Ok.. I had a chance to look at the code.
It will have the same problem as my code.
1) Page1 (doesn't require https)
Page2 (requires https)
I load Page1 and it detects a situation that requires it to load Page2.
The redirect is done inside wicket using setResponsePage(page2)
The requestCyledProcessor will intercept this after the internarl redirect
at which point it sees Page2 on the target and realizes it needs to redirect
to https
When it redirects it uses the httpservlet request to build a new url and
changing the protocol.
Since the orginal request was made for Page1, wicket will request Page1
(this constructing another object), when then we redirect to Page2 again, if
loading these pages causing side effects, these side effects will happen twice!
2) Page1 (doesn't required https)
Page2 (required https)
Page1 does a redirect to Pages using setResponsePage(new
Page2(..specialParameters..))
The internal redirect will trigger a protocol change, which triggers this
code
else if (target instanceof IBookmarkablePageRequestTarget)
{
return
((IBookmarkablePageRequestTarget)target).getPageClass();
}
Which means that the instantiated Page2 that you expecting to redirect to
will be thrown away
and wicket will do a new instance on the Page2.getClass()
-----Original Message-----
From: Jeremy Thomerson [mailto:jer...@wickettraining.com]
Sent: Friday, April 17, 2009 2:55 PM
To: users@wicket.apache.org
Subject: Re: @SSLRequired
Go to wicket.apache.org - in the left bar near the bottom there are links to
the source repo and to the fisheye view.
--
Jeremy Thomerson
http://www.wickettraining.com
On Fri, Apr 17, 2009 at 2:30 PM, Douglas Ferguson <
doug...@douglasferguson.us> wrote:
> Where cab I view it online I don't see it in the javadoc
>
> Douglas Ferguson
> 512-293-7279
> Sent from my iPhone
>
> On Apr 17, 2009, at 1:52 PM, "Igor Vaynberg" <igor.vaynb...@gmail.com>
> wrote:
>
> > see org.apache.wicket.protocol.https package
> >
> > -igor
> >
> > On Fri, Apr 17, 2009 at 11:40 AM, Douglas Ferguson
> > <doug...@douglasferguson.us> wrote:
> >> Is 1.4 ready for prime-time?
> >>
> >> If not, is there anything I could cull from that code for 1.3.5? Or
> >> any other thoughts that might help?
> >>
> >>
> >> Douglas
> >>
> >> -----Original Message-----
> >> From: Igor Vaynberg [mailto:igor.vaynb...@gmail.com]
> >> Sent: Friday, April 17, 2009 12:38 PM
> >> To: users@wicket.apache.org
> >> Subject: Re: @SSLRequired
> >>
> >> i just checked in org.apache.wicekt.protocol.https package that
> >> should
> >> help with this. its in 1.4 only.
> >>
> >> -igor
> >>
> >> On Fri, Apr 17, 2009 at 8:52 AM, Ryan Gravener
> >> <r...@ryangravener.com> wrote:
> >>> How about just having apache httpd rewrite the http(s) for the
> >>> pages you
> >>> need? I haven't yet did our ssl implementation, but I know that I
> >>> don't
> >>> want the logic in wicket.
> >>>
> >>> Ryan Gravener
> >>> http://ryangravener.com/flex | http://twitter.com/ryangravener
> >>>
> >>>
> >>> On Fri, Apr 17, 2009 at 11:27 AM, Douglas Ferguson <
> >>> doug...@douglasferguson.us> wrote:
> >>>
> >>>> That's where I got my code..
> >>>>
> >>>> I'm hitting 2 issues
> >>>>
> >>>> 1) The ssl detection/redirect isn't happening till the end of the
> >>>> chain and
> >>>> when it redirects it redirects back to the top.
> >>>> Ie. Page 1 is not secure, Page 2 is secure. Page one
> >>>> redirects to
> >>>> Page 2.
> >>>> If you go to page 1 then it attempts to redirect to page2
> >>>> and then
> >>>> wicket redirects to Page 1 with https..
> >>>> I would prefer to go directly to Page 2, but I can't figure
> >>>> out how to
> >>>> build that url..
> >>>> 2) My other issues is this:
> >>>> else if (requestTarget instanceof IPageRequestTarget) {
> >>>> targetClass = ((IPageRequestTarget)
> >>>> requestTarget).getPage()
> >>>> .getClass();
> >>>> }
> >>>> This means that if you redirect to a Page object which you have
> >>>> constructed with special state, then this throws that object away
> >>>> and wicket
> >>>> will use default constructor.
> >>>>
> >>>> -----Original Message-----
> >>>> From: snoop...@gmail.com [mailto:snoop...@gmail.com] On Behalf Of
> >>>> Ryan
> >>>> Gravener
> >>>> Sent: Friday, April 17, 2009 10:00 AM
> >>>> To: users@wicket.apache.org
> >>>> Subject: Re: @SSLRequired
> >>>>
> >>>> maybe this is of use:
> >>>> http://cwiki.apache.org/WICKET/how-to-switch-to-ssl-mode.html
> >>>>
> >>>> Ryan Gravener
> >>>> http://ryangravener.com/flex | http://twitter.com/ryangravener
> >>>>
> >>>>
> >>>> On Fri, Apr 17, 2009 at 10:48 AM, Douglas Ferguson <
> >>>> doug...@douglasferguson.us> wrote:
> >>>>
> >>>>> I'm implement an SSL scheme using annotations and I'm having
> >>>>> some issues
> >>>>> with redirecting properly.
> >>>>>
> >>>>> The issue is when I have non-secured page that redirects to a
> >>>>> secured
> >>>> page.
> >>>>>
> >>>>> I'm doing the https/http redirecting inside of a
> >>>> WebRequestCycleProcessor,
> >>>>> which works well unless there is a redirect prior to the ssl
> >>>>> redirect. If
> >>>>> this happens then I redirect back to the top of the chain,
> >>>>> because I'm
> >>>> using
> >>>>> the HttpServletRequest to build the url, which returns url info
> >>>>> based on
> >>>> the
> >>>>> orginal request. I've been looking all around and I can't find
> >>>>> any way of
> >>>>> building a url that represents the last redirect. I've tried
> >>>>>
> >>>>>
> >>>>>
> >>>> Application.
> >>>> get(
> >>>> ).g
> >>>> etRequestCycleProcessor(
> >>>> ).getRequestCodingStrategy().pathForTarget(requestTarget);
> >>>>> and
> >>>>> RequestCycle.get().urlFor(requestTarget)
> >>>>>
> >>>>> Here's my current impl for The RequestCycleProcessor.
> >>>>>
> >>>>>
> >>>>> WebRequest webRequest = (WebRequest)
> >>>>> requestCycle .getRequest();
> >>>>> WebResponse webResponse = (WebResponse) requestCycle
> >>>> .getResponse();
> >>>>> HttpServletRequest httpServletRequest =
> >>>>> webRequest.getHttpServletRequest();
> >>>>> StringBuffer url = new StringBuffer(protocol);
> >>>>> url.append(httpServletRequest.getServerName());
> >>>>> if(defaultPort != port){
> >>>>> url.append(":" + port);
> >>>>> }
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> url.append(webRequest.getHttpServletRequest().getContextPath());
> >>>>> url.append(webRequest.getServletPath());
> >>>>> String queryString =
> >>>>> webRequest.getHttpServletRequest().getQueryString();
> >>>>>
> >>>>> ---
> >>>>> ------------------------------------------------------------------
> >>>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> >>>>> For additional commands, e-mail: users-h...@wicket.apache.org
> >>>>>
> >>>>>
> >>>>
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> >> For additional commands, e-mail: users-h...@wicket.apache.org
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> >> For additional commands, e-mail: users-h...@wicket.apache.org
> >>
> >>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> > For additional commands, e-mail: users-h...@wicket.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
