Re: Restrict wicket/bookmarkable

2016-05-03 Thread Илья Нарыжный
Martin, Checked this issue: https://issues.apache.org/jira/browse/WICKET-5094 Absolutely disagree with discussed behavior. It's meaningless to prevent accessing /wicket/bookmarkable/ only if there is mount point for that page. Please help to find consensus. In mine case it's real security hole.

Re: Restrict wicket/bookmarkable

2016-05-03 Thread Илья Нарыжный
Martin, Just checked: it doesn't work as expected. It seems that this code doesn't work as it was assumed: BookmarkableMapper.java if (application.getSecuritySettings().getEnforceMounts()) { // we make an exception if the homepage itself was mounted, see WICKET-1898 if

Re: wicket-datetime DateLabel

2016-05-03 Thread Lon Varscsak
Ah, okay, thanks! On Tue, May 3, 2016 at 2:38 PM, Martin Grigorov wrote: > There is a task for Wicket 8 for this. > On May 4, 2016 12:32 AM, "Lon Varscsak" wrote: > > > Shouldn’t DateLabel allow Joda dates to be used in addition to > >

Re: wicket-datetime DateLabel

2016-05-03 Thread Martin Grigorov
There is a task for Wicket 8 for this. On May 4, 2016 12:32 AM, "Lon Varscsak" wrote: > Shouldn’t DateLabel allow Joda dates to be used in addition to > java.util.Date? > > Thanks, > > Lon (Wicket Newb :D) >

wicket-datetime DateLabel

2016-05-03 Thread Lon Varscsak
Shouldn’t DateLabel allow Joda dates to be used in addition to java.util.Date? Thanks, Lon (Wicket Newb :D)

Re: Draggable multiple containment

2016-05-03 Thread Sebastien
Hi Maxim, "revert" options can take a function as argument [1]. maybe you can use it and test for an additional css class? I did a quick test and it works as expected: MyDraggable { @Override public void onConfigure(JQueryBehavior behavior) { super.onConfigure(behavior);

Re: Wicket jQuery UI - 4th anniversary!

2016-05-03 Thread Sebastien
Thank you Andrea & Tobias, glad to read you like the new site! :) @Tobias, I will test srcset :) Best regards, Sebastien. On Tue, May 3, 2016 at 7:48 AM, Tobias Soloschenko < tobiassolosche...@googlemail.com> wrote: > Congratulations also from me! Good to see that project is moving forward! >

Re: Restrict wicket/bookmarkable

2016-05-03 Thread Илья Нарыжный
Thank you Martin! I did know that there should be easier way to do that, but could not be able to find it:) Regards, Ilia 2016-05-03 0:06 GMT-07:00 Martin Grigorov : > Hi, > > I always thought > that org.apache.wicket.settings.SecuritySettings#getEnforceMounts() is for >

Re: Improve compatibility with non-Wicket Ajax in ServletWebRequest

2016-05-03 Thread Thorsten Schöning
Guten Tag Thorsten Schöning, am Dienstag, 3. Mai 2016 um 15:49 schrieben Sie: > So I would suggest enhancing WebRequest to provide isAjax and some > kind of isWicketAjax to distinguish both situations from each other. > getClientUrl could than simply take isWicketAjax into account for its >

Re: Provide error message for Ajax requests in DefaultExceptionMapper?

2016-05-03 Thread Thorsten Schöning
Guten Tag Martin Grigorov, am Dienstag, 3. Mai 2016 um 15:35 schrieben Sie: > Configuring your own IExceptionMapper[...] I already use a custom exception mapper extending DefaultExceptionMapper because I wanted to follow an approach comparable to the one discussed before:

Improve compatibility with non-Wicket Ajax in ServletWebRequest

2016-05-03 Thread Thorsten Schöning
Hi, I have a legacy web app which uses some pieces of Wicket and plain jQuery to do some Ajax, but without any Wicket specific JS. The glue between both is simply using AjaxBehavior to register some callbacks and that works fine. The problem I have currently is that Wicket thinks in some places

Re: Provide error message for Ajax requests in DefaultExceptionMapper?

2016-05-03 Thread Martin Grigorov
Hi Thorsten, On Tue, May 3, 2016 at 3:19 PM, Thorsten Schöning wrote: > Guten Tag Martin Grigorov, > am Dienstag, 3. Mai 2016 um 14:31 schrieben Sie: > > > Because the DefaultExceptionMapper is the final/catch-all place to catch > > exceptions and it should be generic. >

Re: Provide error message for Ajax requests in DefaultExceptionMapper?

2016-05-03 Thread Thorsten Schöning
Guten Tag Martin Grigorov, am Dienstag, 3. Mai 2016 um 14:31 schrieben Sie: > Because the DefaultExceptionMapper is the final/catch-all place to catch > exceptions and it should be generic. Subclasses can't easily override this specific behavior as well and a more useful default behavior is

Re: Too many 302 redirects with 1.5.8 Wicket

2016-05-03 Thread Jeroen Steenbeeke
There are no less than 7 newer versions of 1.5.x, so perhaps update to 1.5.15 to see if you're having better luck? According to the changelog, there were several redirect-related bugs fixed in 1.5.11: https://github.com/apache/wicket/blob/wicket-1.5.x/CHANGELOG-1.5#L41 Sincerely, Jeroen

Too many 302 redirects with 1.5.8 Wicket

2016-05-03 Thread tomask79
Hi guys, currently in the older deployed versions of our system in the cluster environment, we're experiencing sometimes strange behaviour where one session loops in the 302 redirect cyclethis is the log from load balancer: "GET /wicket/page?420-1. 302 333 (redir=-,

Re: Provide error message for Ajax requests in DefaultExceptionMapper?

2016-05-03 Thread Martin Grigorov
Hi, On Tue, May 3, 2016 at 2:22 PM, Thorsten Schöning wrote: > Hi all, > > > private IRequestHandler internalMap(Exception e) > [...] > >switch > (application.getExceptionSettings().getAjaxErrorHandlingStrategy()) > >{ > >case INVOKE_FAILURE_HANDLER : > >

Provide error message for Ajax requests in DefaultExceptionMapper?

2016-05-03 Thread Thorsten Schöning
Hi all, > private IRequestHandler internalMap(Exception e) [...] >switch (application.getExceptionSettings().getAjaxErrorHandlingStrategy()) >{ >case INVOKE_FAILURE_HANDLER : >return new ErrorCodeRequestHandler(500); >} Is there any reason why the request handler

Re: Wicket on the Amazon Cloud?

2016-05-03 Thread Martin Grigorov
Hi, +1 to what Edmont Urbani said! You either need to keep your pages stateless or you need to use distributed page store (see https://github.com/wicketstuff/core/tree/master/datastores-parent for several impls). Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On

Re: Restrict wicket/bookmarkable

2016-05-03 Thread Martin Grigorov
Hi, I always thought that org.apache.wicket.settings.SecuritySettings#getEnforceMounts() is for this. Also its javadoc seems to say that. But there were some changes to its behavior after which I am no more sure what exactly it does :-/ Martin Grigorov Wicket Training and Consulting

Re: Restrict wicket/bookmarkable

2016-05-03 Thread Илья Нарыжный
Yea - that's possible. Even instrumentation is possible, but probably this problem somehow solved already in wicket. I would briefly summarize the problem like: Wicket allow to directly address bookmarkable pages from 3rd party libraries without good way to manage accessibility. Potentially it