Martin,
Done: https://issues.apache.org/jira/browse/WICKET-6161
Thank you!
2016-05-04 23:38 GMT-07:00 Martin Grigorov :
> Hi Ilia,
>
> Please create a ticket so we don't forget it!
> Thanks!
>
> Martin Grigorov
> Wicket Training and Consulting
>
Hi Ilia,
Please create a ticket so we don't forget it!
Thanks!
Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov
On Wed, May 4, 2016 at 7:32 PM, Илья Нарыжный wrote:
> For now I just removed BookmarkableMapper. Everything works. But it seems
> to me
For now I just removed BookmarkableMapper. Everything works. But it seems
to me that some cases might go wrong... And as side effect: hrefs just
empty to pages without mounts. Probably I would expect some other behavior
if url can't be resolved for a page.
Thanks,
Ilia
On May 4, 2016 6:54 AM,
On Wed, May 4, 2016 at 3:27 PM, Sven Meier wrote:
> Hi,
>
> well, it seems I wasn't completely out of my mind when I pushed for
> WICKET-5094:
> - I've checked 1.4 and the logic of #enforceMounts was exactly like it is
> now
> - the javadoc for #setEnforceMounts() matches the
Hi,
well, it seems I wasn't completely out of my mind when I pushed for
WICKET-5094:
- I've checked 1.4 and the logic of #enforceMounts was exactly like it
is now
- the javadoc for #setEnforceMounts() matches the current behavior:
"Sets whether mounts should be enforced. If true, requests
Hi,
I also think the current behavior is not correct. See my question at
http://markmail.org/message/xmo74m3tbc5v4nwp.
I read the name of the method "enforceMounts" as "do not allow urls to page
which are not explicitly mounted". I believe also this is the reason this
method is in
Martin,
Checked this issue: https://issues.apache.org/jira/browse/WICKET-5094
Absolutely disagree with discussed behavior. It's meaningless to
prevent accessing /wicket/bookmarkable/ only if there is mount
point for that page.
Please help to find consensus. In mine case it's real security hole.
Martin,
Just checked: it doesn't work as expected. It seems that this code
doesn't work as it was assumed:
BookmarkableMapper.java
if (application.getSecuritySettings().getEnforceMounts())
{
// we make an exception if the homepage itself was mounted, see WICKET-1898
if
Thank you Martin! I did know that there should be easier way to do
that, but could not be able to find it:)
Regards,
Ilia
2016-05-03 0:06 GMT-07:00 Martin Grigorov :
> Hi,
>
> I always thought
> that org.apache.wicket.settings.SecuritySettings#getEnforceMounts() is for
>
Hi,
I always thought
that org.apache.wicket.settings.SecuritySettings#getEnforceMounts() is for
this. Also its javadoc seems to say that.
But there were some changes to its behavior after which I am no more sure
what exactly it does :-/
Martin Grigorov
Wicket Training and Consulting
Yea - that's possible. Even instrumentation is possible, but probably
this problem somehow solved already in wicket. I would briefly
summarize the problem like:
Wicket allow to directly address bookmarkable pages from 3rd party
libraries without good way to manage accessibility.
Potentially it
Use component instantiation listener?
On Tue, May 3, 2016 at 3:17 AM, Илья Нарыжный wrote:
> Hello,
>
> Is there good way to restrict accessing bookmarkable pages through
> /wicket/bookmarkable URL?
>
> Use case: there is ability in our software (http://orienteer.org)
>
Hello,
Is there good way to restrict accessing bookmarkable pages through
/wicket/bookmarkable URL?
Use case: there is ability in our software (http://orienteer.org)
dynamically enable or disable module with Development utils. This
module of cource use wicket-devutils, but neverheless fact that
13 matches
Mail list logo