Added: wicket/common/site/trunk/_site/guide/guide/pages/wicketstuff_7.html URL: http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/guide/guide/pages/wicketstuff_7.html?rev=1656683&view=auto ============================================================================== --- wicket/common/site/trunk/_site/guide/guide/pages/wicketstuff_7.html (added) +++ wicket/common/site/trunk/_site/guide/guide/pages/wicketstuff_7.html Tue Feb 3 11:19:18 2015 @@ -0,0 +1,205 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> +<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en"> +<head> + <title>27.7 Module stateless 6.x</title> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> + <link rel="stylesheet" href="../css/main.css" type="text/css" media="screen, print" title="Style" charset="utf-8"/> + <link rel="stylesheet" href="../css/pdf.css" type="text/css" media="print" title="PDF" charset="utf-8"/> + <script type="text/javascript"> +function addJsClass() { + var classes = document.body.className.split(" "); + classes.push("js"); + document.body.className = classes.join(" "); +} + </script> +</head> + +<body class="body" onload="addJsClass();"> +<div id="navigation"> + <ul> + <li> + <div id="nav-summary" onmouseover="toggleNavSummary(false)" onmouseout="toggleNavSummary(true)"> + <a href="../../guide/index.html" class="button">Table of contents</a> + + <div id="nav-summary-childs" style="display:none;"> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/introduction.html"><strong>1</strong><span>Introduction</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/howToSource.html"><strong>2</strong><span>How to use the example code</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/whyLearn.html"><strong>3</strong><span>Why should I learn Wicket?</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/helloWorld.html"><strong>4</strong><span>Wicket says “Hello world!”</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/layout.html"><strong>5</strong><span>Wicket as page layout manager</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/keepControl.html"><strong>6</strong><span>Keeping control over HTML</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/componentLifecycle.html"><strong>7</strong><span>Components lifecycle</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/versioningCaching.html"><strong>8</strong><span>Page versioning and caching</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/requestProcessing.html"><strong>9</strong><span>Under the hood of the request processing</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/urls.html"><strong>10</strong><span>Wicket Links and URL generation</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/modelsforms.html"><strong>11</strong><span>Wicket models and forms</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/forms2.html"><strong>12</strong><span>Wicket forms in detail</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/repeaters.html"><strong>13</strong><span>Displaying multiple items with repeaters</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/i18n.html"><strong>14</strong><span>Internationalization with Wicket</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/resources.html"><strong>15</strong><span>Resource management with Wicket</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/jsintegration.html"><strong>16</strong><span>An example of integration with JavaScript</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/advanced.html"><strong>17</strong><span>Wicket advanced topics</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/ajax.html"><strong>18</strong><span>Working with AJAX</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/jee.html"><strong>19</strong><span>Integration with enterprise containers</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/nativewebsockets.html"><strong>20</strong><span>Native WebSockets</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/security.html"><strong>21</strong><span>Security with Wicket</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/testing.html"><strong>22</strong><span>Test Driven Development with Wicket</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/testingspring.html"><strong>23</strong><span>Test Driven Development with Wicket and Spring</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/bestpractices.html"><strong>24</strong><span>Wicket Best Practices</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/internals.html"><strong>25</strong><span>Wicket Internals</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/maven.html"><strong>26</strong><span>Working with Maven (Appendix)</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/wicketstuff.html"><strong>27</strong><span>Project WicketStuff (Appendix)</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/redirects.html"><strong>28</strong><span>Lost In Redirection With Apache Wicket (Appendix)</span></a> + </div> + + <div class="toc-item" style="margin-left:0"><a href="../../guide/contributing.html"><strong>29</strong><span>Contributing to this guide (Appendix)</span></a> + </div> + + </div> + </div> + </li> + <li class="separator selected"> + <a id="ref-button" onclick="localToggle(); return false;" href="#">Quick Reference</a> + </li> + </ul> +</div> +<div id="header"> + <div class="images clearfix"> + + <span id="logo"><a href="/" target="_blank"><img height="80px" src="http://wicket.apache.org/guide/img/apache-wicket.png"/></a></span> + + + <span id="sponsor"><a href="http://www.apache.org/"; target="_blank"><img height="60px" src="http://wicket.apache.org/guide/img/asf_logo.gif"/></a></span> + + </div> + <p>Free Online Guide for Apache Wicket framework</p> +</div> + + +<table id="colset" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td id="col1"> + <div id="main" class="corner-all"> + + + <div class="toc-item prev-left"><a href="../../guide/maven.html"><< <strong>26</strong><span>Working with Maven (Appendix)</span></a></div> + + + <span id='toggle-col1' class="toggle">(<a href="#" onclick="localToggle(); return false;">Quick Reference</a>)</span> + + + <div class="toc-item next-right"><a href="../../guide/redirects.html"><strong>28</strong><span>Lost In Redirection With Apache Wicket (Appendix)</span> >></a></div> + + + + <div class="project"> + <h1>27.7 Module stateless - Reference Documentation</h1> + + <p><strong>Authors:</strong> Andrea Del Bene, Martin Grigorov, Carsten Hufe, Christian Kroemer, Daniel Bartl, Paul BorÈ</p> + + <p><strong>Version:</strong> 6.x</p> + + + </div> + + + + + +<h2 id="wicketstuff_7">27.7 Module stateless</h2> +Wicket makes working with AJAX easy and pleasant with its component-oriented abstraction. However as side effect, AJAX components and behaviors make their hosting page stateful. This can be quite annoying if we are working on a page that must be stateless (for example a login page). +In this case an obvious solution would be to roll out our own stateless components/behaviors, but Wicketstuff alredy offers such kind of artifacts with <code>stateless</code> module. Here you can find the stateless version of the basic AJAX componets and behaviors shiped with Wicket, like <code>StatelessAjaxSubmitLink</code>, <code>StatelessAjaxFallbackLink</code>, <code>StatelessAjaxEventBehavior</code>, <code>StatelessAjaxFormSubmitBehavior</code> etc… +A short introduction to this module can be found on its <a href="https://github.com/wicketstuff/core/tree/master/jdk-1.7-parent/stateless-parent"; target="blank">home page</a> .<p class="paragraph"/> + + + <div style="clear:both;margin-top:15px;"></div> + + <div class="toc-item prev-left"><a href="../../guide/maven.html"><< <strong>26</strong><span>Working with Maven (Appendix)</span></a></div> + + <div class="toc-item next-right"><a href="../../guide/redirects.html"><strong>28</strong><span>Lost In Redirection With Apache Wicket (Appendix)</span> >></a></div> + + <div style="clear:both"></div> + </div> + </td> + <td id="col2"> + <div class="local clearfix"> + <div class="local-title"> + <a href="../../guide/index.html" target="mainFrame">Quick Reference</a> + <span class="toggle">(<a href="#" onclick="localToggle(); return false;">hide</a>)</span> + </div> + <div class="menu"> + + </div> + </div> + </td> + </tr> +</table> + +<div id="footer"> + +Copyright © 2013-2014 â <a href="http://www.apache.org/"; target="_blank">The Apache Software Foundation</a> + â <b style="color:#E8590A !important;">(Generated on: 2015-02-03)</b> + + +</div> + +<script type="text/javascript" src="../js/docs.js"></script> + +</body> +</html>
Modified: wicket/common/site/trunk/_site/guide/guide/redirects.html URL: http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/guide/guide/redirects.html?rev=1656683&r1=1656682&r2=1656683&view=diff ============================================================================== --- wicket/common/site/trunk/_site/guide/guide/redirects.html (original) +++ wicket/common/site/trunk/_site/guide/guide/redirects.html Tue Feb 3 11:19:18 2015 @@ -227,7 +227,7 @@ Quite a few teams have already got stuck <div id="footer"> Copyright © 2013-2014 â <a href="http://www.apache.org/"; target="_blank">The Apache Software Foundation</a> - â <b style="color:#E8590A !important;">(Generated on: 2014-11-11)</b> + â <b style="color:#E8590A !important;">(Generated on: 2015-02-03)</b> </div> Modified: wicket/common/site/trunk/_site/guide/guide/repeaters.html URL: http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/guide/guide/repeaters.html?rev=1656683&r1=1656682&r2=1656683&view=diff ============================================================================== --- wicket/common/site/trunk/_site/guide/guide/repeaters.html (original) +++ wicket/common/site/trunk/_site/guide/guide/repeaters.html Tue Feb 3 11:19:18 2015 @@ -204,9 +204,9 @@ A common task for web applications is to <div class="code"><pre><ul> <li wicket:id=<span class="java-quote">"listItems"</span>></li> </ul></pre></div><p class="paragraph"/><strong class="bold">Java Code:</strong> -<div class="code"><pre>RepeatingView listItems = <span class="java-keyword">new</span> RepeatingView(<span class="java-quote">"listItems"</span>);<p class="paragraph"/>listItems.add(<span class="java-keyword">new</span> Label(listItems.newChildId(), <span class="java-quote">"green"</span>); -listItems.add(<span class="java-keyword">new</span> Label(listItems.newChildId(), <span class="java-quote">"blue"</span>); -listItems.add(<span class="java-keyword">new</span> Label(listItems.newChildId(), <span class="java-quote">"red"</span>);</pre></div><p class="paragraph"/><strong class="bold">Generated markup:</strong> +<div class="code"><pre>RepeatingView listItems = <span class="java-keyword">new</span> RepeatingView(<span class="java-quote">"listItems"</span>);<p class="paragraph"/>listItems.add(<span class="java-keyword">new</span> Label(listItems.newChildId(), <span class="java-quote">"green"</span>)); +listItems.add(<span class="java-keyword">new</span> Label(listItems.newChildId(), <span class="java-quote">"blue"</span>)); +listItems.add(<span class="java-keyword">new</span> Label(listItems.newChildId(), <span class="java-quote">"red"</span>));</pre></div><p class="paragraph"/><strong class="bold">Generated markup:</strong> <div class="code"><pre><ul> <li>green</li> <li>blue</li> @@ -214,6 +214,7 @@ listItems.add(<span class="java-keyw </ul></pre></div><p class="paragraph"/>As we can see in this example, each child component has been rendered using the parent markup as if it was its own. + <h2 id="repeaters_2">13.2 The ListView Component</h2> <p class="paragraph"/>As its name suggests, component <code>org.apache.wicket.markup.html.list.ListView</code> is designed to display a given list of objects which can be provided as a standard Java List or as a model containing the concrete List. ListView iterates over the list and creates a child component of type <code>org.apache.wicket.markup.html.list.ListItem</code> for every encountered item.<p class="paragraph"/>Unlike RepeatingView this component is intended to be used with complex markup fragments containing nested components.<p class="paragraph"/>To generate its children, ListView calls its abstract method populateItem(ListItem<T> item) for each item in the list, so we must provide an implementation of this method to tell the component how to create its children components. In the following example we use a ListView to display a list of Person objects:<p class="paragraph"/><strong class="bold">HTML:</strong> <div class="code"><pre>… @@ -352,7 +353,7 @@ Wicket provides also component PageableL <div id="footer"> Copyright © 2013-2014 â <a href="http://www.apache.org/"; target="_blank">The Apache Software Foundation</a> - â <b style="color:#E8590A !important;">(Generated on: 2014-11-11)</b> + â <b style="color:#E8590A !important;">(Generated on: 2015-02-03)</b> </div> Modified: wicket/common/site/trunk/_site/guide/guide/requestProcessing.html URL: http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/guide/guide/requestProcessing.html?rev=1656683&r1=1656682&r2=1656683&view=diff ============================================================================== --- wicket/common/site/trunk/_site/guide/guide/requestProcessing.html (original) +++ wicket/common/site/trunk/_site/guide/guide/requestProcessing.html Tue Feb 3 11:19:18 2015 @@ -331,7 +331,7 @@ processing of an Ajax request Wicket wil <div id="footer"> Copyright © 2013-2014 â <a href="http://www.apache.org/"; target="_blank">The Apache Software Foundation</a> - â <b style="color:#E8590A !important;">(Generated on: 2014-11-11)</b> + â <b style="color:#E8590A !important;">(Generated on: 2015-02-03)</b> </div> Modified: wicket/common/site/trunk/_site/guide/guide/resources.html URL: http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/guide/guide/resources.html?rev=1656683&r1=1656682&r2=1656683&view=diff ============================================================================== --- wicket/common/site/trunk/_site/guide/guide/resources.html (original) +++ wicket/common/site/trunk/_site/guide/guide/resources.html Tue Feb 3 11:19:18 2015 @@ -456,7 +456,7 @@ In this chapter we have learnt how to ma <div id="footer"> Copyright © 2013-2014 â <a href="http://www.apache.org/"; target="_blank">The Apache Software Foundation</a> - â <b style="color:#E8590A !important;">(Generated on: 2014-11-11)</b> + â <b style="color:#E8590A !important;">(Generated on: 2015-02-03)</b> </div> Modified: wicket/common/site/trunk/_site/guide/guide/security.html URL: http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/guide/guide/security.html?rev=1656683&r1=1656682&r2=1656683&view=diff ============================================================================== --- wicket/common/site/trunk/_site/guide/guide/security.html (original) +++ wicket/common/site/trunk/_site/guide/guide/security.html Tue Feb 3 11:19:18 2015 @@ -171,10 +171,13 @@ function addJsClass() { <div class="toc-item" style="margin-left:0px"><a href="#security_3"><strong>21.3</strong><span>Using HTTPS protocol</span></a> </div> - <div class="toc-item" style="margin-left:0px"><a href="#security_4"><strong>21.4</strong><span>Package Resource Guard</span></a> + <div class="toc-item" style="margin-left:0px"><a href="#security_4"><strong>21.4</strong><span>URLs encryption in detail</span></a> </div> - <div class="toc-item" style="margin-left:0px"><a href="#security_5"><strong>21.5</strong><span>Summary</span></a> + <div class="toc-item" style="margin-left:0px"><a href="#security_5"><strong>21.5</strong><span>Package Resource Guard</span></a> + </div> + + <div class="toc-item" style="margin-left:0px"><a href="#security_6"><strong>21.6</strong><span>Summary</span></a> </div> </div> @@ -382,7 +385,7 @@ Application class <code>AuthenticatedWeb <h2 id="security_3">21.3 Using HTTPS protocol</h2> -<p class="paragraph"/>HTTPS is the standard technology adopted on Internet to create a secure communication channel between web applications and their users.<p class="paragraph"/>In Wicket we can easily protect our pages with HTTPS mounting a special request mapper called <code>HttpsMapper</code> and using annotation RequireHttps with those pages we want to serve over this protocol. Both these two entities are in package <code>org.apache.wicket.protocol.https</code>.<p class="paragraph"/>HttpsMapper wraps an existing mapper and redirects incoming requests to HTTPS if the related response must render a page containing annotation <code>RequireHttps</code>. Most of the times the wrapped mapper will be the root one, just like we saw before for <code>CryptoManager</code> in paragraph 8.6.6.<p class="paragraph"/>Another parameter needed to build a <code>HttpsMapper</code> is an instance of class <code>HttpsConfi</code>g. This class allows us to specify which ports must be used for HTTPS a nd HTTP. By default the port numbers used by these two protocols are respectively 443 and 80.<p class="paragraph"/>The following code is taken from project <code>HttpsProtocolExample</code> and illustrates how to enable HTTPS in our applications:<p class="paragraph"/><div class="code"><pre>//Application class code… +<p class="paragraph"/>HTTPS is the standard technology adopted on Internet to create a secure communication channel between web applications and their users.<p class="paragraph"/>In Wicket we can easily protect our pages with HTTPS mounting a special request mapper called <code>HttpsMapper</code> and using annotation RequireHttps with those pages we want to serve over this protocol. Both these two entities are in package <code>org.apache.wicket.protocol.https</code>.<p class="paragraph"/>HttpsMapper wraps an existing mapper and redirects incoming requests to HTTPS if the related response must render a page containing annotation <code>RequireHttps</code>. Most of the times the wrapped mapper will be the root one, just like we saw before for <code>CryptoMapper</code> in paragraph 10.6.<p class="paragraph"/>Another parameter needed to build a <code>HttpsMapper</code> is an instance of class <code>HttpsConfi</code>g. This class allows us to specify which ports must be used for HTTPS and HTTP. By default the port numbers used by these two protocols are respectively 443 and 80.<p class="paragraph"/>The following code is taken from project <code>HttpsProtocolExample</code> and illustrates how to enable HTTPS in our applications:<p class="paragraph"/><div class="code"><pre>//Application class code… @Override <span class="java-keyword">public</span> void init(){ setRootRequestMapper(<span class="java-keyword">new</span> HttpsMapper(getRootRequestMapper(), @@ -408,7 +411,40 @@ Application class <code>AuthenticatedWeb }</pre></div> -<h2 id="security_4">21.4 Package Resource Guard</h2> + +<h2 id="security_4">21.4 URLs encryption in detail</h2> +In chapter <a href="../guide/single.html#urls_6" class="guide">10.6</a> we have seen how to encrypt URLs using <code>CryptoMapper</code> request mapper. To encrypt/decrypt page URLs <code>CryptoMapper</code> uses an instance of <code>org.apache.wicket.util.crypt.ICrypt</code> interface:<p class="paragraph"/><div class="code"><pre><span class="java-keyword">public</span> <span class="java-keyword">interface</span> ICrypt +{ + <span class="java-object">String</span> encryptUrlSafe(<span class="java-keyword">final</span> <span class="java-object">String</span> plainText);<p class="paragraph"/> <span class="java-object">String</span> decryptUrlSafe(<span class="java-keyword">final</span> <span class="java-object">String</span> encryptedText);<p class="paragraph"/> … +}</pre></div><p class="paragraph"/>The default implementation for this interface is class <code>org.apache.wicket.util.crypt.SunJceCrypt</code>. It provides password-based cryptography using <code>PBEWithMD5AndDES</code> algorithm coming with the standard security providers in the Java Runtime Environment.<p class="paragraph"/><blockquote class="note"> +For better security it is recommended to install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction <a href="http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html"; target="blank">Policy Files</a> for your version of JDK/JRE and use stronger algorithms. See this <a href="https://github.com/apache/wicket/blob/42ce1faa57d3617ccaa443045537306fabf4d71a/wicket-util/src/test/java/org/apache/wicket/util/crypt/UnlimitedStrengthJurisdictionPolicyTest.java#L67"; target="blank">example</a> of a custom <code>ICrypt</code> implementation for inspiration. +</blockquote><p class="paragraph"/>By using <code>CryptoMapper(IRequestMapper wrappedMapper, Application application)</code> constructor the mapper will use the configured <code>org.apache.wicket.util.crypt.ICryptFactory</code> from <code>org.apache.wicket.settings.ISecuritySettings#getCryptFactory()</code>. To use a stronger cryptography mechanism there are the following options: +<ul class="star"> +<li>The first option is to use constructor <code>CryptoMapper(IRequestMapper wrappedMapper, IProvider<ICrypt> cryptProvider)</code> and give it an implementation of <code>org.apache.wicket.util.IProvider</code> that returns a custom <code>org.apache.wicket.util.crypt.ICrypt</code>.</li> +</ul><p class="paragraph"/><blockquote class="note"> +<code>org.apache.wicket.util.IProvider</code> is a single-method interface that acts as object supplier: +</blockquote><p class="paragraph"/><div class="code"><pre><span class="java-keyword">public</span> <span class="java-keyword">interface</span> IProvider<T> +{ + T get(); +}</pre></div> +<ul class="star"> +<li>The second option is to register a cipher factory at application level with method <code>setCryptFactory(ICryptFactory cryptFactory)</code> of interface <code>ISecuritySettings</code>:</li> +</ul><p class="paragraph"/><div class="code"><pre>@Override +<span class="java-keyword">public</span> void init() { + <span class="java-keyword">super</span>.init(); + getSecuritySettings().setCryptFactory(<span class="java-keyword">new</span> SomeCryptFactory()); + setRootRequestMapper(<span class="java-keyword">new</span> CryptoMapper(getRootRequestMapper(), <span class="java-keyword">this</span>)); +}</pre></div><p class="paragraph"/> +Since version 6.19.0 Wicket uses <code>org.apache.wicket.core.util.crypt.KeyInSessionSunJceCryptFactory</code> as a default factory for <code>ICrypt</code> objects. This factory generates a unique key for each user that is stored in her HTTP +session. This way it helps to protect the application against <a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)" target="blank">CSRF</a> attacks - the <form> action url will be encrypted in such way that it will be unique +for each user of the application. The url itself serves as <a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Encrypted_Token_Pattern" target="blank">encrypted token</a>.<p class="paragraph"/><blockquote class="warning"> +<code>org.apache.wicket.core.util.crypt.KeyInSessionSunJceCryptFactory</code> binds the http session if it is not already bound! If the application needs to run in stateless mode then the application will have to provide a custom +implementation of <code>ICryptFactory</code> that stores the user specific keys by other means. +</blockquote> + + + +<h2 id="security_5">21.5 Package Resource Guard</h2> <p class="paragraph"/>Wicket internally uses an entity called package resource guard to protect package resources from external access. This entity is an implementation of interface <code>org.apache.wicket.markup.html.IPackageResourceGuard</code>.<p class="paragraph"/>By default Wicket applications use as package resource guard class <code>SecurePackageResourceGuard</code>, which allows to access only to the following file extensions (grouped by type):<p class="paragraph"/><table class="wiki-table" cellpadding="0" cellspacing="0" border="0"><tr><th>File</th><th>Extensions</th></tr><tr class="table-odd"><td><strong class="bold">JavaScript files</strong></td><td>.js</td></tr><tr class="table-even"><td><strong class="bold">CSS files</strong></td><td>.css</td></tr><tr class="table-odd"><td><strong class="bold">HTML pages</strong></td><td>.html</td></tr><tr class="table-even"><td><strong class="bold">Textual files</strong></td><td>.txt</td></tr><tr class="table-odd"><td><strong class="bo ld">Flash files</strong></td><td>.swf</td></tr><tr class="table-even"><td><strong class="bold">Picture files</strong></td><td>.png, .jpg, .jpeg, .gif, .ico, .cur, .bmp, .svg</td></tr><tr class="table-odd"><td><strong class="bold">Web font files</strong></td><td>.eot, .ttf, .woff</td></tr></table><p class="paragraph"/>To modify the set of allowed files formats we can add one or more patterns with method <code>addPattern(String)</code>. The rules to write a pattern are the following: <ul class="star"> <li>patterns start with either a "+" or a "-". In the first case the pattern will add one or more file to the set while starting a pattern with a â-â we exclude all the files matching the given pattern. For example pattern â-web.xmlâ excludes all web.xml files in all directories.</li> @@ -431,7 +467,7 @@ Application class <code>AuthenticatedWeb -<h2 id="security_5">21.5 Summary</h2> +<h2 id="security_6">21.6 Summary</h2> <p class="paragraph"/> In this chapter we have seen the components and the mechanisms that allow us to implement security policies in our Wicket-based applications. Wicket comes with an out of the box support for both authorization and authentication.<p class="paragraph"/>The central element of authorization mechanism is the interface <code>IAuthorizationStrategy</code> which decouples our components from any detail about security strategy. The implementations of this interface must decide if a user is allowed to instantiate a given page or component and if she/he can perform a given action on it.<p class="paragraph"/>Wicket natively supports role-based authorizations with strategies <code>MetaDataRoleAuthorizationStrategy</code> and <code>AnnotationsRoleAuthorizationStrategy</code>. The difference between these two strategies is that the first offers a programmatic approach for role handling while the second promotes a declarative approach using built-in annotations.<p class="parag raph"/>After having explored how Wicket internally implements authentication and authorization, in the last part of the chapter we have learnt how to configure our applications to support HTTPS and how to specify which pages must be served over this protocol.<p class="paragraph"/>In the last paragraph we have seen how Wicket protects package resources with a guard entity that allows us to decide which package resources can be accessed from users.<p class="paragraph"/><p class="paragraph"/> @@ -461,7 +497,7 @@ Application class <code>AuthenticatedWeb <div id="footer"> Copyright © 2013-2014 â <a href="http://www.apache.org/"; target="_blank">The Apache Software Foundation</a> - â <b style="color:#E8590A !important;">(Generated on: 2014-11-11)</b> + â <b style="color:#E8590A !important;">(Generated on: 2015-02-03)</b> </div>
![http://wicket.apache.org/guide/img/apache-wicket.png"/](http://wicket.apache.org/guide/img/apache-wicket.png"/){kind=link}
![http://wicket.apache.org/guide/img/asf_logo.gif"/](http://wicket.apache.org/guide/img/asf_logo.gif"/){kind=link}