Re: Encrypt selected form data before submitting the request to Server
Hi Rob, On Mon, Jan 16, 2017 at 8:46 AM, Rob Audenaerdewrote: > Ah you wrote about the synchronous ajax at the same time as my message :) > I should have explained in my first answer! The thing is that any asynchronous way to get the key will fail due to timings issues. > > (and sorry for the typo in your name, Martin!) > No problem! I have made much bigger mistakes with the help of spell corrections / auto-suggest :-) > > > On Mon, Jan 16, 2017 at 8:45 AM, Rob Audenaerde > wrote: > > > @Marin I thought synchronous Ajax is actively discouraged now? Or is it > > supported through webworkers now? (see: https://xhr.spec.whatwg.org/# > > the-open()-method ) > > > > I would just generate a random secret the moment the form is rendered. > > Then, in javascript, you can use your favorite symmetric block cipher to > > replace the values/encode them in json (for example in a hidden field. > > Server side you do the reverse > > > > -Rob > > > > On Mon, Jan 16, 2017 at 8:36 AM, James Selvakumar > > wrote: > > > >> Hi Martin, > >> > >> Thanks a lot for your response. > >> Can I add this behavior directly to the form or should this be added to > a > >> form component? > >> Will this work on Wicket 6.x? > >> > >> On Mon, Jan 16, 2017 at 3:29 PM, Martin Grigorov > >> wrote: > >> > >> > Hi, > >> > > >> > The easiest way I see is to use onBeforeSend() callback listener on > the > >> > Ajax submit behavior of the form. > >> > There you can do a **synchronous** Ajax call to get your key and then > >> > modify (i.e. encrypt) the data to be sent. > >> > > >> > Martin Grigorov > >> > Wicket Training and Consulting > >> > https://twitter.com/mtgrigorov > >> > > >> > On Mon, Jan 16, 2017 at 8:08 AM, James Selvakumar < > ja...@mcruncher.com> > >> > wrote: > >> > > >> > > Hi all, > >> > > > >> > > I have this requirement where some of the data entered by the user > >> are to > >> > > be encrypted in the client side before the request is submitted to > the > >> > > Wicket server even though the communication is over HTTPS. > >> > > > >> > > I am thinking of having some JavaScript code in the client which > shall > >> > > intercept the form submission, request the Server for a randomly > >> > generated > >> > > key and encrypt the form data using the key received and then submit > >> the > >> > > form again. > >> > > > >> > > Any idea how to achieve this in Wicket? > >> > > > >> > > -- > >> > > Thanks & regards > >> > > James > >> > > > >> > > >> > >> > >> > >> -- > >> Thanks & regards > >> James Selvakumar > >> > > > > >
Re: Encrypt selected form data before submitting the request to Server
Thanks Martin. Hi Rob, your approach looks interesting. Can you please elaborate on that? On Mon, Jan 16, 2017 at 3:46 PM, Rob Audenaerdewrote: > Ah you wrote about the synchronous ajax at the same time as my message :) > > (and sorry for the typo in your name, Martin!) > > > On Mon, Jan 16, 2017 at 8:45 AM, Rob Audenaerde > wrote: > > > @Marin I thought synchronous Ajax is actively discouraged now? Or is it > > supported through webworkers now? (see: https://xhr.spec.whatwg.org/# > > the-open()-method ) > > > > I would just generate a random secret the moment the form is rendered. > > Then, in javascript, you can use your favorite symmetric block cipher to > > replace the values/encode them in json (for example in a hidden field. > > Server side you do the reverse > > > > -Rob > > > > On Mon, Jan 16, 2017 at 8:36 AM, James Selvakumar > > wrote: > > > >> Hi Martin, > >> > >> Thanks a lot for your response. > >> Can I add this behavior directly to the form or should this be added to > a > >> form component? > >> Will this work on Wicket 6.x? > >> > >> On Mon, Jan 16, 2017 at 3:29 PM, Martin Grigorov > >> wrote: > >> > >> > Hi, > >> > > >> > The easiest way I see is to use onBeforeSend() callback listener on > the > >> > Ajax submit behavior of the form. > >> > There you can do a **synchronous** Ajax call to get your key and then > >> > modify (i.e. encrypt) the data to be sent. > >> > > >> > Martin Grigorov > >> > Wicket Training and Consulting > >> > https://twitter.com/mtgrigorov > >> > > >> > On Mon, Jan 16, 2017 at 8:08 AM, James Selvakumar < > ja...@mcruncher.com> > >> > wrote: > >> > > >> > > Hi all, > >> > > > >> > > I have this requirement where some of the data entered by the user > >> are to > >> > > be encrypted in the client side before the request is submitted to > the > >> > > Wicket server even though the communication is over HTTPS. > >> > > > >> > > I am thinking of having some JavaScript code in the client which > shall > >> > > intercept the form submission, request the Server for a randomly > >> > generated > >> > > key and encrypt the form data using the key received and then submit > >> the > >> > > form again. > >> > > > >> > > Any idea how to achieve this in Wicket? > >> > > > >> > > -- > >> > > Thanks & regards > >> > > James > >> > > > >> > > >> > >> > >> > >> -- > >> Thanks & regards > >> James Selvakumar > >> > > > > > -- Thanks & regards James Selvakumar
Re: Idea for a template component
Hi Marcel, Thank you for your suggestion but I think it doesn't worth it to be part of wicket-core. It is as simple as @Override public void onComponentTagBody(final MarkupStream markupStream, final ComponentTag openTag) { replaceComponentTagBody(markupStream, tag, interpolate(body)); } Same could be achieved with CompoundPropertyModel (+ component queueing if the hierachy should be changed frequently). Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Fri, Jan 13, 2017 at 2:42 PM, Marcel Barbosa Pinto < marcel.po...@gmail.com> wrote: > Hi guys, > > I had an idea last night and decided to implement it. > > On my wicket app I have a lot of labels that is used just to display the > model values to the user. > So my code was some thing like this: > > WebMarkupContainer container = new WebMarkupContainer("container", new > CompoundPropertyModel(myModel)); > container.add( > new Label("prop1"); > new Label("prop2.name"); > new Label("prop2.lastname") > ); > add(container); > > html was like this: > > Prop1: > Prop2 name: > Prop2 lastname: > > > So I decided to try to simplify the HTML code and created a > TemplateMarkupComponent which basically uses the VariableInterpolator class > and PropertyResolver: > > java looks like this: > > TemplateMarkupContainer container = new > TemplateMarkupContainer("container", myModel); > add(container); > > Html code: > > > Prop1: ${prop1} > Prop2 name: ${prop2.name} > Prop2 lastname: ${prop2.lastname} > > > To display the values the component apply the PropertyConverter, so fields > are displayed with the correct format. > It uses the same expressions that PropertyModel uses to get its properties. > I think this could be used to render scripts as well. > > You can just remove the expression tag from HTML without having to change > the java code. > You can choose if and Exception should be raised if the Model doesn't > contains the property, like the MapVariableInterpolator does. > > These two I am still thinking about: > You can override the onValue(String expression, Object value) in order to > modify the value that is rendered > If you pass a Model with is not an Object with properties, like just a > String or Int, you can render it by using ${this} > > It is just two classes: > ModelVariableInterpolator.java > TemplateMarkupContainer.java > > > Do you think that this could be useful? > What problems could be raised by this approach? > > > -- > > Marcel Barbosa Pinto >
Re: Encrypt selected form data before submitting the request to Server
Ah you wrote about the synchronous ajax at the same time as my message :) (and sorry for the typo in your name, Martin!) On Mon, Jan 16, 2017 at 8:45 AM, Rob Audenaerdewrote: > @Marin I thought synchronous Ajax is actively discouraged now? Or is it > supported through webworkers now? (see: https://xhr.spec.whatwg.org/# > the-open()-method ) > > I would just generate a random secret the moment the form is rendered. > Then, in javascript, you can use your favorite symmetric block cipher to > replace the values/encode them in json (for example in a hidden field. > Server side you do the reverse > > -Rob > > On Mon, Jan 16, 2017 at 8:36 AM, James Selvakumar > wrote: > >> Hi Martin, >> >> Thanks a lot for your response. >> Can I add this behavior directly to the form or should this be added to a >> form component? >> Will this work on Wicket 6.x? >> >> On Mon, Jan 16, 2017 at 3:29 PM, Martin Grigorov >> wrote: >> >> > Hi, >> > >> > The easiest way I see is to use onBeforeSend() callback listener on the >> > Ajax submit behavior of the form. >> > There you can do a **synchronous** Ajax call to get your key and then >> > modify (i.e. encrypt) the data to be sent. >> > >> > Martin Grigorov >> > Wicket Training and Consulting >> > https://twitter.com/mtgrigorov >> > >> > On Mon, Jan 16, 2017 at 8:08 AM, James Selvakumar >> > wrote: >> > >> > > Hi all, >> > > >> > > I have this requirement where some of the data entered by the user >> are to >> > > be encrypted in the client side before the request is submitted to the >> > > Wicket server even though the communication is over HTTPS. >> > > >> > > I am thinking of having some JavaScript code in the client which shall >> > > intercept the form submission, request the Server for a randomly >> > generated >> > > key and encrypt the form data using the key received and then submit >> the >> > > form again. >> > > >> > > Any idea how to achieve this in Wicket? >> > > >> > > -- >> > > Thanks & regards >> > > James >> > > >> > >> >> >> >> -- >> Thanks & regards >> James Selvakumar >> > >
Re: Encrypt selected form data before submitting the request to Server
@Marin I thought synchronous Ajax is actively discouraged now? Or is it supported through webworkers now? (see: https://xhr.spec.whatwg.org/#the-open()-method ) I would just generate a random secret the moment the form is rendered. Then, in javascript, you can use your favorite symmetric block cipher to replace the values/encode them in json (for example in a hidden field. Server side you do the reverse -Rob On Mon, Jan 16, 2017 at 8:36 AM, James Selvakumarwrote: > Hi Martin, > > Thanks a lot for your response. > Can I add this behavior directly to the form or should this be added to a > form component? > Will this work on Wicket 6.x? > > On Mon, Jan 16, 2017 at 3:29 PM, Martin Grigorov > wrote: > > > Hi, > > > > The easiest way I see is to use onBeforeSend() callback listener on the > > Ajax submit behavior of the form. > > There you can do a **synchronous** Ajax call to get your key and then > > modify (i.e. encrypt) the data to be sent. > > > > Martin Grigorov > > Wicket Training and Consulting > > https://twitter.com/mtgrigorov > > > > On Mon, Jan 16, 2017 at 8:08 AM, James Selvakumar > > wrote: > > > > > Hi all, > > > > > > I have this requirement where some of the data entered by the user are > to > > > be encrypted in the client side before the request is submitted to the > > > Wicket server even though the communication is over HTTPS. > > > > > > I am thinking of having some JavaScript code in the client which shall > > > intercept the form submission, request the Server for a randomly > > generated > > > key and encrypt the form data using the key received and then submit > the > > > form again. > > > > > > Any idea how to achieve this in Wicket? > > > > > > -- > > > Thanks & regards > > > James > > > > > > > > > -- > Thanks & regards > James Selvakumar >
Re: Encrypt selected form data before submitting the request to Server
Hi, I'd add it to the AjaxButton that submits the form. Yes, it should work with 6.x. I have never used a *synchronous* Ajax call in my apps. This is something that is highly discurraged by everyone (specifications, books, articles, etc.). A synchronous call will make your browser unusable during the call! But this is the only way I see to get your key during the form submit processing. Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Mon, Jan 16, 2017 at 8:36 AM, James Selvakumarwrote: > Hi Martin, > > Thanks a lot for your response. > Can I add this behavior directly to the form or should this be added to a > form component? > Will this work on Wicket 6.x? > > On Mon, Jan 16, 2017 at 3:29 PM, Martin Grigorov > wrote: > > > Hi, > > > > The easiest way I see is to use onBeforeSend() callback listener on the > > Ajax submit behavior of the form. > > There you can do a **synchronous** Ajax call to get your key and then > > modify (i.e. encrypt) the data to be sent. > > > > Martin Grigorov > > Wicket Training and Consulting > > https://twitter.com/mtgrigorov > > > > On Mon, Jan 16, 2017 at 8:08 AM, James Selvakumar > > wrote: > > > > > Hi all, > > > > > > I have this requirement where some of the data entered by the user are > to > > > be encrypted in the client side before the request is submitted to the > > > Wicket server even though the communication is over HTTPS. > > > > > > I am thinking of having some JavaScript code in the client which shall > > > intercept the form submission, request the Server for a randomly > > generated > > > key and encrypt the form data using the key received and then submit > the > > > form again. > > > > > > Any idea how to achieve this in Wicket? > > > > > > -- > > > Thanks & regards > > > James > > > > > > > > > -- > Thanks & regards > James Selvakumar >
Re: Cannot modify component hierarchy after render phase has started
Hello Martin, okay, it was a misunderstanding. I will file a new issue and attach the quickstart. Cheers, Dirk -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Cannot-modify-component-hierarchy-after-render-phase-has-started-tp4676711p4676766.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Cannot modify component hierarchy after render phase has started
Hi Dirk, I think Sven said that this is a bug (caused most probably by the support for queueing components). Please file a bug report in JIRA and attach the quickstart app. Thank you! Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Mon, Jan 16, 2017 at 7:47 AM, Dirk Forchelwrote: > Sven Meier wrote > > problem is that TestPanel.onConfigure() is called during render phase > > only, while in 7.4 it was (correctly) called in #beforeRender() (where > > hierarchy changes are still allowed). > > Hi Sven, > to be honest I didn't get it. Livecycle stages of a component are > "initializing", "rendering" and "removing", where hook methods involved > are: > > Initialization: /onInitialize/ > Rendering (sorted by execution order): /onConfigure/, /onBeforeRender/, > /onRender/, /onComponentTag/, o/nComponentTagBody/, > /onAfterRenderChildren/, > /onAfterRender/ > Removing: /onRemove/ > > The /onConfigure/ method is a good point to manage the component states > such > as its visibility. This method is called before the render phase starts. I > assume, changing children hierarchy is still allowed. But we're trying to > change the model object of a component, which, in my point of view, is > completely different from changing the children hierarchy > (/isVisibilityAllowed/ or /isEnabledAllowed/ is not called). > > The /onBeforeRender/ method is called after the /onConfigure/ method. This > method is called before a component starts its rendering phase and would be > the last chance to change its children hierarchy. But we don't do so. > > So why it is not allowed to change the model object of a panel which is a > child of a border component? > We're doing this in our application at least since Wicket 1.5. > > > -- > View this message in context: http://apache-wicket.1842946. > n4.nabble.com/Cannot-modify-component-hierarchy-after- > render-phase-has-started-tp4676711p4676760.html > Sent from the Users forum mailing list archive at Nabble.com. > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > >
Re: Encrypt selected form data before submitting the request to Server
Hi, The easiest way I see is to use onBeforeSend() callback listener on the Ajax submit behavior of the form. There you can do a **synchronous** Ajax call to get your key and then modify (i.e. encrypt) the data to be sent. Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Mon, Jan 16, 2017 at 8:08 AM, James Selvakumarwrote: > Hi all, > > I have this requirement where some of the data entered by the user are to > be encrypted in the client side before the request is submitted to the > Wicket server even though the communication is over HTTPS. > > I am thinking of having some JavaScript code in the client which shall > intercept the form submission, request the Server for a randomly generated > key and encrypt the form data using the key received and then submit the > form again. > > Any idea how to achieve this in Wicket? > > -- > Thanks & regards > James >
Encrypt selected form data before submitting the request to Server
Hi all, I have this requirement where some of the data entered by the user are to be encrypted in the client side before the request is submitted to the Wicket server even though the communication is over HTTPS. I am thinking of having some JavaScript code in the client which shall intercept the form submission, request the Server for a randomly generated key and encrypt the form data using the key received and then submit the form again. Any idea how to achieve this in Wicket? -- Thanks & regards James
AW: AW: AW: AW: Update ListMultipleChoice by Ajax
Can you explain what these methods equals() and hashCode() have to do? Mit freundlichen Grüßen Christoph Manig -Ursprüngliche Nachricht- Von: Sven Meier [mailto:s...@meiers.net] Gesendet: Freitag, 13. Januar 2017 13:41 An: users@wicket.apache.org Betreff: Re: AW: AW: AW: Update ListMultipleChoice by Ajax Ah, it didn't have anything to do with Ajax or models after all: - PasswordTextField#setResetPassword(false) lets it render the password (you don't have a login form here, so it's safe) - Group has to implement #equals() and #hashCode() *or* you have to use an id value other than index (which is ChoiceRenderer's default) Have fun Sven On 13.01.2017 11:18, christoph.ma...@t-systems.com wrote: > Ok I created an Account on GitHub. Here is the example: > https://github.com/CManig/WicketChoiceExample > > > Mit freundlichen Grüßen > Christoph Manig > > > -Ursprüngliche Nachricht- > Von: Maxim Solodovnik [mailto:solomax...@gmail.com] > Gesendet: Freitag, 13. Januar 2017 10:48 > An: users@wicket.apache.org > Betreff: Re: AW: AW: Update ListMultipleChoice by Ajax > > you can use any publicaly available project hosting (your SVN, > bitbucket, github etc.) Or you can create JIRA issue and attach your > quickstart (I would use this option only if I know for sure it is JIRA > bug) > > On Fri, Jan 13, 2017 at 4:07 PM,wrote: >> I've only have a GitLab Account will this also work for you? Can you send me >> a link to the right place in Jira? >> >> >> Mit freundlichen Grüßen >> Christoph Manig >> >> -Ursprüngliche Nachricht- >> Von: Maxim Solodovnik [mailto:solomax...@gmail.com] >> Gesendet: Freitag, 13. Januar 2017 10:05 >> An: users@wicket.apache.org >> Betreff: Re: AW: AW: Update ListMultipleChoice by Ajax >> >> You can share github link >> or attach it to JIRA :) >> >> On Fri, Jan 13, 2017 at 4:02 PM, wrote: >>> I created a small example. How can I send this to you? >>> >>> >>> Mit freundlichen Grüßen >>> Christoph Manig >>> Systems Engineer >>> >>> T-Systems International GmbH >>> Systems Integration - SC Travel, Transport & Logistics Annenstr. 5 >>> 01067 Dresden >>> tel.: +49 (0) 351 / 4744 - 188 >>> fax:+49 (0) 351 / 4744 - 209 >>> email: christoph.ma...@t-systems.com >>> >>> T-SYSTEMS INTERNATIONAL GMBH >>> Aufsichtsrat: Thomas Dannenfeldt (Vorsitzender) >>> Geschäftsführung: Reinhard Clemens (Vorsitzender), Dr. Ferri >>> Abolhassan, Thilo Kusch, Dr. Markus Müller, Georg Pepping, Hagen >>> Rickmann >>> Handelsregister: Amtsgericht Frankfurt am Main HRB 55933 Sitz der >>> Gesellschaft: Frankfurt am Main WEEE-Reg.-Nr. DE50335567 >>> >>> >>> -Ursprüngliche Nachricht- >>> Von: Sven Meier [mailto:s...@meiers.net] >>> Gesendet: Freitag, 13. Januar 2017 08:16 >>> An: users@wicket.apache.org >>> Betreff: Re: AW: AW: Update ListMultipleChoice by Ajax >>> >>> Hi Christoph, >>> >>> a https://wicket.apache.org/start/quickstart.html allows us to debug the >>> problem. >>> >>> You've probably got your model usage wrong, that will be hard to analyze >>> without seeing more code. >>> >>> Regards >>> Sven >>> >>> >>> On 13.01.2017 08:08, christoph.ma...@t-systems.com wrote: After refreshing the page I see the same page. Its not a listView it is a ListMultipleChoice. What do you mean with a quickstart. Mit freundlichen Grüßen Christoph Manig -Ursprüngliche Nachricht- Von: Sven Meier [mailto:s...@meiers.net] Gesendet: Donnerstag, 12. Januar 2017 22:51 An: users@wicket.apache.org Betreff: Re: AW: Update ListMultipleChoice by Ajax Hm, with CompoundPropertyModel all inherited models after dropped on detach and re-acquired on following access. So in theory that should work. What happens if you refresh the page (F5) after clicking the Ajax link? Does the new data show up in the listView and passwordField? Could you build a quickstart for a deeper look? Regards Sven On 12.01.2017 15:35, christoph.ma...@t-systems.com wrote: > They are member of a form and this has a CompoundPropertyModel. > > setDefaultModel(new CompoundPropertyModel(new > UserModel())); > > And this holds all data which are relevant for user. The other components > of the form show the data of the user which I set as the default model. > > Mit freundlichen Grüßen > Christoph Manig > > -Ursprüngliche Nachricht- > Von: Sven Meier [mailto:s...@meiers.net] > Gesendet: Donnerstag, 12. Januar 2017 14:20 > An: users@wicket.apache.org > Betreff: Re: Update ListMultipleChoice by Ajax > > Hi, > > your components probably hold a reference to the former model. > > Where do 'groups' and 'password' get their model from? > > Have fun > Sven > > > On 12.01.2017 12:37,
Re: Cannot modify component hierarchy after render phase has started
Sven Meier wrote > problem is that TestPanel.onConfigure() is called during render phase > only, while in 7.4 it was (correctly) called in #beforeRender() (where > hierarchy changes are still allowed). Hi Sven, to be honest I didn't get it. Livecycle stages of a component are "initializing", "rendering" and "removing", where hook methods involved are: Initialization: /onInitialize/ Rendering (sorted by execution order): /onConfigure/, /onBeforeRender/, /onRender/, /onComponentTag/, o/nComponentTagBody/, /onAfterRenderChildren/, /onAfterRender/ Removing: /onRemove/ The /onConfigure/ method is a good point to manage the component states such as its visibility. This method is called before the render phase starts. I assume, changing children hierarchy is still allowed. But we're trying to change the model object of a component, which, in my point of view, is completely different from changing the children hierarchy (/isVisibilityAllowed/ or /isEnabledAllowed/ is not called). The /onBeforeRender/ method is called after the /onConfigure/ method. This method is called before a component starts its rendering phase and would be the last chance to change its children hierarchy. But we don't do so. So why it is not allowed to change the model object of a panel which is a child of a border component? We're doing this in our application at least since Wicket 1.5. -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Cannot-modify-component-hierarchy-after-render-phase-has-started-tp4676711p4676760.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org