Thanks!
Regards,
Lester
Jeremy Thomerson wrote:
Answers inline.
--
Jeremy Thomerson
http://www.wickettraining.com
On Fri, Oct 23, 2009 at 3:48 AM, Lester Chua <cicowic...@gmail.com> wrote:
Hi,
I've read the preliminary materials on the site and I'm also reading
Manning's Wicket in Action. I like Wicket's programming model a lot and is
considering my next project using wicket. But before that I am doing an
evaluation project to convert an part of an existing application using
wicket.
Question1:
Applications that I work with typically feature girds. My past approach had
been to use ExtJS+JSON Servlets and more recently JQuery+DWR. Although we
are quite productive, my main gripe was that there are too much work done
wiring HTML and Server Side (which is why I much prefer Wicket's approach).
Is there a robust implementation on Wicket that I can use that offers
similar functionality to things like Ext's grids or JqGrid? Or must I create
my own grid component from scratch in Wicket? I can't seem to find it?
I think the Inmethod Grid is the most robust grid implementation available
for Wicket. Check it out.
Question 2:
In my environment, security is the most important issue. In fact a proxy
server sits between users and the servers, it changes requests ips and make
it look like all requests originate from some ip addresses (this hits the
web layer). Will this interfere with Wicket's state management? Sorry I'm
very new to Wicket and may be asking a silly question, apologies if this has
been answered on the wiki.
Wicket relies on the servlet container for sessions - the servlet container
uses jsessionid cookies just like any other servlet. So, no, IPs will not
effect Wicket sessions.
Question 3:
DWR prevent XSS on Ajax exploits by implementing secret-key mechanism. Is
there a similar implementation in Wicket? Is there any best practice or
techniques that we should use to avoid inadvertently exposing our ajax code
to hijacking?
It's very hard to hijack Wicket URLs at all (ajax or not) because they are
all session relative. Especially ajax URLs are not action oriented (i.e.
/posts/delete?id=foo) but are session path oriented.
Thanks in advance.
Lester
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
