Added: wicket/common/site/trunk/_site/guide/guide/pages/wicketstuff_7.html
URL: 
http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/guide/guide/pages/wicketstuff_7.html?rev=1656683&view=auto
==============================================================================
--- wicket/common/site/trunk/_site/guide/guide/pages/wicketstuff_7.html (added)
+++ wicket/common/site/trunk/_site/guide/guide/pages/wicketstuff_7.html Tue Feb 
 3 11:19:18 2015
@@ -0,0 +1,205 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+                      
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en">
+<head>
+    <title>27.7 Module stateless 6.x</title>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
+    <link rel="stylesheet" href="../css/main.css" type="text/css" 
media="screen, print" title="Style" charset="utf-8"/>
+    <link rel="stylesheet" href="../css/pdf.css" type="text/css" media="print" 
title="PDF" charset="utf-8"/>
+    <script type="text/javascript">
+function addJsClass() {
+    var classes = document.body.className.split(" ");
+    classes.push("js");
+    document.body.className = classes.join(" ");
+}
+    </script>
+</head>
+
+<body class="body" onload="addJsClass();">
+<div id="navigation">
+    <ul>
+        <li>
+            <div id="nav-summary" onmouseover="toggleNavSummary(false)" 
onmouseout="toggleNavSummary(true)">
+                <a href="../../guide/index.html" class="button">Table of 
contents</a>
+
+                <div id="nav-summary-childs" style="display:none;">
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/introduction.html"><strong>1</strong><span>Introduction</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/howToSource.html"><strong>2</strong><span>How to use the 
example code</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/whyLearn.html"><strong>3</strong><span>Why should I learn 
Wicket?</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/helloWorld.html"><strong>4</strong><span>Wicket says 
&ldquo;Hello world!&rdquo;</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/layout.html"><strong>5</strong><span>Wicket as page layout 
manager</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/keepControl.html"><strong>6</strong><span>Keeping control 
over HTML</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/componentLifecycle.html"><strong>7</strong><span>Components 
lifecycle</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/versioningCaching.html"><strong>8</strong><span>Page 
versioning and caching</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/requestProcessing.html"><strong>9</strong><span>Under the 
hood of the request processing</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/urls.html"><strong>10</strong><span>Wicket Links and URL 
generation</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/modelsforms.html"><strong>11</strong><span>Wicket models and 
forms</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/forms2.html"><strong>12</strong><span>Wicket forms in 
detail</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/repeaters.html"><strong>13</strong><span>Displaying multiple 
items with repeaters</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/i18n.html"><strong>14</strong><span>Internationalization with 
Wicket</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/resources.html"><strong>15</strong><span>Resource management 
with Wicket</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/jsintegration.html"><strong>16</strong><span>An example of 
integration with JavaScript</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/advanced.html"><strong>17</strong><span>Wicket advanced 
topics</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/ajax.html"><strong>18</strong><span>Working with 
AJAX</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/jee.html"><strong>19</strong><span>Integration with 
enterprise containers</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/nativewebsockets.html"><strong>20</strong><span>Native 
WebSockets</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/security.html"><strong>21</strong><span>Security with 
Wicket</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/testing.html"><strong>22</strong><span>Test Driven 
Development with Wicket</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/testingspring.html"><strong>23</strong><span>Test Driven 
Development with Wicket and Spring</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/bestpractices.html"><strong>24</strong><span>Wicket Best 
Practices</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/internals.html"><strong>25</strong><span>Wicket 
Internals</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/maven.html"><strong>26</strong><span>Working with Maven 
(Appendix)</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/wicketstuff.html"><strong>27</strong><span>Project 
WicketStuff (Appendix)</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/redirects.html"><strong>28</strong><span>Lost In Redirection 
With Apache Wicket (Appendix)</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0"><a 
href="../../guide/contributing.html"><strong>29</strong><span>Contributing to 
this guide (Appendix)</span></a>
+                    </div>
+                    
+                </div>
+            </div>
+        </li>
+        <li class="separator selected">
+            <a id="ref-button" onclick="localToggle(); return false;" 
href="#">Quick Reference</a>
+        </li>
+    </ul>
+</div>
+<div id="header">
+    <div class="images clearfix">
+        
+        <span id="logo"><a href="/" target="_blank"><img height="80px" 
src="http://wicket.apache.org/guide/img/apache-wicket.png"/></a></span>
+        
+        
+        <span id="sponsor"><a href="http://www.apache.org/"; 
target="_blank"><img height="60px" 
src="http://wicket.apache.org/guide/img/asf_logo.gif"/></a></span>
+        
+    </div>
+    <p>Free Online Guide for Apache Wicket framework</p>
+</div>
+
+
+<table id="colset" border="0" cellpadding="0" cellspacing="0">
+    <tr>
+        <td id="col1">
+            <div id="main" class="corner-all">
+
+                
+                    <div class="toc-item prev-left"><a 
href="../../guide/maven.html">&lt;&lt; <strong>26</strong><span>Working with 
Maven (Appendix)</span></a></div>
+                
+
+                <span id='toggle-col1' class="toggle">(<a href="#" 
onclick="localToggle(); return false;">Quick Reference</a>)</span>
+
+                
+                    <div class="toc-item next-right"><a 
href="../../guide/redirects.html"><strong>28</strong><span>Lost In Redirection 
With Apache Wicket (Appendix)</span> >></a></div>
+                
+
+
+                <div class="project">
+                    <h1>27.7 Module stateless - Reference Documentation</h1>
+
+                    <p><strong>Authors:</strong> Andrea Del Bene, Martin 
Grigorov, Carsten Hufe, Christian Kroemer, Daniel Bartl, Paul Borș</p>
+
+                    <p><strong>Version:</strong> 6.x</p>
+
+                    
+                </div>
+
+                
+
+                
+
+<h2 id="wicketstuff_7">27.7 Module stateless</h2>
+Wicket makes working with AJAX easy and pleasant with its component-oriented 
abstraction. However as side effect, AJAX components and behaviors make their 
hosting page stateful. This can be quite annoying if we are working on a page 
that must be stateless (for example a login page). 
+In this case an obvious solution would be to roll out our own stateless 
components/behaviors, but Wicketstuff alredy offers such kind of artifacts with 
<code>stateless</code> module. Here you can find the stateless version of the 
basic AJAX componets and behaviors shiped with Wicket, like 
<code>StatelessAjaxSubmitLink</code>, <code>StatelessAjaxFallbackLink</code>, 
<code>StatelessAjaxEventBehavior</code>, 
<code>StatelessAjaxFormSubmitBehavior</code> etc&#8230;
+A short introduction to this module can be found on its <a 
href="https://github.com/wicketstuff/core/tree/master/jdk-1.7-parent/stateless-parent";
 target="blank">home page</a> .<p class="paragraph"/>
+
+
+                <div style="clear:both;margin-top:15px;"></div>
+                
+                    <div class="toc-item prev-left"><a 
href="../../guide/maven.html">&lt;&lt; <strong>26</strong><span>Working with 
Maven (Appendix)</span></a></div>
+                
+                    <div class="toc-item next-right"><a 
href="../../guide/redirects.html"><strong>28</strong><span>Lost In Redirection 
With Apache Wicket (Appendix)</span> >></a></div>
+                
+                <div style="clear:both"></div>
+            </div>
+        </td>
+        <td id="col2">
+            <div class="local clearfix">
+                <div class="local-title">
+                    <a href="../../guide/index.html" target="mainFrame">Quick 
Reference</a>
+                    <span class="toggle">(<a href="#" onclick="localToggle(); 
return false;">hide</a>)</span>
+                </div>
+                <div class="menu">
+                    
+                </div>
+            </div>
+        </td>
+    </tr>
+</table>
+
+<div id="footer">
+    
+Copyright &copy; 2013-2014 — <a href="http://www.apache.org/"; 
target="_blank">The Apache Software Foundation</a> 
+                      — <b style="color:#E8590A !important;">(Generated on: 
2015-02-03)</b>
+
+    
+</div>
+
+<script type="text/javascript" src="../js/docs.js"></script>
+
+</body>
+</html>

Modified: wicket/common/site/trunk/_site/guide/guide/redirects.html
URL: 
http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/guide/guide/redirects.html?rev=1656683&r1=1656682&r2=1656683&view=diff
==============================================================================
--- wicket/common/site/trunk/_site/guide/guide/redirects.html (original)
+++ wicket/common/site/trunk/_site/guide/guide/redirects.html Tue Feb  3 
11:19:18 2015
@@ -227,7 +227,7 @@ Quite a few teams have already got stuck
 <div id="footer">
     
 Copyright &copy; 2013-2014 — <a href="http://www.apache.org/"; 
target="_blank">The Apache Software Foundation</a> 
-                      — <b style="color:#E8590A !important;">(Generated on: 
2014-11-11)</b>
+                      — <b style="color:#E8590A !important;">(Generated on: 
2015-02-03)</b>
 
     
 </div>

Modified: wicket/common/site/trunk/_site/guide/guide/repeaters.html
URL: 
http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/guide/guide/repeaters.html?rev=1656683&r1=1656682&r2=1656683&view=diff
==============================================================================
--- wicket/common/site/trunk/_site/guide/guide/repeaters.html (original)
+++ wicket/common/site/trunk/_site/guide/guide/repeaters.html Tue Feb  3 
11:19:18 2015
@@ -204,9 +204,9 @@ A common task for web applications is to
 <div class="code"><pre>&#60;ul&#62;
     &#60;li wicket:id=<span 
class="java&#45;quote">"listItems"</span>&#62;&#60;/li&#62;
 &#60;/ul&#62;</pre></div><p class="paragraph"/><strong class="bold">Java 
Code:</strong>
-<div class="code"><pre>RepeatingView listItems = <span 
class="java&#45;keyword">new</span> RepeatingView(<span 
class="java&#45;quote">"listItems"</span>);<p 
class="paragraph"/>listItems.add(<span class="java&#45;keyword">new</span> 
Label(listItems.newChildId(), <span class="java&#45;quote">"green"</span>);
-listItems.add(<span class="java&#45;keyword">new</span> 
Label(listItems.newChildId(), <span class="java&#45;quote">"blue"</span>);
-listItems.add(<span class="java&#45;keyword">new</span> 
Label(listItems.newChildId(), <span 
class="java&#45;quote">"red"</span>);</pre></div><p class="paragraph"/><strong 
class="bold">Generated markup:</strong>
+<div class="code"><pre>RepeatingView listItems = <span 
class="java&#45;keyword">new</span> RepeatingView(<span 
class="java&#45;quote">"listItems"</span>);<p 
class="paragraph"/>listItems.add(<span class="java&#45;keyword">new</span> 
Label(listItems.newChildId(), <span class="java&#45;quote">"green"</span>));
+listItems.add(<span class="java&#45;keyword">new</span> 
Label(listItems.newChildId(), <span class="java&#45;quote">"blue"</span>));
+listItems.add(<span class="java&#45;keyword">new</span> 
Label(listItems.newChildId(), <span 
class="java&#45;quote">"red"</span>));</pre></div><p class="paragraph"/><strong 
class="bold">Generated markup:</strong>
 <div class="code"><pre>&#60;ul&#62;
     &#60;li&#62;green&#60;/li&#62;
     &#60;li&#62;blue&#60;/li&#62;
@@ -214,6 +214,7 @@ listItems.add(<span class="java&#45;keyw
 &#60;/ul&#62;</pre></div><p class="paragraph"/>As we can see in this example, 
each child component has been rendered using the parent markup as if it was its 
own.
 
 
+
 <h2 id="repeaters_2">13.2 The ListView Component</h2>
 <p class="paragraph"/>As its name suggests, component 
<code>org.apache.wicket.markup.html.list.ListView</code> is designed to display 
a given list of objects which can be provided as a standard Java List or as a 
model containing the concrete List. ListView iterates over the list and creates 
a child component of type 
<code>org.apache.wicket.markup.html.list.ListItem</code> for every encountered 
item.<p class="paragraph"/>Unlike RepeatingView this component is intended to 
be used with complex markup fragments containing nested components.<p 
class="paragraph"/>To generate its children, ListView calls its abstract method 
populateItem(ListItem&#60;T&#62; item) for each item in the list, so we must 
provide an implementation of this method to tell the component how to create 
its children components. In the following example we use a ListView to display 
a list of Person objects:<p class="paragraph"/><strong 
class="bold">HTML:</strong>
 <div class="code"><pre>&#8230;
@@ -352,7 +353,7 @@ Wicket provides also component PageableL
 <div id="footer">
     
 Copyright &copy; 2013-2014 — <a href="http://www.apache.org/"; 
target="_blank">The Apache Software Foundation</a> 
-                      — <b style="color:#E8590A !important;">(Generated on: 
2014-11-11)</b>
+                      — <b style="color:#E8590A !important;">(Generated on: 
2015-02-03)</b>
 
     
 </div>

Modified: wicket/common/site/trunk/_site/guide/guide/requestProcessing.html
URL: 
http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/guide/guide/requestProcessing.html?rev=1656683&r1=1656682&r2=1656683&view=diff
==============================================================================
--- wicket/common/site/trunk/_site/guide/guide/requestProcessing.html (original)
+++ wicket/common/site/trunk/_site/guide/guide/requestProcessing.html Tue Feb  
3 11:19:18 2015
@@ -331,7 +331,7 @@ processing of an Ajax request Wicket wil
 <div id="footer">
     
 Copyright &copy; 2013-2014 — <a href="http://www.apache.org/"; 
target="_blank">The Apache Software Foundation</a> 
-                      — <b style="color:#E8590A !important;">(Generated on: 
2014-11-11)</b>
+                      — <b style="color:#E8590A !important;">(Generated on: 
2015-02-03)</b>
 
     
 </div>

Modified: wicket/common/site/trunk/_site/guide/guide/resources.html
URL: 
http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/guide/guide/resources.html?rev=1656683&r1=1656682&r2=1656683&view=diff
==============================================================================
--- wicket/common/site/trunk/_site/guide/guide/resources.html (original)
+++ wicket/common/site/trunk/_site/guide/guide/resources.html Tue Feb  3 
11:19:18 2015
@@ -456,7 +456,7 @@ In this chapter we have learnt how to ma
 <div id="footer">
     
 Copyright &copy; 2013-2014 — <a href="http://www.apache.org/"; 
target="_blank">The Apache Software Foundation</a> 
-                      — <b style="color:#E8590A !important;">(Generated on: 
2014-11-11)</b>
+                      — <b style="color:#E8590A !important;">(Generated on: 
2015-02-03)</b>
 
     
 </div>

Modified: wicket/common/site/trunk/_site/guide/guide/security.html
URL: 
http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/guide/guide/security.html?rev=1656683&r1=1656682&r2=1656683&view=diff
==============================================================================
--- wicket/common/site/trunk/_site/guide/guide/security.html (original)
+++ wicket/common/site/trunk/_site/guide/guide/security.html Tue Feb  3 
11:19:18 2015
@@ -171,10 +171,13 @@ function addJsClass() {
                     <div class="toc-item" style="margin-left:0px"><a 
href="#security_3"><strong>21.3</strong><span>Using HTTPS protocol</span></a>
                     </div>
                     
-                    <div class="toc-item" style="margin-left:0px"><a 
href="#security_4"><strong>21.4</strong><span>Package Resource Guard</span></a>
+                    <div class="toc-item" style="margin-left:0px"><a 
href="#security_4"><strong>21.4</strong><span>URLs encryption in 
detail</span></a>
                     </div>
                     
-                    <div class="toc-item" style="margin-left:0px"><a 
href="#security_5"><strong>21.5</strong><span>Summary</span></a>
+                    <div class="toc-item" style="margin-left:0px"><a 
href="#security_5"><strong>21.5</strong><span>Package Resource Guard</span></a>
+                    </div>
+                    
+                    <div class="toc-item" style="margin-left:0px"><a 
href="#security_6"><strong>21.6</strong><span>Summary</span></a>
                     </div>
                     
                 </div>
@@ -382,7 +385,7 @@ Application class <code>AuthenticatedWeb
 
 
 <h2 id="security_3">21.3 Using HTTPS protocol</h2>
-<p class="paragraph"/>HTTPS is the standard technology adopted on Internet to 
create a secure communication channel between web applications and their 
users.<p class="paragraph"/>In Wicket we can easily protect our pages with 
HTTPS mounting a special request mapper called <code>HttpsMapper</code> and 
using annotation RequireHttps with those pages we want to serve over this 
protocol. Both these two entities are in package 
<code>org.apache.wicket.protocol.https</code>.<p class="paragraph"/>HttpsMapper 
wraps an existing mapper and redirects incoming requests to HTTPS if the 
related response must render a page containing annotation 
<code>RequireHttps</code>. Most of the times the wrapped mapper will be the 
root one, just like we saw before for <code>CryptoManager</code> in paragraph 
8.6.6.<p class="paragraph"/>Another parameter needed to build a 
<code>HttpsMapper</code> is an instance of class <code>HttpsConfi</code>g. This 
class allows us to specify which ports must be used for HTTPS a
 nd HTTP. By default the port numbers used by these two protocols are 
respectively 443 and 80.<p class="paragraph"/>The following code is taken from 
project <code>HttpsProtocolExample</code> and illustrates how to enable HTTPS  
in our applications:<p class="paragraph"/><div class="code"><pre>//Application 
class code&#8230;
+<p class="paragraph"/>HTTPS is the standard technology adopted on Internet to 
create a secure communication channel between web applications and their 
users.<p class="paragraph"/>In Wicket we can easily protect our pages with 
HTTPS mounting a special request mapper called <code>HttpsMapper</code> and 
using annotation RequireHttps with those pages we want to serve over this 
protocol. Both these two entities are in package 
<code>org.apache.wicket.protocol.https</code>.<p class="paragraph"/>HttpsMapper 
wraps an existing mapper and redirects incoming requests to HTTPS if the 
related response must render a page containing annotation 
<code>RequireHttps</code>. Most of the times the wrapped mapper will be the 
root one, just like we saw before for <code>CryptoMapper</code> in paragraph 
10.6.<p class="paragraph"/>Another parameter needed to build a 
<code>HttpsMapper</code> is an instance of class <code>HttpsConfi</code>g. This 
class allows us to specify which ports must be used for HTTPS and
  HTTP. By default the port numbers used by these two protocols are 
respectively 443 and 80.<p class="paragraph"/>The following code is taken from 
project <code>HttpsProtocolExample</code> and illustrates how to enable HTTPS  
in our applications:<p class="paragraph"/><div class="code"><pre>//Application 
class code&#8230;
 @Override
 <span class="java&#45;keyword">public</span> void init()&#123;   
    setRootRequestMapper(<span class="java&#45;keyword">new</span> 
HttpsMapper(getRootRequestMapper(), 
@@ -408,7 +411,40 @@ Application class <code>AuthenticatedWeb
 &#125;</pre></div>
 
 
-<h2 id="security_4">21.4 Package Resource Guard</h2>
+
+<h2 id="security_4">21.4 URLs encryption in detail</h2>
+In chapter <a href="../guide/single.html#urls_6" class="guide">10.6</a> we 
have seen how to encrypt URLs using <code>CryptoMapper</code> request mapper. 
To encrypt/decrypt page URLs <code>CryptoMapper</code> uses an instance of 
<code>org.apache.wicket.util.crypt.ICrypt</code> interface:<p 
class="paragraph"/><div class="code"><pre><span 
class="java&#45;keyword">public</span> <span 
class="java&#45;keyword">interface</span> ICrypt
+&#123;
+       <span class="java&#45;object">String</span> encryptUrlSafe(<span 
class="java&#45;keyword">final</span> <span 
class="java&#45;object">String</span> plainText);<p class="paragraph"/>    
<span class="java&#45;object">String</span> decryptUrlSafe(<span 
class="java&#45;keyword">final</span> <span 
class="java&#45;object">String</span> encryptedText);<p class="paragraph"/>     
   &#8230;
+&#125;</pre></div><p class="paragraph"/>The default implementation for this 
interface is class <code>org.apache.wicket.util.crypt.SunJceCrypt</code>. It 
provides password-based cryptography using <code>PBEWithMD5AndDES</code> 
algorithm coming with the standard security providers in the Java Runtime 
Environment.<p class="paragraph"/><blockquote class="note">
+For better security it is recommended to install Java Cryptography Extension 
(JCE) Unlimited Strength Jurisdiction <a 
href="http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html";
 target="blank">Policy Files</a> for your version of JDK/JRE and use stronger 
algorithms. See this <a 
href="https://github.com/apache/wicket/blob/42ce1faa57d3617ccaa443045537306fabf4d71a/wicket-util/src/test/java/org/apache/wicket/util/crypt/UnlimitedStrengthJurisdictionPolicyTest.java#L67";
 target="blank">example</a> of a custom <code>ICrypt</code> implementation for 
inspiration.
+</blockquote><p class="paragraph"/>By using <code>CryptoMapper(IRequestMapper 
wrappedMapper, Application application)</code> constructor the mapper will use 
the configured <code>org.apache.wicket.util.crypt.ICryptFactory</code> from 
<code>org.apache.wicket.settings.ISecuritySettings#getCryptFactory()</code>. To 
use a stronger cryptography mechanism there are the following options:
+<ul class="star">
+<li>The first option is to use constructor <code>CryptoMapper(IRequestMapper 
wrappedMapper, IProvider&#60;ICrypt&#62; cryptProvider)</code> and give it an 
implementation of <code>org.apache.wicket.util.IProvider</code> that returns a 
custom <code>org.apache.wicket.util.crypt.ICrypt</code>.</li>
+</ul><p class="paragraph"/><blockquote class="note">
+<code>org.apache.wicket.util.IProvider</code> is a single-method interface 
that acts as object supplier:
+</blockquote><p class="paragraph"/><div class="code"><pre><span 
class="java&#45;keyword">public</span> <span 
class="java&#45;keyword">interface</span> IProvider&#60;T&#62;
+&#123;
+       T get();
+&#125;</pre></div>
+<ul class="star">
+<li>The second option is to register a cipher factory at application level 
with method <code>setCryptFactory(ICryptFactory cryptFactory)</code> of 
interface <code>ISecuritySettings</code>:</li>
+</ul><p class="paragraph"/><div class="code"><pre>@Override
+<span class="java&#45;keyword">public</span> void init() &#123;
+       <span class="java&#45;keyword">super</span>.init();
+       getSecuritySettings().setCryptFactory(<span 
class="java&#45;keyword">new</span> SomeCryptFactory());
+       setRootRequestMapper(<span class="java&#45;keyword">new</span> 
CryptoMapper(getRootRequestMapper(), <span 
class="java&#45;keyword">this</span>));
+&#125;</pre></div><p class="paragraph"/>
+Since version 6.19.0 Wicket uses 
<code>org.apache.wicket.core.util.crypt.KeyInSessionSunJceCryptFactory</code> 
as a default factory for <code>ICrypt</code> objects. This factory generates a 
unique key for each user that is stored in her HTTP 
+session. This way it helps to protect the application against <a 
href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)" 
target="blank">CSRF</a> attacks - the &#60;form&#62; action url will be 
encrypted in such way that it will be unique
+for each user of the application. The url itself serves as <a 
href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Encrypted_Token_Pattern"
 target="blank">encrypted token</a>.<p class="paragraph"/><blockquote 
class="warning">
+<code>org.apache.wicket.core.util.crypt.KeyInSessionSunJceCryptFactory</code> 
binds the http session if it is not already bound! If the application needs to 
run in stateless mode then the application will have to provide a custom 
+implementation of <code>ICryptFactory</code> that stores the user specific 
keys by other means.
+</blockquote>
+
+
+
+<h2 id="security_5">21.5 Package Resource Guard</h2>
 <p class="paragraph"/>Wicket internally uses an entity called package resource 
guard to protect package resources from external access. This entity is an 
implementation of interface 
<code>org.apache.wicket.markup.html.IPackageResourceGuard</code>.<p 
class="paragraph"/>By default Wicket applications use as package resource guard 
class <code>SecurePackageResourceGuard</code>, which allows to access only to 
the following file extensions (grouped by type):<p class="paragraph"/><table 
class="wiki-table" cellpadding="0" cellspacing="0" 
border="0"><tr><th>File</th><th>Extensions</th></tr><tr 
class="table-odd"><td><strong class="bold">JavaScript 
files</strong></td><td>.js</td></tr><tr class="table-even"><td><strong 
class="bold">CSS files</strong></td><td>.css</td></tr><tr 
class="table-odd"><td><strong class="bold">HTML 
pages</strong></td><td>.html</td></tr><tr class="table-even"><td><strong 
class="bold">Textual files</strong></td><td>.txt</td></tr><tr 
class="table-odd"><td><strong class="bo
 ld">Flash files</strong></td><td>.swf</td></tr><tr 
class="table-even"><td><strong class="bold">Picture 
files</strong></td><td>.png, .jpg, .jpeg, .gif, .ico, .cur, .bmp, 
.svg</td></tr><tr class="table-odd"><td><strong class="bold">Web font 
files</strong></td><td>.eot, .ttf, .woff</td></tr></table><p 
class="paragraph"/>To modify the set of allowed files formats we can add one or 
more patterns with method <code>addPattern(String)</code>. The rules to write a 
pattern are the following:
 <ul class="star">
 <li>patterns start with either a "+" or a "-". In the first case the pattern 
will add one or more file to the set while starting a pattern with a “-” we 
exclude all the files matching the given pattern. For example pattern 
“-web.xml” excludes all web.xml files in all directories.</li>
@@ -431,7 +467,7 @@ Application class <code>AuthenticatedWeb
 
 
 
-<h2 id="security_5">21.5 Summary</h2>
+<h2 id="security_6">21.6 Summary</h2>
 <p class="paragraph"/> In this chapter we have seen the components and the 
mechanisms that allow us to implement security policies in our Wicket-based 
applications. Wicket comes with an out of the box support for both 
authorization and authentication.<p class="paragraph"/>The central element of 
authorization mechanism is the interface <code>IAuthorizationStrategy</code> 
which decouples our components from any detail about security strategy. The 
implementations of this interface must decide if a user is allowed to 
instantiate a given page or component and if she/he can perform a given action 
on it.<p class="paragraph"/>Wicket natively supports role-based authorizations 
with strategies <code>MetaDataRoleAuthorizationStrategy</code> and 
<code>AnnotationsRoleAuthorizationStrategy</code>. The difference between these 
two strategies is that the first offers a programmatic approach for role 
handling while the second promotes a declarative approach using built-in 
annotations.<p class="parag
 raph"/>After having explored how Wicket internally implements authentication 
and authorization, in the last part of the chapter we have learnt how to 
configure our applications to support HTTPS and how to specify which pages must 
be served over this protocol.<p class="paragraph"/>In the last paragraph we 
have seen how Wicket protects package resources with a guard entity that allows 
us to decide which package resources can be accessed from users.<p 
class="paragraph"/><p class="paragraph"/>
 
 
@@ -461,7 +497,7 @@ Application class <code>AuthenticatedWeb
 <div id="footer">
     
 Copyright &copy; 2013-2014 — <a href="http://www.apache.org/"; 
target="_blank">The Apache Software Foundation</a> 
-                      — <b style="color:#E8590A !important;">(Generated on: 
2014-11-11)</b>
+                      — <b style="color:#E8590A !important;">(Generated on: 
2015-02-03)</b>
 
     
 </div>


Reply via email to