.com.



 ---
 This SF.Net email is sponsored by xPML, a groundbreaking scripting language
 that extends applications into web and mobile media. Attend the live webcast
 and join the prime developer group breaking into this new coding territory!
 http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user



---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] IAuthorizationStrategy and TabbedPanel

2006-03-14 Thread Maurice Marrink

isActionAuthorized is called for each component at render time and in
case of a link when it is clicked.
And yes you should use the component argument to determine if it is
one of your tabs or not.

Maurice

On 3/14/06, R.A [EMAIL PROTECTED] wrote:

 Hi Maurice,

 I tried follow your advice.
 In the case of onRender achieved I a desired result. Thank you!
 But is isActionAuthorized method called by an increment of components in the
 page?
 For authentication I ask the database access and I would not like to
 increase it.
 Or is it necessary to determin whether Component argument of
 isActionAuthorized is tab or not?

 Thank you.
 R.A
 --
 View this message in context: 
 http://www.nabble.com/IAuthorizationStrategy-and-TabbedPanel-t1277505.html#a3395275
 Sent from the Wicket - User forum at Nabble.com.



 ---
 This SF.Net email is sponsored by xPML, a groundbreaking scripting language
 that extends applications into web and mobile media. Attend the live webcast
 and join the prime developer group breaking into this new coding territory!
 http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user



---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Get version of Wicket from program

2006-03-07 Thread Maurice Marrink

Codesource should never be null, if you class is in a jar file,
codesource points to the jar.
else it might point to a directory where your class files can be found
(or in subdirs thereof). if none of the above is available it will
point to the classfile itself.

But perhaps Martijn can tell you how he did it, i know he did it for
our project but can't seem to find where.

Maurice

On 3/7/06, Joni Suominen [EMAIL PROTECTED] wrote:
 On Tue, 2006-03-07 at 10:27 +0100, Juergen Donnerstag wrote:
  Do you know how to access that information?  How do you get the jar
  file name a specific class has been loaded from?

 getClass().getProtectionDomain().getCodeSource().getLocation() gives you
 the location where the class was loaded from. I don't know in which
 situations the CodeSource may be null, though.

 Joni



 ---
 This SF.Net email is sponsored by xPML, a groundbreaking scripting language
 that extends applications into web and mobile media. Attend the live webcast
 and join the prime developer group breaking into this new coding territory!
 http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user



---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Wicket and JAAS integration

2006-03-02 Thread Maurice Marrink

I don't believe letting the webcontainer handle all the security has
come up on the mailing before. So i am afraid i cannot help you there.
However i have build a jaas securityframework for wicket (1.2)
allowing your wicket app to control what pages/ components are
displayed based on the information in your policy file. If you are
interested in that i could send you a jar.

Maurice

On 3/2/06, Piotr Bzdyl [EMAIL PROTECTED] wrote:
 Hello,

 How can I integrate wicket with the JAAS? I mean configuring web.xml
 with following configuration:

 security-constraint
web-resource-collection
  web-resource-nameMySystem authorized area/web-resource-name
  url-pattern/app/*/url-pattern
  http-methodDELETE/http-method
  http-methodGET/http-method
  http-methodPOST/http-method
  http-methodPUT/http-method
/web-resource-collection
auth-constraint
  role-nameMySystemUser/role-name
/auth-constraint
user-data-constraint
  transport-guarantee
NONE
  /transport-guarantee
/user-data-constraint
  /security-constraint
  login-config
auth-methodFORM/auth-method
realm-nameMySystem/realm-name
form-login-config
  form-login-page/login.html/form-login-page
  form-error-page/loginFailed.html/form-error-page
/form-login-config
  /login-config
  security-role
role-nameMySystemUser/role-name
  /security-role

 Another concern is what to do if I want to let the user to access my
 wicket home page but restrict access to other pages using container
 authorization?

 Best regards,
 Piotr


 ---
 This SF.Net email is sponsored by xPML, a groundbreaking scripting language
 that extends applications into web and mobile media. Attend the live webcast
 and join the prime developer group breaking into this new coding territory!
 http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user



---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Detachable resources

2006-02-27 Thread Maurice Marrink

I think he is already doing that johan, hence the question about the
re-attaching.
Although there seems to be something going wrong because all models
are detatched at the end of a request (unless you are nesting models
and you don't propagate the detach call to the nested model). on
detach the loadabledetachable model should set the hibernate object to
null and only store the class and the id so when later attach is
called it can load them from the session.
That is what you usually use however if for some strange reason you
must keep the hibernateobject in your model then you have to resort to
stuff like re-attach or merge (all in the hibernate session object )
Personaly i have some experiance with re-attching hibernate objects to
the session and it is not something you can use out of the box. For
instance re-attch throws an exception if an object with the same id is
already loaded in the session (you need to do some dirty tricks to
find out if this is the case since hibernate does not have an api for
this). Re-attach only works for the hibernateobject you re-attached,
meaning if i have an object A with a list of objects of type C and a
reference to object B, after re-attching i can only safely call A and
C. if B has any lazy list they will give me an exception because they
have not been re-attched.

Maurice

On 2/24/06, Johan Compagner [EMAIL PROTECTED] wrote:
 personally i wouldn't keep hibernate objects in my models.
 Let one of the Hibernate caches do that for you down below (closer to youre
 data)
 instead of in the ui level/models.




 On 2/23/06, Gili [EMAIL PROTECTED] wrote:
 
  Ah! Thank you :)
 
  You seemed to have missed my question regarding clustering. Do I
 need
  to fully detach LoadableDetachableModel on resource close or is it
  sufficient to reattach the Hibernate objects to a new Session on the
  next request? Will the latter cause problems in clustering environments?
 
  Thank you,
  Gili
 
  Johan Compagner wrote:
   Iresourcestream.close()
  
   On 2/23/06, *Gili*  [EMAIL PROTECTED]
   mailto:[EMAIL PROTECTED] wrote:
  
  
  I meant I haved a Resource that gets its data from the
   database. So I
   wrapped my Hibernate object in a LoadableDetachableModel. Basically
   what
   I am noticing is this:
  
   1) First request comes in
   2) New Hibernate session is opened
   3) Resource.getData() gets invoked
   4) LoadableDetachableModel.attach() gets invoked and its object is
   returned. Resource uses this to generate its data.
   5) Data is returned to client, Hibernate session is closed at the
 end of
   the request (by my servlet filter)
  
   6) Second request comes in
   7) LoadableDetachableModel thinks it is still attached
   8) I try using the Hibernate object it returns but it is now
   disconnected from the Session so I have to explicitly reconnect it
 to a
   new session.
  
  Ideally I'd like to have a mechanism which lets me know when
   I should
   reconnect the Hibernate objects to the session so if
   Resource.getLength(), getData() get invoked in a single HTTP
 request, I
   only attach them to the session once.
  
  In my original image I was looking for a way to detach()
   LoadableDetachableModel at the end of each HTTP request, but I
 realize
   now this might be overkill. It is far more expensive to re-attach a
   LoadableDetachableModel than simply reattach its resulting object to
 the
   Hibernate session.
  
  So two questions:
  
   1) Is there a good reason to re-attach the LoadableDetachableModel
 at
   the beginning of each HTTP request? Or is it enough to simply
 re-attach
   the Hibernate object? Will the latter break anything in a clustering
   environment?
  
   2) Does it make sense for Wicket to provide some sort of
 mechanism/hook
   to let the resource know when the HTTP request begins/ends so it can
   reattach its model objects (if any exist) to the database?
  
   Thank you,
   Gili
  
   Johan Compagner wrote:
  i guess you are now talking about a Component that is directly
   its own
 Resource Streamer?
 of do you have Shared Resources with a detachablemodel? That
 would be
 strange because that
 doesn't make anysense for wicket (we don't attach/detach it)

 But for a component and a model impl that has the resource this
 shouldn't be a problem to begin with
 Because the stream is done in one go so contenttype, data.
 And last modified is not checked for those so only a last modifed
 request doesn't come anyway
 And if it did then still we need to detach it because over
 request
 everything needs to be detached.

 johan



 On 2/23/06, *Gili*  [EMAIL PROTECTED]
   mailto: [EMAIL

Re: [Wicket-user] I submited a new bug in wicket-1.2-20060108

2006-01-10 Thread Maurice Marrink

Maybe you remember johan and i worked on introducing a security
framework into wicket. One of the things we had (still do actually :))
was an access denied page that could be overridden by the developper.

Maurice

2006/1/10, Igor Vaynberg [EMAIL PROTECTED]:
im not a big fan of the null = continue idea since its very implicit.

-Igor

On 1/9/06, Juergen Donnerstag [EMAIL PROTECTED] wrote:
May that is how we should change it. Instead of return a boolean a
Page. If null than go on, else goto the page provided.

Juergen

On 1/9/06, Johan Compagner [EMAIL PROTECTED] wrote:
What do you expect it should do?
Just an empty page? Or an internal error page?

If you look at the signin examples you see that we set a response page:
redirectToInterceptPage(newPage(SignIn2.class));

So if you don't set any response page but do return false.
What should the framework do?

johan

On 1/9/06, pepone pepone [EMAIL PROTECTED] wrote:
wicket-1.2-20060108
Page renders when checkAccess returns false

http://sourceforge.net/tracker/index.php?func=detailaid=1400643group_id=119783atid=684975
--
play tetris http://pepone.on-rez.com/tetris

---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD
SPLUNK!
http://ads.osdn.com/?ad_idv37alloc_id865opclick
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/wicket-user

---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37alloc_id865opclick
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37alloc_id865op=click
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] After redirection doRender() still called

2005-12-25 Thread Maurice Marrink

you could use an IAuthorizationStrategy to perform a check at the
constructor of your page.
This is from the java doc
/**
 * Authorization strategies control on a low level how authorization is implied.
 * A strategy itself is generally not responsible for enforcing it. What a
 * strategy does do is tell the framework whether a component may be created
 * (especialy usefull for implementing secure bookmarkable pages and components
 * that should always be secure no matter what environment they are put it),
 * whether it may be rendered (which can result in components being 'filtered'
 * from a page, or triggering the page to not be rendered at all and redirecting
 * to a error or logon page), and whether a component may be enabled (thus
 * controlling it's reachability etc) at all.
 *
 * @author Eelco Hillenius
 * @author Jonathan Locke
 */
The only catch is that you specify the strategy application wide so
your strategy will be called for every component you create (not just
pages).
This is ofcourse not a big problem, just something i would like to see
changed (just in case you are reading this eelco ;))

2005/12/22, John Patterson [EMAIL PROTECTED]:
 Hi Wicketeers,

 I have a page which can only be viewed if the user is logged in.  If the user
 is not logged in then checkAccess() redirects to a sign in page and returns
 false.

 I moved my page building code to the onBeginRequest() method so that it is
 only called when it is really needed (ie not when the page cannot be viewed).

 However, in my original page doRender() is still called and the html is parsed
 etc.  This involves looking up data from the database which is never shown.

 Is there any way to build a page that will only be built if it is actually
 going to be displayed?

 Thanks,

 John.


 ---
 This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
 for problems?  Stop!  Download the new AJAX search engine that makes
 searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
 http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37alloc_id865op=click
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Using POJO as Model - is this right?

2005-12-22 Thread Maurice Marrink

You could always use a different model (containing just the fileupload
object) for the fileupload and the compoundmodel for the rest of the
form. then in the onsubmit you could get both models set the blob on
your pojo and save it. this way you can keep your pojo clean.

Maurice

2005/12/23, Joshua Lim [EMAIL PROTECTED]:
 Hi I have a question about using POJO as Models in wicket. BTW, love the
 framework ! I am using Hibernate 3 and Wicket 1.1

 I've got 2 POJO : Contestant -1:n- Design. I have a page which lets a
 Contestant uploads a bunch of images and each of these images are stored as
 Blobs in a database. Each image is a Design

 Here's the 'problem'

 I am setting Contestant object as the CompoundPropertyModel, which is ok.
 and everything is populated. I use a ListView to handle set of Designs
 within the form, and I have FileUploadField to handle image file uploads.

 The FileUploadField, however, will populate a FileUpload object which I had
 to add into my POJO, and onSubmit, I then populate my Bolb field...

 Question: Although it works, does this sound right in using my POJO as a
 Model? becuase I really don't like the idea of having to modify my POJO just
 to accommodate the wicket page, becasue I might have another page which may
 require a checkbox for e.g. for some other reasonand I have to modify my
 Pojo again?

 I would like to have a Pojo that is not dependant on the wicket page ... is
 this right? any advise? Am I using it correctly?

 Thanks
 Joshua






---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37alloc_id865op=click
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Hibernate transactions

2005-12-19 Thread Maurice Marrink

Actually, transactions are either committed automaticly within there
method call dao.save(someObject) or if i need to batch several
operations in 1 transaction i let the onclick event commit the
transaction for me.
public void onclick()
{
  Object obj=dao.batchLoad(id);
  dao.batchDelete(obj);
  dao.commit();
}

but thats just how we do things, remember i told you we rollback at
the end of a request. you could just as easilly commit there then you
would not have to worry about mixing transaction code all over wicket
code.

Maurice

2005/12/16, John Patterson [EMAIL PROTECTED]:

   It also creates a new transaction for every data operation which does not
   allow for making multiple operations atomic.
 
  Not true. Our base dao has methods for batching saves, updates and the
  like that use the currently running transaction, with 1 single method
  call you can then commit this transaction whenever you want.
 

 So you have transaction related methods on your DAO?

 If so the user is responsible for defining the transaction boundary's.  I
 would prefer this to be automatically handled by the container OR by some
 wicket specific handler.  Separation of concerns and all that...


 ---
 This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
 for problems?  Stop!  Download the new AJAX search engine that makes
 searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
 http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37alloc_id865op=click
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Hibernate transactions

2005-12-19 Thread Maurice Marrink

imho, your transactions should only be concerned with what happens in
event handlers (onclick/onsubmit) and not through the enitire request
cycle because anything outside the handlers should be read-only
access and thus not require a transaction.

That would indeed be desirable, however as of the latest hibernate you
are required to have atransaction at all times. Even for read only
operations. failing to do results in lazyinit exceptions from
hibernate.

Maurice

2005/12/17, Igor Vaynberg [EMAIL PROTECTED]:
 yes. considering what you are trying to do that will work.

 still not sure why you are trying to do it this way, seems silly to me to
 tie transaction handling with UI code. imho, your transactions should only
 be concerned with what happens in event handlers (onclick/onsubmit) and not
 through the enitire request cycle because anything outside the handlers
 should be read-only access and thus not require a transaction. so i think
 you are setting the boundaries a bit wide. but as i said, this is imho.

 anyway i created an example of what you want a while back - pre requestcycle
 refactoring - so if you want to take a look you can find it here

 http://www.mail-archive.com/wicket-user@lists.sourceforge.net/msg07587.html

 my approach was a bit inversed opposed to yours. i used the application to
 handle sessions and used requestcycle to signal certain events to the
 application. that way all transaction mgmt lives in the application.


 -Igor


 On 12/17/05, John Patterson [EMAIL PROTECTED] wrote:
  On Saturday 17 Dec 2005 15:19, Igor Vaynberg wrote:
   you might not be able to do it using the try/catch/finally semantic, but
   there are plenty of hooks in there to do it without. the
   iexceptionresponsestrategy is indirectly part of the cycle as well.
 
  So the answer is no, you cannot have transaction handling code in one
 class?
 
  This seems like it should be really simple to do so I am not sure I doing
 it
  the way you suggest.
 
  Is this your suggested approach:
 
  1 - Override
 WebApplication.getDefaultRequestCycleFactory() to return
 new
  instances of my own custom RequestCycle.
 
  2 - Subclass WebRequestCycle to override onEndRequest() where I can
  commit/rollback the transaction.
 
  3 - Override
 WebApplication.getDefaultRequestCycleProcessor to create
 and
  cache a single instance of CompoundRequestCycleProcessor with my own
 custom
  IExceptionResponseStrategy.
 
  4 - Subclass DefaultExceptionResponseProcessor to catch
 exceptions and signal
  my custom WebRequestCycle that the transaction should be rolled back in
  onEndRequest().
 
  Thanks,
 
  John
 
 
  ---
  This SF.net email is sponsored by: Splunk Inc. Do you grep through log
 files
  for problems?  Stop!  Download the new AJAX search engine that makes
  searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
  http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/wicket-user
 




---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37alloc_id865op=click
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

RE: [Wicket-user] replace ognl.

2005-10-27 Thread Maurice Marrink

Also +1
Actually our project is what triggerd this change and will bring some
new features we need. Nothing fancy though.

What I have gathered from johan it will be possible to get elements from
maps / lists / arrays etc.
The expression would be something like person.children.0.name It is very
similar if not the same syntax ognl uses. If children was a map
containing a key jack you could use person.children.jack.name



Maurice Marrink 
www.topicus.nl  

-Original Message-
From: Martijn Dashorst [mailto:[EMAIL PROTECTED] 
Sent: donderdag 27 oktober 2005 7:28
To: wicket-user@lists.sourceforge.net
Subject: Re: [Wicket-user] replace ognl.

+1 on moving OGNL into extensions.

I think the OGNL thing is good, it provides a nice base
implementation. I'd like to see the current implementation still being
available for those 1% that need the full OGNL expression evaluator
(though I think I share the same sentiment Phil voiced).

Do we also support things like

person.getChildren().get(0).getName()?

Martijn


On 10/27/05, Phil Kulak [EMAIL PROTECTED] wrote:
 I'm very +1 on this. OGNL has turned into it's own scripting language
 over the years. If you want to use any of those features, then you're
 missing the point of Wicket.


 ---
 This SF.Net email is sponsored by the JBoss Inc.
 Get Certified Today * Register for a JBoss Training Course
 Free Certification Exam for All Training Attendees Through End of 2005
 Visit http://www.jboss.com/services/certification for more information
 ___
 Wicket-user mailing list
 Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user



---
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user



---
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

RE: [Wicket-user] how to close a popup ?

2005-04-13 Thread Maurice Marrink

Javascript I'm afraid.
Also don't forget to remove the popup page from the cache after your
done (session.remove() I believe) or you might find that your original
page has expired (when opening and closing a lot of popups).

Maurice Marrink


-Oorspronkelijk bericht-
Van: Ari Suutari [mailto:[EMAIL PROTECTED] 
Verzonden: woensdag 13 april 2005 12:27
Aan: wicket-user@lists.sourceforge.net
Onderwerp: [Wicket-user] how to close a popup ?

Hi,

I have a link in my application which is created like this:

EditLink link = new EditLink(editLink,
listItem.getModelObject());
link.setPopupSettings(new PopupSettings());

ie. it opens a new page in separate popup. It would be nice to create
buttons in this popup so that they close the popup after it has been
submitted.

Is there a wicket-style way doing this or do I need to do it with
javascript
as usual ?

Ari S.



---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user


---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95alloc_id396op=click
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

RE: [Wicket-user] Obfuscated URLs? / wicket for me?

2005-03-23 Thread Maurice Marrink

You can hide the url by placing your website in a frame.
It won't stop someone who is determined to get to your real url but
atleast the regular user is not bothered with complex urls anymore.

Maurice 

-Oorspronkelijk bericht-
Van: Jonathan Locke [mailto:[EMAIL PROTECTED] 
Verzonden: woensdag 23 maart 2005 10:07
Aan: wicket-user@lists.sourceforge.net
Onderwerp: Re: [Wicket-user] Obfuscated URLs? / wicket for me?


sorry, only had time for a few short answers below... i have to work on 
getting wicket out the door!

 jon

Dave E Martin wrote:

 I have stumbled across wicket quite by accident (there are something 
 like 5 frameworks just at apache.org to choose from, sigh), and am 
 seriously looking into it.

 I have the following concern however: The URLs it generates seem a bit

 revealing, and they also seem that they would encourage users to play 
 with them (I certainly did, and got some interesting results). Are 
 there any security implications to this (can a user manually 
 generate a valid URL that they shouldn't?).

all wicket urls are session relative.  you cannot accidentally or 
intentionally discover anything in another session by playing with 
urls.  this is one of the advantages of wicket in terms of security.

 Would it be/is it possible to have an obfuscated/encrypted URL option 
 (they would still need to be legal URL strings of course) to: a: 
 discourage the user from playing with it b: hide the implementation 
 from the user c: make it unlikely that they could manaully generate 
 some other valid URL into the application (even if doing so is 
 safe/secure, which I hope it is). (it would also be nice to not have 
 things like IPageView (or whatever) in bookmarkable URLs. (i've just 
 started converting my app so i'm not really sure what bookmarkable 
 URLs look like yet; in my case, I only have two URLs I want 
 bookmarkable anyway: the end-user main menu, and the backoffice user 
 main menu.)

i've thought about this for some time now.  it would not be /too/ hard 
to do this, although it would cost you something in terms of memory for 
each URL generated.  please submit an RFE if you want this looked at and

we'll take a look for 1.1. 


 ===
 And now the product of my swiss-cheesed mind, which ended up being 
 rather lengthly. Some of it are concerns that I hope wicket (its 
 developers) have thought about and considered, and some of it is 
 ranting/raving (well not to bad I hope).

 I have been implementing a project using JSF, but I have become 
 disillusioned with JSF. In particular, it seems to require things to 
 be defined in an average of 3 separate places, and they have to be 
 kept consistent. It also seems to throw type-safety to the wind (one 
 reason I dislike using PHP/perl). Bad/undefined outcomes don't 
 generate an error, they just reload the current page. Bad/undefined 
 values turn into blanks; sometimes you get a variableResolver 
 exception, sometimes you just get a blank or a property whose value 
 never updates. Also, detection of a number of errors is deferred until

 the last possible moment (a risk when relying on reflection to resolve

 things).

 I also can't imagine handing a JSF page over to the web designer guy 
 and getting taken seriously (and probably also for faces-config).

 I was just about to start tenatively using Tapestry, when I stumbled 
 across wicket (looking for Tapestry vs JSF articles). So far I am 
 encouraged (in spite of having to learn the differences between the 
 available documentation and how it actually works now (I am assuming 
 however that the javadocs are up-to-date, at least they seem to be)).

 I am looking for something which will:

 Let me adhere to once-and-only-once; (I have to put it in web.xml, 
 and in faces-config, and in my code, and somewhere under WEB-INF, 
 and I had to do lots of cut'n'paste because the reuse facilities are 
 inadequate?)

 Maintains type safety/compile-time-checking as much as possible;

we try.  don't know how successful we are from your point of view, but 
the components are all first class java components implemented with an 
ordinary java class.

 Allows dynamic generation of lists and lets the user manipulate the 
 individual rows separately or together).  (example: 5 rows in a 
 shopping cart, user can change quantity fields individually in all 
 rows, then hit update at bottom of list, and have all rows updated to 
 their individual new values. Each row can also have its own button 
 (for instance delete) that affects only that row. (this seems to 
 *barely* work in jsf, and only after I took over the bean management, 
 see below).

you can put anything you want into listview rows.  each is a container 
that you get to populate.  we've got delete/move-up/move-down links.


 Allows me to easily reuse stuff (even multiple times on one page; for 
 instance, I have an address form, and a place where I need a billing 
 address and a physical address, and I only want to

RE: [Wicket-user] is this approach correct?

2005-02-02 Thread Maurice Marrink

Nice, just one little suggestion:
Change
Object getAsObject(ConversionContext ctx, String value)
To
Object getAsObject(ConversionContext ctx, Object value)

You will still need a null check for value in your implementation, so
why not combine that with a little more generic code like
If(value instanceof String){...}else if(value instanceof
Object){...}else return null;

Maybe you will never need the Object, but if you do you will be sorry if
you only got a string to work with.

Just my 2 cents.

Maurice


-Oorspronkelijk bericht-
Van: Eelco Hillenius 
Verzonden: woensdag 2 februari 2005 11:37
Aan: wicket-user@lists.sourceforge.net
Onderwerp: Re: [Wicket-user] is this approach correct?

No, what I meant is that the converters were initially copied (and 
slightly altered) from the BeanUtils package. As they lacked the 
possibility of formatting (BeanUtils uses one-way converters only), I 
added support for formatting whilst not breaking the compatibility with 
BeanUtils by adding an optional interface for formatting. Now, this was 
for Baritus/ Maverick. For a large part I copied that into Wicket, as it

was one of the things in Baritus that allways functioned well. However, 
for Wicket it would be best to have a clearer interface, thus having - 
just like JSF - converters for both ways.

This is the JSF interface:

public interface Converter
{
Object getAsObject(FacesContext context,
   UIComponent component,
   String value) throws ConverterException;

String getAsString(FacesContext context,
   UIComponent component,
   Object value) throws ConverterException;
}

Which is tightly coupled to JSF. Furthermore, I think (by doing a quick 
code scan of MyFaces) that locales are not supported in JSF as well as 
we support it.

Currently in Wicket, these are the interfaces:

public interface IConverter
{
public Object convert(Object value);
}

and

public interface IFormatter
{
public String format(Object value, String pattern);
}

Now, that I have a closer look to it, I think the pattern should be 
omitted, and the interface should look like:

public interface IConverter
{
Object getAsObject(String value) throws ConversionException;

String getAsString(Object value) throws ConversionException;
}

However, I know from experience that use of a pattern can be very 
convenient, I am have never been very happy with the way localization is

implemented (which is again a legacy issue as I copied that from
BeanUtils.

There are several ways to tackle this. I think the most elegant - and 
future safe - option is to introduce a context object, like:

public interface IConverter
{
Object getAsObject(ConversionContext ctx, String value) throws 
ConversionException;

String getAsString(ConversionContext ctx, Object value) throws 
ConversionException;
}

Where ConversionContext would at least have a reference to the optional 
locale object to use (note that besides the user's locale, this can be 
explicitly set in the PropertyModel) and the optional conversion 
pattern. I think if the API looked like this, the writing of custom 
converters would be much simpler/ clearer and the lookup process would 
be drastically simplified and thus more transparent to our framework
users.

What do you think?

Eelco



Juergen Donnerstag wrote:

So, as that's a legacy thing
now, we could just as well loose the difference.



Sorry, it is probably only my english. Our current implementation
isn't better nore worse than what JSF (and may be others) offer. And
because there are standard packages out there to that job, the idea
is to move towards this package. Correct?

Juergen


---
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag--drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
  




---
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag--drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user


---
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag--drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.

RE: [Wicket-user] TabbedPanel ?

2005-01-31 Thread Maurice Marrink

Hey nice :D
Hadn't seen my code had been incorporated into the examples.
I guess now I'll have to add some more documentation to it.


-Oorspronkelijk bericht-
Van: Juergen Donnerstag [mailto:[EMAIL PROTECTED] 
Verzonden: maandag 31 januari 2005 12:30
Aan: wicket-user@lists.sourceforge.net
Onderwerp: Re: [Wicket-user] TabbedPanel ?

I've added an (very simple) example to wicket-examples. It'll be in
the next release. Until then you may access it through CVS.

Juergen


On Mon, 31 Jan 2005 02:48:11 -0800 (PST), Antonio Casula
[EMAIL PROTECTED] wrote:
 Hi Maurice,
 
 seem interesting ... but , should you give us some
 example how to use it , please? I have tryied but
 TabPanel.html result missed.
 
 Thanks a lot
 
 Antonio
 
 --- Maurice Marrink [EMAIL PROTECTED]
 wrote:
 
  Here's one that I use.
 
 
 
 
 
 
 
 
 
 
 
  -Oorspronkelijk bericht-
  Van: Jonathan Carlson
  [mailto:[EMAIL PROTECTED]
  Verzonden: woensdag 26 januari 2005 0:10
  Aan: wicket-user@lists.sourceforge.net
  Onderwerp: Re: [Wicket-user] TabbedPanel ?
 
 
 
  Navomatic seems rather static, but I'm sure it could
  be made more
  dynamic.
 
 
 
  I need something that would dynamically add
  links/tabs as you add
  TabPanes (for example), which would be panels
  themselves.  I'd want the
  tabs to link back to the same page, just with a
  parameter that specifies
  which tab is active.
 
 
 
  In case you want more background of what I'm
  thinking... Picture a bean
  editing panel on the top of the page.  Underneath
  that is a tab for each
  relationship of that bean.  Some tabs will have a
  table of related beans
  (to-many relationship), others will just show the
  properties of one
  related bean (to-one relationship).
 
 
 
  - Jonathan (Carlson)
 
 
 
 
 
 
   [EMAIL PROTECTED] 2005-01-25 11:48:02 AM 
 
  this functionality already exists!
 
  such a thing really shouldn't be required in wicket.
   panels are for
  holding reusable chunks of markup with components
  attached, like the
  sign in panel.
 
  what you want is simply to create a navigation like
  navomatic by simply
  putting a bunch of links on the page.  what makes it
  a tabbed page is
  how the links look when they enable/disable as you
  use them.
 
  the tabbiness of the look should be a dreamweaver
  thing.
 
  what we really need is to somehow rename
  NavigationPanel in the examples
 
  (or remove it) because it is confusing and then
  create an example of how
 
  to do a tabbed look for a navigation using the
  enabled and disabled
  child for the link.
 
  a link is actually an HtmlContainer and can have
  children.  there can
  optionally be two special children.  one called
  enabled and one called
 
  disabled.  so to make a navigation, you simply
  make a bitmap image or
  chunk of HTML that renders an enabled tab (a link
  other than the
  selected link (that you can click on)) and call it
  enabled and another
 
  bitmap image or chunk of HTML that renders a
  disabled tab (the link to
  the current page (the one link you cannot click on))
  and call it
  disabled.
 
  jon
 
  Jonathan Carlson wrote:
 
   Has anyone started a TabbedPanel yet?
  
   Just Curious.  I didn't see one but I'll need one
  eventually.  If I
   write it myself does anyone have suggestions on
  how to go about it
   HTML-wise?  I could just use a site like Amazon
  for example code.  Or
   maybe Tapestry has one I could convert over.
  
   - Jonathan
  
  
  
 
 **
   This email and any files transmitted with it are
  confidential and
   intended solely for the use of the individual or
  entity to whom they
   are addressed. If you have received this email in
  error please notify
   the system manager.
  
   www.katun.com http://www.katun.com/
  
 
 **
 
 
 
 ---
  This SF.Net email is sponsored by: IntelliVIEW --
  Interactive Reporting
  Tool for open source databases. Create drag--drop
  reports. Save time
  by over 75%! Publish reports on the web. Export to
  DOC, XLS, RTF, etc.
  Download a FREE copy at
  http://www.intelliview.com/go/osdn_nl
  ___
  Wicket-user mailing list
  Wicket-user@lists.sourceforge.net
 
 https://lists.sourceforge.net/lists/listinfo/wicket-user
 
 
 
  ATTACHMENT part 2 application/octet-stream
 name=TabPanel.java
 
  ATTACHMENT part 3 application/octet-stream
 name=TabPanelModel.java
 
 -
 
 
 __
 Do you Yahoo!?
 Yahoo! Mail - You care about security. So do we.
 http://promotions.yahoo.com/new_mail
 
 ---
 This SF.Net email is sponsored by: IntelliVIEW -- Interactive
Reporting
 Tool for open source databases. Create drag--drop reports. Save time
 by over 75%! Publish reports

95 matches

Mail list logo