Re: Sign to Google with Java Wicket
Hi, This is no more a question about Wicket. Please use StackOverflow or any other appropriate forum. A hint: Desktop.getDesktop().browse(new URI(http://www.gmail.com;)); starts a new session that knows nothing about the one that made the handshake. On Sun, Nov 24, 2013 at 11:25 PM, MartinoSuperman martinosuper...@live.nlwrote: Hi, Thanks for your help. I tried it in 2 ways: Here are the codes: 1. public class GoogleClientLogin { /** * @param args the command line arguments */ public static void main(String[] args) throws IOException, URISyntaxException { //Open the Connection URL url = new URL(https://www.google.com/accounts/ClientLogin;); HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection(); urlConnection.setRequestMethod(POST); urlConnection.setDoInput(true); urlConnection.setDoOutput(true); urlConnection.setUseCaches(false); urlConnection.setRequestProperty(Content-Type, application/x-www-form-urlencoded); // Form the POST parameters StringBuilder content = new StringBuilder(); content.append(Email=).append(URLEncoder.encode(m...@gmail.com , UTF-8)); content.append(Passwd=).append(URLEncoder.encode(password, UTF-8)); //content.append(service=).append(URLEncoder.encode(yourapp, UTF-8)); OutputStream outputStream = urlConnection.getOutputStream(); outputStream.write(content.toString().getBytes(UTF-8)); outputStream.close(); // Retrieve the output int responseCode = urlConnection.getResponseCode(); InputStream inputStream; if (responseCode == HttpURLConnection.HTTP_OK) { inputStream = urlConnection.getInputStream(); if(Desktop.isDesktopSupported()) { Desktop.getDesktop().browse(new URI(http://www.gmail.com;)); } System.out.println(Connection is OK); } else { inputStream = urlConnection.getErrorStream(); System.out.println(Connection is not OK); } } } 2. public class BigQuerySample { public static void main(String[] args) throws IOException, URISyntaxException { HttpTransport transport = GoogleTransport.create(); transport.addParser(new JsonCParser()); try { // authenticate with ClientLogin ClientLogin authenticator = new ClientLogin(); authenticator.authTokenType = ndev; authenticator.username = mail; authenticator.password = password; authenticator.authenticate().setAuthorizationHeader(transport); if(Desktop.isDesktopSupported()) { Desktop.getDesktop().browse(new URI(http://www.gmail.com;)); } //authenticator. //openWebpage(new URL(www.google.com)); // make query request /* HttpRequest request = transport.buildGetRequest(); request.setUrl(https://www.googleapis.com/bigquery/v1/query;); request.url.put( q, select count(*) from [bigquery/samples/shakespeare];); System.out.println(request.execute().parseAsString());*/ } catch (HttpResponseException e) { System.err.println(e.response.parseAsString()); throw e; } } As you can see, directly, when a connection is made to Google account and when signing in succeeds, I am opening a page of gmail in a new browser page. But when the page opens, gmail is not opened. What am I doing wrong here? In both cases, it is said that the connection was established. -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Sign-to-Google-with-Java-Wicket-tp4662591p4662634.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: wicket-bootstrap and another webjars components
Hi, I've proposed a fix in wicket-webjars project (Pull Request 4). Thanks for your help! On Sat, Nov 23, 2013 at 5:06 AM, Shengche Hsiao shengchehs...@gmail.comwrote: This is the quickstart on git hub https://github.com/Shengche/webjars-wicket - We do this not because it is easy. We do this because it is hard. -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/wicket-bootstrap-and-another-webjars-components-tp4662572p4662624.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Newbie question: startup wicketapplication with loginform
Hello usermembers, I have a question about the startup page for my wicket webapplication. I made a Loginform class and a Loginform.html which i want to start my application with. The Loginform class extends Form. Now in the application class it is not possible to point to the Loginform.class like this: public Class? extends Page getHomePage() { return LoginForm.class; } Because Form of cannot convert from ClassLoginForm to Class? extends Page How can i make this work?, or do i have to make a Loginform which extends WebPage? Thanks in advance. Gerrit -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Newbie-question-startup-wicketapplication-with-loginform-tp4662641.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: wicket-bootstrap and another webjars components
Thans Martin On Nov 25, 2013 5:36 PM, Martin Grigorov mgrigo...@apache.org wrote: Hi, I've proposed a fix in wicket-webjars project (Pull Request 4). Thanks for your help! On Sat, Nov 23, 2013 at 5:06 AM, Shengche Hsiao shengchehs...@gmail.com wrote: This is the quickstart on git hub https://github.com/Shengche/webjars-wicket - We do this not because it is easy. We do this because it is hard. -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/wicket-bootstrap-and-another-webjars-components-tp4662572p4662624.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Newbie question: startup wicketapplication with loginform
Hi, You should use the form in a page. Create a proper page, add the form to it, and use that page as a home page. On Mon, Nov 25, 2013 at 11:44 AM, gerritqf gerrit.wass...@qfactors.nlwrote: Hello usermembers, I have a question about the startup page for my wicket webapplication. I made a Loginform class and a Loginform.html which i want to start my application with. The Loginform class extends Form. Now in the application class it is not possible to point to the Loginform.class like this: public Class? extends Page getHomePage() { return LoginForm.class; } Because Form of cannot convert from ClassLoginForm to Class? extends Page How can i make this work?, or do i have to make a Loginform which extends WebPage? Thanks in advance. Gerrit -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Newbie-question-startup-wicketapplication-with-loginform-tp4662641.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Newbie question: startup wicketapplication with loginform
Ok i will try.Thanks! Martin Grigorov mgrigo...@apache.org , 25-11-2013 10:55: Hi, You should use the form in a page. Create a proper page, add the form to it, and use that page as a home page. On Mon, Nov 25, 2013 at 11:44 AM, gerritqf gerrit.wass...@qfactors.nlwrote: Hello usermembers, I have a question about the startup page for my wicket webapplication. I made a Loginform class and a Loginform.html which i want to start my application with. The Loginform class extends Form. Now in the application class it is not possible to point to the Loginform.class like this: public Class? extends Page getHomePage() { return LoginForm.class; } Because Form of cannot convert from ClassLoginForm to Class? extends Page How can i make this work?, or do i have to make a Loginform which extends WebPage? Thanks in advance. Gerrit -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Newbie-question-startup-wicketapplication-with-loginform-tp4662641.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
FileUPloadField alternatives?
In my project I am experiencing IE8 crashes at (Ajax-based) file upload. This happens with some particular machines my client uses, and, no, replacing them is (unfortunately) not an option. I am therefore exploring alternatives, hoping that e.g. a flash- or javascript-based upload might not lead to this problem anymore (also, the possibility of uploading more than one file at a time yields some added value). To avoid having to rewrite lots of code, I would ideally like to find something that I can just replace my current FileUploadField/AjaxButton construction with. I took a look at Martin's repo and the file-upload example in it. Is there any way I can have my application notified by an Ajax call after the upload has been finished? Also, are there any other components that I could try? I took a look at wicket-uploadify, but that library is based on wicket 1.5, and apart from that I haven't found anything. Cheers, M'bert -- --- / http://herbert.the-little-red-haired-girl.org / - =+= Yoda of Borg I am. Assimilated you will be. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Field Decorator not working on a single dropdown field after form submit
Dear Forum, I have created a Field Decorator solution based on Apache Wicket Cookbook, chapter 3. I have also created a drop down field validator which implements INullAcceptingValidator. When the form is first rendered, Field decorator beforeRender() and afterRender() is called for all form fields. When I submit the form with all fields empty, Field decorator beforeRender() and afterRender() is called for all form fields EXCEPT the one drop down field in question. Has anyone come across this type of problem? Why is the Field decorator beforeRender() and afterRender() not called for the drop down field? Even the custom drop down field validator is called. I'm extending a SubmitOnceForm, if that is of any relevance. I'm afraid I cannot reproduce this scenario in a stand-alone example. Thanks in advance, Lucas -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Field-Decorator-not-working-on-a-single-dropdown-field-after-form-submit-tp4662650.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: FileUPloadField alternatives?
Hi, On Mon, Nov 25, 2013 at 4:24 PM, Martin Dietze d...@fh-wedel.de wrote: In my project I am experiencing IE8 crashes at (Ajax-based) file upload. This happens with some particular machines my client uses, and, no, replacing them is (unfortunately) not an option. Can you explain what is the issue ? Maybe Wicket can workaround it ... I am therefore exploring alternatives, hoping that e.g. a flash- or javascript-based upload might not lead to this problem anymore (also, the possibility of uploading more than one file at a time yields some added value). To avoid having to rewrite lots of code, I would ideally like to find something that I can just replace my current FileUploadField/AjaxButton construction with. I took a look at Martin's repo and the file-upload example in it. Is there any way I can have my application notified by an Ajax call after the upload has been finished? It depends what kind of notification you need. You can pass the current page id as an extra request parameter when making the file upload Ajax call. This way you can use Session.get().getPageManager().getPage(pageId). You can cast the page or broadcast an event to notify it. I am not sure whether you will be able to use AjaxRequestTarget though. Because the Ajax call is made by the JS library, not with Wicket.Ajax.** APIs. So it will require some JS coding from you to process ajax-response in the library's onSuccess callback. Also, are there any other components that I could try? I took a look at wicket-uploadify, but that library is based on wicket 1.5, and apart from that I haven't found anything. Is it hard to migrate it to 6.x ? Cheers, M'bert -- --- / http://herbert.the-little-red-haired-girl.org / - =+= Yoda of Borg I am. Assimilated you will be. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
CSRF protection by randomizing the page ID
Hi, I am working on securing a Wicket application against CSRF attacks, which are possible because Wicket URLs can be easily guessed by an attacker and requests contain no challenge token. I did my research and found https://issues.apache.org/jira/browse/WICKET-1782 and https://issues.apache.org/jira/browse/WICKET-5326 , pointing to using CryptMapper to encrypt the request URLs. However, wouldn't a simpler approach be to randomize the page ID that gets inserted into each URL? This way, an attacker can no longer issue requests as he cannot guess the URL of the page instance. The following basic session override does the trick: public class MySession extends WebSession { private final int sessionToken; public MySession(Request request) { super(request); sessionToken = RandomUtils.nextInt(); } @Override public synchronized int nextPageId() { int num = super.nextPageId(); return (num + sessionToken) % Integer.MAX_VALUE; } } However, this seems a little too simple for nobody to have thought of that. Do you see any problems with this code, or should this successfully protect against CSRF, without causing other issues? Best regards, Andreas - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: FileUPloadField alternatives?
On Mon, November 25, 2013, Martin Grigorov wrote: In my project I am experiencing IE8 crashes at (Ajax-based) file upload. This happens with some particular machines my client uses, and, no, replacing them is (unfortunately) not an option. Can you explain what is the issue ? Maybe Wicket can workaround it ... I'll try to. Since I cannot reproduce the problem myself (on my IE8 the application works just fine), I can hardly describe much more than the symptoms. When uploading a file using an AjaxButton, the browser freezes after the upload has been processed on the server, i.e. the button stays 'pushed', and the browser needs to be closed using the task manager. The action behind my upload button is fully executed, i.e. the upload is being processed successfully, and the components that need Ajax update are added to the onSubmit method's ART. That's the last I see from that browser in the logs. In order to narrow down the problem I've created an upload test page. It contains a simple form with an FileUploadField/AjaxButton in it. Also there is the upload component panel we use in our application (it maintains a list of uploads that are updated via Ajax and shown under the upload button). Last Friday I made the trip to our customer's and took a closer look at one of the machines. All of them are WinXP/IE8 boxes, supposedly with identical configurations, but only some of them exhibit those crashes (but those do this each time we try). When running on Wicket 6.9.12 the browser crashes even with the simplest configuration (FileUploadField/AjaxButton). After downgrading to 6.8.0 (since there once was an issue in the wicket bugtracker), the browser survives that first check, but it crashes when trying out our application's upload component. This leads me to think that there is some Javascript/Ajax stuff involved in this crash. That's about all I know. I may give you access to that test page via email if you like to check yourself. I am not sure whether you will be able to use AjaxRequestTarget though. Because the Ajax call is made by the JS library, not with Wicket.Ajax.** APIs. So it will require some JS coding from you to process ajax-response in the library's onSuccess callback. That's what I feared :) This simply means that I will have to dig deeper into that particular upload library. Since I don't even know whether it will solve my problem I will have to consider... Also, are there any other components that I could try? I took a look at wicket-uploadify, but that library is based on wicket 1.5, and apart from that I haven't found anything. Is it hard to migrate it to 6.x ? It contains some Javascript that will most likely no longer work. Also it is totally undocumented, I don't know how to use it and if it even works. Actually I went into the same question, how can I notify my application so that I can use it the same way I used to use the stock FileUploadField. Cheers, M'bert -- --- / http://herbert.the-little-red-haired-girl.org / - =+= #define S Goodbye!\n main(){exit(printf(S) != strlen(S) ? 0 : 1);} - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: FileUPloadField alternatives?
On Mon, Nov 25, 2013 at 5:15 PM, Martin Dietze d...@fh-wedel.de wrote: On Mon, November 25, 2013, Martin Grigorov wrote: In my project I am experiencing IE8 crashes at (Ajax-based) file upload. This happens with some particular machines my client uses, and, no, replacing them is (unfortunately) not an option. Can you explain what is the issue ? Maybe Wicket can workaround it ... I'll try to. Since I cannot reproduce the problem myself (on my IE8 the application works just fine), I can hardly describe much more than the symptoms. When uploading a file using an AjaxButton, the browser freezes after the upload has been processed on the server, i.e. the button stays 'pushed', and the browser needs to be closed using the task manager. The action behind my upload button is fully executed, i.e. the upload is being processed successfully, and the components that need Ajax update are added to the onSubmit method's ART. That's the last I see from that browser in the logs. In order to narrow down the problem I've created an upload test page. It contains a simple form with an FileUploadField/AjaxButton in it. Also there is the upload component panel we use in our application (it maintains a list of uploads that are updated via Ajax and shown under the upload button). I guess that the problem is in https://github.com/apache/wicket/blob/master/wicket-core/src/main/java/org/apache/wicket/ajax/res/js/wicket-ajax-jquery.js?source=cc#L856 Most probably the 'load' event of the used iframe is not triggered. IE 8's Dev Tools are not the best but you can try to debug it. Last Friday I made the trip to our customer's and took a closer look at one of the machines. All of them are WinXP/IE8 boxes, supposedly with identical configurations, but only some of them exhibit those crashes (but those do this each time we try). When running on Wicket 6.9.12 the browser crashes even with the simplest configuration (FileUploadField/AjaxButton). After downgrading to 6.8.0 (since there once was an issue in the wicket bugtracker), the browser survives that first check, but it crashes when trying out our application's upload component. This leads me to think that there is some Javascript/Ajax stuff involved in this crash. That's about all I know. I may give you access to that test page via email if you like to check yourself. I am not sure whether you will be able to use AjaxRequestTarget though. Because the Ajax call is made by the JS library, not with Wicket.Ajax.** APIs. So it will require some JS coding from you to process ajax-response in the library's onSuccess callback. That's what I feared :) This simply means that I will have to dig deeper into that particular upload library. Since I don't even know whether it will solve my problem I will have to consider... Also, are there any other components that I could try? I took a look at wicket-uploadify, but that library is based on wicket 1.5, and apart from that I haven't found anything. Is it hard to migrate it to 6.x ? It contains some Javascript that will most likely no longer work. Also it is totally undocumented, I don't know how to use it and if it even works. Actually I went into the same question, how can I notify my application so that I can use it the same way I used to use the stock FileUploadField. What is the url to this project ? Cheers, M'bert -- --- / http://herbert.the-little-red-haired-girl.org / - =+= #define S Goodbye!\n main(){exit(printf(S) != strlen(S) ? 0 : 1);} - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: CSRF protection by randomizing the page ID
Hi, There is a (small) chance of clashes with this approach: 1) token = 0 = pageId == num 2) token = Integer.MAX_VALUE = pageId == num The page id is session relative, so pageId=13 is Page1 for me but could be Page21 for anyone else. On Mon, Nov 25, 2013 at 5:15 PM, Andreas Kappler andreas.kapp...@jato-consulting.de wrote: Hi, I am working on securing a Wicket application against CSRF attacks, which are possible because Wicket URLs can be easily guessed by an attacker and requests contain no challenge token. I did my research and found https://issues.apache.org/jira/browse/WICKET-1782 and https://issues.apache.org/jira/browse/WICKET-5326 , pointing to using CryptMapper to encrypt the request URLs. However, wouldn't a simpler approach be to randomize the page ID that gets inserted into each URL? This way, an attacker can no longer issue requests as he cannot guess the URL of the page instance. The following basic session override does the trick: public class MySession extends WebSession { private final int sessionToken; public MySession(Request request) { super(request); sessionToken = RandomUtils.nextInt(); } @Override public synchronized int nextPageId() { int num = super.nextPageId(); return (num + sessionToken) % Integer.MAX_VALUE; } } However, this seems a little too simple for nobody to have thought of that. Do you see any problems with this code, or should this successfully protect against CSRF, without causing other issues? Best regards, Andreas - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Change a session locale using a GET parameter
Hi, In the application an user should be able to change session locale with a GET parameter (e.g. ?locale=pl). I implemented it in onConfigure for my abstract WebPage where I check if the parameter exists and change session locale and it works fine. Nevertheless I wonder if it is a proper place for that action? Or maybe I can tell Wicket to automatically use locale from every Request (not only once when a session is created)? Marcin -- http://blog.solidsoft.info/ - Working code is not enough - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Change a session locale using a GET parameter
Hi, See https://github.com/apache/wicket/blob/master/wicket-examples/src/main/java/org/apache/wicket/examples/requestmapper/LocaleFirstMapper.java?source=cc You can read the parameter from the query string. On Mon, Nov 25, 2013 at 6:31 PM, Marcin Zajączkowski msz...@wp.pl wrote: Hi, In the application an user should be able to change session locale with a GET parameter (e.g. ?locale=pl). I implemented it in onConfigure for my abstract WebPage where I check if the parameter exists and change session locale and it works fine. Nevertheless I wonder if it is a proper place for that action? Or maybe I can tell Wicket to automatically use locale from every Request (not only once when a session is created)? Marcin -- http://blog.solidsoft.info/ - Working code is not enough - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: FileUPloadField alternatives?
On Mon, November 25, 2013, Martin Grigorov wrote: I guess that the problem is in https://github.com/apache/wicket/blob/master/wicket-core/src/main/java/org/apache/wicket/ajax/res/js/wicket-ajax-jquery.js?source=cc#L856 If I understand this correctly I might get away by producing a deployable in which that line is simply commented out (as it is intended for Chrome compatibility only)? Also, in a second approach, moving that line above the 'form.submit()' seems worthwhile as changing the DOM while a request is still in progress does not look totally harmless to me either? I'll have a go and have my customer try it (unfortunately I don't have physical access to a box that exhibits this problem). Cheers, M'bert -- --- / http://herbert.the-little-red-haired-girl.org / - =+= If you cannot convince them, confuse them. -- Harry S Truman - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Change a session locale using a GET parameter
On 2013-11-25 17:45, Martin Grigorov wrote: Hi, See https://github.com/apache/wicket/blob/master/wicket-examples/src/main/java/org/apache/wicket/examples/requestmapper/LocaleFirstMapper.java?source=cc You can read the parameter from the query string. Great, thanks Martin. Marcin On Mon, Nov 25, 2013 at 6:31 PM, Marcin Zajączkowski msz...@wp.pl wrote: Hi, In the application an user should be able to change session locale with a GET parameter (e.g. ?locale=pl). I implemented it in onConfigure for my abstract WebPage where I check if the parameter exists and change session locale and it works fine. Nevertheless I wonder if it is a proper place for that action? Or maybe I can tell Wicket to automatically use locale from every Request (not only once when a session is created)? Marcin -- http://blog.solidsoft.info/ - Working code is not enough - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org