Doh!
On Jul 23, 2010 3:13 PM, "Jim Pinkham" <pinkh...@gmail.com> wrote:
> I was just looking around for my dunce cap after noticing this little
gotcha
> - and I thought of this forum instead to share my moment of
> not-so-brilliance:
>
> public LoginForm(final String id) {
> ... other stuff ...
> add(new FormComponentFeedbackBorder("user.feedback").add(new
> TextField("user").setRequired(true)));
> passwordField = new PasswordTextField("password");
> passwordField.setRequired(true);
> add(new
> FormComponentFeedbackBorder("password.feedback").add(passwordField));
> }
> protected void onSubmit() {
> String password=getString("password").trim();
> if (password.equalsIgnoreCase(getPassword())) {
> ((AuctionSession)getSession()).setAdmin(true);
> ((AuctionSession)getSession()).setUserName(getUser());
> if (!continueToOriginalDestination())
> setResponsePage(getApplication().getHomePage());
> } else
> passwordField.error("invalid user/password");
> }
> }
>
> Pretty basic, I know. Maybe you have a page like this in your Wicket app?
>
>
> The mistake I wanted to share is that I'm using the same name for the
> "password" wicket:id, and the string property in MyLoginPage.properties,
> which just has a line that says password=super_secret_whatever. (Actually,
> it's ${profile.password} and I have different maven profiles for different
> versions of the app, but that's another story).
>
> Anyway, imagine my suprise when I accidentally left the password blank by
> mistake - the required error message uses the same property and shows the
> password to the wide world in the feedback message:
'super_secret_whatever'
> is required. Hah! (Yup, it's been in production for quite a while like
> this...)
>
> Just wanted to share that one with y'all - may all your mistakes be
> entertaining and/or educational...
> :)
>
> -- Jim.
