Martin,
Checked this issue: https://issues.apache.org/jira/browse/WICKET-5094
Absolutely disagree with discussed behavior. It's meaningless to
prevent accessing /wicket/bookmarkable/ only if there is mount
point for that page.
Please help to find consensus. In mine case it's real security hole.
Martin,
Just checked: it doesn't work as expected. It seems that this code
doesn't work as it was assumed:
BookmarkableMapper.java
if (application.getSecuritySettings().getEnforceMounts())
{
// we make an exception if the homepage itself was mounted, see WICKET-1898
if
Ah, okay, thanks!
On Tue, May 3, 2016 at 2:38 PM, Martin Grigorov
wrote:
> There is a task for Wicket 8 for this.
> On May 4, 2016 12:32 AM, "Lon Varscsak" wrote:
>
> > Shouldn’t DateLabel allow Joda dates to be used in addition to
> >
There is a task for Wicket 8 for this.
On May 4, 2016 12:32 AM, "Lon Varscsak" wrote:
> Shouldn’t DateLabel allow Joda dates to be used in addition to
> java.util.Date?
>
> Thanks,
>
> Lon (Wicket Newb :D)
>
Shouldn’t DateLabel allow Joda dates to be used in addition to
java.util.Date?
Thanks,
Lon (Wicket Newb :D)
Hi Maxim,
"revert" options can take a function as argument [1]. maybe you can use it
and test for an additional css class?
I did a quick test and it works as expected:
MyDraggable {
@Override
public void onConfigure(JQueryBehavior behavior)
{
super.onConfigure(behavior);
Thank you Andrea & Tobias, glad to read you like the new site! :)
@Tobias, I will test srcset :)
Best regards,
Sebastien.
On Tue, May 3, 2016 at 7:48 AM, Tobias Soloschenko <
tobiassolosche...@googlemail.com> wrote:
> Congratulations also from me! Good to see that project is moving forward!
>
Thank you Martin! I did know that there should be easier way to do
that, but could not be able to find it:)
Regards,
Ilia
2016-05-03 0:06 GMT-07:00 Martin Grigorov :
> Hi,
>
> I always thought
> that org.apache.wicket.settings.SecuritySettings#getEnforceMounts() is for
>
Guten Tag Thorsten Schöning,
am Dienstag, 3. Mai 2016 um 15:49 schrieben Sie:
> So I would suggest enhancing WebRequest to provide isAjax and some
> kind of isWicketAjax to distinguish both situations from each other.
> getClientUrl could than simply take isWicketAjax into account for its
>
Guten Tag Martin Grigorov,
am Dienstag, 3. Mai 2016 um 15:35 schrieben Sie:
> Configuring your own IExceptionMapper[...]
I already use a custom exception mapper extending
DefaultExceptionMapper because I wanted to follow an approach
comparable to the one discussed before:
Hi,
I have a legacy web app which uses some pieces of Wicket and plain
jQuery to do some Ajax, but without any Wicket specific JS. The
glue between both is simply using AjaxBehavior to register some
callbacks and that works fine.
The problem I have currently is that Wicket thinks in some places
Hi Thorsten,
On Tue, May 3, 2016 at 3:19 PM, Thorsten Schöning
wrote:
> Guten Tag Martin Grigorov,
> am Dienstag, 3. Mai 2016 um 14:31 schrieben Sie:
>
> > Because the DefaultExceptionMapper is the final/catch-all place to catch
> > exceptions and it should be generic.
>
Guten Tag Martin Grigorov,
am Dienstag, 3. Mai 2016 um 14:31 schrieben Sie:
> Because the DefaultExceptionMapper is the final/catch-all place to catch
> exceptions and it should be generic.
Subclasses can't easily override this specific behavior as well and a
more useful default behavior is
There are no less than 7 newer versions of 1.5.x, so perhaps update to
1.5.15 to see if you're having better luck? According to the changelog,
there were several redirect-related bugs fixed in 1.5.11:
https://github.com/apache/wicket/blob/wicket-1.5.x/CHANGELOG-1.5#L41
Sincerely,
Jeroen
Hi guys,
currently in the older deployed versions of our system in the cluster
environment, we're experiencing sometimes strange behaviour where one
session loops in the 302 redirect cyclethis is the log from load
balancer:
"GET /wicket/page?420-1. 302 333 (redir=-,
Hi,
On Tue, May 3, 2016 at 2:22 PM, Thorsten Schöning
wrote:
> Hi all,
>
> > private IRequestHandler internalMap(Exception e)
> [...]
> >switch
> (application.getExceptionSettings().getAjaxErrorHandlingStrategy())
> >{
> >case INVOKE_FAILURE_HANDLER :
> >
Hi all,
> private IRequestHandler internalMap(Exception e)
[...]
>switch (application.getExceptionSettings().getAjaxErrorHandlingStrategy())
>{
>case INVOKE_FAILURE_HANDLER :
>return new ErrorCodeRequestHandler(500);
>}
Is there any reason why the request handler
Hi,
+1 to what Edmont Urbani said!
You either need to keep your pages stateless or you need to use distributed
page store (see
https://github.com/wicketstuff/core/tree/master/datastores-parent for
several impls).
Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov
On
Hi,
I always thought
that org.apache.wicket.settings.SecuritySettings#getEnforceMounts() is for
this. Also its javadoc seems to say that.
But there were some changes to its behavior after which I am no more sure
what exactly it does :-/
Martin Grigorov
Wicket Training and Consulting
Yea - that's possible. Even instrumentation is possible, but probably
this problem somehow solved already in wicket. I would briefly
summarize the problem like:
Wicket allow to directly address bookmarkable pages from 3rd party
libraries without good way to manage accessibility.
Potentially it
20 matches
Mail list logo