[Wicket-user] feature suggestion component instantiation
Hi, In my project we often have the case where a user initially is allowed to construct a certain component (pages mostly) but whether he really can depends on the model of the page. So my request / suggestion is to enhance IAuthorizationStrategy with the following method isInstantiationAuthorized(Class, IModel). whether this methods is made available next to isInstantiationAuthorized(Class) or replaces it is not important. As far as i can see the following changes need to be made -Application.notifyComponentInstantiationListeners needs to be upgraded to receive the model to, or the component should not call notify untill the model has been set on the component (which happens on the next line) -the default listener needs to pass the model to the strategy. For regular models this should not be a problem but IWrapModels might have a problem when accessing anything else from the component but the id. Not passing the wrappedmodel but the original model is imo not an option because the main point of passing the model is to be able to use the getObject method. What do you think? Maurice - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] feature suggestion component instantiation
After having Johan explain to me that It is only the IComponentAssignedModel that will cause serious problems and models like CompoundPropertyModel will work just fine. And since we do not use those. I have no objection to this restriction. Maurice On 7/18/07, Johan Compagner [EMAIL PROTECTED] wrote: i can see the value of having the model in the authorizationstrategy this is pretty handy. But the problem is with wrapmodels because we just can't give those to the outside world withing a constructor of a component because we have a big warning in the wrapOnAssigment(Component) call that in that method you shouldn't really touch the component because it is not fully constructed yet. But we can't have it that the component is still not fully constructed in the getObject() call of the wrapped model. So i am +1 for such a change except that the model param will be null of not given and null if it is wrapped model. johan On 7/18/07, Maurice Marrink [EMAIL PROTECTED] wrote: Hi, In my project we often have the case where a user initially is allowed to construct a certain component (pages mostly) but whether he really can depends on the model of the page. So my request / suggestion is to enhance IAuthorizationStrategy with the following method isInstantiationAuthorized(Class, IModel). whether this methods is made available next to isInstantiationAuthorized(Class) or replaces it is not important. As far as i can see the following changes need to be made -Application.notifyComponentInstantiationListeners needs to be upgraded to receive the model to, or the component should not call notify untill the model has been set on the component (which happens on the next line) -the default listener needs to pass the model to the strategy. For regular models this should not be a problem but IWrapModels might have a problem when accessing anything else from the component but the id. Not passing the wrappedmodel but the original model is imo not an option because the main point of passing the model is to be able to use the getObject method. What do you think? Maurice - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] feature suggestion component instantiation
True you can't do setModel(foo) and expect your instantiation check to work. Which imho is perfectly logical if you want to use your model in the instantiation check you need to pass it in the constructor. As for the example We have a search page for students, uppon clicking on one of those students, you go to a detail page for that student. that page also contains several tabs to go to other relevant pages for the student (like it's school grades). on these pages we made a quicksearch function with contains amongst other things 2 buttons to navigate forth and back between the searchresults of the search page, while keeping the same view. Suppose i have sufficient rights to see the detail pages of all students but only enough rights to see the grades of my own students. So if i make the search wide enough to get all students and then select one of my own, going to the grades. That's fine. But if i then navigate to another student i am not allowed to see the grades (creating a new instance of the grades page in the process) i need to know if the page in combination with the student is allowed, because the page itself is basically allowed. Maurice On 7/18/07, Eelco Hillenius [EMAIL PROTECTED] wrote: I don't think I agree with that. MyComponent c = new MyComponent(); c.setModel(foo) wouldn't work for starters, and you can even set models mutliple times. Not to mention the other problems you mentioned in this thread. And finally, it would just invite people to go crazy with this functionality. But give us a good example of where using the model to determine an access restriction would actually be useful? Eelco - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] feature suggestion component instantiation
Right now i manually need to trigger isActionAuthorized(Component.RENDER); after the component has been fully initialized. I would like to abort as soon as possible. Maurice On 7/18/07, Johan Compagner [EMAIL PROTECTED] wrote: cant you test this with the render action check? that is always done also if the model is changed johan On 7/18/07, Maurice Marrink [EMAIL PROTECTED] wrote: True you can't do setModel(foo) and expect your instantiation check to work. Which imho is perfectly logical if you want to use your model in the instantiation check you need to pass it in the constructor. As for the example We have a search page for students, uppon clicking on one of those students, you go to a detail page for that student. that page also contains several tabs to go to other relevant pages for the student (like it's school grades). on these pages we made a quicksearch function with contains amongst other things 2 buttons to navigate forth and back between the searchresults of the search page, while keeping the same view. Suppose i have sufficient rights to see the detail pages of all students but only enough rights to see the grades of my own students. So if i make the search wide enough to get all students and then select one of my own, going to the grades. That's fine. But if i then navigate to another student i am not allowed to see the grades (creating a new instance of the grades page in the process) i need to know if the page in combination with the student is allowed, because the page itself is basically allowed. Maurice On 7/18/07, Eelco Hillenius [EMAIL PROTECTED] wrote: I don't think I agree with that. MyComponent c = new MyComponent(); c.setModel(foo) wouldn't work for starters, and you can even set models mutliple times. Not to mention the other problems you mentioned in this thread. And finally, it would just invite people to go crazy with this functionality. But give us a good example of where using the model to determine an access restriction would actually be useful? Eelco - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] feature suggestion component instantiation
However besides the benefit of being more efficient it also prevents a lot of nasty stuff like throwing custom exceptions / NPE in the page constructor or redirecting, which i now have to take into account because the page is fully constructed. When the strategy can tell me for certain if the page is allowed i would not have to do that. Maurice On 7/18/07, Maurice Marrink [EMAIL PROTECTED] wrote: Right now i manually need to trigger isActionAuthorized(Component.RENDER); after the component has been fully initialized. I would like to abort as soon as possible. Maurice On 7/18/07, Johan Compagner [EMAIL PROTECTED] wrote: cant you test this with the render action check? that is always done also if the model is changed johan On 7/18/07, Maurice Marrink [EMAIL PROTECTED] wrote: True you can't do setModel(foo) and expect your instantiation check to work. Which imho is perfectly logical if you want to use your model in the instantiation check you need to pass it in the constructor. As for the example We have a search page for students, uppon clicking on one of those students, you go to a detail page for that student. that page also contains several tabs to go to other relevant pages for the student (like it's school grades). on these pages we made a quicksearch function with contains amongst other things 2 buttons to navigate forth and back between the searchresults of the search page, while keeping the same view. Suppose i have sufficient rights to see the detail pages of all students but only enough rights to see the grades of my own students. So if i make the search wide enough to get all students and then select one of my own, going to the grades. That's fine. But if i then navigate to another student i am not allowed to see the grades (creating a new instance of the grades page in the process) i need to know if the page in combination with the student is allowed, because the page itself is basically allowed. Maurice On 7/18/07, Eelco Hillenius [EMAIL PROTECTED] wrote: I don't think I agree with that. MyComponent c = new MyComponent(); c.setModel(foo) wouldn't work for starters, and you can even set models mutliple times. Not to mention the other problems you mentioned in this thread. And finally, it would just invite people to go crazy with this functionality. But give us a good example of where using the model to determine an access restriction would actually be useful? Eelco - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] feature suggestion component instantiation
Ok, thanks for your input guys, no hard feelings :) There are indeed workarounds, i just thought it would be an elegant solution if wicket supported it. But i guess you are right, there are too many caveats. Maurice On 7/18/07, Eelco Hillenius [EMAIL PROTECTED] wrote: i think its time for you to build something that uses aop and get it out of your system :) Get it out of my system? I'm not exactly recommending AOP as I think other solutions would be better. after(Component c) returning: this(c) execution(Component.new(..)) { System.out.println(constructed component with model + c.getModel()); } Something like that works. I'm sure there's lots of ifs and buts, but the point is that it is a possible way out. Eelco - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] SecureTextField rendered as span element?
Yes that should be possible. Please take a look at org.apache.wicket.markup.html.link.AbstractLink#disableLink and org.apache.wicket.markup.html.link.Link#onComponentTag for some ideas. Basically you need to override onComponentTag and change the tag to a span there if the textfield is disabled. If you have the wicket-security-examples you can also take a look at org.apache.wicket.security.examples.components.navigation.ButtonContainer which does something similar only for a link. In a link it is easier because they have build in support for custom disabled behavior/markup but it is nothing you can not do in any component yourself by overriding onComponentTag. Maurice On 7/16/07, Árni Hermann Reynisson [EMAIL PROTECTED] wrote: Hi Would it be possible to render an instance of SecureTextField as span instead of disabled input if the action isn't authorized? Regards, Arni Hermann - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] WicketTester does not clean up resources very well
Well, thats why i asked if maybe i was missing something :) Anyway an issue has been created https://issues.apache.org/jira/browse/WICKET-762 Maurice Oh btw like Martijn said there might be a legit reason to keep the session and stuff around after the processing thingy but i really think they should be gone after destroy has been called. On 7/16/07, Martijn Dashorst [EMAIL PROTECTED] wrote: I thought that not all resources were cleaned up so that test cases can query the response and other things. The responsibility is on the tester to initiate a new fresh RequestCycle iiuc. That said, it may be that we don't provide enough hooks to perform the clean up. Martijn On 7/15/07, Maurice Marrink [EMAIL PROTECTED] wrote: I just noticed that running the following minimal junittest fails. WicketTester mock=new WicketTester(); mock.setupRequestAndResponse(); mock.processRequestCycle(); mock.destroy(); assertNull(Session.get()); //actually should throw IllegalStateException but I would expect the threadlocal Session to be gone after the request had been processed but it is even available after the application has been destroyed. Or am i missing something? Maurice - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user -- Wicket joins the Apache Software Foundation as Apache Wicket Apache Wicket 1.3.0-beta2 is released Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.0-beta2/ - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
[Wicket-user] WicketTester does not clean up resources very well
I just noticed that running the following minimal junittest fails. WicketTester mock=new WicketTester(); mock.setupRequestAndResponse(); mock.processRequestCycle(); mock.destroy(); assertNull(Session.get()); //actually should throw IllegalStateException but I would expect the threadlocal Session to be gone after the request had been processed but it is even available after the application has been destroyed. Or am i missing something? Maurice - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Editable grid
Actually we have gone completely Ajax for the grid, so i have no idea what problems you are going to run into when using forms, especially in combination with a moving editor. our grid was based on a listview using wicket 1.2.6 but 1.3 might have better alternatives. Maurice On 7/11/07, Eelco Hillenius [EMAIL PROTECTED] wrote: I have recently started playing with wicket to see if we can use it to rewrite a legacy enterprise. I really like the simplicity of the architecture. A good chunk of our screens (35%) require editable grid. For example maintenance screens for small tables. I have seen bunch of examples in wicket on how to do grid views but just one example on how to make editable grid (Contacts editor - though it is not complete). I also found an example of an editable tree view and it is not complete either. Are there any examples out there that can help me get started? Any help would be greatly appreciated. You can. If you need to clone a spreadsheet (like I know Maurice did for his project) you might want to think about optimizations. For more simple cases, just remember that anything you nest in a form, no matter how deeply nested, will take part in form processing. You can probably best start with DefaultDataTable. Eelco - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Displaying Modal Window to capture and display error message
The button has a setDefaultFormProcessing option, if you turn it off, you manually have to do whatever form.process now does for you, which is amongst other things form validation. Maurice On 7/10/07, Dipu Seminlal [EMAIL PROTECTED] wrote: Hi All, Is there a way to display a modal window when a submit button is clicked Use Case is Button button = new Button(bbutton) { protected void onSubmit() { if(isValidInput()) { // do process and traverse to next screen } else { // show a modal dialog with messages } } } Thanks Dipu - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Editable grid
An editable grid is certainly possible in wicket. I've build one of those monsters in our application. Unfortunately for you it has grown so much to be able to do everything you ever wanted and everything you never even knew you wanted that it is completely useless as an example. I can however give you some tips. - Do not use textfields or dropdowns in every cell, especially with larger grids this is going to hurt you performance wise (ie more than firefox but still) -instead use one moving textfield (or a dropdown for each different type you need) -use spans to create editable labels (showing the textfield or other editor on click) -if you are going to use ajax, send multiple changes each time using the time delay -if you use something of a form submit you will need to collect the changes in a custom way since you don't have textfields. -get ready for some serious javascripting (i have some javascript to navigate a table in javascript you should be able to reuse). -make good use of the component structure of wicket building on cells, rows and tables (off course you need to build these yourself). -really think your underlying datamodel through, we are using 1 custom model to dispatch models for each cell. but i'm not sure this is ideal. -inline attribute changes on your cells by overriding the oncomponenttag to minimize your footprint. -Keep it simple Maurice On 7/10/07, Sanjay Gupta [EMAIL PROTECTED] wrote: I have recently started playing with wicket to see if we can use it to rewrite a legacy enterprise. I really like the simplicity of the architecture. A good chunk of our screens (35%) require editable grid. For example maintenance screens for small tables. I have seen bunch of examples in wicket on how to do grid views but just one example on how to make editable grid (Contacts editor - though it is not complete). I also found an example of an editable tree view and it is not complete either. Are there any examples out there that can help me get started? Any help would be greatly appreciated. Thanks Sanjay - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Wicket security
I think it has to do with your wicket version. Only recently they made that method public. If you are using the snapshot version of wicket, try updating it. Note that some versions of maven have a problem updating snapshots so go into your local repository and delete wicket from it. then you should have no problem updating to the latest snapshot. Alternatively the beta2 version should also work. Or if you can not upgrade to the latest wicket i suggest downloading wasp and swarm here http://sourceforge.net/project/showfiles.php?group_id=134391 It is a slightly older version but the only changes between this version and the snapshots are the clustering changes (which is causing your problem), some code restructuring, some apidoc changes and i changed the eclipse project settings to eclipse 3.3. Just let me know if this does not solve your problem. Maurice On 7/5/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi First off, I really like where wicket security is heading, the JAAS smell of it is just fantastic! :) I've been trying to experiment with wicket security and I've hit a wall. I'm pretty sure I got the configuration right, I get redirected to the login page and when I press login I get this exception: java.lang.IllegalAccessError: tried to access method org.apache.wicket.Session.dirty()V from class org.apache.wicket.security.hive.authentication.LoginContainer at org.apache.wicket.security.hive.authentication.LoginContainer.login(LoginContainer.java:87) at org.apache.wicket.security.swarm.strategies.SwarmStrategy.login(SwarmStrategy.java:190) at org.apache.wicket.security.WaspSession.login(WaspSession.java:74) at is.sja.pages.auth.LoginPage$2.signIn(LoginPage.java:38) I was hoping you would have some idea what's happening there since my searches turned up almost moot on how to fix this. I'm running this on wicket 1.3-beta2 and wicket-security 0.1-SNAPSHOT through maven. Regards, Arni Hermann Reynisson - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Extending WebApplication in related projects problem
Perhaps a bit late but you also do not need to extend SwarmWebApplication (it just takes care of the grunt work for you) You could use Swarm and not use the SwarmWebApplication by implementing the WaspApplication interface for an example of this check out the ExtendsTest in the test directory of swarm. Maurice On 7/5/07, Daniel Stoch [EMAIL PROTECTED] wrote: Hi, There is a problem with using different Wicket related projects in one application, because in many cases each project defines its own implementation of WebApplication class (and sometimes WebSession too). For example: - wicket-spring: SpringWebApplication - wicket-auth-roles: AuthenticatedWebApplication - wicket-swarm: SwarmWebApplication etc... If I want to use wicket-spring and wicket-swarm, there is a problem: from which class should I extend my application class: SpringWebApplication or SwarmWebApplication? So I think it is not a good pattern to implement such things by extending an application and a session base classes, because this closes the door for integration different projects into one application. -- Daniel - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] 401 HTTP authentication?
Very interesting question indeed. I did some digging in the code and found the following: using the RequestCycle you can get the Response. which is most likely a WebResponse from there you can get the HttpServletResponse and set the statuscode to 401. Question remains how to tell wicket to stop processing and simply return the statuscode. If any of the core committers could respond with a proper way of doing this :) Maurice On 7/4/07, Jesse Barnum [EMAIL PROTECTED] wrote: What is the right way to use basic HTTP authentication? I know how to read the headers to extract the username and password, but if they don't match, or if they're not supplied, what is the best way to send the 401 response to the user? It seems like the ISecuritySettings.setUnauthorizedComponentInstantiationListener() method assumes that you want to present an HTML login component to the user. --Jesse Barnum, President, 360Works http://www.360works.com (770) 234-9293 - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] suggestion: have Wicket SVN searchable with FishEye
If FishEye can cause problems, so might ohloh http://www.ohloh.net/projects/3958. Just thinking out loud. Maurice On 7/2/07, Eelco Hillenius [EMAIL PROTECTED] wrote: You _must_ do this in association with the Apache Infrastructure group. The ASF's repository is large. There have been occasions when FishEye has put the ASF SVN server under an unnecessary load. It _should_ be possible, but _must_ be done in consultation with the infrastructure team. Ok. Peter, if you want this, could you open a feature request for this. We can chat with infra after that. Cheers, Eelco - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] wicket security and acl files
A subject is the root/ abstract entity for a user, principals are views or identities of a subject Well I'm glad we all agree on that one :) However as Eelco said a principal can be much more than just a role. So i am a little reluctant to rename Principal to Role. If i wanted to i could even use the Swarm Subjects as Roles (although that would be a really long stretch, and certainly not recommended :) ). And although the fact that you can use principals / subjects in several ways might make it less clear from the start how to use them, that is also there power as it gives you greater flexibility on how to set up your security. That being said i am still open for renaming suggestions, i just don't think role should be it. an application that is more fluid and tenants can create their own structure of roles. I am sorry that you feel swarm does not accommodate you enough in this field. But I welcome you to build upon wasp and enrich the wicket community with your work. Looking at swarm should have given you a pretty clear picture of the security building blocks in wicket. Maurice On 6/29/07, Craig Lenzen [EMAIL PROTECTED] wrote: A subject is the root/ abstract entity for a user, principals are views or identities of a subject and in JAAS you would represent a role as a principal. I agree with your statement which leads me to the fact that the principal should really be a role in swarm and the hive file is a mapping of a role to given permissions and actions. So back to what I said before, swarm is really nice when you have an application with pre-defined roles instead of an application that is more fluid and tenants can create their own structure of roles. -Craig Eelco Hillenius wrote: Right now swarm operates the following way: A user is associated with 1 or more Subjects, each Subject has 0 or more Principals. This sounds right to me, and is like how JAAS works. A subject is the root/ abstract entity for a user, principals are views or identities of a subject and in JAAS you would represent a role as a principal. As JAAS is the default authorization mechnism in Java, it is arguably the 'industry standard' (for Java). Whether it is what you prefer is another question. I think people find users/ roles easier to understand, but personally I like the more abstracted model of JAAS; whether you want to model groups, roles a combination of the two or even something different, it fits seamlessly. My 2c, Eelco - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user -- View this message in context: http://www.nabble.com/wicket-security-and-acl-files-tf3960558.html#a11364093 Sent from the Wicket - User mailing list archive at Nabble.com. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] RestartResponseAtInterceptPageException / continueToOriginalDestination
I don't think that is possible but why can't you do the following: user enters username and password on sign in page. form successfully authenticates user. try to continueToOriginalDestination or if there is none, set the responsepage to a homepage or something do the password change check if required throw restart..exception then on the password change page use continueTo again. Theoretical this should send your user after the password change to the page he wanted to go to before he was forced to login, or at the very least to the homepage and not back to the login page. Maurice On 6/29/07, Mark Southern [EMAIL PROTECTED] wrote: I have an authorization scheme where by the user is presented with a sign in page. After signing in, a check is made to see if they need to change their password. If so, they are redirected to a change password page. After that they should be redirected back to their intended page. However, if I use a RestartResponseAtInterceptPageException(); to go to the password change page from the sign in page, after submission I get directed back to the sign in page. Can I specify the intended original destination without setting a response page and passing it as a page parameter? Thank you, ~Mark - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] wicket security and acl files
Neither am i :) And you could be right about me misusing the principal, but using the actions of a permission for read write and then logically separating permissions with read from permissions with write in different principals does not seem like stretch to me. Maurice On 6/29/07, craigdd [EMAIL PROTECTED] wrote: I understand what you are saying and I see how you have accomplished something similar to what I'm trying to do, however it seems to me that you are miss using the concept of a Principal. I'm not a security expert but a principal seems to point to an individual and not with something called write. Write fits a little better into the concepts of ACL. -Craig Mr Mean wrote: By the way, I'm not saying wicket security is bad, other than my example I think it is a well put together framework that beats the hell out of using JAAS. Thanks, i appreciate that :) I've had a pretty good look at wicket security but the conclusion that I've come to with that is it only supports the fact that you have pre defined roles within your application. Well i am not saying it is impossible to declare and add new permissions / principals at runtime but i think it is generally undesirable to do so. Instead you should make your principals fine grained enough to be used as building blocks for roles. I'm currently working on a multi tenant web application where the application provided a set of permission, such and read / write access to an object and each tenant in the application defines their own role heirachy based on those permissions. This is exactly what we are doing in our application. We have literally +- 1000 principals defined in our system. By allowing the users to group principals together they can build there own roles. We have multiple organizations in our application and each of them can completely redesign there user roles in the system (well only up to a point because we could not allow that, but that aside they could). We provide each organization with a set of default roles as we think will suit most of them but they are completely free to alter/ rename/ delete/ whatever do with those roles because we do not depend on the roles but on the underlying principals, which are controlled by us. A big help is the fact that we made our principals imply each other (write implies read, etc) So when a user designs there roles they don't have to check read access to page A and write access to page A but can suffice with write access to page A. Although most of our principals handle a couple of related pages we also have principals going as deep as individual components. For instance we have a large data grid, the principals are fine grained enough to give you read or write access up to the individual cell. Correct me if i am wrong but this seems to be what you want too. Maurice On 6/28/07, craigdd [EMAIL PROTECTED] wrote: I've had a pretty good look at wicket security but the conclusion that I've come to with that is it only supports the fact that you have pre defined roles within your application. I'm currently working on a multi tenant web application where the application provided a set of permission, such and read / write access to an object and each tenant in the application defines their own role heirachy based on those permissions. We are currently using acegi and I'm trying to figure out the best way to bake acl into wicket's components. Example, a link is set to invisible if the authenticated use doesn't contain a role with the given permission of that link. So lets say the link is to delete an object, the user must have a role with the permission to delete that object or the link will not show on the page. By the way, I'm not saying wicket security is bad, other than my example I think it is a well put together framework that beats the hell out of using JAAS. -Craig Mr Mean wrote: If you mean java Jaas like acl than swarm is what you are looking for. Optionally if you really want to use jaas and not some look alike i made up you could practically copy swarm and replace most objects with there jaas counterparts. However i chose not to use jaas because we are using that in one of our projects right now and although it works it is less than optimal :) As soon as we make the switch to wicket 1.3.0 jaas will be replaced by swarm. You can also check out the example project here https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-examples Maurice On 6/21/07, Igor Vaynberg [EMAIL PROTECTED] wrote: wicket's security model is completely generic see IAuthorizationStrategy - it is very abstract and thus can be used to implement any kind of authorization wicket-auth is just an example that implements basic role-based model see
Re: [Wicket-user] wicket security and acl files
Actually that is already how they work. Even though the Principal class does not have methods for getting and setting the Permissions. The mapping is done in the policy file like this. grant principal ${RechtenSet} PageA.read { //read permission for all of page A permission ${ComponentPermission} nl.topicus.krypton.web.pages.PageA, inherit, render; }; grant principal ${RechtenSet} PageA.write { //write permission for all form components on page A permission ${ComponentPermission} nl.topicus.krypton.web.pages.PageA:form, inherit, enable; }; grant principal ${RechtenSet} PageA.delete { //allow separate delete links to be clicked permission ${ComponentPermission} nl.topicus.krypton.web.pages.PageA:deleteLink1, enable; permission ${ComponentPermission} nl.topicus.krypton.web.pages.PageA:deleteLink2, enable; }; I know the api doc for principal states which can be used to represent any entity, such as an individual, a corporation, or a login id. I admit it is shamelessly copied from java.security.Principal :) And now that i think about i can see the way we use principals like permissions now actually comes from our dealings with jaas. But i still feel it is not a big issue. I'll just rewrite the api doc ;) Maurice On 6/29/07, Igor Vaynberg [EMAIL PROTECTED] wrote: take maurice's post and substitute word permission for word principal, define user/principal as an object that has a set of permissions, and it makes perfect sense. -igor On 6/28/07, craigdd [EMAIL PROTECTED] wrote: I understand what you are saying and I see how you have accomplished something similar to what I'm trying to do, however it seems to me that you are miss using the concept of a Principal. I'm not a security expert but a principal seems to point to an individual and not with something called write. Write fits a little better into the concepts of ACL. -Craig Mr Mean wrote: By the way, I'm not saying wicket security is bad, other than my example I think it is a well put together framework that beats the hell out of using JAAS. Thanks, i appreciate that :) I've had a pretty good look at wicket security but the conclusion that I've come to with that is it only supports the fact that you have pre defined roles within your application. Well i am not saying it is impossible to declare and add new permissions / principals at runtime but i think it is generally undesirable to do so. Instead you should make your principals fine grained enough to be used as building blocks for roles. I'm currently working on a multi tenant web application where the application provided a set of permission, such and read / write access to an object and each tenant in the application defines their own role heirachy based on those permissions. This is exactly what we are doing in our application. We have literally +- 1000 principals defined in our system. By allowing the users to group principals together they can build there own roles. We have multiple organizations in our application and each of them can completely redesign there user roles in the system (well only up to a point because we could not allow that, but that aside they could). We provide each organization with a set of default roles as we think will suit most of them but they are completely free to alter/ rename/ delete/ whatever do with those roles because we do not depend on the roles but on the underlying principals, which are controlled by us. A big help is the fact that we made our principals imply each other (write implies read, etc) So when a user designs there roles they don't have to check read access to page A and write access to page A but can suffice with write access to page A. Although most of our principals handle a couple of related pages we also have principals going as deep as individual components. For instance we have a large data grid, the principals are fine grained enough to give you read or write access up to the individual cell. Correct me if i am wrong but this seems to be what you want too. Maurice On 6/28/07, craigdd [EMAIL PROTECTED] wrote: I've had a pretty good look at wicket security but the conclusion that I've come to with that is it only supports the fact that you have pre defined roles within your application. I'm currently working on a multi tenant web application where the application provided a set of permission, such and read / write access to an object and each tenant in the application defines their own role heirachy based on those permissions. We are currently using acegi and I'm trying to figure out the best way to bake acl into wicket's components. Example, a link is set to invisible if the authenticated use doesn't contain a role with the given permission of that link. So lets
Re: [Wicket-user] wicket security and acl files
I am open to suggestions for alternate names, or if someone could point me to the naming standards :) Right now swarm operates the following way: A user is associated with 1 or more Subjects, each Subject has 0 or more Principals. Each Principal is mapped to 1 or more Permissions. Each Permission has 0 or more Actions. Permissions and actions are named pretty straight forward i think. Maurice On 6/29/07, craigdd [EMAIL PROTECTED] wrote: Just my two cents but I think the API should change, or I guess not really the API but the implementation(swarm) to better reflect industry naming standards which will hopefully cut down on the confusion and hopefully make it a little easier to integrate other security frameworks. I use acegi as an example, they have an Authentication object that has a method getPrincipal which if you read their javadoc makes it pretty clear that an authenticated entity has one principal, which also seems to fit with JAAS. -Craig Mr Mean wrote: Neither am i :) And you could be right about me misusing the principal, but using the actions of a permission for read write and then logically separating permissions with read from permissions with write in different principals does not seem like stretch to me. Maurice On 6/29/07, craigdd [EMAIL PROTECTED] wrote: I understand what you are saying and I see how you have accomplished something similar to what I'm trying to do, however it seems to me that you are miss using the concept of a Principal. I'm not a security expert but a principal seems to point to an individual and not with something called write. Write fits a little better into the concepts of ACL. -Craig Mr Mean wrote: By the way, I'm not saying wicket security is bad, other than my example I think it is a well put together framework that beats the hell out of using JAAS. Thanks, i appreciate that :) I've had a pretty good look at wicket security but the conclusion that I've come to with that is it only supports the fact that you have pre defined roles within your application. Well i am not saying it is impossible to declare and add new permissions / principals at runtime but i think it is generally undesirable to do so. Instead you should make your principals fine grained enough to be used as building blocks for roles. I'm currently working on a multi tenant web application where the application provided a set of permission, such and read / write access to an object and each tenant in the application defines their own role heirachy based on those permissions. This is exactly what we are doing in our application. We have literally +- 1000 principals defined in our system. By allowing the users to group principals together they can build there own roles. We have multiple organizations in our application and each of them can completely redesign there user roles in the system (well only up to a point because we could not allow that, but that aside they could). We provide each organization with a set of default roles as we think will suit most of them but they are completely free to alter/ rename/ delete/ whatever do with those roles because we do not depend on the roles but on the underlying principals, which are controlled by us. A big help is the fact that we made our principals imply each other (write implies read, etc) So when a user designs there roles they don't have to check read access to page A and write access to page A but can suffice with write access to page A. Although most of our principals handle a couple of related pages we also have principals going as deep as individual components. For instance we have a large data grid, the principals are fine grained enough to give you read or write access up to the individual cell. Correct me if i am wrong but this seems to be what you want too. Maurice On 6/28/07, craigdd [EMAIL PROTECTED] wrote: I've had a pretty good look at wicket security but the conclusion that I've come to with that is it only supports the fact that you have pre defined roles within your application. I'm currently working on a multi tenant web application where the application provided a set of permission, such and read / write access to an object and each tenant in the application defines their own role heirachy based on those permissions. We are currently using acegi and I'm trying to figure out the best way to bake acl into wicket's components. Example, a link is set to invisible if the authenticated use doesn't contain a role with the given permission of that link. So lets say the link is to delete an object, the user must have a role with the permission to delete that object or the link will not show on the page. By the way, I'm not saying wicket
Re: [Wicket-user] wicket security and acl files
By the way, I'm not saying wicket security is bad, other than my example I think it is a well put together framework that beats the hell out of using JAAS. Thanks, i appreciate that :) I've had a pretty good look at wicket security but the conclusion that I've come to with that is it only supports the fact that you have pre defined roles within your application. Well i am not saying it is impossible to declare and add new permissions / principals at runtime but i think it is generally undesirable to do so. Instead you should make your principals fine grained enough to be used as building blocks for roles. I'm currently working on a multi tenant web application where the application provided a set of permission, such and read / write access to an object and each tenant in the application defines their own role heirachy based on those permissions. This is exactly what we are doing in our application. We have literally +- 1000 principals defined in our system. By allowing the users to group principals together they can build there own roles. We have multiple organizations in our application and each of them can completely redesign there user roles in the system (well only up to a point because we could not allow that, but that aside they could). We provide each organization with a set of default roles as we think will suit most of them but they are completely free to alter/ rename/ delete/ whatever do with those roles because we do not depend on the roles but on the underlying principals, which are controlled by us. A big help is the fact that we made our principals imply each other (write implies read, etc) So when a user designs there roles they don't have to check read access to page A and write access to page A but can suffice with write access to page A. Although most of our principals handle a couple of related pages we also have principals going as deep as individual components. For instance we have a large data grid, the principals are fine grained enough to give you read or write access up to the individual cell. Correct me if i am wrong but this seems to be what you want too. Maurice On 6/28/07, craigdd [EMAIL PROTECTED] wrote: I've had a pretty good look at wicket security but the conclusion that I've come to with that is it only supports the fact that you have pre defined roles within your application. I'm currently working on a multi tenant web application where the application provided a set of permission, such and read / write access to an object and each tenant in the application defines their own role heirachy based on those permissions. We are currently using acegi and I'm trying to figure out the best way to bake acl into wicket's components. Example, a link is set to invisible if the authenticated use doesn't contain a role with the given permission of that link. So lets say the link is to delete an object, the user must have a role with the permission to delete that object or the link will not show on the page. By the way, I'm not saying wicket security is bad, other than my example I think it is a well put together framework that beats the hell out of using JAAS. -Craig Mr Mean wrote: If you mean java Jaas like acl than swarm is what you are looking for. Optionally if you really want to use jaas and not some look alike i made up you could practically copy swarm and replace most objects with there jaas counterparts. However i chose not to use jaas because we are using that in one of our projects right now and although it works it is less than optimal :) As soon as we make the switch to wicket 1.3.0 jaas will be replaced by swarm. You can also check out the example project here https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-examples Maurice On 6/21/07, Igor Vaynberg [EMAIL PROTECTED] wrote: wicket's security model is completely generic see IAuthorizationStrategy - it is very abstract and thus can be used to implement any kind of authorization wicket-auth is just an example that implements basic role-based model see wicket-stuff wasp and swarm projects http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security -igor On 6/21/07, craigdd [EMAIL PROTECTED] wrote: Is wicket security based only on role based authorization or could it somehow be used with a more traditional ACL type of file / logic. -Craig -- View this message in context: http://www.nabble.com/wicket-security-and-acl-files-tf3960558.html#a11239024 Sent from the Wicket - User mailing list archive at Nabble.com. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
[Wicket-user] Session.dirty()
Hi, I am in the process of making wasp and swarm play nicer within a clustered environment. Johan suggested calling dirty() whenever i make a change in the session (which is where i store everything indirectly). But because i have login method on my authorization strategy (which should call dirty after a login) and Session.dirty() is protected i can not call dirty unless i expose it in my WaspSession. Before i do that however i thought i check here if there was a special reason not to make dirty() public. I could not come up with one especially since bind is also public which kind of has the same (side)effect. So my question, what is the reason dirty() is not public and if there is no reason could you make it public. Thanks, Maurice - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] newbie-Question
You need to pass a reference for page 1 to page 2 and then instead of using a pagelink on page2 to return to page1 use a regular link which sets the responsepage to the instance of page 1 you passed to page 2. Maurice On 6/26/07, Leucht, Axel [EMAIL PROTECTED] wrote: Sorry if this is a dumb question and has been answered hundred times but I couldn't find any answer to the following question. I do have two HTML pages. Page one contains a link which displays the number on clicks the user executed. The second link jumps to page 2. Page 2 just displays a link to go back to page 1. Assume that user clicks 5 times on the ClickCounter link in page 1 and hence the link displays as 'This link is clicked 5 times'. When the user the switches to page 2 and immediately goes back to page 1 the counter is reset to 0 and rendered as 'This link is clicked 0 times'. What am I doing wrong here? I assumed that clicking on the return-button on page 2 goes back to the original session in page 1 ?! Here is my Java classes: -- page 1 --- public class HelloWorld extends WebPage implements Serializable { public HelloWorld() { add(new Label(message, Foo World!)); add(new PageLink(start, Foo.class)); final ClickCount count1 = new ClickCount(); Link link1 = new Link(link1) { public void onClick() { count1.clicks++; } }; link1.add(new Label(label1, new Model() { public java.lang.Object getObject(Component component) { return Integer.toString(count1.clicks); } })); add(link1); } class ClickCount implements Serializable { private int clicks = 0; } } --- page 2 --- public class Foo extends WebPage { public Foo() { add(new Label(message, Foo page)); Link pl = new PageLink(return, HelloWorld.class); pl.add(new AttributeAppender(class, new Model(return), )); add(pl); } } /Axel - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] newbie-Question
Sure :) In page 1 you do add(new PageLink(start, Foo.class)); because you are using the class reference to your 2nd page here wicket always creates a new instance, the same happens with the pagelink on page2 where you go back to page 1. The trick is to tell wicket to use an existing page. so on page 1 we could do this add(new PageLink(start, new IPageLink() { public Page getPage() { //now we can decide which instance / constructor we use //in this case a new page is fine return new Foo(HelloWorld.this); } public Class getPageIdentity() { return Foo.class; } })); Because we now pass the first page to the 2nd page we need to alter the constructor of the 2nd page public Foo(Page returnPage) { add(new Label(message, Foo page)); //this basically wraps your page in an IPageLink like we did manually on page 1 Link pl = new PageLink(return, returnPage); pl.add(new AttributeAppender(class, new Model(return), )); add(pl); } And thats all there is to it. And i did not even have to use a regular link like i though we would have to in my previous response :) Maurice On 6/26/07, Leucht, Axel [EMAIL PROTECTED] wrote: Thx for the quick answer, but being a newbie can I ask you to elaborate it a little bit more? Regards /Axel -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Auftrag von Maurice Marrink Gesendet: Dienstag, 26. Juni 2007 11:07 An: wicket-user@lists.sourceforge.net Betreff: Re: [Wicket-user] newbie-Question You need to pass a reference for page 1 to page 2 and then instead of using a pagelink on page2 to return to page1 use a regular link which sets the responsepage to the instance of page 1 you passed to page 2. Maurice On 6/26/07, Leucht, Axel [EMAIL PROTECTED] wrote: Sorry if this is a dumb question and has been answered hundred times but I couldn't find any answer to the following question. I do have two HTML pages. Page one contains a link which displays the number on clicks the user executed. The second link jumps to page 2. Page 2 just displays a link to go back to page 1. Assume that user clicks 5 times on the ClickCounter link in page 1 and hence the link displays as 'This link is clicked 5 times'. When the user the switches to page 2 and immediately goes back to page 1 the counter is reset to 0 and rendered as 'This link is clicked 0 times'. What am I doing wrong here? I assumed that clicking on the return-button on page 2 goes back to the original session in page 1 ?! Here is my Java classes: -- page 1 --- public class HelloWorld extends WebPage implements Serializable { public HelloWorld() { add(new Label(message, Foo World!)); add(new PageLink(start, Foo.class)); final ClickCount count1 = new ClickCount(); Link link1 = new Link(link1) { public void onClick() { count1.clicks++; } }; link1.add(new Label(label1, new Model() { public java.lang.Object getObject(Component component) { return Integer.toString(count1.clicks); } })); add(link1); } class ClickCount implements Serializable { private int clicks = 0; } } --- page 2 --- public class Foo extends WebPage { public Foo() { add(new Label(message, Foo page)); Link pl = new PageLink(return, HelloWorld.class); pl.add(new AttributeAppender(class, new Model(return), )); add(pl); } } /Axel -- --- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user -- --- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take
Re: [Wicket-user] newbie-Question
Thanks, for this additional info Martijn, i guess i am so used to using IPageLink i sometimes forget the pitfalls for new wicket users. The trick with the IPageLink is that it does not use the getPage method until the link is actually clicked. And therefore your Pages will always be constructed lazily. But like Martijn says Link is in this case just as easy. Maurice On 6/26/07, Martijn Dashorst [EMAIL PROTECTED] wrote: Don't use page link! Use PageLink only if you actually know what you are doing. In this case: you should use the normal Link and set the responsepage in the onclick. Page1 { ... counter ... add(new Link(page2) { onclick() { setResponsePage(new Page2(Page1.this)); }); ... } Page2 { private Page returnToPage; public Page2(Page returnTo) { this.returnToPage = returnTo; add(new Link(page1) { onclick() { setResponsePage(returnToPage); }}); } } Don't do the following, I repeat: the following is REALLY BAD: add(new PageLink(page1, new Page1())); add(new PageLink(page2, new Page2())); add(new PageLink(page3, new Page3())); Don't do that! It will exhaust your memory (you create pages upfront, even when they never will be used). Remember what the 'new' keyword does? Martijn On 6/26/07, Maurice Marrink [EMAIL PROTECTED] wrote: Sure :) In page 1 you do add(new PageLink(start, Foo.class)); because you are using the class reference to your 2nd page here wicket always creates a new instance, the same happens with the pagelink on page2 where you go back to page 1. The trick is to tell wicket to use an existing page. so on page 1 we could do this add(new PageLink(start, new IPageLink() { public Page getPage() { //now we can decide which instance / constructor we use //in this case a new page is fine return new Foo(HelloWorld.this); } public Class getPageIdentity() { return Foo.class; } })); Because we now pass the first page to the 2nd page we need to alter the constructor of the 2nd page public Foo(Page returnPage) { add(new Label(message, Foo page)); //this basically wraps your page in an IPageLink like we did manually on page 1 Link pl = new PageLink(return, returnPage); pl.add(new AttributeAppender(class, new Model(return), )); add(pl); } And thats all there is to it. And i did not even have to use a regular link like i though we would have to in my previous response :) Maurice On 6/26/07, Leucht, Axel [EMAIL PROTECTED] wrote: Thx for the quick answer, but being a newbie can I ask you to elaborate it a little bit more? Regards /Axel -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Auftrag von Maurice Marrink Gesendet: Dienstag, 26. Juni 2007 11:07 An: wicket-user@lists.sourceforge.net Betreff: Re: [Wicket-user] newbie-Question You need to pass a reference for page 1 to page 2 and then instead of using a pagelink on page2 to return to page1 use a regular link which sets the responsepage to the instance of page 1 you passed to page 2. Maurice On 6/26/07, Leucht, Axel [EMAIL PROTECTED] wrote: Sorry if this is a dumb question and has been answered hundred times but I couldn't find any answer to the following question. I do have two HTML pages. Page one contains a link which displays the number on clicks the user executed. The second link jumps to page 2. Page 2 just displays a link to go back to page 1. Assume that user clicks 5 times on the ClickCounter link in page 1 and hence the link displays as 'This link is clicked 5 times'. When the user the switches to page 2 and immediately goes back to page 1 the counter is reset to 0 and rendered as 'This link is clicked 0 times'. What am I doing wrong here? I assumed that clicking on the return-button on page 2 goes back to the original session in page 1 ?! Here is my Java classes: -- page 1 --- public class HelloWorld extends WebPage implements Serializable { public HelloWorld() { add(new Label(message, Foo World!)); add(new PageLink(start, Foo.class)); final ClickCount count1 = new ClickCount(); Link link1 = new Link(link1) { public void onClick() { count1.clicks++; } }; link1.add(new Label(label1, new Model() { public java.lang.Object getObject(Component component) { return Integer.toString(count1.clicks); } })); add(link1); } class
Re: [Wicket-user] Wicket Helloworld using Tomcat
The helloworld example quickly steps over the fact that you have to deploy your example to tomcat. It does mention that you should use the quickstart project. After you have integrated your helloworld example in the quickstart you need to deploy it. Maurice On 6/26/07, tnjtn1 [EMAIL PROTECTED] wrote: HI, I am newer to wicket. just i am trying to use HelloWorld program following this below url with Tomcat5.0 server. http://wicket.sourceforge.net/ExampleHelloWorld.html 1) I have place java file under src folder. 2) I have placed HelloWorld.html file under webContent folder. when i run the Helloworld.html file, it display only -- Message goes here . But it won't display the content of label component.. where i took mistake..? Thanks Regards, kumar -- View this message in context: http://www.nabble.com/Wicket-Helloworld-using-Tomcat-tf3982219.html#a11305084 Sent from the Wicket - User mailing list archive at Nabble.com. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
[Wicket-user] Security comparison
All, I started a little comparison of Wicket security frameworks on the Wicket-Stuff wiki: http://wicketstuff.org/confluence/display/STUFFWIKI/Security+Framework+Comparison As the article states it is not about who's framework is better but about giving a summary of the facts. That being said, I welcome input from others about missing or incorrect information. Also if you would like to see another project up there you can let us know here. Maurice - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Use of Session
imo your best option is to override the newSession method in Application and use your own custom session as it allows you to get your objects back without casting, as you would have to with metadata, and it allows you to do do some detach logic (if you need to). Alternatively you could use the requestcycle in the same way. Maurice On 6/22/07, Matthieu Casanova [EMAIL PROTECTED] wrote: Hi, I'm not familiar with wicket sessions. I understand that I can create my own session object that extends the WebSession, and that will have some fields containing my sessions datas. In that case I have to replace the ISessionFactory of my application. The other choice to store datas in the Session is to use the getMetaData and setMetaData methods of WebSession ? What is the best choice ? thanks Matthieu - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] wicket security and acl files
If you mean java Jaas like acl than swarm is what you are looking for. Optionally if you really want to use jaas and not some look alike i made up you could practically copy swarm and replace most objects with there jaas counterparts. However i chose not to use jaas because we are using that in one of our projects right now and although it works it is less than optimal :) As soon as we make the switch to wicket 1.3.0 jaas will be replaced by swarm. You can also check out the example project here https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-examples Maurice On 6/21/07, Igor Vaynberg [EMAIL PROTECTED] wrote: wicket's security model is completely generic see IAuthorizationStrategy - it is very abstract and thus can be used to implement any kind of authorization wicket-auth is just an example that implements basic role-based model see wicket-stuff wasp and swarm projects http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security -igor On 6/21/07, craigdd [EMAIL PROTECTED] wrote: Is wicket security based only on role based authorization or could it somehow be used with a more traditional ACL type of file / logic. -Craig -- View this message in context: http://www.nabble.com/wicket-security-and-acl-files-tf3960558.html#a11239024 Sent from the Wicket - User mailing list archive at Nabble.com. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Is it possible to set visibility in an IBehavior (in 1.3.0 trunk)?
This sounds more like a security issue than a behavior issue. I expect you can use any security framework for wicket (Swarm, Auth-Roles, someone is working on integrating Acegi) to do this. but off course I would suggest Swarm :) In this particular case it could be as easy as using for instance the SecureTextField and defining the proper principals for your usergroups. You can find more about Swarm here http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security Maurice On 6/19/07, Timo Rantalaiho [EMAIL PROTECTED] wrote: Hello Wicket, We have to hide a couple of components from certain groups of users. We tried doing it with a reusable AbstractBehavior, but calling component.setVisible() in IBehavior.beforeRender() caused the good old cannot modify component hierarchy during render phase exception. There is no onBeforeRender() in IBehavior. Should it be possible for an IBehavior to control visibility (Component.isVisible(), not just HTML or CSS attributes)? The code (calling same code in all relevant isVisible() methods()) works, but it would be interesting to know if there would be a more elegant or reusable solution. We develop on 1.3.0 trunk. Visiting all relevant components (e.g. marked with an interface) from a parent might be possible too. Thanks, Timo -- Timo Rantalaiho Reaktor Innovations OyURL: http://www.ri.fi/ - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] handling expiring pages
2 (nearly the same, but with a form) --- User Sarah logs in, searches a song Anton aus Tirol and starts editing the song data, but doesn't submit the data. She gets away from her desk and when she returns everyting seems fine to her. She continues editing the data of Anton aus Tirol and submits. Her session has expired, so she gets redirected to the login page. She logs in again and the data she wanted to submit get submitted by the application. Sarah is shown the new data of Anton aus Tirol, which she submitted. Yeah, this is only possible with stateless forms, or using bookmarkable pages and code the forms yourself (this might be an option for 1.2). Actually even statelessforms are not going to save you in this case because you wanted to have the user login first. This is most commonly achieved by throwing a RestartResponseAtInterceptPage. But that does not save form postdata in the request, so even though you will get back to the form you don't have the postdata to save. Maurice - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] handling expiring pages
couldn't there be a setting in wicket to turn this on? autoforward_postdata or something ? would be useful to lots of people i imagine. Maurice On 6/19/07, Eelco Hillenius [EMAIL PROTECTED] wrote: Actually even statelessforms are not going to save you in this case because you wanted to have the user login first. This is most commonly achieved by throwing a RestartResponseAtInterceptPage. But that does not save form postdata in the request, so even though you will get back to the form you don't have the postdata to save. True, but the request parameters are available for you to pass on to the next request, so if you think a little bit about it you can do it. Eelco - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Wicket Security Example Time Frame
Well i finally committed my first example to wicket stuff svn at https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-examples. Sorry no live examples at the moment. just an eclipse project ready to run with the tomcat plugin. I will be making more examples in the coming weeks/months. Also if there are any requests as to what you want to see in the examples, just ask. Questions / comments let me know. Maurice On 6/3/07, Maurice Marrink [EMAIL PROTECTED] wrote: Indeed GeneralTest is the place to look at right now. I am working on some examples but there are only so many hours in a day :) Also there is an (unfinished) getting started section at the wiki http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm Thanks for the interest in the project and if you have any questions just ask them on the mailing list Maurice On 6/2/07, craigdd [EMAIL PROTECTED] wrote: I came across the GeneralTest in the security project, looks like a great example starter for the security project. Thanks Craig craigdd wrote: Does anyone know the time frame for the wicket security project to come out with an examples project or is there some early access code people can get access to? The project looks pretty nice, I look forward to doing some evaluation on it and possibly using in on an upcoming project. Thanks Craig -- View this message in context: http://www.nabble.com/Wicket-Security-Example-Time-Frame-tf3855250.html#a10922941 Sent from the Wicket - User mailing list archive at Nabble.com. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] nice url for DownloadLink
wicket 1.3 is available if you include the following in your repositories tag of maven 2 pom.xml repository idwicket-snaps/id urlhttp://wicketstuff.org/maven/repository/url snapshots enabledtrue/enabled /snapshots releases enabledfalse/enabled /releases /repository Maurice On 6/12/07, Jean-Baptiste Quenot [EMAIL PROTECTED] wrote: * Jan Van Besien: Jean-Baptiste Quenot wrote: If I were you I would look at the static pages examples: http://wicketstuff.org/wicket13/staticpages/ Looks promising indeed, but unfortunattely seems to be wicket 1.3 features. I'm using latest stable 1.2.6, and will need to verify if 1.3 is an option (not in public maven repository?). The concepts described in the static pages examples are the same in 1.2.6. You would just have to copy URIRequestTargetUrlCodingStrategy in your project, it is compatible with 1.2.6. -- Jean-Baptiste Quenot aka John Banana Qwerty http://caraldi.com/jbq/ - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Evaluating Wicket
It is at https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/branches/WICKET_1_2/wicket-kronos-cms to be precise. Ted maybe you can refresh our memory about kronos again :) Maurice On 6/12/07, Igor Vaynberg [EMAIL PROTECTED] wrote: two students, who were new to wicket, put together a wicket based cms. it is in wicket-stuff and is called kronos. no need to get gray hair, its probably a good starting point for building your own. -igor On 6/12/07, Francis Amanfo [EMAIL PROTECTED] wrote: Hi Patrick, On 6/12/07, Patrick Angeles [EMAIL PROTECTED] wrote: I'd also like to know if I can mount bookmarkable pages dynamically... say if someone were to create and publish a new CMS page from the admin app. This is a very good question. With Wicket requiring a corresponding Java class for any dynamic page, this could get tricky. I was faced with a similar dilema 2 years ago when I was using Wicket for a medium sized project. Fortunately for me, they decided to drop the CMS for some other reason not relating to Wicket and could hence save my dark hair. Otherwise I might have gotten gray hair by now :-) -- View this message in context: http://www.nabble.com/Evaluating-Wicket-tf3909204.html#a11084242 Sent from the Wicket - User mailing list archive at Nabble.com. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user -- Beware of bugs in the above code; I have only proved it correct, not tried it. -Donald Knuth - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] WASPSession.logout(object)
It isn't fixed on username an password because i want people to be able to use any kind of authentication. e.g. a card reader or retinal scan. A credentials object could be used in this case, but then i am introducing yet another class people need to use / extend. But i already have an idea how to refactor this. Maurice On 6/9/07, craigdd [EMAIL PROTECTED] wrote: Just out of curiosity why doesn't the login method take a username/password? Or if you want it to be more abstracted create some sort of Credentials object and update the WASPSession.login to take a LoginContext and Credentials object. Then update the LoginContext login to take the Credential. -Craig Mr Mean wrote: I just remembered a little snag, this is not going to work because i currently use the context to ask if the component, class, model is authenticated by this context. So i really need it atm. Looks like i need to think this trough a little better. but first i gotta grab some sleep. Maurice On 6/9/07, craigdd [EMAIL PROTECTED] wrote: Sounds like a pretty good idea, I like that much better than having the user need to know they need to cleanup data state in their LoginContext. Another idea might be to have the LoginContext provide a method that returns a unique identifier. That value could be store internally and the user can pass anything they want, I'd assume the default would be to return the username which is completely fair to be in the session. Without looking too closely at the code you could also use this identifier during logout. -Craig Mr Mean wrote: Just thinking out loud here, but it shouldn't be too difficult to change this into holding a hash of the logincontext instead of the whole context. Since the equals contract already specifies that equal object should have equal hashes The equals check can be easily performed on the hash, HashMap actually uses the hash before it uses the equal, so i do not see much problems here. And it is not like you are gonna have an army of logincontexts in each session. Ill see if i can implement this sometime tomorrow. Thanks again for pointing this out, if you think there are more of this kind of problems just let me know. Maurice P.S. i guess an api for getting the original logincontext is out of the question then :) On 6/8/07, craigdd [EMAIL PROTECTED] wrote: Are you saying then that the instance of LoginContext used to login is held onto in the WASPSession, via the security framework? If so then this brings up a huge security issue, as least the way the API sits and the examples showing that a LoginContext takes a username and password in its constructor. This mean that a password(probably plain text) is available in the session which is usually a big no no when it comes to a secure application. I've been through a few security probes from banks on various online applications that that is one of the first thing they look for / ask. Are you holding onto the password? -Craig Mr Mean wrote: There is currently no way to grab the login context, so you could store it yourself (there migh be multiple logintexts though). But the good news is you don't have to store it if you don't want to. The logoff performs an equals check and currently every logincontext of the same class and level is equal to another. So if you login using a MySingleLoginContext(username, password) you can logoff with any new instance of that class (logoff(new MySingleLoginContext());) However if you feel you need to have access to the original instance, for instance because you want to know the username, i can always include such a method in the api. Maurice On 6/8/07, craigdd [EMAIL PROTECTED] wrote: I see that the WASPSession.logout method takes a LoginContext. Is there somewhere within the SWARM implementation to grab the LoginContext used to login? Or when logging in is it up to the developer to put the LoginContext somewhere...say maybe the session itself? Thanks Craig -- View this message in context: http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11018551 Sent from the Wicket - User mailing list archive at Nabble.com. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] WASPSession.logout(object)
:D Well i had to come up with something outrageous didn't i? ;) Maurice On 6/9/07, Igor Vaynberg [EMAIL PROTECTED] wrote: On 6/9/07, Maurice Marrink [EMAIL PROTECTED] wrote: retinal scan. :) -igor - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] WASPSession.logout(object)
Ok, i just committed some refactoring in the authentication module of swarm. To make sure we do not store user credentials in the session. For those of you already depending on swarm, here are the changes. -All is...Authenticated methods from LoginContext are now in Subject, just copy paste the relevant code. -SingleLoginContext has been folded into LoginContext, simply replace any occurrence of the word SingleLoginContext with LoginContext as the constructors remained the same. -LoginContext equal and hashcode are final -LoginContext is now a throw away object and therefor is no longer serializable -LoginContext no longer implements Comparable interface -Subjects are now considered readonly, and therefor the interface does no longer define an addPrincipal method. instead implementations will provide add/remove methods that honor the readonly flag which is set by swarm as soon as the subject has been passed on. I haven't had time to update the getting started yet, so be patient there. Oh and before anyone else says something about it, I'll do it myself :) I know Subject now has a dependency on the wicket gui, making it a less ideal candidate for storing it in a database as before. But my reasoning is this Subject is part of swarm and therefor of wicket, so the dependency is allowed. Instead use your own entity for database storage and wrap them in a Subject that will be thrown away when they logoff. Maurice On 6/9/07, Maurice Marrink [EMAIL PROTECTED] wrote: :D Well i had to come up with something outrageous didn't i? ;) Maurice On 6/9/07, Igor Vaynberg [EMAIL PROTECTED] wrote: On 6/9/07, Maurice Marrink [EMAIL PROTECTED] wrote: retinal scan. :) -igor - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] WASPSession.logout(object)
There is currently no way to grab the login context, so you could store it yourself (there migh be multiple logintexts though). But the good news is you don't have to store it if you don't want to. The logoff performs an equals check and currently every logincontext of the same class and level is equal to another. So if you login using a MySingleLoginContext(username, password) you can logoff with any new instance of that class (logoff(new MySingleLoginContext());) However if you feel you need to have access to the original instance, for instance because you want to know the username, i can always include such a method in the api. Maurice On 6/8/07, craigdd [EMAIL PROTECTED] wrote: I see that the WASPSession.logout method takes a LoginContext. Is there somewhere within the SWARM implementation to grab the LoginContext used to login? Or when logging in is it up to the developer to put the LoginContext somewhere...say maybe the session itself? Thanks Craig -- View this message in context: http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11018551 Sent from the Wicket - User mailing list archive at Nabble.com. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] WASPSession.logout(object)
The loginContext is indeed stored indirectly in the session. But neither wasp nor swarm requires you to: 1 pass in a username and password in a constructor, those are just convenient examples, although you are right and this will be the most likely use case. 2 use plaintext authentication data (e.g. password) 3 hold onto the username and password (or anything else you use for authentication) after the login method is called. As stated in the apidoc the login method is only called once so you can and probably should clear anything used to authenticate your user. The current documentation and or example code does not make this very clear, thanks for pointing that out. Maurice On 6/8/07, craigdd [EMAIL PROTECTED] wrote: Are you saying then that the instance of LoginContext used to login is held onto in the WASPSession, via the security framework? If so then this brings up a huge security issue, as least the way the API sits and the examples showing that a LoginContext takes a username and password in its constructor. This mean that a password(probably plain text) is available in the session which is usually a big no no when it comes to a secure application. I've been through a few security probes from banks on various online applications that that is one of the first thing they look for / ask. Are you holding onto the password? -Craig Mr Mean wrote: There is currently no way to grab the login context, so you could store it yourself (there migh be multiple logintexts though). But the good news is you don't have to store it if you don't want to. The logoff performs an equals check and currently every logincontext of the same class and level is equal to another. So if you login using a MySingleLoginContext(username, password) you can logoff with any new instance of that class (logoff(new MySingleLoginContext());) However if you feel you need to have access to the original instance, for instance because you want to know the username, i can always include such a method in the api. Maurice On 6/8/07, craigdd [EMAIL PROTECTED] wrote: I see that the WASPSession.logout method takes a LoginContext. Is there somewhere within the SWARM implementation to grab the LoginContext used to login? Or when logging in is it up to the developer to put the LoginContext somewhere...say maybe the session itself? Thanks Craig -- View this message in context: http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11018551 Sent from the Wicket - User mailing list archive at Nabble.com. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user -- View this message in context: http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11033924 Sent from the Wicket - User mailing list archive at Nabble.com. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] WASPSession.logout(object)
Just thinking out loud here, but it shouldn't be too difficult to change this into holding a hash of the logincontext instead of the whole context. Since the equals contract already specifies that equal object should have equal hashes The equals check can be easily performed on the hash, HashMap actually uses the hash before it uses the equal, so i do not see much problems here. And it is not like you are gonna have an army of logincontexts in each session. Ill see if i can implement this sometime tomorrow. Thanks again for pointing this out, if you think there are more of this kind of problems just let me know. Maurice P.S. i guess an api for getting the original logincontext is out of the question then :) On 6/8/07, craigdd [EMAIL PROTECTED] wrote: Are you saying then that the instance of LoginContext used to login is held onto in the WASPSession, via the security framework? If so then this brings up a huge security issue, as least the way the API sits and the examples showing that a LoginContext takes a username and password in its constructor. This mean that a password(probably plain text) is available in the session which is usually a big no no when it comes to a secure application. I've been through a few security probes from banks on various online applications that that is one of the first thing they look for / ask. Are you holding onto the password? -Craig Mr Mean wrote: There is currently no way to grab the login context, so you could store it yourself (there migh be multiple logintexts though). But the good news is you don't have to store it if you don't want to. The logoff performs an equals check and currently every logincontext of the same class and level is equal to another. So if you login using a MySingleLoginContext(username, password) you can logoff with any new instance of that class (logoff(new MySingleLoginContext());) However if you feel you need to have access to the original instance, for instance because you want to know the username, i can always include such a method in the api. Maurice On 6/8/07, craigdd [EMAIL PROTECTED] wrote: I see that the WASPSession.logout method takes a LoginContext. Is there somewhere within the SWARM implementation to grab the LoginContext used to login? Or when logging in is it up to the developer to put the LoginContext somewhere...say maybe the session itself? Thanks Craig -- View this message in context: http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11018551 Sent from the Wicket - User mailing list archive at Nabble.com. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user -- View this message in context: http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11033924 Sent from the Wicket - User mailing list archive at Nabble.com. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] WASPSession.logout(object)
I just remembered a little snag, this is not going to work because i currently use the context to ask if the component, class, model is authenticated by this context. So i really need it atm. Looks like i need to think this trough a little better. but first i gotta grab some sleep. Maurice On 6/9/07, craigdd [EMAIL PROTECTED] wrote: Sounds like a pretty good idea, I like that much better than having the user need to know they need to cleanup data state in their LoginContext. Another idea might be to have the LoginContext provide a method that returns a unique identifier. That value could be store internally and the user can pass anything they want, I'd assume the default would be to return the username which is completely fair to be in the session. Without looking too closely at the code you could also use this identifier during logout. -Craig Mr Mean wrote: Just thinking out loud here, but it shouldn't be too difficult to change this into holding a hash of the logincontext instead of the whole context. Since the equals contract already specifies that equal object should have equal hashes The equals check can be easily performed on the hash, HashMap actually uses the hash before it uses the equal, so i do not see much problems here. And it is not like you are gonna have an army of logincontexts in each session. Ill see if i can implement this sometime tomorrow. Thanks again for pointing this out, if you think there are more of this kind of problems just let me know. Maurice P.S. i guess an api for getting the original logincontext is out of the question then :) On 6/8/07, craigdd [EMAIL PROTECTED] wrote: Are you saying then that the instance of LoginContext used to login is held onto in the WASPSession, via the security framework? If so then this brings up a huge security issue, as least the way the API sits and the examples showing that a LoginContext takes a username and password in its constructor. This mean that a password(probably plain text) is available in the session which is usually a big no no when it comes to a secure application. I've been through a few security probes from banks on various online applications that that is one of the first thing they look for / ask. Are you holding onto the password? -Craig Mr Mean wrote: There is currently no way to grab the login context, so you could store it yourself (there migh be multiple logintexts though). But the good news is you don't have to store it if you don't want to. The logoff performs an equals check and currently every logincontext of the same class and level is equal to another. So if you login using a MySingleLoginContext(username, password) you can logoff with any new instance of that class (logoff(new MySingleLoginContext());) However if you feel you need to have access to the original instance, for instance because you want to know the username, i can always include such a method in the api. Maurice On 6/8/07, craigdd [EMAIL PROTECTED] wrote: I see that the WASPSession.logout method takes a LoginContext. Is there somewhere within the SWARM implementation to grab the LoginContext used to login? Or when logging in is it up to the developer to put the LoginContext somewhere...say maybe the session itself? Thanks Craig -- View this message in context: http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11018551 Sent from the Wicket - User mailing list archive at Nabble.com. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user -- View this message in context: http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11033924 Sent from the Wicket - User mailing list archive at Nabble.com. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your
Re: [Wicket-user] Wicket Security Configuration Question
Thanks, Craig I've updated the getting started to include the example for the default mode, which is what most likely you will be using. I am sorry to say that as of yet i do not have an ETA for the examples but i will post it on the mailing list when i have them ready. Maurice On 6/7/07, craigdd [EMAIL PROTECTED] wrote: This original post was under wicket stuff users list and I've reposted it hear for more visibility, as requested by Martijn. The following is the response that I got from Maurice. Hi, what i mean is this: By default SecurePageLink (and all other links with the same securitycheck) checks for an enable action on the page the link points to. This check occurs both in the render (where is decided if the link should be clickable) and in the onclick (just to check if nobody spoofed an url to trigger a link click where it is not allowed). Maybe an example will make things more clear (note to self to update the getting started) HomePage contains a SecurePageLink to PageA. We should declare at least .HomePage, render; in our policy or we will never see the homepage. With just this the link will not be rendered because it lacks .PageA, render; So if we put that in the policy to we will see a disabled link. (wicket turns it into a span by default) but because the component is still available on the server side someone could spoof the url and trigger wicket into thinking the link was clicked, fortunatly the second check i mentioned earlier will detect this and send you to the accessdenied page. Only if we make sure our policy also contains .PageA, enable; the link will be fully operational. I hope this answered your question. :) But if you want to get realy confused you should read on because there is an alternative mode in which it is possible to show the link even if we have not granted render to PageA. I am actually working on some examples showing this alternate mode, but they are not yet available. To activate the alternate rendering mode you need to do this: ((LinkSecurityCheck)link.getSecurityCheck()).setUseAlternativeRenderCheck(true); Given the above example and a policy file only containing HomePage, inherit, render; the link will render as a disabled link. Note the inherit, this means all child components on the homepage are allowed to render. Optionally we could replace that one line with the following two lines HomePage, render; and HomePage:link, render; Assuming the wicket id of our link is link :) To enable the link we would still require PageA, enable; in our policy. Thanks for checking out swarm and wasp, i hope i did not just confuse the hell out you :) Maurice craigdd wrote: In look looking the getting started page for wicket security I came across the following block on text when describing the configuration of principals. What we just did is grant everyone the right to see (render) our HomePage, if there are secure components on the homepage we can see them too (inherit). In addition we granted links to our homepage the right to be clicked (enable). Because we do not want to give links on our homepage the right to be clicked we did not place the enable action on the previous line with the inherit. If we know for a fact that there are absolutely no links pointing to the homepage we could delete the second line, but generally you will want these two lines for any given secure page. If you think, what a long line isn't there a shorter way, then i have good news for you. Hive supports aliases. This means that besides the build in aliases for permissions you can add your own aliases for permissions, principals and names, just not for actions!. aliases can be concatenated but not nested. sow if we rewrite our policy to use aliases we get Just to clarify, when you say In addition we granted links to our homepage the right to be clicked (enable), does this mean that the link, which I assume you mean , is able to be physically clicked? And if it was the opposite, as is the next line of the configuration HomePage, enable, does this mean that the link is disabled to the user, or that it is enabled but you will get an access error exception on the server side? Thanks Craig -- View this message in context: http://www.nabble.com/Wicket-Security-Configuration-Question-tf3884414.html#a11009846 Sent from the Wicket - User mailing list archive at Nabble.com. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] AuthenticatedWebApplication - Component Level Authentication
Please do, yesterday i checked in some changes that should redirect you to the login page if you place secure components on a non secure page. All the documentation and examples are still work in progress but you could check out the junit tests and the documentation here http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm and here http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security Maurice On 6/3/07, mchack [EMAIL PROTECTED] wrote: The override of onUnauthorizedPage didn't work because the framework was throwing the UnauthorizedInstantiationException because the page itself was not secure, but the component was. I was able to handle this by overriding the WebRequestCycle to handle exceptions explicitly as indicated in the previous post: http://www.nabble.com/Exception-Strategy-in-1.3-tf3793570.html#a10790773 My reason for doing this is that I have a fairly generic bookmarkable page (single class) that will serve up varied content (markup) depending upon the URL. I also have a dynamic mechanism using resolve() to detect wicket:id's that have behavior of my choosing. So, my motivation is that while the pages themselves are not declared secure, the HTML developer could inadvertantly reference a secured component. Hence my desire to trap instantiation issues at the component level and then do proper redirection to either the login page or error page. While not a classic use of the framework, I think it has some merit. I will also check out the WASP and SWARM projects. Eelco Hillenius wrote: Hi, On 6/3/07, Maurice Marrink [EMAIL PROTECTED] wrote: Not sure if it is the preferred way of doing things (since this is Eelco's framework) That part is actually Jonathan's but you could override the init() method and set up a different authorizationstrategy and or instantiationlistener, all you have to do for that is skip the call to super and do something similar yourself. Imho, that class is better viewed as an example. Or you can ask Eelco nice and maybe he will remove the final :) I don't think that's needed though. How about overriding onUnauthorizedPage? As long as a user isn't logged in, the strategy will redirect to the page that is returned by getSignInPageClass. After that, onUnauthorizedPage is called when a user tries to access a page he/ she isn't authorized for. Eelco - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user -- View this message in context: http://www.nabble.com/AuthenticatedWebApplication---Component-Level-Authentication-tf3854757.html#a10939875 Sent from the Wicket - User mailing list archive at Nabble.com. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] AuthenticatedWebApplication - Component Level Authentication
Not sure if it is the preferred way of doing things (since this is Eelco's framework) but you could override the init() method and set up a different authorizationstrategy and or instantiationlistener, all you have to do for that is skip the call to super and do something similar yourself. Or you can ask Eelco nice and maybe he will remove the final :) Maurice On 6/2/07, mchack [EMAIL PROTECTED] wrote: I am using the AuthenticatedWebApplication package. I would like to do component level authorization. The framework generates an exception for this that I can't see how I can override. Basic behavior is to be redirected back to Home Page. My reason for doing this at the component level is to make sure that a developer does not include an authorized component in a page, but I would like to direct the conversation back to the login page. Is this not supported or am I missing the way to capture the exception and provide my own handling. onUnauthorizedInstantiation is final so i can't override that. Thanks -- View this message in context: http://www.nabble.com/AuthenticatedWebApplication---Component-Level-Authentication-tf3854757.html#a10921366 Sent from the Wicket - User mailing list archive at Nabble.com. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Wicket Security Example Time Frame
Indeed GeneralTest is the place to look at right now. I am working on some examples but there are only so many hours in a day :) Also there is an (unfinished) getting started section at the wiki http://wicketstuff.org/confluence/display/STUFFWIKI/Getting+started+with+Swarm Thanks for the interest in the project and if you have any questions just ask them on the mailing list Maurice On 6/2/07, craigdd [EMAIL PROTECTED] wrote: I came across the GeneralTest in the security project, looks like a great example starter for the security project. Thanks Craig craigdd wrote: Does anyone know the time frame for the wicket security project to come out with an examples project or is there some early access code people can get access to? The project looks pretty nice, I look forward to doing some evaluation on it and possibly using in on an upcoming project. Thanks Craig -- View this message in context: http://www.nabble.com/Wicket-Security-Example-Time-Frame-tf3855250.html#a10922941 Sent from the Wicket - User mailing list archive at Nabble.com. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Wicket YUI
Hi James, There is a little project coming up for me that will require heavy use of the yui drag and drop functions, so I'll do some checking some time soon and will let you know if i have any questions. Since this is gonna be my first encounter with yui i have no doubt i will come come up with some :) Maurice On 5/31/07, James McLaughlin [EMAIL PROTECTED] wrote: There is a wicket-contrib-yui project included in wicket-stuff on sourceforge: http://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-contrib-yui I've been working on it a little, mostly on the menu module. The drag and drop is somewhat broken, and I haven't had time to look at it. This may have happened when I updated the libs to 2.2.2. But the slider and animation modules work fine. There is very little in the way of documentation, but there is a wicket-contrib-yui-examples project that demos each module. http://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-contrib-yui-examples If you perform a mvn install on wicket-contrib-yui, then a mvn jetty:run on wicket-contrib-yui-examples, you should be up and running in a few minutes. Once I get the menu working to my satisfaction, I will produce some documentation. When I updated the libs, I created a YuiHeaderContributor that will resolve dependencies for the module you want and include the necessary files in the proper order (yui is way weaker than dojo in this respect). A few months ago, a number of people expressed interest in contributing, so if any of you are reading this, I would love to have some help. In particular, i think it would be great if someone could bring drag and drop back to life. I think it could use some pretty heavy refactoring as well. Actually, there have been a lot of changes in wicket since wcy was last worked on, so much of the project could use modernization. If you don't know where to start, respond to this email and I can provide a few ideas. best, jim On 5/31/07, howzat [EMAIL PROTECTED] wrote: Are there any examples/tutorials that re using YUI with Wicket. I see there is also a wicket YUI project but could not find much getting started help. -- View this message in context: http://www.nabble.com/Wicket---YUI-tf3848786.html#a10901677 Sent from the Wicket - User mailing list archive at Nabble.com. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Conditional output
You should use an attribute modifier on the totals row. like this totalsRow.add(new AttributeModifier(colspan,myModel)); If you know for a fact the number of columns is not going to change after a page refresh you could use a new SimpleAttributeModifier(colspan,length) else you should use a model to dynamically compute the number of desired columns Maurice On 5/30/07, Thies Edeling [EMAIL PROTECTED] wrote: All, Say that I have an HTML table with data and the last row is a total with a colspan to align the value: table tr td wicket:id=prjProject A/td td wicket:id=col1stuff/td td wicket:id=col2stuff/td td wicket:id=col35/td /tr tr td colspan=3nbsp;/td td5/td /tr /table When col2 is optional I'd do a col2.setVisible(false) on that label but the colspan in the total row needs to be adjusted as well. Should I create a colspan property in the Page class and do a td colspan=span wicket:id=colspan / or is there another preferred way? Wondering how much I've to 'unlearn' from my JSTL way of doing things :) Thies -- http://blog.ehour.nl/ - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Wicket Acegi ?
If you are using wicket 1.3 you could try the new wicket security framework swarm. unlike acegi it is not url based but component based. It was designed with simplicity in mind so you should be able to get started right away. You can find documentation here http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security The documentation is still work in progress but if you have any question you can always ask them on the mailing list. I am not sure if there is an existing wicket-acegi framework but i believe i have heard of people using them together. Optionally if you are using java 1.5 you could check out the wicket-auth-roles project. Maurice On 5/29/07, Thies Edeling [EMAIL PROTECTED] wrote: Hello all, I'm migrating an existing Struts app to Wicket and have now reached the point where I have to add authentication/authorization to it. In the Struts app I used Acegi to add URL-based security. Ideally I'd re-use my existing Acegi config for Wicket but I can't find any documentation on how to do this. The 'Wicket way' of authentication is mentioned on the Wiki somewhere but details are missing. What's the best way to add simple role-based security to a Wicket app? thanks in advance, Thies -- http://blog.ehour.nl/ - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Wicket Acegi ?
According to your mail, you are only using acegi to do the authentication and let auth-roles handle the authorization. Swarm provides functionality to handle both authentication and authorization and is perfectly capable of delegating to whatever authentication framework you desire. Maurice On 5/29/07, Erik van Oosten [EMAIL PROTECTED] wrote: There was a thread some time ago. In http://www.nabble.com/forum/ViewPost.jtp?post=7285394framed=y this message I explained how we use Acegi in combination with wicket-auth-roles. Regards, Erik. Mr Mean wrote: I am not sure if there is an existing wicket-acegi framework but i believe i have heard of people using them together. Optionally if you are using java 1.5 you could check out the wicket-auth-roles project. -- Erik van Oosten http://2007.rubyenrails.nl/ http://www.day-to-day-stuff.blogspot.com/ -- View this message in context: http://www.nabble.com/Wicket---Acegi---tf3833443.html#a10853872 Sent from the Wicket - User mailing list archive at Nabble.com. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Wicket Acegi ?
Johan, has an excellent point, but we too have a pre wicket 1.3 app so i guess i'll have to make a branche for that app anyhow if i want to replace or old security mechanisme. I don't think it will be much work to backport to 1.2.6. Let me know if you plan on staying with wicket 1.2.x or upgrade to 1.3 Maurice On 5/29/07, Johan Compagner [EMAIL PROTECTED] wrote: you could ofcourse upgrade to 1.3! Now you rewrite from struts to wicket but we are moving alone and then you have to rewrite it again to 1.3. johan On 5/29/07, Thies Edeling [EMAIL PROTECTED] wrote: I'm using 1.2.6 so swarm is not in the picture. Will check out auth-roles as I'm on java 1.5, thx! On Tue, 29 May 2007, Maurice Marrink wrote: If you are using wicket 1.3 you could try the new wicket security framework swarm. unlike acegi it is not url based but component based. It was designed with simplicity in mind so you should be able to get started right away. You can find documentation here http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security The documentation is still work in progress but if you have any question you can always ask them on the mailing list. I am not sure if there is an existing wicket-acegi framework but i believe i have heard of people using them together. Optionally if you are using java 1.5 you could check out the wicket-auth-roles project. Maurice On 5/29/07, Thies Edeling [EMAIL PROTECTED] wrote: Hello all, I'm migrating an existing Struts app to Wicket and have now reached the point where I have to add authentication/authorization to it. In the Struts app I used Acegi to add URL-based security. Ideally I'd re-use my existing Acegi config for Wicket but I can't find any documentation on how to do this. The 'Wicket way' of authentication is mentioned on the Wiki somewhere but details are missing. What's the best way to add simple role-based security to a Wicket app? thanks in advance, Thies -- http://blog.ehour.nl/ - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Wicket Acegi ?
Francis, Swarm does not use apache hivemind. The hivemind reference you saw in the example code is to an internal class who is coincidentally named like apache hivemind. Swarm only requires the following jars besides wicket: Wasp, commons-logging and Log4j. Maurice On 5/29/07, Francis Amanfo [EMAIL PROTECTED] wrote: Hi Marice, While here may I ask a quick question? I've quickly glanced through the docs at Wiki and could see some reference to Hivemind. Does this implementation employs Apache HiveMind and if so I assume I have to place yet another jar on my classpath. Right or not? Regards, Francis On 5/29/07, Maurice Marrink [EMAIL PROTECTED] wrote: Johan, has an excellent point, but we too have a pre wicket 1.3 app so i guess i'll have to make a branche for that app anyhow if i want to replace or old security mechanisme. I don't think it will be much work to backport to 1.2.6. Let me know if you plan on staying with wicket 1.2.x or upgrade to 1.3 Maurice On 5/29/07, Johan Compagner [EMAIL PROTECTED] wrote: you could ofcourse upgrade to 1.3! Now you rewrite from struts to wicket but we are moving alone and then you have to rewrite it again to 1.3. johan On 5/29/07, Thies Edeling [EMAIL PROTECTED] wrote: I'm using 1.2.6 so swarm is not in the picture. Will check out auth-roles as I'm on java 1.5, thx! On Tue, 29 May 2007, Maurice Marrink wrote: If you are using wicket 1.3 you could try the new wicket security framework swarm. unlike acegi it is not url based but component based. It was designed with simplicity in mind so you should be able to get started right away. You can find documentation here http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security The documentation is still work in progress but if you have any question you can always ask them on the mailing list. I am not sure if there is an existing wicket-acegi framework but i believe i have heard of people using them together. Optionally if you are using java 1.5 you could check out the wicket-auth-roles project. Maurice On 5/29/07, Thies Edeling [EMAIL PROTECTED] wrote: Hello all, I'm migrating an existing Struts app to Wicket and have now reached the point where I have to add authentication/authorization to it. In the Struts app I used Acegi to add URL-based security. Ideally I'd re-use my existing Acegi config for Wicket but I can't find any documentation on how to do this. The 'Wicket way' of authentication is mentioned on the Wiki somewhere but details are missing. What's the best way to add simple role-based security to a Wicket app? thanks in advance, Thies -- http://blog.ehour.nl/ - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net
Re: [Wicket-user] Wicket Acegi ?
No problem and thanks. Have you decided yet if you are going to upgrade to wicket 1.3? Maurice On 5/29/07, Francis Amanfo [EMAIL PROTECTED] wrote: Yes, I thought so too since I couldn't see any package reference to apache hivemind but just the name Hivemind, but to be sure I decided to ask. Thanks for the answer and great work. Francis On 5/29/07, Maurice Marrink [EMAIL PROTECTED] wrote: Francis, Swarm does not use apache hivemind. The hivemind reference you saw in the example code is to an internal class who is coincidentally named like apache hivemind. Swarm only requires the following jars besides wicket: Wasp, commons-logging and Log4j. Maurice On 5/29/07, Francis Amanfo [EMAIL PROTECTED] wrote: Hi Marice, While here may I ask a quick question? I've quickly glanced through the docs at Wiki and could see some reference to Hivemind. Does this implementation employs Apache HiveMind and if so I assume I have to place yet another jar on my classpath. Right or not? Regards, Francis On 5/29/07, Maurice Marrink [EMAIL PROTECTED] wrote: Johan, has an excellent point, but we too have a pre wicket 1.3 app so i guess i'll have to make a branche for that app anyhow if i want to replace or old security mechanisme. I don't think it will be much work to backport to 1.2.6. Let me know if you plan on staying with wicket 1.2.x or upgrade to 1.3 Maurice On 5/29/07, Johan Compagner [EMAIL PROTECTED] wrote: you could ofcourse upgrade to 1.3! Now you rewrite from struts to wicket but we are moving alone and then you have to rewrite it again to 1.3. johan On 5/29/07, Thies Edeling [EMAIL PROTECTED] wrote: I'm using 1.2.6 so swarm is not in the picture. Will check out auth-roles as I'm on java 1.5, thx! On Tue, 29 May 2007, Maurice Marrink wrote: If you are using wicket 1.3 you could try the new wicket security framework swarm. unlike acegi it is not url based but component based. It was designed with simplicity in mind so you should be able to get started right away. You can find documentation here http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security The documentation is still work in progress but if you have any question you can always ask them on the mailing list. I am not sure if there is an existing wicket-acegi framework but i believe i have heard of people using them together. Optionally if you are using java 1.5 you could check out the wicket-auth-roles project. Maurice On 5/29/07, Thies Edeling [EMAIL PROTECTED] wrote: Hello all, I'm migrating an existing Struts app to Wicket and have now reached the point where I have to add authentication/authorization to it. In the Struts app I used Acegi to add URL-based security. Ideally I'd re-use my existing Acegi config for Wicket but I can't find any documentation on how to do this. The 'Wicket way' of authentication is mentioned on the Wiki somewhere but details are missing. What's the best way to add simple role-based security to a Wicket app? thanks in advance, Thies -- http://blog.ehour.nl/ - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing
Re: [Wicket-user] Wicket Acegi ?
I know martijn and i will fix this, in the meantime i would like to add to my defense that i am not the only stuff project to use log4j :) Maurice On 5/29/07, Martijn Dashorst [EMAIL PROTECTED] wrote: On 5/29/07, Maurice Marrink [EMAIL PROTECTED] wrote: Swarm only requires the following jars besides wicket: Wasp, commons-logging and Log4j. You did notice that Wicket now uses slf4j instead of clogging? Martijn -- Join the wicket community at irc.freenode.net: ##wicket Wicket 1.2.6 contains a very important fix. Download Wicket now! http://wicketframework.org - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Wicket Acegi ?
:) indeed i realized my mistake after i hit the send button :) Maurice On 5/29/07, Eelco Hillenius [EMAIL PROTECTED] wrote: I know martijn and i will fix this, in the meantime i would like to add to my defense that i am not the only stuff project to use log4j :) You mean commons-logging :) Eelco - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Swarm - [was Wicket Acegi ?]
On 5/29/07, Jan Kriesten [EMAIL PROTECTED] wrote: Why re-invent the wheel with Wasp/Swarm? The same question could be asked when acegi was introduced, or any other security framework for that matter. The simple answer is because it things differently and hopes to solves problems not addressed by other frameworks. Without having any further knowledge of acegi, one of the differences is component oriented security as opposed to url based. wicket is after all component based so why fiddle with urls. Second swarm was designed from the ground to interact with wicket whereas acegi requires you to go through several hoops just to get some simple stuff done. Third configuring a security framework is often not a simple task, i like to think swarm does a better job. Just to name a few of the selling points without going into a my framework is better then yours war. :) Maurice - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Swarm - [was Wicket Acegi ?]
I am sorry if i made you think i was accusing you of starting a framework war, i was merely stating i didn't want to start one :). I am only just reading up on acegi, but what i learned so far is that acegi was designed for spring just like swarm is for wicket so trying to integrate either in the other framework should provide for quite a challenge. Maurice On 5/29/07, Jan Kriesten [EMAIL PROTECTED] wrote: hi maurice, i didn't want to stat a framework war... ;-) my point was just to understand why you started a new thing. i'm currently in the process of selecting a authentication/authorization framework, too. it should be highly flexible, so it can integrated in very different environments. still, the component oriented security should be reflectable. what i was thinking about was - instead of using acegi as a filter and use it on urls - integrate it in the wicket-app and act on top of the components. this sounds like the wasp/swarm-concepts, only that acegi is the base. what i really dislike about acegi is the spring/xml-stuff. but that's another story... ;-) best regards, --- jan. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Swarm - [was Wicket Acegi ?]
True, Swarm does not yet provide blackbox authentication against ldap, cas or whatever else, but it allows you to customize your own authentication allowing you to implement any of those models. And the time not spend on fixing all your urls for acegi can now be spend on implementing cas or ldap for swarm :) Maurice On 5/29/07, Jan Kriesten [EMAIL PROTECTED] wrote: hi martijn, what i really dislike about acegi is the spring/xml-stuff. but that's another story... ;-) If you take the spring/xml and the URL based authorization out of Acegi, what is left? Not a stab at Acegi, just asking. hehe - now i'm having to argue pro acegi where i'm not yet finished finding out if it really is what i'm looking for. *ggg* first of all, what i dislike is the xml-/spring-injection-dependent configuration. everything else is not tight to spring, it can be used in any other environment. everything else is: acegi supports a wide range of authentication models. from http basic authentication headers, ldap to jaas - you just have to choose. also, the authorization is as customizable as is e.g. swarm. like in swarm, you have to define your policies. it's just an implementation detail, if you use it url- or component-based. so, when thinking about authentication/authorization, i don't think of a one-time-installation at one defined customer but how it can be integrated into a variety of heterogenous systems. having a wicket application running in a system using a service-oriented-approach, i might have to use a ticketing system (like cas) to handle authorization. acegi delivers such functionality. best regards, --- jan. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Swarm - [was Wicket Acegi ?]
I don't mind the competition. But it might be a good idea if we can all agree on some common api. for that reason i made wasp. Off course nothing is written in stone so if you have some suggestions I'll be happy to listen to them. Just take a look at wasp, is all i ask. Maurice On 5/29/07, Jan Kriesten [EMAIL PROTECTED] wrote: hi eelco, Yeah, makes sense. Contributions are welcome of course. We don't mind having competing implementations; it'll only make them better :) hehe, i'll keep you posted. ;-) --- jan. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Swarm - [was Wicket Acegi ?]
Don't worry, i like committees about as much as how far i can throw them :) Maurice On 5/29/07, Eelco Hillenius [EMAIL PROTECTED] wrote: I don't mind the competition. But it might be a good idea if we can all agree on some common api. for that reason i made wasp. Off course nothing is written in stone so if you have some suggestions I'll be happy to listen to them. Just take a look at wasp, is all i ask. Yeah, I agree that that's a good idea. Just don't fall into the design by committee trap ;) Eelco - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Bookmarkable pages and transparent login
On account of the serialization, yes this will become a problem for your backbutton support. wicket tries to serialize every page to disk and later retrieve it when a user used the browsers backbutton and then performs an action where it is necessary to go back to the server. On account of the transparent login, like Martijn said if you use a framework for your security it is already handled automagically for you. Now i am a bit biased on the new wicket-security framework since i wrote it :), but you should really check it out sometime. Maurice On 5/28/07, Thomas Singer [EMAIL PROTECTED] wrote: Hm, by default, I'm getting an error that my page is not serializable. But when I set application.getDebugSettings().setSerializeSessionAttributes(false); it works without problems. Could this become a problem when my page still is not serializable? Tom Thomas Singer wrote: Never mind. RestartResponseAtInterceptPageException-handling is more lightweight than I assumed. Of course the other processing is completely up to me. Tom - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Bookmarkable pages and transparent login
P.S you can read more here http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security Maurice On 5/28/07, Maurice Marrink [EMAIL PROTECTED] wrote: On account of the serialization, yes this will become a problem for your backbutton support. wicket tries to serialize every page to disk and later retrieve it when a user used the browsers backbutton and then performs an action where it is necessary to go back to the server. On account of the transparent login, like Martijn said if you use a framework for your security it is already handled automagically for you. Now i am a bit biased on the new wicket-security framework since i wrote it :), but you should really check it out sometime. Maurice On 5/28/07, Thomas Singer [EMAIL PROTECTED] wrote: Hm, by default, I'm getting an error that my page is not serializable. But when I set application.getDebugSettings().setSerializeSessionAttributes(false); it works without problems. Could this become a problem when my page still is not serializable? Tom Thomas Singer wrote: Never mind. RestartResponseAtInterceptPageException-handling is more lightweight than I assumed. Of course the other processing is completely up to me. Tom - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Bookmarkable pages and transparent login
Regarding the backbutton, When you press the backbutton on you're browser, it is the browser who gets the previous page from cache, the server is never notified of this. So regarding wicket, no there is not much you can do on that end. But you might be able with the help of some javascript to remove the license page from the browser, this script should go on the license page but what it should look like i am not entirely sure. might i suggest google :) Regarding the license page, I think it will work in swarm (as the project is called in wicket-security) as you can easily define a new ISecurityCheck for a page and have that redirect to you're license page. If you are interested you can mail me at [EMAIL PROTECTED] and we can see how to customize you're situation. Maurice On 5/28/07, Thomas Singer [EMAIL PROTECTED] wrote: On account of the transparent login, like Martijn said if you use a framework for your security it is already handled automagically for you. Now i am a bit biased on the new wicket-security framework since i wrote it :), but you should really check it out sometime. To be exact, we don't need it for login, but for securing a download by accepting a corresponding license agreement (thanks to German laws). On account of the serialization, yes this will become a problem for your backbutton support. wicket tries to serialize every page to disk and later retrieve it when a user used the browsers backbutton and then performs an action where it is necessary to go back to the server. Hmm, looks like I need to do that. :( The above mentioned download scenario will look like: - select the file to download (e.g. by getting a link by e-mail or by selecting it on our website) - on the file-download page check, whether the session-flag for accepted license agreement is set; if not, redirect to the license agreement page and path an IPageLink for the accept button, so the file-download page gets its right parameters after accepting the license agreement Regarding the back-button: it would be the best if the intermediate license agreement page would not occur when pressing the back-button, but instead the previous page (if any). Is something like that possible? Tom Maurice Marrink wrote: On account of the serialization, yes this will become a problem for your backbutton support. wicket tries to serialize every page to disk and later retrieve it when a user used the browsers backbutton and then performs an action where it is necessary to go back to the server. On account of the transparent login, like Martijn said if you use a framework for your security it is already handled automagically for you. Now i am a bit biased on the new wicket-security framework since i wrote it :), but you should really check it out sometime. Maurice On 5/28/07, Thomas Singer [EMAIL PROTECTED] wrote: Hm, by default, I'm getting an error that my page is not serializable. But when I set application.getDebugSettings().setSerializeSessionAttributes(false); it works without problems. Could this become a problem when my page still is not serializable? Tom Thomas Singer wrote: Never mind. RestartResponseAtInterceptPageException-handling is more lightweight than I assumed. Of course the other processing is completely up to me. Tom - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your
Re: [Wicket-user] Exception Strategy in 1.3
As far as i know the wicket session is mandatory in wicket but that does not mean you have to use it to store information. Other then that i see no reason why your proposed strategy should not work. Maurice On 5/22/07, craigdd [EMAIL PROTECTED] wrote: Basically what I want to do is set the internal error page to my own internal page, i.e. my login page, and add a message from the a resource bundle, .properties file, that includes an error code that is generated from an internal RuntimeException. Another requirement is that a Session is optional, meaning that this should work with or without a Session. -Craig craigdd wrote: What is the best way to implement your own exception strategy in wicket 1.3? I want to add some added logic to my application when an unexcepted exception occurs. During this added logic I want a handle on the page that is being redirected to, ie the internal error page. Thanks Craig -- View this message in context: http://www.nabble.com/Exception-Strategy-in-1.3-tf3793570.html#a10730008 Sent from the Wicket - User mailing list archive at Nabble.com. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Header contribution not always rendered
Its not just pages, i have a panel that adds some javascript to the header which suffers from this problem. Matej, ill see if i can put something together. Maurice On 11/13/06, Matej Knopp [EMAIL PROTECTED] wrote: I've tested this with current 1.3 and couldn't reproduce this. Can you please provide a quick-start project? I'd be more than happy to look into it. -Matej Maurice Marrink wrote: I am using wicket:1.3-incubating-20061113.111007-1 and also have this problem with javascript not being rendered the second time. I render a new page and all is rendered fine. i click on a link to open a new page. there i click on a link that brings me back to the previous page instance. The javascript in the header is missing the second time. Anybody have a solution yet? Maurice On 11/10/06, Matej Knopp [EMAIL PROTECTED] wrote: That's weird. Which wicket version are you using? Seems that Wicket 1.x has already become 1.3 and the latest revision is 473519. Wicket 1.2 has it's own branch now. Are you sure you're using the apache repository? -Matej Erik van Oosten wrote: Hello, Something is going wrong with my header contributions. A css that was added like this add(HeaderContributor.forCss(MyPage.class, MyPage.css)); are only rendered once and then never again. To be precise: - I start jetty. - I request the page (it is bookmarkable). - I get redirected to the signin page, I log in. - The page is displayed correct (with the css). - I press reload and the css is gone. The link is actually not in the header. - Press reload another 50 times, no more css. I have also seen another scenario: the first time the page is rendered it misses the css, the second time it is present and in all following renderings it is gone. All css added with wicket:head/wicket:link elements renders fine. I am using Wicket 1.x, revision 470570 (at moment of writing the latest revision of 1.x). Any ideas on what it is going on here? Regards, Erik. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Header contribution not always rendered
Ok I just finished a simple quickstart showing the problem. you can get it here https://issues.apache.org/jira/browse/WICKET-68. Maurice On 11/14/06, Maurice Marrink [EMAIL PROTECTED] wrote: Its not just pages, i have a panel that adds some javascript to the header which suffers from this problem. Matej, ill see if i can put something together. Maurice On 11/13/06, Matej Knopp [EMAIL PROTECTED] wrote: I've tested this with current 1.3 and couldn't reproduce this. Can you please provide a quick-start project? I'd be more than happy to look into it. -Matej Maurice Marrink wrote: I am using wicket:1.3-incubating-20061113.111007-1 and also have this problem with javascript not being rendered the second time. I render a new page and all is rendered fine. i click on a link to open a new page. there i click on a link that brings me back to the previous page instance. The javascript in the header is missing the second time. Anybody have a solution yet? Maurice On 11/10/06, Matej Knopp [EMAIL PROTECTED] wrote: That's weird. Which wicket version are you using? Seems that Wicket 1.x has already become 1.3 and the latest revision is 473519. Wicket 1.2 has it's own branch now. Are you sure you're using the apache repository? -Matej Erik van Oosten wrote: Hello, Something is going wrong with my header contributions. A css that was added like this add(HeaderContributor.forCss(MyPage.class, MyPage.css)); are only rendered once and then never again. To be precise: - I start jetty. - I request the page (it is bookmarkable). - I get redirected to the signin page, I log in. - The page is displayed correct (with the css). - I press reload and the css is gone. The link is actually not in the header. - Press reload another 50 times, no more css. I have also seen another scenario: the first time the page is rendered it misses the css, the second time it is present and in all following renderings it is gone. All css added with wicket:head/wicket:link elements renders fine. I am using Wicket 1.x, revision 470570 (at moment of writing the latest revision of 1.x). Any ideas on what it is going on here? Regards, Erik. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Header contribution not always rendered
I am using wicket:1.3-incubating-20061113.111007-1 and also have this problem with javascript not being rendered the second time. I render a new page and all is rendered fine. i click on a link to open a new page. there i click on a link that brings me back to the previous page instance. The javascript in the header is missing the second time. Anybody have a solution yet? Maurice On 11/10/06, Matej Knopp [EMAIL PROTECTED] wrote: That's weird. Which wicket version are you using? Seems that Wicket 1.x has already become 1.3 and the latest revision is 473519. Wicket 1.2 has it's own branch now. Are you sure you're using the apache repository? -Matej Erik van Oosten wrote: Hello, Something is going wrong with my header contributions. A css that was added like this add(HeaderContributor.forCss(MyPage.class, MyPage.css)); are only rendered once and then never again. To be precise: - I start jetty. - I request the page (it is bookmarkable). - I get redirected to the signin page, I log in. - The page is displayed correct (with the css). - I press reload and the css is gone. The link is actually not in the header. - Press reload another 50 times, no more css. I have also seen another scenario: the first time the page is rendered it misses the css, the second time it is present and in all following renderings it is gone. All css added with wicket:head/wicket:link elements renders fine. I am using Wicket 1.x, revision 470570 (at moment of writing the latest revision of 1.x). Any ideas on what it is going on here? Regards, Erik. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Header contribution not always rendered
Unfortunately this is not an option for me as the javascript is generated dynamically by the java code. Maurice On 11/13/06, Erik van Oosten [EMAIL PROTECTED] wrote: My current workaround is to include the reference in the markup with wicket:head tags around it. I am sorry I did not yet have the time to create a quickstart/unit test with the problem. Erik. Maurice Marrink schreef: I am using wicket:1.3-incubating-20061113.111007-1 and also have this problem with javascript not being rendered the second time. I render a new page and all is rendered fine. i click on a link to open a new page. there i click on a link that brings me back to the previous page instance. The javascript in the header is missing the second time. Anybody have a solution yet? Maurice On 11/10/06, Matej Knopp [EMAIL PROTECTED] wrote: That's weird. Which wicket version are you using? Seems that Wicket 1.x has already become 1.3 and the latest revision is 473519. Wicket 1.2 has it's own branch now. Are you sure you're using the apache repository? -Matej Erik van Oosten wrote: Hello, Something is going wrong with my header contributions. A css that was added like this add(HeaderContributor.forCss(MyPage.class, MyPage.css)); are only rendered once and then never again. To be precise: - I start jetty. - I request the page (it is bookmarkable). - I get redirected to the signin page, I log in. - The page is displayed correct (with the css). - I press reload and the css is gone. The link is actually not in the header. - Press reload another 50 times, no more css. I have also seen another scenario: the first time the page is rendered it misses the css, the second time it is present and in all following renderings it is gone. All css added with wicket:head/wicket:link elements renders fine. I am using Wicket 1.x, revision 470570 (at moment of writing the latest revision of 1.x). Any ideas on what it is going on here? Regards, Erik. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user -- Erik van Oosten http://www.day-to-day-stuff.blogspot.com/ - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Authorization-question
Ok, so the session is not 100% safe for attaching detaching hibernate stuff. If there is a better place to store something like a user object i would love to here about it. Maurice On 7/31/06, Johan Compagner [EMAIL PROTECTED] wrote: yes but with igors example it is possible that the session is used over multiply request we do have a lock But that lock doesn't lock globally over everything. So it is possible that it gets detached from under your nose. But that is not a problem But it is also possible that you get a user loaded by another thread == hibernate session. Session.detach() is not called in a sync block... johan On 7/31/06, Maurice Marrink [EMAIL PROTECTED] wrote: Glad to see it was just a misunderstanding. I was afraid you guys were gonna tell me the world isn't flat ;) Maurice On 7/31/06, Igor Vaynberg [EMAIL PROTECTED] wrote: i wasnt suggesting setting the user on request cycle, i was suggesting keeping the id in session and letting requestcycle hold the cache for the request. i didnt realize websession has attach/detach, so this can be made simpler MySession extends WebSession { private long userid; private transient User user; setUser(User u) { userid=u.getid(); user=u; } getUser() { if (user==null) { user=loaduserbyid(userid); } return user; } detach() { user=null; } -Igor On 7/31/06, Maurice Marrink [EMAIL PROTECTED] wrote: store is detached. second request comes in and it is dealing with stale data unless you reload the user object. correct that is why you should use an imodel or come up with your own attach detach strategy also storing imodel in session wont work because session doesnt have an imodel slot so who is going to be responsible for detaching that model at the end of request? session has an onattach and ondetach method you can use. Also the way i understand how the whole requestcycle stuff happens (and i know you guys know way more about that then me) is that a new requestcycleobject is created on every request by a factory so how is the current user supposed to get set on the requestcycle? Don't get me wrong i am not criticizing you guys, i am just curious as to how the internals of wicket operate. Maurice On 7/31/06, Igor Vaynberg [EMAIL PROTECTED] wrote: but we are talking about caching here. if you store the instance of the user you loaded in session that is fine for the request that loaded it. but what happens after that request ends? the session is closed, the instance you store is detached. second request comes in and it is dealing with stale data unless you reload the user object. also storing imodel in session wont work because session doesnt have an imodel slot so who is going to be responsible for detaching that model at the end of request? -Igor On 7/31/06, Maurice Marrink [EMAIL PROTECTED] wrote: true, but shouldn't the lock on the session prevent that in like 95% of all the cases? Maurice On 7/31/06, Johan Compagner [EMAIL PROTECTED] wrote: A session can be used by multiply threads/request So it will be detached by those when they are finished. So another request can be busy with it while another calls detach on it. johan On 7/31/06, Maurice Marrink [EMAIL PROTECTED] wrote: i wouldn't recommend doing this in session because user entity will become detached, i would instead do it in the requestcycle so the user is loaded once per request Yeah are you sure about this Igor? because we are also attaching our user object (hibernate object) to our session, lazy loading it whenever needed. And we have not noticed it getting detached before the end of the request. Mats i guess this also answers your question about if it is possible to put an imodel in the session. however if you are really concerned about the db access every time you could always store the team id in the session. Maurice On 7/31/06, Mats Norén [EMAIL PROTECTED] wrote: On 7/31/06, Igor Vaynberg [EMAIL PROTECTED] wrote: i wouldnt recommend doint this in session because user entity will become detached, i would instead do it in the requestcycle so the user is loaded once per request It is? I've used a User-object in session and I haven't noticed that it gets detached I guess I'll have to look into to that. Can I still have a getUser() method in Session that in turn uses the code below? I think I saw an example (could have been in databinder) where a IModel was stored in session. Is that an alternative
Re: [Wicket-user] Authorization-question
i wouldn't recommend doing this in session because user entity will become detached, i would instead do it in the requestcycle so the user is loaded once per request Yeah are you sure about this Igor? because we are also attaching our user object (hibernate object) to our session, lazy loading it whenever needed. And we have not noticed it getting detached before the end of the request. Mats i guess this also answers your question about if it is possible to put an imodel in the session. however if you are really concerned about the db access every time you could always store the team id in the session. Maurice On 7/31/06, Mats Norén [EMAIL PROTECTED] wrote: On 7/31/06, Igor Vaynberg [EMAIL PROTECTED] wrote: i wouldnt recommend doint this in session because user entity will become detached, i would instead do it in the requestcycle so the user is loaded once per request It is? I've used a User-object in session and I haven't noticed that it gets detached I guess I'll have to look into to that. Can I still have a getUser() method in Session that in turn uses the code below? I think I saw an example (could have been in databinder) where a IModel was stored in session. Is that an alternative? ((MyRequestCycle)RequestCycle.get()).getUser(); MyRequestCycle { private transient User user; getuser() { if (user==null) { user=loaduser(session.get().getuserid()); } onendrequest() { user=null; } } -Igor /Mats - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Authorization-question
true, but shouldn't the lock on the session prevent that in like 95% of all the cases? Maurice On 7/31/06, Johan Compagner [EMAIL PROTECTED] wrote: A session can be used by multiply threads/request So it will be detached by those when they are finished. So another request can be busy with it while another calls detach on it. johan On 7/31/06, Maurice Marrink [EMAIL PROTECTED] wrote: i wouldn't recommend doing this in session because user entity will become detached, i would instead do it in the requestcycle so the user is loaded once per request Yeah are you sure about this Igor? because we are also attaching our user object (hibernate object) to our session, lazy loading it whenever needed. And we have not noticed it getting detached before the end of the request. Mats i guess this also answers your question about if it is possible to put an imodel in the session. however if you are really concerned about the db access every time you could always store the team id in the session. Maurice On 7/31/06, Mats Norén [EMAIL PROTECTED] wrote: On 7/31/06, Igor Vaynberg [EMAIL PROTECTED] wrote: i wouldnt recommend doint this in session because user entity will become detached, i would instead do it in the requestcycle so the user is loaded once per request It is? I've used a User-object in session and I haven't noticed that it gets detached I guess I'll have to look into to that. Can I still have a getUser() method in Session that in turn uses the code below? I think I saw an example (could have been in databinder) where a IModel was stored in session. Is that an alternative? ((MyRequestCycle)RequestCycle.get()).getUser(); MyRequestCycle { private transient User user; getuser() { if (user==null) { user=loaduser( session.get().getuserid()); } onendrequest() { user=null; } } -Igor /Mats - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Authorization-question
store is detached. second request comes in and it is dealing with stale data unless you reload the user object. correct that is why you should use an imodel or come up with your own attach detach strategy also storing imodel in session wont work because session doesnt have an imodel slot so who is going to be responsible for detaching that model at the end of request? session has an onattach and ondetach method you can use. Also the way i understand how the whole requestcycle stuff happens (and i know you guys know way more about that then me) is that a new requestcycleobject is created on every request by a factory so how is the current user supposed to get set on the requestcycle? Don't get me wrong i am not criticizing you guys, i am just curious as to how the internals of wicket operate. Maurice On 7/31/06, Igor Vaynberg [EMAIL PROTECTED] wrote: but we are talking about caching here. if you store the instance of the user you loaded in session that is fine for the request that loaded it. but what happens after that request ends? the session is closed, the instance you store is detached. second request comes in and it is dealing with stale data unless you reload the user object. also storing imodel in session wont work because session doesnt have an imodel slot so who is going to be responsible for detaching that model at the end of request? -Igor On 7/31/06, Maurice Marrink [EMAIL PROTECTED] wrote: true, but shouldn't the lock on the session prevent that in like 95% of all the cases? Maurice On 7/31/06, Johan Compagner [EMAIL PROTECTED] wrote: A session can be used by multiply threads/request So it will be detached by those when they are finished. So another request can be busy with it while another calls detach on it. johan On 7/31/06, Maurice Marrink [EMAIL PROTECTED] wrote: i wouldn't recommend doing this in session because user entity will become detached, i would instead do it in the requestcycle so the user is loaded once per request Yeah are you sure about this Igor? because we are also attaching our user object (hibernate object) to our session, lazy loading it whenever needed. And we have not noticed it getting detached before the end of the request. Mats i guess this also answers your question about if it is possible to put an imodel in the session. however if you are really concerned about the db access every time you could always store the team id in the session. Maurice On 7/31/06, Mats Norén [EMAIL PROTECTED] wrote: On 7/31/06, Igor Vaynberg [EMAIL PROTECTED] wrote: i wouldnt recommend doint this in session because user entity will become detached, i would instead do it in the requestcycle so the user is loaded once per request It is? I've used a User-object in session and I haven't noticed that it gets detached I guess I'll have to look into to that. Can I still have a getUser() method in Session that in turn uses the code below? I think I saw an example (could have been in databinder) where a IModel was stored in session. Is that an alternative? ((MyRequestCycle)RequestCycle.get()).getUser(); MyRequestCycle { private transient User user; getuser() { if (user==null) { user=loaduser( session.get().getuserid()); } onendrequest() { user=null; } } -Igor /Mats - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net 's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
Re: [Wicket-user] Custom number formatting
You need 3 classes for this. 1 class to convert from string to number. 1 class to convert from number to string. and 1 converterfactory with both classes registered for your number type. for instance private static final class IridiumConverterFactory implements IConverterFactory { public IConverter newConverter(Locale locale) { DateFormat dateFormat = new SimpleDateFormat(dd-MM-); Locale nl = new Locale(nl, NL); DateConverter dateConverter = new DateConverter(); dateConverter.setDateFormat(nl, dateFormat); StringConverter stringConverter = new StringConverter(); DateToStringConverter dateToStringConverter = new DateToStringConverter(); dateToStringConverter.setDateFormat(nl, dateFormat); stringConverter.set(java.util.Date.class, dateToStringConverter); stringConverter.set(java.sql.Date.class, dateToStringConverter); stringConverter.set(java.sql.Timestamp.class, dateToStringConverter); DoubleConverter doubleConverter = new DoubleConverter(); Converter converter = new Converter(locale); converter.set(java.sql.Timestamp.class, dateConverter); converter.set(java.sql.Date.class, dateConverter); converter.set(java.util.Date.class, dateConverter); converter.set(String.class, stringConverter); converter.set(Double.class, doubleConverter); TimeConverter timeConverter = new TimeConverter(); converter.set(Time.class, timeConverter); return converter; } } Then set this factory in your application.init() like this applicationSettings.setConverterFactory(new IridiumConverterFactory()); A good starting point for your string to number converter is either AbstractDecimalConverter or AbstractNumberConverter. Maurice On 7/31/06, Paolo Di Tommaso [EMAIL PROTECTED] wrote: I need to implement a special numbers formatting in my wicket application. Basically I have to round number to the first digit and use a blank space as thousand separator. For example instead to display number like '1, 000.33' it is required to display (and user will input) '1 000'. I can do that in Wicket? Thank for helping. -- Paolo - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Authorization-question
Glad to see it was just a misunderstanding. I was afraid you guys were gonna tell me the world isn't flat ;) Maurice On 7/31/06, Igor Vaynberg [EMAIL PROTECTED] wrote: i wasnt suggesting setting the user on request cycle, i was suggesting keeping the id in session and letting requestcycle hold the cache for the request. i didnt realize websession has attach/detach, so this can be made simpler MySession extends WebSession { private long userid; private transient User user; setUser(User u) { userid=u.getid(); user=u; } getUser() { if (user==null) { user=loaduserbyid(userid); } return user; } detach() { user=null; } -Igor On 7/31/06, Maurice Marrink [EMAIL PROTECTED] wrote: store is detached. second request comes in and it is dealing with stale data unless you reload the user object. correct that is why you should use an imodel or come up with your own attach detach strategy also storing imodel in session wont work because session doesnt have an imodel slot so who is going to be responsible for detaching that model at the end of request? session has an onattach and ondetach method you can use. Also the way i understand how the whole requestcycle stuff happens (and i know you guys know way more about that then me) is that a new requestcycleobject is created on every request by a factory so how is the current user supposed to get set on the requestcycle? Don't get me wrong i am not criticizing you guys, i am just curious as to how the internals of wicket operate. Maurice On 7/31/06, Igor Vaynberg [EMAIL PROTECTED] wrote: but we are talking about caching here. if you store the instance of the user you loaded in session that is fine for the request that loaded it. but what happens after that request ends? the session is closed, the instance you store is detached. second request comes in and it is dealing with stale data unless you reload the user object. also storing imodel in session wont work because session doesnt have an imodel slot so who is going to be responsible for detaching that model at the end of request? -Igor On 7/31/06, Maurice Marrink [EMAIL PROTECTED] wrote: true, but shouldn't the lock on the session prevent that in like 95% of all the cases? Maurice On 7/31/06, Johan Compagner [EMAIL PROTECTED] wrote: A session can be used by multiply threads/request So it will be detached by those when they are finished. So another request can be busy with it while another calls detach on it. johan On 7/31/06, Maurice Marrink [EMAIL PROTECTED] wrote: i wouldn't recommend doing this in session because user entity will become detached, i would instead do it in the requestcycle so the user is loaded once per request Yeah are you sure about this Igor? because we are also attaching our user object (hibernate object) to our session, lazy loading it whenever needed. And we have not noticed it getting detached before the end of the request. Mats i guess this also answers your question about if it is possible to put an imodel in the session. however if you are really concerned about the db access every time you could always store the team id in the session. Maurice On 7/31/06, Mats Norén [EMAIL PROTECTED] wrote: On 7/31/06, Igor Vaynberg [EMAIL PROTECTED] wrote: i wouldnt recommend doint this in session because user entity will become detached, i would instead do it in the requestcycle so the user is loaded once per request It is? I've used a User-object in session and I haven't noticed that it gets detached I guess I'll have to look into to that. Can I still have a getUser() method in Session that in turn uses the code below? I think I saw an example (could have been in databinder) where a IModel was stored in session. Is that an alternative? ((MyRequestCycle)RequestCycle.get()).getUser(); MyRequestCycle { private transient User user; getuser() { if (user==null) { user=loaduser( session.get().getuserid()); } onendrequest() { user=null; } } -Igor /Mats - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net 's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net
Re: [Wicket-user] Deployment / Development mode
Johan, I don't know what you have been drinking, but it must have contained alot of alcohol ;). To determine at runtime if the application is running in development mode we use the following code in Application.init. Note that this code runs before super.init(), unfortunately we cannot place this code in the constructor because it uses some field that have not been set at that time. WicketServlet wicketServlet = getWicketServlet(); String configuration = wicketServlet.getInitParameter(Application.CONFIGURATION); if (configuration == null) configuration = wicketServlet.getServletContext().getInitParameter(Application.CONFIGURATION); development = configuration != null configuration.equals(Application.DEVELOPMENT); development is a global boolean field we added so we can now ask the application at anytime if we are in development mode. This code btw came from Johan. On 7/21/06, Johan Compagner [EMAIL PROTECTED] wrote: The problem is that you want to know at code time This is also something Maurice wanted to know. He does it do now by checking another value that he knows is there in development but not in deployment. johan On 7/21/06, Martijn Dashorst [EMAIL PROTECTED] wrote: I think it is logged in the log4j log. Martijn On 7/21/06, Johan Compagner [EMAIL PROTECTED] wrote: This can't be done that easily at the moment. If you don't alter this: getAjaxSettings().setAjaxDebugModeEnabled(true); yourself then you could ask for the ajax debug model enable property.. We should have an settings.getModel() i guess would be nice. Can you make a RFE for this? johan On 7/21/06, Paolo Di Tommaso [EMAIL PROTECTED] wrote: How to know if an application is in Deployment or Development mode? Thank for helping. - Paolo - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user -- Download Wicket 1.2 now! Write Ajax applications without touching JavaScript! -- http://wicketframework.org - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Sessions?
The wicket way of storing objects in your session is by extending the wicket session. For example if you want to store somekind of User object in your session, you would create a getter and setter for it in your custom wicket session. For wicket to work with your custom session you should either overwrite newSession() in WebApplication or provide your own ISessionFactory. Maurice On 5/16/06, Nino Wael [EMAIL PROTECTED] wrote: Hi I have an object I would like to have stored in session, so that I may pass it between pages. I've been looking at some sniplets and created this code for setting the object: HttpServletRequest request = ((WebRequest)RequestCycle.get().getRequest()).getHttpServletRequest(); request.setAttribute(here, Hello world); I am setting the value on the base of a panel which holds a button that contains the below code in a onsubmit override. And this piece for getting the value: HttpServletRequest request = ((WebRequest) RequestCycle.get().getRequest()).getHttpServletRequest(); String Message = (String) request.getAttribute(here); info(Message); I am getting the value on a onsubmit of a button. However my String(message) are null how can that be, does it have something to do with the scope?? If I paste the getting code in the same place as my setting code it works just fine. I do also feel that this is not 100% the wicket way to do it, so I must have overlooked the better way? --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid0709bid3057dat1642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] More on refreshing page contents
Hi, I am also wrestling with the matrix beast and am still exploring my options. However i might be able to help you out. In your code the label is given a string as diplay value. This string is not updated when the item model is. So you should give the label the model of the item. If you want some fancy numberformatting to take place you can always overwrite the getConverter() method of your label to convert the bigdecimal to a string there. Hope this helps. Maurice On 4/4/06, Anders Peterson [EMAIL PROTECTED] wrote: Hi All, With one page I'm displaying a matrix of numbers and I have a problem updating/refreshing it. I roughly understand why it doesn't work, but I don't know what the best/correct way to make it work is. Basically I have a ListView of rows and the last column in each row is in turn a ListView creating more columns to the right. That final ListView is implemented with the code you can see below. How was I supposed to have done this to have updating/refreshing happen as automagically as possible? (I'm using Wicket 1.1.1) /Anders ListView tmpCorrList = new ListView(ID_CORRELATIONS, tmpInstrument.getCorrelations()) { BigDecimal tmpCoefficient; public void populateItem(final ListItem anItem) { tmpCoefficient = (BigDecimal) anItem.getModelObject(); anItem.add(new Label(ID_COEFFICIENT, tmpCoefficient.toString())); } --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] adding required validator to a a component in the list view
Unless i am mistaken, wicket searches for several keys. You should be able to use myPanel.firstName or simply firstName. Maurice On 4/3/06, Dipu [EMAIL PROTECTED] wrote: Hi , Is there a way to add required validator to a component in the list view If i add a required validator to a component in the list view how will i specify the resource key in the properties file. With the current version wicket is complaining with the following message. Caused by: java.util.MissingResourceException: Unable to find resource: RequiredValidator for component: myForm:myList:0:myPanel:firstName Thanks Dipu --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] IAuthorizationStrategy and TabbedPanel
dammit johan why did you have to reply so fast, i was writing an entire novel :P Well perhaps i can elaborate some more on your short answer. isInstantiationAuthorized is only called when the constructor is used. So if you created all the tabs up front in your page's constructor they won't get called when you change panels. If you create the new panel when you switch panels it should work, but like johna said you are better of not showing the link that will switch to that panel at all. to do that you need to use the isActionAuthorized method from the IAuthorisation strategy and check for an action of RENDER on that link. Or if you do want to show the link just not be able to click it you should check for ENABLE. Maurice On 3/14/06, Johan Compagner [EMAIL PROTECTED] wrote: then you already did create that panel But in my eyes the problem is earlier.. Why can you click on the link that makes that tab panel visible? The link shouldn't be there.. johan On 3/14/06, R.A [EMAIL PROTECTED] wrote: Hi, I have a question about IAuthorizationStrategy. I create a class for authentication that implements IAuthorizationStrategy. isInstantiationAuthorized in the class is not called when jump one Panel to another Panel using TabbedPanel in one WebPage class. I want to autenticate when using TabbedPanel too. How do I do? I use wickt1.2-beta1. Thank you. R.A -- View this message in context: http://www.nabble.com/IAuthorizationStrategy-and-TabbedPanel-t1277505.html#a3393074 Sent from the Wicket - User forum at Nabble.com. --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] IAuthorizationStrategy and TabbedPanel
Then you need as johan and i both said: authorize on the link click just have your strategy check the ENABLE action in the isActionAuthorized method for those tab links. there you should check if they have enough points and if not throw an exception to redirect the to a page explaining why they can not click on that tab. Also i think you should put this same check on the RENDER action that way once it has been established the user does not have enough points the tab won't show up again. Maurice On 3/14/06, R.A [EMAIL PROTECTED] wrote: Hi Maurice and Johan, I understand you both. I spell out. One of my authenticate logic is whether logged in user can to use my services, for example the user has enough points or not. If user's points are not enough, I shut the user out of some service. User's points are in the database and fluctuant by another system. So I want to check user's points every time user accesses a page and tab panel. Even if when the user accesses first tab the user's points are enough, the user's points may not enough when the user accesses second tab. I want to authenticate every click tab link. Thank you. R.A -- View this message in context: http://www.nabble.com/IAuthorizationStrategy-and-TabbedPanel-t1277505.html#a3394354 Sent from the Wicket - User forum at Nabble.com. --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] IAuthorizationStrategy and TabbedPanel
isActionAuthorized is called for each component at render time and in case of a link when it is clicked. And yes you should use the component argument to determine if it is one of your tabs or not. Maurice On 3/14/06, R.A [EMAIL PROTECTED] wrote: Hi Maurice, I tried follow your advice. In the case of onRender achieved I a desired result. Thank you! But is isActionAuthorized method called by an increment of components in the page? For authentication I ask the database access and I would not like to increase it. Or is it necessary to determin whether Component argument of isActionAuthorized is tab or not? Thank you. R.A -- View this message in context: http://www.nabble.com/IAuthorizationStrategy-and-TabbedPanel-t1277505.html#a3395275 Sent from the Wicket - User forum at Nabble.com. --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Get version of Wicket from program
Codesource should never be null, if you class is in a jar file, codesource points to the jar. else it might point to a directory where your class files can be found (or in subdirs thereof). if none of the above is available it will point to the classfile itself. But perhaps Martijn can tell you how he did it, i know he did it for our project but can't seem to find where. Maurice On 3/7/06, Joni Suominen [EMAIL PROTECTED] wrote: On Tue, 2006-03-07 at 10:27 +0100, Juergen Donnerstag wrote: Do you know how to access that information? How do you get the jar file name a specific class has been loaded from? getClass().getProtectionDomain().getCodeSource().getLocation() gives you the location where the class was loaded from. I don't know in which situations the CodeSource may be null, though. Joni --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Wicket and JAAS integration
I don't believe letting the webcontainer handle all the security has come up on the mailing before. So i am afraid i cannot help you there. However i have build a jaas securityframework for wicket (1.2) allowing your wicket app to control what pages/ components are displayed based on the information in your policy file. If you are interested in that i could send you a jar. Maurice On 3/2/06, Piotr Bzdyl [EMAIL PROTECTED] wrote: Hello, How can I integrate wicket with the JAAS? I mean configuring web.xml with following configuration: security-constraint web-resource-collection web-resource-nameMySystem authorized area/web-resource-name url-pattern/app/*/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-nameMySystemUser/role-name /auth-constraint user-data-constraint transport-guarantee NONE /transport-guarantee /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameMySystem/realm-name form-login-config form-login-page/login.html/form-login-page form-error-page/loginFailed.html/form-error-page /form-login-config /login-config security-role role-nameMySystemUser/role-name /security-role Another concern is what to do if I want to let the user to access my wicket home page but restrict access to other pages using container authorization? Best regards, Piotr --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Detachable resources
I think he is already doing that johan, hence the question about the re-attaching. Although there seems to be something going wrong because all models are detatched at the end of a request (unless you are nesting models and you don't propagate the detach call to the nested model). on detach the loadabledetachable model should set the hibernate object to null and only store the class and the id so when later attach is called it can load them from the session. That is what you usually use however if for some strange reason you must keep the hibernateobject in your model then you have to resort to stuff like re-attach or merge (all in the hibernate session object ) Personaly i have some experiance with re-attching hibernate objects to the session and it is not something you can use out of the box. For instance re-attch throws an exception if an object with the same id is already loaded in the session (you need to do some dirty tricks to find out if this is the case since hibernate does not have an api for this). Re-attach only works for the hibernateobject you re-attached, meaning if i have an object A with a list of objects of type C and a reference to object B, after re-attching i can only safely call A and C. if B has any lazy list they will give me an exception because they have not been re-attched. Maurice On 2/24/06, Johan Compagner [EMAIL PROTECTED] wrote: personally i wouldn't keep hibernate objects in my models. Let one of the Hibernate caches do that for you down below (closer to youre data) instead of in the ui level/models. On 2/23/06, Gili [EMAIL PROTECTED] wrote: Ah! Thank you :) You seemed to have missed my question regarding clustering. Do I need to fully detach LoadableDetachableModel on resource close or is it sufficient to reattach the Hibernate objects to a new Session on the next request? Will the latter cause problems in clustering environments? Thank you, Gili Johan Compagner wrote: Iresourcestream.close() On 2/23/06, *Gili* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I meant I haved a Resource that gets its data from the database. So I wrapped my Hibernate object in a LoadableDetachableModel. Basically what I am noticing is this: 1) First request comes in 2) New Hibernate session is opened 3) Resource.getData() gets invoked 4) LoadableDetachableModel.attach() gets invoked and its object is returned. Resource uses this to generate its data. 5) Data is returned to client, Hibernate session is closed at the end of the request (by my servlet filter) 6) Second request comes in 7) LoadableDetachableModel thinks it is still attached 8) I try using the Hibernate object it returns but it is now disconnected from the Session so I have to explicitly reconnect it to a new session. Ideally I'd like to have a mechanism which lets me know when I should reconnect the Hibernate objects to the session so if Resource.getLength(), getData() get invoked in a single HTTP request, I only attach them to the session once. In my original image I was looking for a way to detach() LoadableDetachableModel at the end of each HTTP request, but I realize now this might be overkill. It is far more expensive to re-attach a LoadableDetachableModel than simply reattach its resulting object to the Hibernate session. So two questions: 1) Is there a good reason to re-attach the LoadableDetachableModel at the beginning of each HTTP request? Or is it enough to simply re-attach the Hibernate object? Will the latter break anything in a clustering environment? 2) Does it make sense for Wicket to provide some sort of mechanism/hook to let the resource know when the HTTP request begins/ends so it can reattach its model objects (if any exist) to the database? Thank you, Gili Johan Compagner wrote: i guess you are now talking about a Component that is directly its own Resource Streamer? of do you have Shared Resources with a detachablemodel? That would be strange because that doesn't make anysense for wicket (we don't attach/detach it) But for a component and a model impl that has the resource this shouldn't be a problem to begin with Because the stream is done in one go so contenttype, data. And last modified is not checked for those so only a last modifed request doesn't come anyway And if it did then still we need to detach it because over request everything needs to be detached. johan On 2/23/06, *Gili* [EMAIL PROTECTED] mailto: [EMAIL
Re: [Wicket-user] I submited a new bug in wicket-1.2-20060108
Maybe you remember johan and i worked on introducing a security framework into wicket. One of the things we had (still do actually :)) was an access denied page that could be overridden by the developper. Maurice 2006/1/10, Igor Vaynberg [EMAIL PROTECTED]: im not a big fan of the null = continue idea since its very implicit. -Igor On 1/9/06, Juergen Donnerstag [EMAIL PROTECTED] wrote: May that is how we should change it. Instead of return a boolean a Page. If null than go on, else goto the page provided. Juergen On 1/9/06, Johan Compagner [EMAIL PROTECTED] wrote: What do you expect it should do? Just an empty page? Or an internal error page? If you look at the signin examples you see that we set a response page: redirectToInterceptPage(newPage(SignIn2.class)); So if you don't set any response page but do return false. What should the framework do? johan On 1/9/06, pepone pepone [EMAIL PROTECTED] wrote: wicket-1.2-20060108 Page renders when checkAccess returns false http://sourceforge.net/tracker/index.php?func=detailaid=1400643group_id=119783atid=684975 -- play tetris http://pepone.on-rez.com/tetris --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37alloc_id865opclick ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37alloc_id865opclick ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37alloc_id865op=click ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] After redirection doRender() still called
you could use an IAuthorizationStrategy to perform a check at the constructor of your page. This is from the java doc /** * Authorization strategies control on a low level how authorization is implied. * A strategy itself is generally not responsible for enforcing it. What a * strategy does do is tell the framework whether a component may be created * (especialy usefull for implementing secure bookmarkable pages and components * that should always be secure no matter what environment they are put it), * whether it may be rendered (which can result in components being 'filtered' * from a page, or triggering the page to not be rendered at all and redirecting * to a error or logon page), and whether a component may be enabled (thus * controlling it's reachability etc) at all. * * @author Eelco Hillenius * @author Jonathan Locke */ The only catch is that you specify the strategy application wide so your strategy will be called for every component you create (not just pages). This is ofcourse not a big problem, just something i would like to see changed (just in case you are reading this eelco ;)) 2005/12/22, John Patterson [EMAIL PROTECTED]: Hi Wicketeers, I have a page which can only be viewed if the user is logged in. If the user is not logged in then checkAccess() redirects to a sign in page and returns false. I moved my page building code to the onBeginRequest() method so that it is only called when it is really needed (ie not when the page cannot be viewed). However, in my original page doRender() is still called and the html is parsed etc. This involves looking up data from the database which is never shown. Is there any way to build a page that will only be built if it is actually going to be displayed? Thanks, John. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37alloc_id865op=click ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Using POJO as Model - is this right?
You could always use a different model (containing just the fileupload object) for the fileupload and the compoundmodel for the rest of the form. then in the onsubmit you could get both models set the blob on your pojo and save it. this way you can keep your pojo clean. Maurice 2005/12/23, Joshua Lim [EMAIL PROTECTED]: Hi I have a question about using POJO as Models in wicket. BTW, love the framework ! I am using Hibernate 3 and Wicket 1.1 I've got 2 POJO : Contestant -1:n- Design. I have a page which lets a Contestant uploads a bunch of images and each of these images are stored as Blobs in a database. Each image is a Design Here's the 'problem' I am setting Contestant object as the CompoundPropertyModel, which is ok. and everything is populated. I use a ListView to handle set of Designs within the form, and I have FileUploadField to handle image file uploads. The FileUploadField, however, will populate a FileUpload object which I had to add into my POJO, and onSubmit, I then populate my Bolb field... Question: Although it works, does this sound right in using my POJO as a Model? becuase I really don't like the idea of having to modify my POJO just to accommodate the wicket page, becasue I might have another page which may require a checkbox for e.g. for some other reasonand I have to modify my Pojo again? I would like to have a Pojo that is not dependant on the wicket page ... is this right? any advise? Am I using it correctly? Thanks Joshua --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37alloc_id865op=click ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Hibernate transactions
Actually, transactions are either committed automaticly within there method call dao.save(someObject) or if i need to batch several operations in 1 transaction i let the onclick event commit the transaction for me. public void onclick() { Object obj=dao.batchLoad(id); dao.batchDelete(obj); dao.commit(); } but thats just how we do things, remember i told you we rollback at the end of a request. you could just as easilly commit there then you would not have to worry about mixing transaction code all over wicket code. Maurice 2005/12/16, John Patterson [EMAIL PROTECTED]: It also creates a new transaction for every data operation which does not allow for making multiple operations atomic. Not true. Our base dao has methods for batching saves, updates and the like that use the currently running transaction, with 1 single method call you can then commit this transaction whenever you want. So you have transaction related methods on your DAO? If so the user is responsible for defining the transaction boundary's. I would prefer this to be automatically handled by the container OR by some wicket specific handler. Separation of concerns and all that... --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37alloc_id865op=click ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Hibernate transactions
imho, your transactions should only be concerned with what happens in event handlers (onclick/onsubmit) and not through the enitire request cycle because anything outside the handlers should be read-only access and thus not require a transaction. That would indeed be desirable, however as of the latest hibernate you are required to have atransaction at all times. Even for read only operations. failing to do results in lazyinit exceptions from hibernate. Maurice 2005/12/17, Igor Vaynberg [EMAIL PROTECTED]: yes. considering what you are trying to do that will work. still not sure why you are trying to do it this way, seems silly to me to tie transaction handling with UI code. imho, your transactions should only be concerned with what happens in event handlers (onclick/onsubmit) and not through the enitire request cycle because anything outside the handlers should be read-only access and thus not require a transaction. so i think you are setting the boundaries a bit wide. but as i said, this is imho. anyway i created an example of what you want a while back - pre requestcycle refactoring - so if you want to take a look you can find it here http://www.mail-archive.com/wicket-user@lists.sourceforge.net/msg07587.html my approach was a bit inversed opposed to yours. i used the application to handle sessions and used requestcycle to signal certain events to the application. that way all transaction mgmt lives in the application. -Igor On 12/17/05, John Patterson [EMAIL PROTECTED] wrote: On Saturday 17 Dec 2005 15:19, Igor Vaynberg wrote: you might not be able to do it using the try/catch/finally semantic, but there are plenty of hooks in there to do it without. the iexceptionresponsestrategy is indirectly part of the cycle as well. So the answer is no, you cannot have transaction handling code in one class? This seems like it should be really simple to do so I am not sure I doing it the way you suggest. Is this your suggested approach: 1 - Override WebApplication.getDefaultRequestCycleFactory() to return new instances of my own custom RequestCycle. 2 - Subclass WebRequestCycle to override onEndRequest() where I can commit/rollback the transaction. 3 - Override WebApplication.getDefaultRequestCycleProcessor to create and cache a single instance of CompoundRequestCycleProcessor with my own custom IExceptionResponseStrategy. 4 - Subclass DefaultExceptionResponseProcessor to catch exceptions and signal my custom WebRequestCycle that the transaction should be rolled back in onEndRequest(). Thanks, John --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37alloc_id865op=click ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
RE: [Wicket-user] replace ognl.
Also +1 Actually our project is what triggerd this change and will bring some new features we need. Nothing fancy though. What I have gathered from johan it will be possible to get elements from maps / lists / arrays etc. The expression would be something like person.children.0.name It is very similar if not the same syntax ognl uses. If children was a map containing a key jack you could use person.children.jack.name Maurice Marrink www.topicus.nl -Original Message- From: Martijn Dashorst [mailto:[EMAIL PROTECTED] Sent: donderdag 27 oktober 2005 7:28 To: wicket-user@lists.sourceforge.net Subject: Re: [Wicket-user] replace ognl. +1 on moving OGNL into extensions. I think the OGNL thing is good, it provides a nice base implementation. I'd like to see the current implementation still being available for those 1% that need the full OGNL expression evaluator (though I think I share the same sentiment Phil voiced). Do we also support things like person.getChildren().get(0).getName()? Martijn On 10/27/05, Phil Kulak [EMAIL PROTECTED] wrote: I'm very +1 on this. OGNL has turned into it's own scripting language over the years. If you want to use any of those features, then you're missing the point of Wicket. --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
RE: [Wicket-user] how to close a popup ?
Javascript I'm afraid. Also don't forget to remove the popup page from the cache after your done (session.remove() I believe) or you might find that your original page has expired (when opening and closing a lot of popups). Maurice Marrink -Oorspronkelijk bericht- Van: Ari Suutari [mailto:[EMAIL PROTECTED] Verzonden: woensdag 13 april 2005 12:27 Aan: wicket-user@lists.sourceforge.net Onderwerp: [Wicket-user] how to close a popup ? Hi, I have a link in my application which is created like this: EditLink link = new EditLink(editLink, listItem.getModelObject()); link.setPopupSettings(new PopupSettings()); ie. it opens a new page in separate popup. It would be nice to create buttons in this popup so that they close the popup after it has been submitted. Is there a wicket-style way doing this or do I need to do it with javascript as usual ? Ari S. --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95alloc_id396op=click ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
RE: [Wicket-user] Obfuscated URLs? / wicket for me?
You can hide the url by placing your website in a frame. It won't stop someone who is determined to get to your real url but atleast the regular user is not bothered with complex urls anymore. Maurice -Oorspronkelijk bericht- Van: Jonathan Locke [mailto:[EMAIL PROTECTED] Verzonden: woensdag 23 maart 2005 10:07 Aan: wicket-user@lists.sourceforge.net Onderwerp: Re: [Wicket-user] Obfuscated URLs? / wicket for me? sorry, only had time for a few short answers below... i have to work on getting wicket out the door! jon Dave E Martin wrote: I have stumbled across wicket quite by accident (there are something like 5 frameworks just at apache.org to choose from, sigh), and am seriously looking into it. I have the following concern however: The URLs it generates seem a bit revealing, and they also seem that they would encourage users to play with them (I certainly did, and got some interesting results). Are there any security implications to this (can a user manually generate a valid URL that they shouldn't?). all wicket urls are session relative. you cannot accidentally or intentionally discover anything in another session by playing with urls. this is one of the advantages of wicket in terms of security. Would it be/is it possible to have an obfuscated/encrypted URL option (they would still need to be legal URL strings of course) to: a: discourage the user from playing with it b: hide the implementation from the user c: make it unlikely that they could manaully generate some other valid URL into the application (even if doing so is safe/secure, which I hope it is). (it would also be nice to not have things like IPageView (or whatever) in bookmarkable URLs. (i've just started converting my app so i'm not really sure what bookmarkable URLs look like yet; in my case, I only have two URLs I want bookmarkable anyway: the end-user main menu, and the backoffice user main menu.) i've thought about this for some time now. it would not be /too/ hard to do this, although it would cost you something in terms of memory for each URL generated. please submit an RFE if you want this looked at and we'll take a look for 1.1. === And now the product of my swiss-cheesed mind, which ended up being rather lengthly. Some of it are concerns that I hope wicket (its developers) have thought about and considered, and some of it is ranting/raving (well not to bad I hope). I have been implementing a project using JSF, but I have become disillusioned with JSF. In particular, it seems to require things to be defined in an average of 3 separate places, and they have to be kept consistent. It also seems to throw type-safety to the wind (one reason I dislike using PHP/perl). Bad/undefined outcomes don't generate an error, they just reload the current page. Bad/undefined values turn into blanks; sometimes you get a variableResolver exception, sometimes you just get a blank or a property whose value never updates. Also, detection of a number of errors is deferred until the last possible moment (a risk when relying on reflection to resolve things). I also can't imagine handing a JSF page over to the web designer guy and getting taken seriously (and probably also for faces-config). I was just about to start tenatively using Tapestry, when I stumbled across wicket (looking for Tapestry vs JSF articles). So far I am encouraged (in spite of having to learn the differences between the available documentation and how it actually works now (I am assuming however that the javadocs are up-to-date, at least they seem to be)). I am looking for something which will: Let me adhere to once-and-only-once; (I have to put it in web.xml, and in faces-config, and in my code, and somewhere under WEB-INF, and I had to do lots of cut'n'paste because the reuse facilities are inadequate?) Maintains type safety/compile-time-checking as much as possible; we try. don't know how successful we are from your point of view, but the components are all first class java components implemented with an ordinary java class. Allows dynamic generation of lists and lets the user manipulate the individual rows separately or together). (example: 5 rows in a shopping cart, user can change quantity fields individually in all rows, then hit update at bottom of list, and have all rows updated to their individual new values. Each row can also have its own button (for instance delete) that affects only that row. (this seems to *barely* work in jsf, and only after I took over the bean management, see below). you can put anything you want into listview rows. each is a container that you get to populate. we've got delete/move-up/move-down links. Allows me to easily reuse stuff (even multiple times on one page; for instance, I have an address form, and a place where I need a billing address and a physical address, and I only want to
RE: [Wicket-user] is this approach correct?
Nice, just one little suggestion: Change Object getAsObject(ConversionContext ctx, String value) To Object getAsObject(ConversionContext ctx, Object value) You will still need a null check for value in your implementation, so why not combine that with a little more generic code like If(value instanceof String){...}else if(value instanceof Object){...}else return null; Maybe you will never need the Object, but if you do you will be sorry if you only got a string to work with. Just my 2 cents. Maurice -Oorspronkelijk bericht- Van: Eelco Hillenius Verzonden: woensdag 2 februari 2005 11:37 Aan: wicket-user@lists.sourceforge.net Onderwerp: Re: [Wicket-user] is this approach correct? No, what I meant is that the converters were initially copied (and slightly altered) from the BeanUtils package. As they lacked the possibility of formatting (BeanUtils uses one-way converters only), I added support for formatting whilst not breaking the compatibility with BeanUtils by adding an optional interface for formatting. Now, this was for Baritus/ Maverick. For a large part I copied that into Wicket, as it was one of the things in Baritus that allways functioned well. However, for Wicket it would be best to have a clearer interface, thus having - just like JSF - converters for both ways. This is the JSF interface: public interface Converter { Object getAsObject(FacesContext context, UIComponent component, String value) throws ConverterException; String getAsString(FacesContext context, UIComponent component, Object value) throws ConverterException; } Which is tightly coupled to JSF. Furthermore, I think (by doing a quick code scan of MyFaces) that locales are not supported in JSF as well as we support it. Currently in Wicket, these are the interfaces: public interface IConverter { public Object convert(Object value); } and public interface IFormatter { public String format(Object value, String pattern); } Now, that I have a closer look to it, I think the pattern should be omitted, and the interface should look like: public interface IConverter { Object getAsObject(String value) throws ConversionException; String getAsString(Object value) throws ConversionException; } However, I know from experience that use of a pattern can be very convenient, I am have never been very happy with the way localization is implemented (which is again a legacy issue as I copied that from BeanUtils. There are several ways to tackle this. I think the most elegant - and future safe - option is to introduce a context object, like: public interface IConverter { Object getAsObject(ConversionContext ctx, String value) throws ConversionException; String getAsString(ConversionContext ctx, Object value) throws ConversionException; } Where ConversionContext would at least have a reference to the optional locale object to use (note that besides the user's locale, this can be explicitly set in the PropertyModel) and the optional conversion pattern. I think if the API looked like this, the writing of custom converters would be much simpler/ clearer and the lookup process would be drastically simplified and thus more transparent to our framework users. What do you think? Eelco Juergen Donnerstag wrote: So, as that's a legacy thing now, we could just as well loose the difference. Sorry, it is probably only my english. Our current implementation isn't better nore worse than what JSF (and may be others) offer. And because there are standard packages out there to that job, the idea is to move towards this package. Correct? Juergen --- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag--drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user --- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag--drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user --- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag--drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
RE: [Wicket-user] TabbedPanel ?
Hey nice :D Hadn't seen my code had been incorporated into the examples. I guess now I'll have to add some more documentation to it. -Oorspronkelijk bericht- Van: Juergen Donnerstag [mailto:[EMAIL PROTECTED] Verzonden: maandag 31 januari 2005 12:30 Aan: wicket-user@lists.sourceforge.net Onderwerp: Re: [Wicket-user] TabbedPanel ? I've added an (very simple) example to wicket-examples. It'll be in the next release. Until then you may access it through CVS. Juergen On Mon, 31 Jan 2005 02:48:11 -0800 (PST), Antonio Casula [EMAIL PROTECTED] wrote: Hi Maurice, seem interesting ... but , should you give us some example how to use it , please? I have tryied but TabPanel.html result missed. Thanks a lot Antonio --- Maurice Marrink [EMAIL PROTECTED] wrote: Here's one that I use. -Oorspronkelijk bericht- Van: Jonathan Carlson [mailto:[EMAIL PROTECTED] Verzonden: woensdag 26 januari 2005 0:10 Aan: wicket-user@lists.sourceforge.net Onderwerp: Re: [Wicket-user] TabbedPanel ? Navomatic seems rather static, but I'm sure it could be made more dynamic. I need something that would dynamically add links/tabs as you add TabPanes (for example), which would be panels themselves. I'd want the tabs to link back to the same page, just with a parameter that specifies which tab is active. In case you want more background of what I'm thinking... Picture a bean editing panel on the top of the page. Underneath that is a tab for each relationship of that bean. Some tabs will have a table of related beans (to-many relationship), others will just show the properties of one related bean (to-one relationship). - Jonathan (Carlson) [EMAIL PROTECTED] 2005-01-25 11:48:02 AM this functionality already exists! such a thing really shouldn't be required in wicket. panels are for holding reusable chunks of markup with components attached, like the sign in panel. what you want is simply to create a navigation like navomatic by simply putting a bunch of links on the page. what makes it a tabbed page is how the links look when they enable/disable as you use them. the tabbiness of the look should be a dreamweaver thing. what we really need is to somehow rename NavigationPanel in the examples (or remove it) because it is confusing and then create an example of how to do a tabbed look for a navigation using the enabled and disabled child for the link. a link is actually an HtmlContainer and can have children. there can optionally be two special children. one called enabled and one called disabled. so to make a navigation, you simply make a bitmap image or chunk of HTML that renders an enabled tab (a link other than the selected link (that you can click on)) and call it enabled and another bitmap image or chunk of HTML that renders a disabled tab (the link to the current page (the one link you cannot click on)) and call it disabled. jon Jonathan Carlson wrote: Has anyone started a TabbedPanel yet? Just Curious. I didn't see one but I'll need one eventually. If I write it myself does anyone have suggestions on how to go about it HTML-wise? I could just use a site like Amazon for example code. Or maybe Tapestry has one I could convert over. - Jonathan ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. www.katun.com http://www.katun.com/ ** --- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag--drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user ATTACHMENT part 2 application/octet-stream name=TabPanel.java ATTACHMENT part 3 application/octet-stream name=TabPanelModel.java - __ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail --- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag--drop reports. Save time by over 75%! Publish reports