Hi, Just to let you know I'm still suffering on this issue. I've forgot I had reverted poms version to -M5... Sorry for awaking so late !
In my case this is not related to AuthenticationWebSession (I do not extend it), and - I guess - nothing related to an authenticated user. The issue appear as soon as I reach the homepage... I will try to make a quickstart asap ! Best regards, Sebastien. On Tue, Mar 10, 2015 at 8:26 PM, Martin Grigorov <[email protected]> wrote: > No. > The change has been introduced with > https://issues.apache.org/jira/browse/WICKET-5775 - automatic support for > session fixation attack. > > Martin Grigorov > Funemployed! Available for hire! > Wicket Training and Consulting > https://twitter.com/mtgrigorov > > On Tue, Mar 10, 2015 at 6:27 PM, Ernesto Reinaldo Barreiro < > [email protected]> wrote: > > > Is this to secure resources? The same as pages/components? > > > > On Tue, Mar 10, 2015 at 5:23 PM, Martin Grigorov <[email protected]> > > wrote: > > > > > I think we should revert a change in auth-roles. It caused four issues > so > > > far... > > > There is a ticket already! > > > On Mar 10, 2015 5:41 PM, "Maxim Solodovnik" <[email protected]> > > wrote: > > > > > > > works :) > > > > Thanks! > > > > > > > > should I add this change to main app? or you going to fix it in > Wicket? > > > > > > > > On Tue, Mar 10, 2015 at 9:37 PM, Martin Grigorov < > [email protected] > > > > > > > wrote: > > > > > > > > > Maxim, > > > > > > > > > > Try with MyAuthSession extends AuthenticatedWebSession { > > > > > > > > > > @Override public void replaceSession() {} > > > > > } > > > > > > > > > > i.e. make #replaceSession() a noop > > > > > > > > > > Martin Grigorov > > > > > Funemployed! Available for hire! > > > > > Wicket Training and Consulting > > > > > https://twitter.com/mtgrigorov > > > > > > > > > > On Tue, Mar 10, 2015 at 5:29 PM, Maxim Solodovnik < > > > [email protected]> > > > > > wrote: > > > > > > > > > > > This is the code: https://github.com/solomax/WicketSelect2Clear > > > > > > > > > > > > On Tue, Mar 10, 2015 at 9:27 PM, Sebastien <[email protected]> > > wrote: > > > > > > > > > > > > > Well done Maxim, this will probably ease upcoming > > investigation.... > > > > > > > > > > > > > > On Tue, Mar 10, 2015 at 4:20 PM, Maxim Solodovnik < > > > > > [email protected]> > > > > > > > wrote: > > > > > > > > > > > > > > > I can provide a link to the github project demonstrating this > > > > > > > > > > > > > > > > On Tue, Mar 10, 2015 at 9:20 PM, Maxim Solodovnik < > > > > > > [email protected]> > > > > > > > > wrote: > > > > > > > > > > > > > > > > > Yes > > > > > > > > > It is reproducible with dummy App based on > > > > > > AuthenticatedWebApplication > > > > > > > > > Seems like resources are not being available for download > > > without > > > > > > auth > > > > > > > > > anymore > > > > > > > > > > > > > > > > > > On Tue, Mar 10, 2015 at 9:14 PM, Maxim Solodovnik < > > > > > > > [email protected]> > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > >> Simple app works as expected :( > > > > > > > > >> Will try to convert it to AuthApp (seems to be security > > > related > > > > > > issue) > > > > > > > > >> > > > > > > > > >> On Tue, Mar 10, 2015 at 8:52 PM, Maxim Solodovnik < > > > > > > > [email protected] > > > > > > > > > > > > > > > > > >> wrote: > > > > > > > > >> > > > > > > > > >>> It's our main application, will try to create simple > > > quickstart > > > > > > > > >>> > > > > > > > > >>> On Tue, Mar 10, 2015 at 8:51 PM, Sebastien < > > [email protected] > > > > > > > > > > wrote: > > > > > > > > >>> > > > > > > > > >>>> Hi Maxim, > > > > > > > > >>>> > > > > > > > > >>>> Thank you very much for confirming, because I am > battling > > to > > > > > > > reproduce > > > > > > > > >>>> it > > > > > > > > >>>> in a simple quickstart!.. :( > > > > > > > > >>>> > > > > > > > > >>>> Best regards, > > > > > > > > >>>> Sebastien. > > > > > > > > >>>> > > > > > > > > >>>> > > > > > > > > >>>> On Tue, Mar 10, 2015 at 3:46 PM, Maxim Solodovnik < > > > > > > > > [email protected] > > > > > > > > >>>> > > > > > > > > > >>>> wrote: > > > > > > > > >>>> > > > > > > > > >>>> > Got this exception in the logs: > > > > > > > > >>>> > > > > > > > > > >>>> > WARN 03-10 20:44:41.513 RequestCycle.java 74324 347 > > > > > > > > RequestCycleExtra > > > > > > > > >>>> > [http-nio-0.0.0.0-5080-exec-10] - Handling the > following > > > > > > exception > > > > > > > > >>>> > org.apache.wicket.markup.MarkupException: The > component > > > > > > > > >>>> > [TransparentWebMarkupContainer [Component id = > > > > > > > > >>>> > wicket_relative_path_prefix_0]] was rendered already. > > You > > > > can > > > > > > > render > > > > > > > > >>>> it > > > > > > > > >>>> > only once during a render phase. Class relative path: > > > > > > > > >>>> > > > > > > > > > >>>> > > > > > > > > > >>>> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.wicket.markup.html.TransparentWebMarkupContainer:html:wicket_relative_path_prefix_0 > > > > > > > > >>>> > at > > org.apache.wicket.Page.componentRendered(Page.java:211) > > > > > > > > >>>> > ~[wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > > > > > > > > >>>> > at > > > org.apache.wicket.Component.rendered(Component.java:2622) > > > > > > > > >>>> > ~[wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > > > > > > > > >>>> > at > > > > > > org.apache.wicket.Component.internalRender(Component.java:2383) > > > > > > > > >>>> > ~[wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > > > > > > > > >>>> > at > > org.apache.wicket.Component.render(Component.java:2307) > > > > > > > > >>>> > ~[wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > > > > > > > > >>>> > > > > > > > > > >>>> > > > > > > > > > >>>> > On Tue, Mar 10, 2015 at 8:44 PM, Maxim Solodovnik < > > > > > > > > >>>> [email protected]> > > > > > > > > >>>> > wrote: > > > > > > > > >>>> > > > > > > > > > >>>> > > Can confirm :( > > > > > > > > >>>> > > Same here with our main application > > > > > > > > >>>> > > > > > > > > > > >>>> > > On Tue, Mar 10, 2015 at 8:23 PM, Sebastien < > > > > > [email protected]> > > > > > > > > >>>> wrote: > > > > > > > > >>>> > > > > > > > > > > >>>> > >> Hi team :) > > > > > > > > >>>> > >> > > > > > > > > >>>> > >> Back to work this morning...As usual, I am > > recompiling > > > > and > > > > > > > > >>>> redeploy the > > > > > > > > >>>> > >> webapp I am working on, based on 7.0.0-SNAPSHOT. > > > > > > > > >>>> > >> > > > > > > > > >>>> > >> It seems that I am facing to a serious issue: no > > > resource > > > > > > > > >>>> reference can > > > > > > > > >>>> > be > > > > > > > > >>>> > >> downloaded by the client, for instance: > > > > > > > > >>>> > >> > > > > > > > > >>>> > >> "NetworkError: 403 Forbidden - > > > > > > > > >>>> > >> > > > > > > > > >>>> > >> > > > > > > > > >>>> > > > > > > > > > >>>> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > http://localhost:8080/hawk/wicket/resource/org.apache.wicket.ajax.AbstractDefaultAjaxBehavior/res/js/wicket-ajax-jquery-ver-1425374806000.js > > > > > > > > >>>> > >> " > > > > > > > > >>>> > >> > > > > > > > > >>>> > >> I did recompiled/redeployed with -M5, all is ok. > > > > > > > > >>>> > >> > > > > > > > > >>>> > >> As I was on vacation these last 2 weeks (it was > very > > > > great > > > > > > > thank > > > > > > > > >>>> you :) > > > > > > > > >>>> > ), > > > > > > > > >>>> > >> I am not very aware of what did changed recently. > Any > > > > > ideas? > > > > > > > > >>>> > >> > > > > > > > > >>>> > >> Thanks a lot in advance, > > > > > > > > >>>> > >> Sebastien. > > > > > > > > >>>> > >> > > > > > > > > >>>> > > > > > > > > > > >>>> > > > > > > > > > > >>>> > > > > > > > > > > >>>> > > -- > > > > > > > > >>>> > > WBR > > > > > > > > >>>> > > Maxim aka solomax > > > > > > > > >>>> > > > > > > > > > > >>>> > > > > > > > > > >>>> > > > > > > > > > >>>> > > > > > > > > > >>>> > -- > > > > > > > > >>>> > WBR > > > > > > > > >>>> > Maxim aka solomax > > > > > > > > >>>> > > > > > > > > > >>>> > > > > > > > > >>> > > > > > > > > >>> > > > > > > > > >>> > > > > > > > > >>> -- > > > > > > > > >>> WBR > > > > > > > > >>> Maxim aka solomax > > > > > > > > >>> > > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > >> -- > > > > > > > > >> WBR > > > > > > > > >> Maxim aka solomax > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > WBR > > > > > > > > > Maxim aka solomax > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > WBR > > > > > > > > Maxim aka solomax > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > WBR > > > > > > Maxim aka solomax > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > WBR > > > > Maxim aka solomax > > > > > > > > > > > > > > > -- > > Regards - Ernesto Reinaldo Barreiro > > >
