Repository: wicket Updated Branches: refs/heads/wicket-7.x ce889a604 -> b4e4a92f5
Minor fix to the guide. Project: http://git-wip-us.apache.org/repos/asf/wicket/repo Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/b4e4a92f Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/b4e4a92f Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/b4e4a92f Branch: refs/heads/wicket-7.x Commit: b4e4a92f5c5321944e716f81de0b0e2bb27d556e Parents: ce889a6 Author: Andrea Del Bene <[email protected]> Authored: Mon Feb 13 17:45:26 2017 +0100 Committer: Andrea Del Bene <[email protected]> Committed: Mon Feb 13 17:45:26 2017 +0100 ---------------------------------------------------------------------- wicket-user-guide/src/main/asciidoc/ajax/ajax_3.adoc | 2 +- wicket-user-guide/src/main/asciidoc/internals/pagestoring.adoc | 5 ++--- wicket-user-guide/src/main/asciidoc/resources/resources_14.adoc | 2 +- wicket-user-guide/src/main/asciidoc/security/security_4.adoc | 2 +- wicket-user-guide/src/main/asciidoc/security/security_4_1.adoc | 2 +- 5 files changed, 6 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/wicket/blob/b4e4a92f/wicket-user-guide/src/main/asciidoc/ajax/ajax_3.adoc ---------------------------------------------------------------------- diff --git a/wicket-user-guide/src/main/asciidoc/ajax/ajax_3.adoc b/wicket-user-guide/src/main/asciidoc/ajax/ajax_3.adoc index a22ff48..f231214 100644 --- a/wicket-user-guide/src/main/asciidoc/ajax/ajax_3.adoc +++ b/wicket-user-guide/src/main/asciidoc/ajax/ajax_3.adoc @@ -81,7 +81,7 @@ add(form); add(submitButton); ---- -NOTE: _AjaxFormSubmitBehavior_ does not prevent JavaScript default event handling. For _<input type= @[submit] you'll have to call _AjaxRequestAttributes1.setPreventDefault(true)_ to prevent the form from being submitted twice. +NOTE: _AjaxFormSubmitBehavior_ does not prevent JavaScript default event handling. For _<input type="submit"_ you'll have to call _AjaxRequestAttributes.setPreventDefault(true)_ to prevent the form from being submitted twice. === AjaxFormComponentUpdatingBehavior http://git-wip-us.apache.org/repos/asf/wicket/blob/b4e4a92f/wicket-user-guide/src/main/asciidoc/internals/pagestoring.adoc ---------------------------------------------------------------------- diff --git a/wicket-user-guide/src/main/asciidoc/internals/pagestoring.adoc b/wicket-user-guide/src/main/asciidoc/internals/pagestoring.adoc index e38412e..52af511 100644 --- a/wicket-user-guide/src/main/asciidoc/internals/pagestoring.adoc +++ b/wicket-user-guide/src/main/asciidoc/internals/pagestoring.adoc @@ -18,8 +18,7 @@ The custom _IPageManager_ implementation may or may not use _IPageStore/IDataSto === IPageStore -_org.apache.wicket.pageStore.IPageStore_'s role is to mediate the storing and loading of pages done by the underlying _IDataStore_. The default implementation _org.apache.wicket.pageStore.DefaultPageStore_ pre-processes the pages before passing them to _IDataStore1.storeData(String, int, byte <<_>> -)_ and to post-processes them after _IDataStore1.getData(String, int)_. The processing consists of transforming the page instance to _org.apache.wicket.pageStore.DefaultPageStore.SerializedPage_. This is a struct of: +_org.apache.wicket.pageStore.IPageStore_'s role is to mediate the storing and loading of pages done by the underlying _IDataStore_. The default implementation _org.apache.wicket.pageStore.DefaultPageStore_ pre-processes the pages before passing them to _IDataStore.storeData(String, int, byte)_ and to post-processes them after _IDataStore.getData(String, int)_. The processing consists of transforming the page instance to _org.apache.wicket.pageStore.DefaultPageStore.SerializedPage_. This is a struct of: [source,java] ---- @@ -32,7 +31,7 @@ _org.apache.wicket.pageStore.IPageStore_'s role is to mediate the storing and lo i.e. this is the serialized page instance (data) plus additional information needed to be able to easily find it later (sessionId, pageId). -When a _SerializedPage_ has to be stored _DefaultPageStore_ stores it in a application scoped cache ({sessionId, pageId} -> SerializedPage) and additionally gives it to the underlying _IDataStore1.storeData(sessionId, pageId, data)_. The application scoped cache is used as second level cache. Getting a page from it is slower than the http session based cache in _PageStoreManager_ because the page has to be deserialized, but is faster than the underlying _IDataStore_ which stores the page bytes in some persistent store. +When a _SerializedPage_ has to be stored _DefaultPageStore_ stores it in a application scoped cache ({sessionId, pageId} -> SerializedPage) and additionally gives it to the underlying _IDataStore.storeData(sessionId, pageId, data)_. The application scoped cache is used as second level cache. Getting a page from it is slower than the http session based cache in _PageStoreManager_ because the page has to be deserialized, but is faster than the underlying _IDataStore_ which stores the page bytes in some persistent store. The size of the application scoped cache is configurable via _org.apache.wicket.settings.StoreSettings.setInmemoryCacheSize(int)_. http://git-wip-us.apache.org/repos/asf/wicket/blob/b4e4a92f/wicket-user-guide/src/main/asciidoc/resources/resources_14.adoc ---------------------------------------------------------------------- diff --git a/wicket-user-guide/src/main/asciidoc/resources/resources_14.adoc b/wicket-user-guide/src/main/asciidoc/resources/resources_14.adoc index 4b9c6c6..cd23b4a 100644 --- a/wicket-user-guide/src/main/asciidoc/resources/resources_14.adoc +++ b/wicket-user-guide/src/main/asciidoc/resources/resources_14.adoc @@ -1,7 +1,7 @@ -Introduced in Wicket 6.20.0 / Wicket 7.0.0 there is a default way to be used in which the output of all CssHeaderItems / JavaScriptHeaderItems is modified before they are cached and delivered to the client. You can add a so called Compressor by receiving the resource settings and invoke 1.setJavaScriptCompressor(...) / 1.setJavaScriptCompressor(...). If you want to add several Compressors use _org.apache.wicket.resource.CompositeCssCompressor_ or _org.apache.wicket.resource.CompositeJavaScriptCompressor_ +Introduced in Wicket 6.20.0 / Wicket 7.0.0 there is a default way to be used in which the output of all CssHeaderItems / JavaScriptHeaderItems is modified before they are cached and delivered to the client. You can add a so called Compressor by receiving the resource settings and invoke setJavaScriptCompressor(...) / setJavaScriptCompressor(...). If you want to add several Compressors use _org.apache.wicket.resource.CompositeCssCompressor_ or _org.apache.wicket.resource.CompositeJavaScriptCompressor_ *Java Code:* [source,java] http://git-wip-us.apache.org/repos/asf/wicket/blob/b4e4a92f/wicket-user-guide/src/main/asciidoc/security/security_4.adoc ---------------------------------------------------------------------- diff --git a/wicket-user-guide/src/main/asciidoc/security/security_4.adoc b/wicket-user-guide/src/main/asciidoc/security/security_4.adoc index c91c3d0..e915a58 100644 --- a/wicket-user-guide/src/main/asciidoc/security/security_4.adoc +++ b/wicket-user-guide/src/main/asciidoc/security/security_4.adoc @@ -17,7 +17,7 @@ The default implementation for this interface is class _org.apache.wicket.util.c NOTE: For better security it is recommended to install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html[Policy Files] -By using _CryptoMapper(IRequestMapper wrappedMapper, Application application)_ constructor the mapper will use the configured _org.apache.wicket.util.crypt.ICryptFactory_ from _org.apache.wicket.settings.SecuritySettings1.getCryptFactory()_. To use a stronger cryptography mechanism there are the following options: +By using _CryptoMapper(IRequestMapper wrappedMapper, Application application)_ constructor the mapper will use the configured _org.apache.wicket.util.crypt.ICryptFactory_ from _org.apache.wicket.settings.SecuritySettings.getCryptFactory()_. To use a stronger cryptography mechanism there are the following options: * The first option is to use constructor _CryptoMapper(IRequestMapper wrappedMapper, IProvider<ICrypt> cryptProvider)_ and give it an implementation of _org.apache.wicket.util.IProvider_ that returns a custom _org.apache.wicket.util.crypt.ICrypt_. http://git-wip-us.apache.org/repos/asf/wicket/blob/b4e4a92f/wicket-user-guide/src/main/asciidoc/security/security_4_1.adoc ---------------------------------------------------------------------- diff --git a/wicket-user-guide/src/main/asciidoc/security/security_4_1.adoc b/wicket-user-guide/src/main/asciidoc/security/security_4_1.adoc index ce801ba..52707b8 100644 --- a/wicket-user-guide/src/main/asciidoc/security/security_4_1.adoc +++ b/wicket-user-guide/src/main/asciidoc/security/security_4_1.adoc @@ -2,7 +2,7 @@ _CryptoMapper_ helps preventing CSRF attacks by making the urls impossible to be guessed by an attacker but still there is some theoretical chance this to happen. -To further help against this kind of vulnerability Wicket provides _CsrfPreventionRequestCycleListener_ - a _IRequestCycleListener_ that forbids requests made from a different origin. By default only actions are forbidden, i.e. a request coming from different origin cannot execute _Link1.onClick()_ or submit forms (_Form1.onSubmit()_). Any request to render pages are still allowed so Wicket pages could be easily embedded in other applications. +To further help against this kind of vulnerability Wicket provides _CsrfPreventionRequestCycleListener_ - a _IRequestCycleListener_ that forbids requests made from a different origin. By default only actions are forbidden, i.e. a request coming from different origin cannot execute _Link.onClick()_ or submit forms (_Form.onSubmit()_). Any request to render pages are still allowed so Wicket pages could be easily embedded in other applications. MyApplication.java [source,java]
