Re: addying support for upload to resource
+1 that’d be great! Especially w/ ability to have visibility to progress. > On Mar 15, 2023, at 5:25 AM, Ernesto Reinaldo Barreiro > wrote: > > Hi, > > In our application we are heavily using web socket push (repainting web > wicket components via web-socket push). One problem we found is that in > some pages we have some uploads and those uploads can be very large, and > while they are happening the page is "frozen" and no new web socket > messages are received. Because of that, I have implemented a custom upload > to a wicket resource. In essence some adaptation of > > https://github.com/martin-g/blogs/blob/master/file-upload/src/main/java/com/mycompany/fileupload/AbstractFileUploadResource.java > > > But I also had to adapt the upload progress bar in order to be able to > report progress upload. Would this be something interesting to have in > a "generic" way in Wicket itself? > > > -- > Regards - Ernesto Reinaldo Barreiro - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: CVE-2021-23937: Apache Wicket: DNS proxy and possible amplification attack
Thank you for the notice, and the already fixed releases =) Is there a JIRA or associated PR with the fix? I’m not seeing a specific fix in the changelogs for 9.3.0 and 8.12.0. Thanks, Matt Pavlovich > On May 25, 2021, at 2:51 AM, Emond Papegaaij > wrote: > > Description: > > A DNS proxy and possible amplification attack vulnerability in > WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary > DNS lookups from the server when the X-Forwarded-For header is not > properly sanitized. This DNS lookup can be engineered to overload an > internal DNS server or to slow down request processing of the Apache > Wicket application causing a possible denial of service on either the > internal infrastructure or the web application itself. > > This issue affects Apache Wicket Apache Wicket 9.x version 9.2.0 and > prior versions; Apache Wicket 8.x version 8.11.0 and prior versions; > Apache Wicket 7.x version 7.17.0 and prior versions and Apache Wicket > 6.x version 6.2.0 and later versions. > > Mitigation: > > Sanitize the X-Forwarded-For header by running an Apache Wicket > application behind a reverse HTTP proxy. This proxy should put the > client IP address in the X-Forwarded-For header and not pass through > the contents of the header as received by the client. > > The application developers are recommended to upgrade to: > - Apache Wicket 7.18.0 > <https://wicket.apache.org/news/2021/04/06/wicket-7.18.0-released.html> > - Apache Wicket 8.12.0 > <https://wicket.apache.org/news/2021/03/31/wicket-8.12.0-released.html> > - Apache Wicket 9.0.0 > <https://wicket.apache.org/news/2021/03/30/wicket-9.3.0-released.html> > > Credit: > > Apache Wicket would like to thank Jonathan Juursema from > Topicus.Healthcare for reporting this issue. > > Apache Wicket Team > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Pluggable architecture for wicket application
I extensively use Wicket+OSGi. Works great! Modular web applications are totally doable. Follow Martin's advice and wire in modules using the application hooks described. On 11/14/16 3:47 PM, Martijn Dashorst wrote: I know a Dutch company (or two) that use OSGi, I'm certain that one uses Wicket + OSGi: educator.eu. The other, luminis.eu, does a lot of work with OSGi, but might not use it in combination with Wicket. I only have second hand knowledge about the combination, and it's probably outdated. Maybe someone from those companies is listening here and cares to comment. Martijn On Mon, Nov 14, 2016 at 8:13 PM, Martin Grigorov wrote: Hi, On Mon, Nov 14, 2016 at 3:58 AM, Илья Нарыжный wrote: Hello, We really need advise from Apache Wicket experts. Please let me know if you have any ideas how to realize the following: We are working on Orienteer (http://orienteer.org) - open source Business Application Platform for rapid development. Orienteer already has pluggable architecture which allow to start/stop/restart modules and etc. Every module can bring different things: new webpages, REST, wicket components and etc. For example: https://github.com/OrienteerBAP/Orienteer/tree/master/orienteer-pivottable But there is plans to allow dynamically upload required new module (without recompiling whole WAR with new module). To upload person can literally upload JAR or enter URL with the module or specify Maven's groupId:artifactId:version. There is no problem with downloading of module: there is a problem with runtime running it. Questions: 1) Is there good way for substitution of your own ClassLoader for more dynamic management? Wicket doesn't manage class loaders. The web container (like Tomcat) deals with this. The only hook provided by Wicket is org.apache.wicket.protocol. http.WicketFilter#getClassLoader(). See org.apache.wicket.protocol.http. ReloadingWicketFilter#reloadingClassLoader. 2) Is there a way for restarting of wicket app without restarting a web-container? You may use WebApplication#initApplication() and #internalDestroy(). Also see what ReloadingWicketFilter does. 3) Related to p.1: any good experience with using this: https://github.com/kamranzafar/JCL ? IMO this should work to load extra jars dynamically. I didn't see anything about unloading though. 4) Any other suggetions how to make dynamically pluggable modules in wicket? Some people use OSGi (with PAX). I don't have much experience to be able to comment. Thanks, Ilya - Orienteer(http://orienteer.org) - open source Business Application Platform - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Component level cache
+1 agreed. Caching the data (models) coming from data providers and/or services is the best approach On 8/17/16 3:50 AM, Martin Grigorov wrote: Hi, I am not aware of such component. Usually the caching is done in the service layer, not in the UI. But if you prefer to do it with Wicket then do it in a Model that caches the DB results. Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Tue, Aug 16, 2016 at 6:03 PM, Marcel Barbosa Pinto < marcel.po...@gmail.com> wrote: Hi, I was just wondering if there is some component to instead of let the a given component to render itself, check if there is a cache and display its rendered markup, thus avoiding unnecessary rendering, this could be useful for stateless components that need to display some list of categories from the database etc. Something like this: class Header extends Panel{ add(new ExpensiveCategoryListView()); } class Home extends Page{ add(new CachedComponent("headerContainer", Header.class)) } The CachedComponent would first check if there is an already rendered Header instance (could check in an in-memory store like, infinispan or hezelcast) What do you guys think? - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Correct way to clear disk cache and session data?
Thanks! On 4/6/16 12:42 AM, Martin Grigorov wrote: Hi, On Apr 5, 2016 9:53 PM, "Matt Pavlovich" wrote: Ahead of performing an upgrade, we would like to clear all sessions and disk cache to avoid any serialization issues with new version of code. Googling around, I find a number of different approaches, but haven't seen anything consistent or definitive. Is there an API built into Wicket to perform this task? No. Is deleting the files on-disk too heavy-handed? It should be fine. Thanks, Matt - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Correct way to clear disk cache and session data?
Ahead of performing an upgrade, we would like to clear all sessions and disk cache to avoid any serialization issues with new version of code. Googling around, I find a number of different approaches, but haven't seen anything consistent or definitive. Is there an API built into Wicket to perform this task? Is deleting the files on-disk too heavy-handed? Thanks, Matt - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Exceptional upgrade experience 6.14.0 -> 6.17.0
Hi all- I wanted to take a minute to thank all the Wicket Project contributors— committers, users and the community as whole. We just completed a seamless upgrade from 6.14.0 to 6.17.0 and had to make *zero* code changes. This is extremely impressive for any software project, and especially notable due to the fact that we use all sorts of complex Wicket features, extend components, and implement custom extensions in our Integrated Console product. Our Wicket feature list includes, but isn’t limited to: * Modules * Events * Modals * Ajax everywhere— Input, Fields, Validation * Custom Authorization Strategy * Sortable Tables * Feedback panels * Breadcrumb bar * Ajax auto-refreshing components * .. many more AND, we support running in Tomcat and Apache Karaf (OSGi runtime). Great work and thank you! Matt Pavlovich Founding Partner Media Driver https://mediadriver.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Contract opportunity
Media Driver has a contract opportunity open for an experienced Wicket developer. This is not a full time position, but we are open to a flexible "after hours" type arrangement. However, this is a customer facing project and making deadlines is crucial. Requirements: * Walk us through the design decision when it comes to working with various Wicket Models * Ability to gauge level of effort, and accurately meet the deadline with agreed upon functionality. * Experience building unit tests for Wicket applications * Experience running Wicket in an OSGI environment * Experience integrating Wicket with AJAX * Experience with REST is a bonus If you are interested, please contact me directly. Thank you! Matt Pavlovich Media Driver E: m...@mediadriver.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org