Re: Apache Wicket & Static Analysis Security Testing
Hi, I would also always go for static code analysis if you have the possibility. Using Sonarqube I never had any Wicket related issues in the past. I can remember one rule (from the default java ruleset) that had to be customized because it identified the use of anonymous inner classes as bad behavior. However, this is pretty common with Wicket. Everything else works just fine with the defaults. Best regards, Martin Am 12. März 2019 17:37:24 MEZ schrieb lu...@k40s.net: >Hi, > >I use the FindBugs (SpotBugs) plugin for IntelliJ to scan for >vulnerabilities. It's actually not made for security bugs but there is >a >plugin (FindSecBugs) with a focus on that. > >In any case I'd say that it makes sense to use static code analyzers >whenever possible. >Most of the found bugs will be Java related anyways. > >Regards > >Lukas Fülling > >Am 2019-03-12 15:36, schrieb Eric Gulatee: >> Hello Wicketeers, >> >> Does anyone know if there are any SAST (Static Analysis Security >> Testing) tools (Commercial or OpenSource) that support Apache Wicket? >> https://www.owasp.org/index.php/Source_Code_Analysis_Tools >> >> Is there value in adopting a SAST tool if it doesn’t explicitly >> support the apache wicket framework? >> >> -- >> Cheers, >> >> Eric Gulatee >> NYS OSC AppDev Enterprise Architect [Garnet River & Abilis] > >- >To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >For additional commands, e-mail: users-h...@wicket.apache.org -- Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
Re: Using Wicket to generate E-Mails.
Guten Tag Martin Grigorov, am Dienstag, 12. März 2019 um 17:12 schrieben Sie: > To render more complex markup you need to use ComponentRenderer. > You can render whole Pages or just Components (like Panels). Great, I'll have a look at that. > I do not understand what you mean with `adding newlines, manual > indentation, etc.` - Wicket just renders whatever your page/panel says. My HTML-templates would contain elements like "h1", "p", "table", "pre", "blockquote" etc., which are not useful as is in plain text mails. Consider the following pseudo-HTML: Hi customer! Good news for you... NEW PRICE: 10 bucks You said... That should be rendered to something like the following: Hi customer! Good news for you... NEW PRICE: 10 bucks > You said... But that should be achievable using Component.setRenderBodyOnly and pre-/post-processing the results of ComponentRenderer. Two slightly different render approaches using the same templates in best cases. > ComponentRenderer just sets up a dummy RequestCycle so that you can render > in non-HTTP threads, i.e. background threads. Which is exactly what I need. Thanks! Mit freundlichen Grüßen, Thorsten Schöning -- Thorsten Schöning E-Mail: thorsten.schoen...@am-soft.de AM-SoFT IT-Systeme http://www.AM-SoFT.de/ Telefon...05151- 9468- 55 Fax...05151- 9468- 88 Mobil..0178-8 9468- 04 AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Apache Wicket & Static Analysis Security Testing
Hi, I use the FindBugs (SpotBugs) plugin for IntelliJ to scan for vulnerabilities. It's actually not made for security bugs but there is a plugin (FindSecBugs) with a focus on that. In any case I'd say that it makes sense to use static code analyzers whenever possible. Most of the found bugs will be Java related anyways. Regards Lukas Fülling Am 2019-03-12 15:36, schrieb Eric Gulatee: Hello Wicketeers, Does anyone know if there are any SAST (Static Analysis Security Testing) tools (Commercial or OpenSource) that support Apache Wicket? https://www.owasp.org/index.php/Source_Code_Analysis_Tools Is there value in adopting a SAST tool if it doesn’t explicitly support the apache wicket framework? -- Cheers, Eric Gulatee NYS OSC AppDev Enterprise Architect [Garnet River & Abilis] - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Using Wicket to generate E-Mails.
Guten Tag, On Tue, Mar 12, 2019 at 5:57 PM Thorsten Schöning wrote: > Guten Tag Martin Grigorov, > am Dienstag, 12. März 2019 um 15:18 schrieben Sie: > > > There is an example how to do this in wicket-examples: > > - http://examples8x.wicket.apache.org/mailtemplate/ > > - > https://github.com/apache/wicket/tree/master/wicket-examples/src/main/java/org/apache/wicket/examples/asemail > > Thanks, looking at PackageTextTemplate, it doesn't provide any support > for tables, lists etc.? Only replacement of key-value-pairs? > Correct! > > If I want to use HTML-templates only at best, do I need to > additionally look at ComponentRenderer? "Component.setRenderBodyOnly" > in combination with adding newlines, manual indentation etc. on the > result of the rendering? > To render more complex markup you need to use ComponentRenderer. You can render whole Pages or just Components (like Panels). I do not understand what you mean with `adding newlines, manual indentation, etc.` - Wicket just renders whatever your page/panel says. ComponentRenderer just sets up a dummy RequestCycle so that you can render in non-HTTP threads, i.e. background threads. > > Mit freundlichen Grüßen, > > Thorsten Schöning > > -- > Thorsten Schöning E-Mail: thorsten.schoen...@am-soft.de > AM-SoFT IT-Systeme http://www.AM-SoFT.de/ > > Telefon...05151- 9468- 55 > Fax...05151- 9468- 88 > Mobil..0178-8 9468- 04 > > AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln > AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow > > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > >
Re: Using Wicket to generate E-Mails.
Guten Tag Martin Grigorov, am Dienstag, 12. März 2019 um 15:18 schrieben Sie: > There is an example how to do this in wicket-examples: > - http://examples8x.wicket.apache.org/mailtemplate/ > - > https://github.com/apache/wicket/tree/master/wicket-examples/src/main/java/org/apache/wicket/examples/asemail Thanks, looking at PackageTextTemplate, it doesn't provide any support for tables, lists etc.? Only replacement of key-value-pairs? If I want to use HTML-templates only at best, do I need to additionally look at ComponentRenderer? "Component.setRenderBodyOnly" in combination with adding newlines, manual indentation etc. on the result of the rendering? Mit freundlichen Grüßen, Thorsten Schöning -- Thorsten Schöning E-Mail: thorsten.schoen...@am-soft.de AM-SoFT IT-Systeme http://www.AM-SoFT.de/ Telefon...05151- 9468- 55 Fax...05151- 9468- 88 Mobil..0178-8 9468- 04 AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Apache Wicket & Static Analysis Security Testing
Hi, I am not aware of any such tool that has special rules for Wicket classes. Anyway, I think static analysis tools are still useful! On Tue, Mar 12, 2019 at 4:36 PM Eric Gulatee wrote: > Hello Wicketeers, > > Does anyone know if there are any SAST (Static Analysis Security Testing) > tools (Commercial or OpenSource) that support Apache Wicket? > https://www.owasp.org/index.php/Source_Code_Analysis_Tools > > Is there value in adopting a SAST tool if it doesn’t explicitly support > the apache wicket framework? > > -- > Cheers, > > Eric Gulatee > NYS OSC AppDev Enterprise Architect [Garnet River & Abilis] > > > >
Apache Wicket & Static Analysis Security Testing
Hello Wicketeers, Does anyone know if there are any SAST (Static Analysis Security Testing) tools (Commercial or OpenSource) that support Apache Wicket? https://www.owasp.org/index.php/Source_Code_Analysis_Tools Is there value in adopting a SAST tool if it doesn’t explicitly support the apache wicket framework? -- Cheers, Eric Gulatee NYS OSC AppDev Enterprise Architect [Garnet River & Abilis]
Re: How to trace that a resource was requested?
Hi, You can use Link#onClick() to count and then throw RedirectToUrlException(urlFor(yourResourceReference)) that will lead to a redirect. On Tue, Mar 12, 2019 at 3:11 PM Per Newgro wrote: > Hello, > > i like to log that a resource (PDF file), generated in backend, was > requested. > > The resource is mounted by a resource reference. An external link is using > url to resource reference. > Download of file generated by resource is working. > > But I like to avoid log of every request to resource. If the resource is > requested without clicking the link > i don't want to log the request. So i can not log the request while > resource is generated. I need an onClick. > > I guess i can not use ExternalLink because it is not calling the server > after click. > Maybe i need to use ResourceLink, but with that component no one is > calling it's onClick method. > > Is there any example on how to listen to downloads? > > Thanks for your support > Per > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > >
Re: Using Wicket to generate E-Mails.
Hi, There is an example how to do this in wicket-examples: - http://examples8x.wicket.apache.org/mailtemplate/ - https://github.com/apache/wicket/tree/master/wicket-examples/src/main/java/org/apache/wicket/examples/asemail On Tue, Mar 12, 2019 at 4:05 PM Thorsten Schöning wrote: > Hi all, > > I'm using Wicket for some frontend of some web app and pretty much > like it because it allows me to clearly separate skins, language > files, templates and to not mix too much view and business logic. My > current requirements are to send mails in some web service backend and > I want to use some template engine to generate those, because I need > to support multiple languages, might need to create somewhat complex > content like tables, headlines and stuff. Not only using HTML, but > using plain text as well. > > I've already searched around that topic focussing on Wicket and found > some explanations that this in fact is doable, but those references > are pretty old already. The following are some examples: > > http://wicket-praxis.de/blog/2009/12/01/sending-html-email-from-wicket-app/ > > https://cwiki.apache.org/confluence/display/WICKET/Use+wicket+as+template+engine > > Are there any newer docs available covering that topic I have missed? > > What I'm especially interested in is how to avoid the HTTP-stuff, what > the entry points are if I want to render to some string only and what > the best approach is to provide necessary data like different language > settings, as the corresponding HTTP-headers are missing. > > Another focus is on generating plain text. I know Wicket is based on > HTML/XML-templates, but components can be rendered "body only" already > as well. I had something in mind like reusing the templates for > HTML-mails by not rendering them entirely including nodes, but only > node content itself specially. > > Something like "..." would simply be rendered as some line of > text with an empty line afterwards. Same for e.g. "p", while "pre" > might simply be indented, "cite" might get a leadin ">" per line etc. > So in the best case, I would maintain one set of templates mostly and > two different rendering approaches to switch between. > > Any hints on how I need to implement those different rendering > approaches for the same components? So that I don't need to deal with > that for each and every component, but some visitor-rendering-pattern > or such. > > Does anyone already have experience with such an approach and > additonal advises? Is it a totally bad idea for some reason? > > Thanks for your input! > > Mit freundlichen Grüßen, > > Thorsten Schöning > > -- > Thorsten Schöning E-Mail: thorsten.schoen...@am-soft.de > AM-SoFT IT-Systeme http://www.AM-SoFT.de/ > > Telefon...05151- 9468- 55 > Fax...05151- 9468- 88 > Mobil..0178-8 9468- 04 > > AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln > AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow > > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > >
Using Wicket to generate E-Mails.
Hi all, I'm using Wicket for some frontend of some web app and pretty much like it because it allows me to clearly separate skins, language files, templates and to not mix too much view and business logic. My current requirements are to send mails in some web service backend and I want to use some template engine to generate those, because I need to support multiple languages, might need to create somewhat complex content like tables, headlines and stuff. Not only using HTML, but using plain text as well. I've already searched around that topic focussing on Wicket and found some explanations that this in fact is doable, but those references are pretty old already. The following are some examples: http://wicket-praxis.de/blog/2009/12/01/sending-html-email-from-wicket-app/ https://cwiki.apache.org/confluence/display/WICKET/Use+wicket+as+template+engine Are there any newer docs available covering that topic I have missed? What I'm especially interested in is how to avoid the HTTP-stuff, what the entry points are if I want to render to some string only and what the best approach is to provide necessary data like different language settings, as the corresponding HTTP-headers are missing. Another focus is on generating plain text. I know Wicket is based on HTML/XML-templates, but components can be rendered "body only" already as well. I had something in mind like reusing the templates for HTML-mails by not rendering them entirely including nodes, but only node content itself specially. Something like "..." would simply be rendered as some line of text with an empty line afterwards. Same for e.g. "p", while "pre" might simply be indented, "cite" might get a leadin ">" per line etc. So in the best case, I would maintain one set of templates mostly and two different rendering approaches to switch between. Any hints on how I need to implement those different rendering approaches for the same components? So that I don't need to deal with that for each and every component, but some visitor-rendering-pattern or such. Does anyone already have experience with such an approach and additonal advises? Is it a totally bad idea for some reason? Thanks for your input! Mit freundlichen Grüßen, Thorsten Schöning -- Thorsten Schöning E-Mail: thorsten.schoen...@am-soft.de AM-SoFT IT-Systeme http://www.AM-SoFT.de/ Telefon...05151- 9468- 55 Fax...05151- 9468- 88 Mobil..0178-8 9468- 04 AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: How to trace that a resource was requested?
Hi, Why not simply append a parameter to URL that tells download comes from your link? And use that to discriminate when to log or not... On Tue, Mar 12, 2019 at 4:11 PM Per Newgro wrote: > Hello, > > i like to log that a resource (PDF file), generated in backend, was > requested. > > The resource is mounted by a resource reference. An external link is using > url to resource reference. > Download of file generated by resource is working. > > But I like to avoid log of every request to resource. If the resource is > requested without clicking the link > i don't want to log the request. So i can not log the request while > resource is generated. I need an onClick. > > I guess i can not use ExternalLink because it is not calling the server > after click. > Maybe i need to use ResourceLink, but with that component no one is > calling it's onClick method. > > Is there any example on how to listen to downloads? > > Thanks for your support > Per > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > -- Regards - Ernesto Reinaldo Barreiro
How to trace that a resource was requested?
Hello, i like to log that a resource (PDF file), generated in backend, was requested. The resource is mounted by a resource reference. An external link is using url to resource reference. Download of file generated by resource is working. But I like to avoid log of every request to resource. If the resource is requested without clicking the link i don't want to log the request. So i can not log the request while resource is generated. I need an onClick. I guess i can not use ExternalLink because it is not calling the server after click. Maybe i need to use ResourceLink, but with that component no one is calling it's onClick method. Is there any example on how to listen to downloads? Thanks for your support Per - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org