Re: GridView.populateEmptyItem(...) purpose
Understood. The result I got was repeated images e.g. the 9th image same as the 1st image. In a concrete examples, I have 12 slots and 9 images, the finally 3 images are the same as the 1st 3 images. Is there a setting somewhere? Thanks igor.vaynberg wrote: > > lets say you have 8 items displayed i a 3x3 grid. the grid item in the > bottom right corner (9th item) will be blank because you only have 8. > it will be populated by the aforementioned callback and has no model. > > -igor > > > On Dec 3, 2007 10:00 PM, TH Lim <[EMAIL PROTECTED]> wrote: >> >> Hi, >> >> What is the purpose for the method GridView.populateEmptyItem(...)? I >> read >> the javadoc and don't quite understand it. What does it mean "an Item for >> which there is no model"? Can someone quote an example? >> Thanks >> >> /lim/ >> -- >> View this message in context: >> http://www.nabble.com/GridView.populateEmptyItem%28...%29-purpose-tf4941294.html#a14145133 >> Sent from the Wicket - User mailing list archive at Nabble.com. >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/GridView.populateEmptyItem%28...%29-purpose-tf4941294.html#a14145514 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: GridView.populateEmptyItem(...) purpose
lets say you have 8 items displayed i a 3x3 grid. the grid item in the bottom right corner (9th item) will be blank because you only have 8. it will be populated by the aforementioned callback and has no model. -igor On Dec 3, 2007 10:00 PM, TH Lim <[EMAIL PROTECTED]> wrote: > > Hi, > > What is the purpose for the method GridView.populateEmptyItem(...)? I read > the javadoc and don't quite understand it. What does it mean "an Item for > which there is no model"? Can someone quote an example? > Thanks > > /lim/ > -- > View this message in context: > http://www.nabble.com/GridView.populateEmptyItem%28...%29-purpose-tf4941294.html#a14145133 > Sent from the Wicket - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
GridView.populateEmptyItem(...) purpose
Hi, What is the purpose for the method GridView.populateEmptyItem(...)? I read the javadoc and don't quite understand it. What does it mean "an Item for which there is no model"? Can someone quote an example? Thanks /lim/ -- View this message in context: http://www.nabble.com/GridView.populateEmptyItem%28...%29-purpose-tf4941294.html#a14145133 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Thx everybody that attended the user group meeting in The Netherlands
Niels van Kampenhout wrote: Roy van Rijn wrote: Somebody answer this question please, I would love to see the Hippo presentation again :-) It was the best presentation I've seen in years, I learned something and had a good laugh with all the Lego and Hippo pictures. (see the IRC logs). Thanks! :-) But its a good question, where can we find the slides? I put our presentation on slideshare: http://www.slideshare.net/nielsvk/wicket-plugin-architecture Can the other speakers upload their slides too please? Niels http://www.slideshare.net/ate.douma/wicket-portlet-primer Ate - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to dynamically generate HTML page?
see how wicketstuff-crud does it in wicket-stuff svn -igor On Dec 3, 2007 6:30 PM, Pen <[EMAIL PROTECTED]> wrote: > > > I am a new wicker user. We need to construct/generate a HTML page > dynamically at runtime from the HTML elements like image and text. This > page only exists in memory(session/cache) and there is no physical file. so > how to generate such page and corresponding java class. How this can be done > for static elements like image and text versus dynamically for form submit. > Also how to navigate to this newly generated html page. > > ~Praveen > -- > View this message in context: > http://www.nabble.com/How-to-dynamically-generate-HTML-page--tf4940771.html#a14143413 > Sent from the Wicket - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to dynamically generate HTML page?
I am a new wicker user. We need to construct/generate a HTML page dynamically at runtime from the HTML elements like image and text. This page only exists in memory(session/cache) and there is no physical file. so how to generate such page and corresponding java class. How this can be done for static elements like image and text versus dynamically for form submit. Also how to navigate to this newly generated html page. ~Praveen -- View this message in context: http://www.nabble.com/How-to-dynamically-generate-HTML-page--tf4940771.html#a14143413 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to secure passwords?
On Mon, Dec 03, 2007 at 06:40:53AM -0800, Pills wrote: > > Hello, > > I've a little question with wicket: I would like to hash my users' passwords > (with md5) to make them unreadable for a human. And I also would like to > hash them before sending them through the network (to avoid the biggest part > of security issues). > > Is there a way to achieve this? > I see from your later posts that your requirements are not that strict, but if anyone else on the list needs to do password hashing, here's one of the best articles I've seen on it: http://www.matasano.com/log/958/enough-with-the-rainbow-tables-what-you-need-to-know-about-secure-password-schemes/ jk - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: maven repository for wicketstuff
Ryan McKinley schrieb: Hello- I am stumbling through learning wicket and am hitting some things I don't grock about maven. I want to run the gmap2 example. When I check it out and then run: $ mvn jetty:run (or mvn install) I get an error that says "Missing: org.wicketstuff:wicket-contrib-gmap2:jar:1.3.0-SNAPSHOT" How do I fix that? the wicket-contrib-gmap2 needs to be installed too, so you need to check it out and run mvn clean install on it before the examples run. See also: http://wicketstuff.org/confluence/display/STUFFWIKI/wicket-contrib-gmap2 martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Thx everybody that attended the user group meeting in The Netherlands
Johan Compagner schrieb: The number of people that eventually really attended was really high, and i enjoyed it a lot. Special thx to Arjé for organizing it in this way, if you have a wicket feature request tell me! ;) johan Talking about Arje's talent of organizing: I was able to walk up in the Meetup and say: "I'm one of the speakers and I don't have a laptop with me!" "My presentation is on the memorystick and for the presentation with examples I need a laptop with OpenOffice, java, subversion, maven2, internet and the latest wicket snapshot" And you know what, with the help of Jeroen Reijn we got it all set, up just in time! Thank you Jeroen! By the way did you find the mouse again? This is us preparing: http://www.flickr.com/photo_zoom.gne?id=2075701225&size=l and here you can see just in time: http://www.flickr.com/photo_zoom.gne?id=2077901198&size=l Here are the slides I showed in Amsterdam: http://www.slideshare.net/mfunk/wicket-contrib-gmap2/ To conclude all this, I really enjoyed my trip to Amsterdam. I'd really like to come for a second time. But it's getting harder as I'm moving from Düsseldorf to Wiesbaden (nearby Frankfurt) right now. The room was great and of course thanks to all the sponsors, but the impression that this location had on me was quite bigger. It's not shiny as congress centers or hotel lobbies or modern movie theaters, not at all. But it fulfilled all the needs we had, cool to see a high tech community meet in such a cracked shell. Thnx and see you next time, Martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Wicket 1.3 rc1 Relative URLs not working properly
WICKET-1205 On Dec 3, 2007 5:16 PM, Jeremy Levy <[EMAIL PROTECTED]> wrote: > Sorry for now explaining this properly. My application is deployed within > a context of "/1". The Wicket filter is mapped to "/*" of the app context. > > The first page of the site has url of http://www.somehost.com/1/welcomewhere > "welcome" is mounted as a bookmarkable page. There is a link from the > "welcome" page to a page that isn't bookmarked. The relative path of the > CSS is incorrect on the page that isn't mounted as a bookmarkable page. If > I make it bookmarkable the path to the CSS its correct. > > I'm going to create a quickstart project to demonstrate it and log a bug. > > J > > > > > > On Dec 3, 2007 4:40 PM, Johan Compagner <[EMAIL PROTECTED]> wrote: > > > huh? i must be missing something here. > > you say to the first that it works and to the second that it doesn't > > if /1 is the context then would say the first is broken and the second > > should work. > > > > because the first the url is this: > > > > localhost/css/style.css > > > > but thats outside of the context. > > > > the second it seems to be > > > > localhost/1/css/xxx > > > > and that seems ok then > > > > But it is still strange that those 2 pages give different urls because > > both > > should be css/ as far as i see > > because they are on both on the same level. > > > > Please make a jira issue for this > > > > johan > > > > > > > > On Dec 3, 2007 4:08 PM, Jeremy Levy < [EMAIL PROTECTED]> wrote: > > > > > The /1 is the web app context. > > > > > > Change it to ../ breaks it on the pages that were working before. > > > > > > One thing I noticed is that if I deploy this to a server which has > > > mod_proxy > > > set up to hide the /1 it seems to work fine. > > > > > > j > > > > > > On Dec 3, 2007 4:10 AM, Johan Compagner <[EMAIL PROTECTED] > wrote: > > > > > > > > > and /1/ is your servlyet path? > > > > what happens if you put "../css/style.css" in your markup? > > > > > > > > Because from the normal page that is the css you want i guess? > > > > > > > > johan > > > > > > > > > > > > > > > > On Dec 2, 2007 11:08 PM, Jeremy Levy <[EMAIL PROTECTED]> wrote: > > > > > > > > > I just upgraded to Wicket 1.3, it was remarkably smooth. It took > > > about > > > > 6 > > > > > hours overall. Every single thing was explained very well in the > > > > > migration > > > > > guide and the things i was looking forward to in 1.3 are working > > > > > perfectly. > > > > > > > > > > The only issue I am having is if I have a page this is not mounted > > as > > > a > > > > > bookmarkable page the relative paths for my stylesheet and other > > > > resources > > > > > are written out incorrect. Below are examples for the same page > > if I > > > > > mount > > > > > the page versus not. > > > > > > > > > > > > > > > *Bookmarked Page URL (works):* > > > > > http://localhost/1/gettingstarted > > > > > > > > > > > > > > > > > > > > > > > > > *Nonbookmarked Page URL (doesn't work): > > > > > * > > > > > > > > > > > > > > > > > > > http://localhost/1/?x=5uwbo6kafiblurBY3bq1UEFwOyXneRheYz2FfwYwMiQAxP5GPHI1HfUHBUhydOCe > > > > > > > > > > > > > > > > > > > > > > > > > *As it's written in my base page html:* > > > > > > > > > > > > > > > Is this something I missed in the migration, or a left over, bug > > > maybe? > > > > > > > > > > Jeremy > > > > > > > > > > > > > > > >
Re: Thx everybody that attended the user group meeting in The Netherlands
Uwe Schäfer schrieb: Niels van Kampenhout schrieb: Do we have a place to upload slides to, e.g. slideshare? oh please! i´d love to see what i´ve missed. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] [http://www.slideshare.net/mfunk/wicket-contrib-gmap2/] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to secure passwords?
Jeremy Levy wrote: > You are correct, I'm assuming his admin has knowledge of the salt, if there > even was one... > Of course the "admin" will know the salt, but that does not help him reverse the MD5 hash, nor will the hash be found on the md5.rednoize.com site. So the only options left are brute force and dictionary attacks. And these are always possible and have nothing to with MD5. So what you actually meant instead of "Don't use MD5" is "Don't use weak passwords". Of course it's up to the users to use strong passwords. And unfortunately most of them don't... or they do and then stick them on their monitor. ;-) And since all of this has nothing to do with Wicket (other than the fact that many Wicket apps probably have user accounts with passwords in a database), I'm going to leave it at this. :-) Regards, Sebastiaan On Dec 3, 2007 1:33 PM, Sebastiaan van Erk <[EMAIL PROTECTED]> wrote: Jeremy Levy wrote: Don't use MD5: http://md5.rednoize.com/ 328b78157026ea76f87d3f2d7111dfb1 j I REALLY don't get your point. So you can do a dictionary attack on MD5 hashes or brute force on short plaintexts if you don't use a salt. Weeha. So what else is new? This has ABSOLUTELY NOTHING to do with MD5. This works with SHA1, and ANY other hash. That's why you use salts. When you store a hashed password in the database you generally do something like this. Take a random generated alphanumeric string of 10 chars: GXSYvmzz0y Then take the plaintext password, i.e., "test123" and append it to the salt: GXSYvmzz0y$test123 Now make an MD5 hash: ca62c4bd0a5094d9198112a6ce6ab4f4 Now prepend the salt to the hash, and store this in the database. In other words, store this: GXSYvmzz0y$ca62c4bd0a5094d9198112a6ce6ab4f4 in the database. To verify the password for a user, split the stored value, use the salt to compute the required hash, and compare. Good luck cracking that. Your site is not going to help, and neither will rainbow crack. Regards, Sebastiaan On Dec 3, 2007 12:17 PM, Sebastiaan van Erk <[EMAIL PROTECTED]> wrote: Korbinian Bachl wrote: However, they *CAN NOT* generate a collision for an arbitrary hash. Furthermore, doing this in a limited size string (like a password) adds another complication. they can and did ! - if you have a hashvalue e.g: 79054025255fb1a26e4bc422aef54eb4 you can use various reverse tables to get the needed inputString into any md5(inputString) function to get the desired hash - example look here: http://www.antsight.com/zsl/rainbowcrack/ They're using precomputed tables to speed up finding a hash from a *known* plaintext space. For example, the 36GB md5 table allows you to find which string of 1-8 characters from the lowercase alphanum charset was used to generate a specific has. To be specific, if I provided the hash: 4a251a2ef9bbf4ccc35f97aba2c9cbda rainbow crack would find the key: test123. However, if I provided the hash: 36a03a8a4c00e81f03d62d8b04bbbf4d rainbow crack would *NOT* find the key: Test123, since it contains a character not in their character set. Furthermore, it would find no key at all if it so happens (which is overwhelmingly probably the case) that there exists no 1-8 string lowercase alphanum string which has this hash. with classic rainbow tables or hybrid rainbow tables you get a 99,9% chance to score a hit for under 1h time... sounds not very secure to me Only for specific plaintexts, after precomputing the tables. Nope, MD5 password hashes are still perfectly fine. sure? Yes, secure enough. In practical use, passwords are rather weak, and there are many easy attack points (social engineering, reading passwords from an unprotected password vault of the browser, dictionary attacks, etc.). Hashing the password is (in general) used to hide the plaintext from view (in a DB for example). Furthermore, anybody can gain access to an account if they have write access to the DB by simply putting in their own hash. Hashing the password client side is actually UNSAFE. This means the hash goes over the network, and somebody else can just send the same hash to the server to log in without ever knowing the user's password. and its more save if the md5 sits in the RDBMS that may be breached? Yes again. If your RDBMS is breached you've got far more serious issues. Futhermore, somebody sniffing a hash going of the network (especially LAN) is *EASY*. If you have a secure setup with your RDBS, it's on a safe network, behind a DMZ, and not accessible from the internet directly. Apart from other confidential data that will be leaked (e.g. credit card numbers, or whatever), I think hashed MD5 passwords are the least of your problems. But I agree with one thing: since it's free in Java to use SHA instead of MD5 (all you have to do is change 1 little string), you may as well use SHA. Regards, Sebastiaan smime.p7s Description: S/MIME Cryptographic Signature
Re: London Wicket Users Group Event - December 5th confirmed
There are now only a few free places for Wednesday's event as the room we have rented is a bit smaller this time; if you have http://jweekend.co.uk/dev/LWUGReg/ reserved a place already please make sure you remember to confirm (or cancel, if you can't make it), by clicking on the link in the automated email response you received on booking a place, by solving the simple aritmetic puzzle (!) to avoid us getting over-booked. We have 3 new presentations lined-up (2 technical), and I expect it should be quite interesting again. See you on Wednesday. Regards - Cemal http://jWeekend.co.uk http://jWeekend.co.uk jweekend wrote: > > Thanks for the feedback regarding dates. The December London Wicket User > Group event will be held on December 5th. > > At this free event, Ian Godman will talk about his upcoming Wicket > "security framework" which he plans to open-source. There'll also be a > free prize draw (free access to Eelco and Martijn's Wicket In Action > (MEAP)). I plan to do a short presentation on Wicket Trees. > > If you'd like to come along, let us know > http://jweekend.co.uk/dev/LWUGReg/ here , and also, using the comments > field on that page, or, on this list, tell us of any > presentation/discussion topics you would like cover. > > Several people have recently told us that they would have liked to have > come along if they new our events existed. Please feel free to let people > who you think may be interested. I think the entry on the Wicket homepage > should help people find their local Wicket events, (to whoever came up > with that - nice idea; it's good to see other groups also taking building > around the world). > > Regards - Cemal > http://jWeekend.co.uk http://jWeekend.co.uk > > -- View this message in context: http://www.nabble.com/London-Wicket-Users-Group-Event---December-5th-confirmed-tf4847113.html#a14140072 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Wicket 1.3 rc1 Relative URLs not working properly
Sorry for now explaining this properly. My application is deployed within a context of "/1". The Wicket filter is mapped to "/*" of the app context. The first page of the site has url of http://www.somehost.com/1/welcomewhere "welcome" is mounted as a bookmarkable page. There is a link from the "welcome" page to a page that isn't bookmarked. The relative path of the CSS is incorrect on the page that isn't mounted as a bookmarkable page. If I make it bookmarkable the path to the CSS its correct. I'm going to create a quickstart project to demonstrate it and log a bug. J On Dec 3, 2007 4:40 PM, Johan Compagner <[EMAIL PROTECTED]> wrote: > huh? i must be missing something here. > you say to the first that it works and to the second that it doesn't > if /1 is the context then would say the first is broken and the second > should work. > > because the first the url is this: > > localhost/css/style.css > > but thats outside of the context. > > the second it seems to be > > localhost/1/css/xxx > > and that seems ok then > > But it is still strange that those 2 pages give different urls because > both > should be css/ as far as i see > because they are on both on the same level. > > Please make a jira issue for this > > johan > > > > On Dec 3, 2007 4:08 PM, Jeremy Levy < [EMAIL PROTECTED]> wrote: > > > The /1 is the web app context. > > > > Change it to ../ breaks it on the pages that were working before. > > > > One thing I noticed is that if I deploy this to a server which has > > mod_proxy > > set up to hide the /1 it seems to work fine. > > > > j > > > > On Dec 3, 2007 4:10 AM, Johan Compagner <[EMAIL PROTECTED]> wrote: > > > > > and /1/ is your servlyet path? > > > what happens if you put "../css/style.css" in your markup? > > > > > > Because from the normal page that is the css you want i guess? > > > > > > johan > > > > > > > > > > > > On Dec 2, 2007 11:08 PM, Jeremy Levy <[EMAIL PROTECTED]> wrote: > > > > > > > I just upgraded to Wicket 1.3, it was remarkably smooth. It took > > about > > > 6 > > > > hours overall. Every single thing was explained very well in the > > > > migration > > > > guide and the things i was looking forward to in 1.3 are working > > > > perfectly. > > > > > > > > The only issue I am having is if I have a page this is not mounted > as > > a > > > > bookmarkable page the relative paths for my stylesheet and other > > > resources > > > > are written out incorrect. Below are examples for the same page if > I > > > > mount > > > > the page versus not. > > > > > > > > > > > > *Bookmarked Page URL (works):* > > > > http://localhost/1/gettingstarted > > > > > > > > > > > > > > > > > > > > *Nonbookmarked Page URL (doesn't work): > > > > * > > > > > > > > > > > > > > http://localhost/1/?x=5uwbo6kafiblurBY3bq1UEFwOyXneRheYz2FfwYwMiQAxP5GPHI1HfUHBUhydOCe > > > > > > > > > > > > > > > > > > > > *As it's written in my base page html:* > > > > > > > > > > > > Is this something I missed in the migration, or a left over, bug > > maybe? > > > > > > > > Jeremy > > > > > > > > > >
Re: Lightbox javascript
Per Newgro schrieb: I use wicket 1.3 rc4 on an out-of-the-box jboss/tomcat 4.2.2. I created the project from an wicket-quickstart. I've added the jar from the website to my project and deploy it to the web folder /web-inf/lib thank you! i am now able to reproduce the problem. i suppose you´re using maven, aren´t you? would you please try to start your project by mvn jetty:run and retry to see if it magically works, then? there seems to be a significant difference in using the quickstart´s Start-class or running it in a standalone server. anyway, i packaged a 1.0.7 with class-relative urls (instead of previously jar-relative urls) for you to test. http://www.codesmell.org/org.codesmell.wicket.lightbox/changes.html thanks again, uwe - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Wicket meetup in San Francisco
+1 for either -Original Message- From: mfs [mailto:[EMAIL PROTECTED] Sent: Monday, December 03, 2007 1:00 PM To: users@wicket.apache.org Subject: Re: Wicket meetup in San Francisco +1 Dec 14th Orion Letizi wrote: > > For anyone interested in a meetup in San Francisco, it looks like this > week might be best for two people and next week would be better for > one person. > > I suppose we should vote. I'll propose two dates: > > Thurs. Dec. 6 > Fri. Dec 14 > > Vote away... > > --Orion > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Wicket-meetup-in-San-Francisco-tf4937692.html#a1413879 4 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Wicket 1.3 rc1 Relative URLs not working properly
huh? i must be missing something here. you say to the first that it works and to the second that it doesn't if /1 is the context then would say the first is broken and the second should work. because the first the url is this: localhost/css/style.css but thats outside of the context. the second it seems to be localhost/1/css/xxx and that seems ok then But it is still strange that those 2 pages give different urls because both should be css/ as far as i see because they are on both on the same level. Please make a jira issue for this johan On Dec 3, 2007 4:08 PM, Jeremy Levy <[EMAIL PROTECTED]> wrote: > The /1 is the web app context. > > Change it to ../ breaks it on the pages that were working before. > > One thing I noticed is that if I deploy this to a server which has > mod_proxy > set up to hide the /1 it seems to work fine. > > j > > On Dec 3, 2007 4:10 AM, Johan Compagner <[EMAIL PROTECTED]> wrote: > > > and /1/ is your servlyet path? > > what happens if you put "../css/style.css" in your markup? > > > > Because from the normal page that is the css you want i guess? > > > > johan > > > > > > > > On Dec 2, 2007 11:08 PM, Jeremy Levy <[EMAIL PROTECTED]> wrote: > > > > > I just upgraded to Wicket 1.3, it was remarkably smooth. It took > about > > 6 > > > hours overall. Every single thing was explained very well in the > > > migration > > > guide and the things i was looking forward to in 1.3 are working > > > perfectly. > > > > > > The only issue I am having is if I have a page this is not mounted as > a > > > bookmarkable page the relative paths for my stylesheet and other > > resources > > > are written out incorrect. Below are examples for the same page if I > > > mount > > > the page versus not. > > > > > > > > > *Bookmarked Page URL (works):* > > > http://localhost/1/gettingstarted > > > > > > > > > > > > > > > *Nonbookmarked Page URL (doesn't work): > > > * > > > > > > > > > http://localhost/1/?x=5uwbo6kafiblurBY3bq1UEFwOyXneRheYz2FfwYwMiQAxP5GPHI1HfUHBUhydOCe > > > > > > > > > > > > > > > *As it's written in my base page html:* > > > > > > > > > Is this something I missed in the migration, or a left over, bug > maybe? > > > > > > Jeremy > > > > > >
Re: Wicket meetup in San Francisco
+1 Dec 14th Orion Letizi wrote: > > For anyone interested in a meetup in San Francisco, it looks like this > week might be best for two people and next week would be better for > one person. > > I suppose we should vote. I'll propose two dates: > > Thurs. Dec. 6 > Fri. Dec 14 > > Vote away... > > --Orion > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Wicket-meetup-in-San-Francisco-tf4937692.html#a14138794 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to secure passwords?
You are correct, I'm assuming his admin has knowledge of the salt, if there even was one... On Dec 3, 2007 1:33 PM, Sebastiaan van Erk <[EMAIL PROTECTED]> wrote: > Jeremy Levy wrote: > > Don't use MD5: > > > > http://md5.rednoize.com/ > > > > 328b78157026ea76f87d3f2d7111dfb1 > > > > j > > I REALLY don't get your point. > > So you can do a dictionary attack on MD5 hashes or brute force on short > plaintexts if you don't use a salt. Weeha. So what else is new? This > has ABSOLUTELY NOTHING to do with MD5. This works with SHA1, and ANY > other hash. That's why you use salts. > > When you store a hashed password in the database you generally do > something like this. Take a random generated alphanumeric string of 10 > chars: > > GXSYvmzz0y > > Then take the plaintext password, i.e., "test123" and append it to the > salt: > > GXSYvmzz0y$test123 > > Now make an MD5 hash: > > ca62c4bd0a5094d9198112a6ce6ab4f4 > > Now prepend the salt to the hash, and store this in the database. In > other words, store this: > > GXSYvmzz0y$ca62c4bd0a5094d9198112a6ce6ab4f4 > > in the database. To verify the password for a user, split the stored > value, use the salt to compute the required hash, and compare. > > Good luck cracking that. Your site is not going to help, and neither > will rainbow crack. > > Regards, > Sebastiaan > > > On Dec 3, 2007 12:17 PM, Sebastiaan van Erk <[EMAIL PROTECTED]> wrote: > > > >> Korbinian Bachl wrote: > >> > However, they *CAN NOT* generate a collision for an arbitrary hash. > Furthermore, doing this in a limited size string (like a password) > adds another complication. > >>> they can and did ! - if you have a hashvalue e.g: > >>> > >>> 79054025255fb1a26e4bc422aef54eb4 > >>> > >>> you can use various reverse tables to get the needed inputString into > >>> any md5(inputString) function to get the desired hash - > >>> example look here: > >>> http://www.antsight.com/zsl/rainbowcrack/ > >> They're using precomputed tables to speed up finding a hash from a > >> *known* plaintext space. For example, the 36GB md5 table allows you to > >> find which string of 1-8 characters from the lowercase alphanum charset > >> was used to generate a specific has. > >> > >> To be specific, if I provided the hash: > >> > >> 4a251a2ef9bbf4ccc35f97aba2c9cbda > >> > >> rainbow crack would find the key: test123. > >> > >> However, if I provided the hash: > >> > >> 36a03a8a4c00e81f03d62d8b04bbbf4d > >> > >> rainbow crack would *NOT* find the key: Test123, since it contains a > >> character not in their character set. Furthermore, it would find no key > >> at all if it so happens (which is overwhelmingly probably the case) > that > >> there exists no 1-8 string lowercase alphanum string which has this > hash. > >> > >>> with classic rainbow tables or hybrid rainbow tables you get a 99,9% > >>> chance to score a hit for under 1h time... sounds not very secure to > me > >> Only for specific plaintexts, after precomputing the tables. > >> > Nope, MD5 password hashes are still perfectly fine. > >>> sure? > >> Yes, secure enough. In practical use, passwords are rather weak, and > >> there are many easy attack points (social engineering, reading > passwords > >> from an unprotected password vault of the browser, dictionary attacks, > >> etc.). Hashing the password is (in general) used to hide the plaintext > >> from view (in a DB for example). Furthermore, anybody can gain access > to > >> an account if they have write access to the DB by simply putting in > >> their own hash. > >> > Hashing the password client side is actually UNSAFE. This means the > hash goes over the network, and somebody else can just send the same > hash to the server to log in without ever knowing the user's > password. > >>> and its more save if the md5 sits in the RDBMS that may be breached? > >> Yes again. If your RDBMS is breached you've got far more serious > issues. > >> Futhermore, somebody sniffing a hash going of the network (especially > >> LAN) is *EASY*. If you have a secure setup with your RDBS, it's on a > >> safe network, behind a DMZ, and not accessible from the internet > >> directly. Apart from other confidential data that will be leaked (e.g. > >> credit card numbers, or whatever), I think hashed MD5 passwords are the > >> least of your problems. > >> > >> But I agree with one thing: since it's free in Java to use SHA instead > >> of MD5 (all you have to do is change 1 little string), you may as well > >> use SHA. > >> > >> Regards, > >> Sebastiaan > >> > >> > >> > >> > > >
Re: Lightbox javascript
Per Newgro schrieb: I use wicket 1.3 rc4 on an out-of-the-box jboss/tomcat 4.2.2. rc1 or beta4 ? I created the project from an wicket-quickstart. I've added the jar from the website to my project and deploy it to the web folder /web-inf/lib i´ll try that. Do i have to add other jars? nope. should have worked out of the box, all included. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with setResponsePage to page that use WebClientInfo
> Yes. I .setGatherExtendedBrowserInfo to true in the app. > > When I access the page directly with url address it displays ok. > But when I click on the link that use setResponsePage I only gets this ajax > message. > When I click on this link for the second time the page is displayed > correctly. If you have a central place where users come in, e.g. a login page, you can also make the whole browser polling thing part of that instead of doing an intermediate redirect. That's what I did for the project I work on. > I will try to make a quickstart for it. That would be helpful, thanks. Eelco - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Wicket Trees - presentation/diagram
Hi, the DefaultAbstractTree is included only for backwards compatibility and will be most probably removed in 1.4. I agree that javadoc could be a bit clearer on this. -Matej On Dec 3, 2007 8:52 PM, jweekend <[EMAIL PROTECTED]> wrote: > > Thanks Matej. I think it's OK to go in to this level of detail because at the > AbstractTable level there's some nice design/implementation, so, it is > instructive. I will also explain the Swing side (TreeModel etc) in a bit > more detail. > Of course, the code examples and slides will demonstrate how to use these > trees on web-pages, but because of the aforementioned good-design, it is > pretty easy to use these components and won't take very much time. If we do > have time, and the audience is interested, I'll go on to show the guts and > how it all works under the covers. Either way, I personally find this a good > way to understand how things work. > > While we're on the subject, what's the deal with the trees in the > extensions? I guess there is going to be some rationalisation of the > DefaultAbstractTree class in 1.4 (?); it's not really obvious whether to > subclass BaseTree (from core) or DefaultAbstractTree (from extensions) for > one's own tree implementation, by just looking quickly at the APIs, code or > the javadoc. > > Regards - Cemal > http://jWeekend.co.uk http://jWeekend.co.uk > > > > > Matej Knopp-2 wrote: > > > > Hi, > > > > the diagram looks ok, however it covers a lot of internal tree state, > > which is something the users shouldn't be botherered with. Are you > > sure you want to go into such details? > > > > -Matej > > > > On Dec 2, 2007 9:39 PM, jweekend <[EMAIL PROTECTED]> wrote: > >> > >> I'm preparing a presentation on Trees in Wicket (core) for the > >> http://jweekend.com/dev/LWUGReg/ London Wicket Users Group event on > >> Wednesday. > >> Could someone (Matej maybe ;-) take a quick look over > >> http://jweekend.com/presentation/WicketCoreTrees.png this high level UML > >> class diagram (~1024x768) I have started putting together to explain the > >> inner-workings/key-concepts to go along with the demo-code/slides on how > >> to > >> use these components? > >> Also let me know if you feel this sort of thing is helpful for people > >> learning Wicket. > >> Regards - Cemal > >> http://jWeekend.co.uk http://jWeekend.co.uk > >> -- > >> View this message in context: > >> http://www.nabble.com/Wicket-Trees---presentation-diagram-tf4933100.html#a14119659 > >> Sent from the Wicket - User mailing list archive at Nabble.com. > >> > >> > >> - > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > -- > View this message in context: > http://www.nabble.com/Wicket-Trees---presentation-diagram-tf4933100.html#a14137468 > > Sent from the Wicket - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Thx everybody that attended the user group meeting in The Netherlands
Done. http://www.slideshare.net/mrmean/wicket-security-presentation Maurice On Dec 3, 2007 3:07 PM, Johan Compagner <[EMAIL PROTECTED]> wrote: > > > > I put our presentation on slideshare: > > > > http://www.slideshare.net/nielsvk/wicket-plugin-architecture > > > > Can the other speakers upload their slides too please? > > > > > http://www.slideshare.net/jcompagner/wicket-and-swing-from-one-codebase/ > > http://www.slideshare.net/jcompagner/session-stores-page-maps-and-pages/ > > johan > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Wicket Trees - presentation/diagram
Thanks Matej. I think it's OK to go in to this level of detail because at the AbstractTable level there's some nice design/implementation, so, it is instructive. I will also explain the Swing side (TreeModel etc) in a bit more detail. Of course, the code examples and slides will demonstrate how to use these trees on web-pages, but because of the aforementioned good-design, it is pretty easy to use these components and won't take very much time. If we do have time, and the audience is interested, I'll go on to show the guts and how it all works under the covers. Either way, I personally find this a good way to understand how things work. While we're on the subject, what's the deal with the trees in the extensions? I guess there is going to be some rationalisation of the DefaultAbstractTree class in 1.4 (?); it's not really obvious whether to subclass BaseTree (from core) or DefaultAbstractTree (from extensions) for one's own tree implementation, by just looking quickly at the APIs, code or the javadoc. Regards - Cemal http://jWeekend.co.uk http://jWeekend.co.uk Matej Knopp-2 wrote: > > Hi, > > the diagram looks ok, however it covers a lot of internal tree state, > which is something the users shouldn't be botherered with. Are you > sure you want to go into such details? > > -Matej > > On Dec 2, 2007 9:39 PM, jweekend <[EMAIL PROTECTED]> wrote: >> >> I'm preparing a presentation on Trees in Wicket (core) for the >> http://jweekend.com/dev/LWUGReg/ London Wicket Users Group event on >> Wednesday. >> Could someone (Matej maybe ;-) take a quick look over >> http://jweekend.com/presentation/WicketCoreTrees.png this high level UML >> class diagram (~1024x768) I have started putting together to explain the >> inner-workings/key-concepts to go along with the demo-code/slides on how >> to >> use these components? >> Also let me know if you feel this sort of thing is helpful for people >> learning Wicket. >> Regards - Cemal >> http://jWeekend.co.uk http://jWeekend.co.uk >> -- >> View this message in context: >> http://www.nabble.com/Wicket-Trees---presentation-diagram-tf4933100.html#a14119659 >> Sent from the Wicket - User mailing list archive at Nabble.com. >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Wicket-Trees---presentation-diagram-tf4933100.html#a14137468 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with setResponsePage to page that use WebClientInfo
Hi! Eelco Hillenius wrote: > >> When I redirect using setResponsePage to a page that gets >> the WebClientInfo via getRequestCycle().getClientInfo() I got page that >> contains only: >> >> > encoding="UTF-8"?>> > That doesn't make sense to me. Do you use the > 'gatherExtendedBrowserInfo' setting (so that it is true)? Or do you > get this even without that setting? > Thanks for your replay. Yes. I .setGatherExtendedBrowserInfo to true in the app. When I access the page directly with url address it displays ok. But when I click on the link that use setResponsePage I only gets this ajax message. When I click on this link for the second time the page is displayed correctly. I will try to make a quickstart for it. Artur -- View this message in context: http://www.nabble.com/problem-with-setResponsePage-to-page-that-use-WebClientInfo-tf4937773.html#a14137206 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
GUI development using wicket, possible? make sense??
Recently eclipse start few project that let developer directly port their GUI application as AJAX web application. I just wonder can wicket do similar thing? As wicket parsing the HTML like template to java object internally and generate web pages and able to handle various events. Is that possible that I can start the application as an remote SWT / swing application? Or it is just not make sense at all?? -- View this message in context: http://www.nabble.com/GUI-development-using-wicket%2C-possible--make-sense---tf4938804.html#a14137047 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
GUI development using wicket, possible? make sense??
Recently eclipse start few project that let developer directly port their GUI application as AJAX web application. I just wonder can wicket do similar thing? As wicket parsing the HTML like template to java object internally and generate web pages and able to handle various events. Is that possible that I can start the application as an remote SWT / swing application? Or it is just not make sense at all?? -- View this message in context: http://www.nabble.com/GUI-development-using-wicket%2C-possible--make-sense---tf4938801.html#a14137039 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Lightbox javascript
> that is weird. all i do there is > > add(TextTemplateHeaderContributor.forJavaScript(this.getClass(), > "/js/lightbox_baseUrl.js", > someVariableModel)); Yeah it looked simple to me to (i checked the code). > could you provide more detail about container, (maybe classloading > settings)? > i assume, you use wicket 1.3-rc1? I use wicket 1.3 rc4 on an out-of-the-box jboss/tomcat 4.2.2. I created the project from an wicket-quickstart. I've added the jar from the website to my project and deploy it to the web folder /web-inf/lib Do i have to add other jars? Thanks for your help Per - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
annoying alert message while closing modal window with wizard
Hello All, I am using a custom wizard in a modal window, so i have my own custom button bar such as next, previous, finish and cancel. so when i click cancel or finish. i get this alert message. http://www.nabble.com/file/p14136120/alert.jpeg if i append the javascript like this target.appendJavascript("window.onbeforeunload=null"); it cause the modal window to close but it does not do the save operation that i want to when i click finish button at the end. I tried to use the new wicket 1.3 wizard but got the same problem if anyone has any idea please let me know. Thanks -- View this message in context: http://www.nabble.com/annoying-alert-message-while-closing-modal-window-with-wizard-tf4938532.html#a14136120 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: cannot render a menubar using menu2 package
Hi Doug, We definitely don't want to require users to strip wicket tags, if that still needs to be done. I think we did that just to get it working. I thought setRenderBodyOnly was enough, but if we still have issues we should add in a MarkupFilter or use a Transformer. If menu2 only works with stripping wicket tags, then we should fix it. I need to get back in the game so we can dump menu and elevate menu2 to its place as the one and only menu (I've been in a c++ house of pain for the past couple of months) best, jim On Dec 3, 2007 12:15 PM, Doug Leeper <[EMAIL PROTECTED]> wrote: > > James, > > I was not aware of the issue (or if I was...I forgot) With this in > mind...do I need to change the menu2 impl? > > - Doug > -- > View this message in context: > http://www.nabble.com/wicket-success-stories-tf4877640.html#a14135575 > > Sent from the Wicket - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to secure passwords?
Korbinian Bachl wrote: > > to get a wanted md5 collision requires a person that uses a rainbow > table under 1h time by a successrate at about 99,9% - > http://www.antsight.com/zsl/rainbowcrack/ > No admin will try to break the code ;) it seems secure enough for an obfuscating Korbinian Bachl wrote: > > you want to use SSL (TLS now called) for this! -> go to a banklogin and > you see changing the http://www.mybank.com to https://www.mybank.com > That's it! Why didn't I think about it before? don't know, maybe too tired... But isn't TLS a lot slower (very expensive)? I don't need a full secure site... only some very specific pages need security Korbinian Bachl wrote: > > 1. there are under 100 people on this planet that know how to write a > secure crapto algorithm - and believe me that we two arent anywhere near > them :) > I know it, and I'm none of them :) ! sorry for my bad english, I'd better to write "I know how to hash some data with md5 under java". Frenchies are usually bad with other languages ;) SSL/TLS looks pretty well... And gives a "securised" feeling to the user :) -- View this message in context: http://www.nabble.com/How-to-secure-passwords--tf4936916.html#a14136094 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to secure passwords?
Jeremy Levy wrote: Don't use MD5: http://md5.rednoize.com/ 328b78157026ea76f87d3f2d7111dfb1 j I REALLY don't get your point. So you can do a dictionary attack on MD5 hashes or brute force on short plaintexts if you don't use a salt. Weeha. So what else is new? This has ABSOLUTELY NOTHING to do with MD5. This works with SHA1, and ANY other hash. That's why you use salts. When you store a hashed password in the database you generally do something like this. Take a random generated alphanumeric string of 10 chars: GXSYvmzz0y Then take the plaintext password, i.e., "test123" and append it to the salt: GXSYvmzz0y$test123 Now make an MD5 hash: ca62c4bd0a5094d9198112a6ce6ab4f4 Now prepend the salt to the hash, and store this in the database. In other words, store this: GXSYvmzz0y$ca62c4bd0a5094d9198112a6ce6ab4f4 in the database. To verify the password for a user, split the stored value, use the salt to compute the required hash, and compare. Good luck cracking that. Your site is not going to help, and neither will rainbow crack. Regards, Sebastiaan On Dec 3, 2007 12:17 PM, Sebastiaan van Erk <[EMAIL PROTECTED]> wrote: Korbinian Bachl wrote: However, they *CAN NOT* generate a collision for an arbitrary hash. Furthermore, doing this in a limited size string (like a password) adds another complication. they can and did ! - if you have a hashvalue e.g: 79054025255fb1a26e4bc422aef54eb4 you can use various reverse tables to get the needed inputString into any md5(inputString) function to get the desired hash - example look here: http://www.antsight.com/zsl/rainbowcrack/ They're using precomputed tables to speed up finding a hash from a *known* plaintext space. For example, the 36GB md5 table allows you to find which string of 1-8 characters from the lowercase alphanum charset was used to generate a specific has. To be specific, if I provided the hash: 4a251a2ef9bbf4ccc35f97aba2c9cbda rainbow crack would find the key: test123. However, if I provided the hash: 36a03a8a4c00e81f03d62d8b04bbbf4d rainbow crack would *NOT* find the key: Test123, since it contains a character not in their character set. Furthermore, it would find no key at all if it so happens (which is overwhelmingly probably the case) that there exists no 1-8 string lowercase alphanum string which has this hash. with classic rainbow tables or hybrid rainbow tables you get a 99,9% chance to score a hit for under 1h time... sounds not very secure to me Only for specific plaintexts, after precomputing the tables. Nope, MD5 password hashes are still perfectly fine. sure? Yes, secure enough. In practical use, passwords are rather weak, and there are many easy attack points (social engineering, reading passwords from an unprotected password vault of the browser, dictionary attacks, etc.). Hashing the password is (in general) used to hide the plaintext from view (in a DB for example). Furthermore, anybody can gain access to an account if they have write access to the DB by simply putting in their own hash. Hashing the password client side is actually UNSAFE. This means the hash goes over the network, and somebody else can just send the same hash to the server to log in without ever knowing the user's password. and its more save if the md5 sits in the RDBMS that may be breached? Yes again. If your RDBMS is breached you've got far more serious issues. Futhermore, somebody sniffing a hash going of the network (especially LAN) is *EASY*. If you have a secure setup with your RDBS, it's on a safe network, behind a DMZ, and not accessible from the internet directly. Apart from other confidential data that will be leaked (e.g. credit card numbers, or whatever), I think hashed MD5 passwords are the least of your problems. But I agree with one thing: since it's free in Java to use SHA instead of MD5 (all you have to do is change 1 little string), you may as well use SHA. Regards, Sebastiaan smime.p7s Description: S/MIME Cryptographic Signature
Re: How to secure passwords?
Don't use MD5: http://md5.rednoize.com/ 328b78157026ea76f87d3f2d7111dfb1 j On Dec 3, 2007 12:17 PM, Sebastiaan van Erk <[EMAIL PROTECTED]> wrote: > Korbinian Bachl wrote: > > >> However, they *CAN NOT* generate a collision for an arbitrary hash. > >> Furthermore, doing this in a limited size string (like a password) > >> adds another complication. > > > > they can and did ! - if you have a hashvalue e.g: > > > > 79054025255fb1a26e4bc422aef54eb4 > > > > you can use various reverse tables to get the needed inputString into > > any md5(inputString) function to get the desired hash - > > example look here: > > http://www.antsight.com/zsl/rainbowcrack/ > > They're using precomputed tables to speed up finding a hash from a > *known* plaintext space. For example, the 36GB md5 table allows you to > find which string of 1-8 characters from the lowercase alphanum charset > was used to generate a specific has. > > To be specific, if I provided the hash: > > 4a251a2ef9bbf4ccc35f97aba2c9cbda > > rainbow crack would find the key: test123. > > However, if I provided the hash: > > 36a03a8a4c00e81f03d62d8b04bbbf4d > > rainbow crack would *NOT* find the key: Test123, since it contains a > character not in their character set. Furthermore, it would find no key > at all if it so happens (which is overwhelmingly probably the case) that > there exists no 1-8 string lowercase alphanum string which has this hash. > > > with classic rainbow tables or hybrid rainbow tables you get a 99,9% > > chance to score a hit for under 1h time... sounds not very secure to me > > Only for specific plaintexts, after precomputing the tables. > > >> Nope, MD5 password hashes are still perfectly fine. > > > > sure? > > Yes, secure enough. In practical use, passwords are rather weak, and > there are many easy attack points (social engineering, reading passwords > from an unprotected password vault of the browser, dictionary attacks, > etc.). Hashing the password is (in general) used to hide the plaintext > from view (in a DB for example). Furthermore, anybody can gain access to > an account if they have write access to the DB by simply putting in > their own hash. > > >> > >> Hashing the password client side is actually UNSAFE. This means the > >> hash goes over the network, and somebody else can just send the same > >> hash to the server to log in without ever knowing the user's password. > > > > and its more save if the md5 sits in the RDBMS that may be breached? > > Yes again. If your RDBMS is breached you've got far more serious issues. > Futhermore, somebody sniffing a hash going of the network (especially > LAN) is *EASY*. If you have a secure setup with your RDBS, it's on a > safe network, behind a DMZ, and not accessible from the internet > directly. Apart from other confidential data that will be leaked (e.g. > credit card numbers, or whatever), I think hashed MD5 passwords are the > least of your problems. > > But I agree with one thing: since it's free in Java to use SHA instead > of MD5 (all you have to do is change 1 little string), you may as well > use SHA. > > Regards, > Sebastiaan > > > >
Re: cannot render a menubar using menu2 package
James, I was not aware of the issue (or if I was...I forgot) With this in mind...do I need to change the menu2 impl? - Doug -- View this message in context: http://www.nabble.com/wicket-success-stories-tf4877640.html#a14135575 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: cannot render a menubar using menu2 package
Fantastic! I was getting a little nervous there for a second. Let me know if you have any problems/thoughts on menu2. Not sure how many are using it but my experience has been great (of course ;-) - Doug -- View this message in context: http://www.nabble.com/wicket-success-stories-tf4877640.html#a14135545 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with setResponsePage to page that use WebClientInfo
> When I redirect using setResponsePage to a page that gets > the WebClientInfo via getRequestCycle().getClientInfo() I got page that > contains only: > > encoding="UTF-8"?>That doesn't make sense to me. Do you use the 'gatherExtendedBrowserInfo' setting (so that it is true)? Or do you get this even without that setting? > When I want to access this page for the second time (in the same session) > everything is ok. > > > I would appreciate any help. Thanks, If you can make a quickstart project that reproduces the problem, we could take a look at it. Eelco - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: cannot render a menubar using menu2 package
Doug, thank you for your help, you're right, it doesn't make sense, because it was my fault! I didn't use maven, now I've used it and all is working properly I simply used the informations in the pom under https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-contrib-yui-examples/pom.xml and the menu is now correctly renderered Thank you very much for all Rik > Date: Mon, 3 Dec 2007 08:49:18 -0800> From: [EMAIL PROTECTED]> To: > users@wicket.apache.org> Subject: RE: cannot render a menubar using menu2 > package> > > Rik,> > This doesn't make sense...it should work. Not that it > matters...but want to> ask anyway...are you executing the wicket examples > within Eclipse? If so,> please verify that your classpath is setup properly > (looking for Wicket> 1.3.x...preferably the latest...TRUNK/SNAPSHOT/rc1)> > I > am assuming that you are still getting YAHOO not found. This indicates> that > the proper file has not been found. Also, there nuances with YUI in> the > order of the files retrieved in the Browser. Wicket I know for a fact> > handles this correctly. Could you double check the outputted HTML to> ensure > the links are correct (copy/paste into a browser). If any are 404,> then the > link formation is incorrect.> > What might be best is to have you send me > your example (quick start if> possible) to reproduce your error on my end. > Otherwise...I am grasping at> straws here.> > - Doug> -- > View this message > in context: > http://www.nabble.com/wicket-success-stories-tf4877640.html#a14133768> Sent > from the Wicket - User mailing list archive at Nabble.com.> > > > -> To > unsubscribe, e-mail: [EMAIL PROTECTED]> For additional commands, e-mail: > [EMAIL PROTECTED]> _ Scarica GRATIS 30 emoticon per Messenger! http://www.emoticons-livemessenger.com/pages/msnit/index.htm
Re: cannot render a menubar using menu2 package
A quickstart attached to jira would be most appreciated. http://wicketstuff.org/jira/browse/WSYUI. Yui menu's distaste for wicket tags has been a long standing issue. To get around it at first, we did tMarkupSettings().setStripWicketTags(true). But then I thought that was changed to calling setRenderBodyOnly on the components? If this isn't working, maybe we need to hack up a markup filter to have done with it once and for all. On Dec 3, 2007 10:49 AM, Doug Leeper <[EMAIL PROTECTED]> wrote: > > Rik, > > This doesn't make sense...it should work. Not that it matters...but want to > ask anyway...are you executing the wicket examples within Eclipse? If so, > please verify that your classpath is setup properly (looking for Wicket > 1.3.x...preferably the latest...TRUNK/SNAPSHOT/rc1) > > I am assuming that you are still getting YAHOO not found. This indicates > that the proper file has not been found. Also, there nuances with YUI in > the order of the files retrieved in the Browser. Wicket I know for a fact > handles this correctly. Could you double check the outputted HTML to > ensure the links are correct (copy/paste into a browser). If any are 404, > then the link formation is incorrect. > > What might be best is to have you send me your example (quick start if > possible) to reproduce your error on my end. Otherwise...I am grasping at > straws here. > > - Doug > -- > View this message in context: > http://www.nabble.com/wicket-success-stories-tf4877640.html#a14133768 > > Sent from the Wicket - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Pagination Probelm with date_Sub(): MYSQL +HIberante
gah, next time please dont answer... -igor On Dec 3, 2007 5:00 AM, Roy van Rijn <[EMAIL PROTECTED]> wrote: > Not really a Wicket question... but as long as we answer :) > > You can just use Date objects in Hibernate: > > Criteria criteria = session.createCriteria(Sale.class); > if (startDate != null) { > criteria.add(Expression.ge("date",startDate); > } > List results = criteria.list(); > > And in HQL you can do: > > Map parameters = new HashMap(); > StringBuffer queryBuf = new StringBuffer("from Sale s "); > boolean firstClause = true; > > if (startDate != null) { > queryBuf.append(firstClause ? " where " : " and "); > queryBuf.append("s.date >= :startDate"); > parameters.put("startDate",startDate); > firstClause = false; > } > > (examples from: http://www.javalobby.org/articles/hibernatequery102/) > > Roy > > > On 12/3/07, wicketshafi <[EMAIL PROTECTED]> wrote: > > > > > > I am using wicket ,hibernate ... > > > > Use Case: getting all the records which are created within 30 days > > > > DATE_SUB(CURDATE(),INTERVAL 30 DAY) is giving error in hibernate > > can any body help me to solve this issue > > > > if you know hibernate date functions regarding this issue.. > > could you let me know once... > > > > regards > > Shafi > > > > > > > > > > -- > > View this message in context: > > http://www.nabble.com/Pagination-Probelm-with-date_Sub%28%29%3A-MYSQL-%2BHIberante-tf4936098.html#a14128684 > > Sent from the Wicket - User mailing list archive at Nabble.com. > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: pagination in Wicket...
urgh, this is not a mysql mailing list. while you guys are just trying to help, if this becomes a pattern there will be way too much noise on this already pretty freakin busy list. so please next time please tell the person to go to the appropriate forum, or in this case simply type in "mysql paginataion" into google and press the "im feeling lucky" button... -igor On Dec 3, 2007 2:42 AM, Roy van Rijn <[EMAIL PROTECTED]> wrote: > This also works pretty well using Hibernate: > > Criteria c = session.createCriteria(...); > c.setFirstResult(start); > c.setMaxResults(length); > > But beware with using this. Hibernate has Java-Filters for some cases. > ResultTransformers can't be used in combination with paging. The query > will select the amount you need but the transformers could remove > results from that list. > > We've noticed that if you automaticly join tables using the HBM file > (fetch) then Hibernate will remove results too. This is very annoying. > > For example: > Table 1: > key - t2key - value > 1 1 First entry > 2 1 Second entry > 3 2 Blabla > 4 3 More bla.. > > Table 2: > key - value > 1 Some value > 2 Some other value > 3 Some third value > > If you fetch-join table 1 when you query table 2 and try to collect > the first 3 results hibernate will generate the following SQL: > > select * from table2 t2 left join table1 t1 on t2.t2key = t2.key limit 0,2; > > What will be retrieved: > 1 Some value 1 1 First entry > 1 Some value 2 1 Second entry > 2 Some other value 3 2 Blabla > > Because the first (queried) table has duplicate entries Hibernate will > create the following objects: > > table1 object: "1, Some value" > with List {"1,1,First entry", "2,1,Second entry"} > > and > > table1 object: "2, Some other value" > with List {"3,2,Bla bla"} > > Just two results... paging messed up :( > > This is my experience with paging and ORM mappers, you have to be very > carefull hehe. If somebody here knows a solution to this problem, > please let me know! > > Roy > > > > On 12/3/07, Uwe Schäfer <[EMAIL PROTECTED]> wrote: > > wicketshafi schrieb: > > > > > how do I query the start and count in mysql > > > > The LIMIT clause can be used to constrain the number of rows returned > > by the SELECT statement. LIMIT takes one or two numeric arguments, > > which must both be non-negative integer constants (except when using > > prepared statements). > > > > With two arguments, the first argument specifies the offset of the first > > row to return, and the second specifies the maximum number of rows to > > return. The offset of the initial row is 0 (not 1): > > > > SELECT * FROM tbl LIMIT 5,10; # Retrieve rows 6-15 > > > > see http://dev.mysql.com/doc/refman/5.0/en/select.html > > > > -- > > > > THOMAS DAILY GmbH > > Adlerstraße 19 > > 79098 Freiburg > > Deutschland > > T + 49 761 3 85 59 0 > > F + 49 761 3 85 59 550 > > E [EMAIL PROTECTED] > > www.thomas-daily.de > > > > Geschäftsführer/Managing Directors: > > Wendy Thomas, Susanne Larbig > > Handelsregister Freiburg i.Br., HRB 3947 > > > > Registrieren Sie sich unter http://morningnews.thomas-daily.de für die > > kostenfreien TD Morning News, eine Auswahl aktueller Themen des Tages > > morgens um 9:00 in Ihrer Mailbox. > > > > Hinweis: Der Redaktionsschluss für unsere TD Morning News ist täglich um > > 8:30 Uhr. Es werden vorrangig Informationen berücksichtigt, die nach > > 16:00 Uhr des Vortages eingegangen sind. Die Email-Adresse unserer > > Redaktion lautet [EMAIL PROTECTED] > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Wicket meetup in San Francisco
Dec 6th conflicts with the Bay Area Functional Programmers meeting where Yariv Sadan will be presenting Erlyweb. I'm out of town the week of the 10th So... for me, neither. :-( On Dec 3, 2007 8:35 AM, Orion Letizi <[EMAIL PROTECTED]> wrote: > For anyone interested in a meetup in San Francisco, it looks like this > week might be best for two people and next week would be better for > one person. > > I suppose we should vote. I'll propose two dates: > > Thurs. Dec. 6 > Fri. Dec 14 > > Vote away... > > --Orion > > > -- lift, the secure, simple, powerful web framework http://liftweb.net Collaborative Task Management http://much4.us
Re: How to secure passwords?
Korbinian Bachl wrote: However, they *CAN NOT* generate a collision for an arbitrary hash. Furthermore, doing this in a limited size string (like a password) adds another complication. they can and did ! - if you have a hashvalue e.g: 79054025255fb1a26e4bc422aef54eb4 you can use various reverse tables to get the needed inputString into any md5(inputString) function to get the desired hash - example look here: http://www.antsight.com/zsl/rainbowcrack/ They're using precomputed tables to speed up finding a hash from a *known* plaintext space. For example, the 36GB md5 table allows you to find which string of 1-8 characters from the lowercase alphanum charset was used to generate a specific has. To be specific, if I provided the hash: 4a251a2ef9bbf4ccc35f97aba2c9cbda rainbow crack would find the key: test123. However, if I provided the hash: 36a03a8a4c00e81f03d62d8b04bbbf4d rainbow crack would *NOT* find the key: Test123, since it contains a character not in their character set. Furthermore, it would find no key at all if it so happens (which is overwhelmingly probably the case) that there exists no 1-8 string lowercase alphanum string which has this hash. with classic rainbow tables or hybrid rainbow tables you get a 99,9% chance to score a hit for under 1h time... sounds not very secure to me Only for specific plaintexts, after precomputing the tables. Nope, MD5 password hashes are still perfectly fine. sure? Yes, secure enough. In practical use, passwords are rather weak, and there are many easy attack points (social engineering, reading passwords from an unprotected password vault of the browser, dictionary attacks, etc.). Hashing the password is (in general) used to hide the plaintext from view (in a DB for example). Furthermore, anybody can gain access to an account if they have write access to the DB by simply putting in their own hash. Hashing the password client side is actually UNSAFE. This means the hash goes over the network, and somebody else can just send the same hash to the server to log in without ever knowing the user's password. and its more save if the md5 sits in the RDBMS that may be breached? Yes again. If your RDBMS is breached you've got far more serious issues. Futhermore, somebody sniffing a hash going of the network (especially LAN) is *EASY*. If you have a secure setup with your RDBS, it's on a safe network, behind a DMZ, and not accessible from the internet directly. Apart from other confidential data that will be leaked (e.g. credit card numbers, or whatever), I think hashed MD5 passwords are the least of your problems. But I agree with one thing: since it's free in Java to use SHA instead of MD5 (all you have to do is change 1 little string), you may as well use SHA. Regards, Sebastiaan smime.p7s Description: S/MIME Cryptographic Signature
problem with setResponsePage to page that use WebClientInfo
Hi! When I redirect using setResponsePage to a page that gets the WebClientInfo via getRequestCycle().getClientInfo() I got page that contains only:When I want to access this page for the second time (in the same session) everything is ok. I would appreciate any help. Thanks, Artur -- View this message in context: http://www.nabble.com/problem-with-setResponsePage-to-page-that-use-WebClientInfo-tf4937773.html#a14133844 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: cannot render a menubar using menu2 package
Rik, This doesn't make sense...it should work. Not that it matters...but want to ask anyway...are you executing the wicket examples within Eclipse? If so, please verify that your classpath is setup properly (looking for Wicket 1.3.x...preferably the latest...TRUNK/SNAPSHOT/rc1) I am assuming that you are still getting YAHOO not found. This indicates that the proper file has not been found. Also, there nuances with YUI in the order of the files retrieved in the Browser. Wicket I know for a fact handles this correctly. Could you double check the outputted HTML to ensure the links are correct (copy/paste into a browser). If any are 404, then the link formation is incorrect. What might be best is to have you send me your example (quick start if possible) to reproduce your error on my end. Otherwise...I am grasping at straws here. - Doug -- View this message in context: http://www.nabble.com/wicket-success-stories-tf4877640.html#a14133768 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Wicket meetup in San Francisco
+1 6 Dec. On Dec 3, 2007 10:35 AM, Orion Letizi <[EMAIL PROTECTED]> wrote: > For anyone interested in a meetup in San Francisco, it looks like this > week might be best for two people and next week would be better for > one person. > > I suppose we should vote. I'll propose two dates: > > Thurs. Dec. 6 > Fri. Dec 14 > > Vote away... > > --Orion > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Nick Heudecker Professional Wicket Training & Consulting http://www.systemmobile.com Eventful - Intelligent Event Management http://www.eventfulhq.com
Re: How to secure passwords?
Pills schrieb: Korbinian Bachl wrote: This is nothing about wicket - its about base security. MD5 is a hash-algorithm (see: http://en.wikipedia.org/wiki/Md5) which is no more secure (flaw found 1996) as there are tables to reverse given md5 (from 2003 on) to a valid input thank you for your answers. I know that MD5 isn't much secure, but it doesn't matter (I just want to obfuscate them, to prevent an admin to get a clear password from his admin console). But I agree, SHA may be better... to get a wanted md5 collision requires a person that uses a rainbow table under 1h time by a successrate at about 99,9% - http://www.antsight.com/zsl/rainbowcrack/ I guessed there was a wicket way to 1) crypt some data before sending them out of the client's browser (so it doesn't travel in clear) 2) compare it on the server side with the required hashed password. you want to use SSL (TLS now called) for this! -> go to a banklogin and you see changing the http://www.mybank.com to https://www.mybank.com see http://en.wikipedia.org/wiki/Transport_Layer_Security for a overview I know how to write the crypto algorithm... I just don't know the best way to integrate it into wicket. However, I saw some interface on Wicket (like ICrypt) and guessed there is a way to use it well... 1. there are under 100 people on this planet that know how to write a secure crapto algorithm - and believe me that we two arent anywhere near them :) 2. AFAIK the ICrypt is good for obscuring the URL itself - not for the content (but im not sure on this) Thank you for your interest ;) youre welcome, Korbinian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Wicket meetup in San Francisco
For anyone interested in a meetup in San Francisco, it looks like this week might be best for two people and next week would be better for one person. I suppose we should vote. I'll propose two dates: Thurs. Dec. 6 Fri. Dec 14 Vote away... --Orion - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to secure passwords?
Sebastiaan van Erk schrieb: Korbinian Bachl wrote: This is nothing about wicket - its about base security. MD5 is a hash-algorithm (see: http://en.wikipedia.org/wiki/Md5) which is no more secure (flaw found 1996) as there are tables to reverse given md5 (from 2003 on) to a valid input As far as I can remember, they can generate two different documents with the same MD5 hash. correct: http://www.mscs.dal.ca/~selinger/md5collision/ (this is known since 1996 now) However, they *CAN NOT* generate a collision for an arbitrary hash. Furthermore, doing this in a limited size string (like a password) adds another complication. they can and did ! - if you have a hashvalue e.g: 79054025255fb1a26e4bc422aef54eb4 you can use various reverse tables to get the needed inputString into any md5(inputString) function to get the desired hash - example look here: http://www.antsight.com/zsl/rainbowcrack/ Furthermore, there is generally no way to know what MD5 hash a user has, so even if there was an attack which could generate a string with the chosen MD5 hash, you still could not hack a user's account because you wouldn't know which MD5 hash you want your string to have. with classic rainbow tables or hybrid rainbow tables you get a 99,9% chance to score a hit for under 1h time... sounds not very secure to me Nope, MD5 password hashes are still perfectly fine. sure? Hashing the password client side is actually UNSAFE. This means the hash goes over the network, and somebody else can just send the same hash to the server to log in without ever knowing the user's password. and its more save if the md5 sits in the RDBMS that may be breached? What you need is either: 1) SSL (https) to encrypt the traffic to the server (in which case there is no need to hash passwords client side), or +1 for this - but i got him as he wants to store the password protected on server Best, Korbinian 2) Use a challenge response algorithm (like CRAM-MD5). Since 1) is already built into the browser and 2) is a pain and requires somebody to implement it in JavaScript, I strongly suggest you use 1). Futhermore, trying to think of your own security algorithms, or implement known security algorithms yourself (e.g., in JavaScript) instead of using a library is very dangerous unless you are a security expert. Regards, Sebastiaan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: maven repository for wicketstuff
Or install the wicket-contrib-gmap2.jar locally from sources. Cheers, Oleg ryantxu wrote: > > Hello- > > I am stumbling through learning wicket and am hitting some things I > don't grock about maven. > > I want to run the gmap2 example. When I check it out and then run: > $ mvn jetty:run (or mvn install) > > I get an error that says "Missing: > org.wicketstuff:wicket-contrib-gmap2:jar:1.3.0-SNAPSHOT" > > How do I fix that? > > Also, I want to try the wicketstuff-jmx-panel component. How do I add > that to the quickstart app? I tried adding: > > > > org.wicketstuff > wicketstuff-jmx-panel > ${wicket.version} > > > and > > > >wicket-stuff-repository >Wicket-Stuff Repository >http://www.wicketstuff.org/maven/repository/ > > > > to pom.xml, but that does not seem to work. Do I have the repository > wrong? > > thanks > ryan > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/maven-repository-for-wicketstuff-tf4934328.html#a14133266 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [RFE] HeaderContributor.forFavicon(Reference)
done... http://issues.apache.org/jira/browse/WICKET-1203 -Original Message- From: Eelco Hillenius [mailto:[EMAIL PROTECTED] Sent: Friday, November 30, 2007 8:32 PM To: users@wicket.apache.org Subject: Re: [RFE] HeaderContributor.forFavicon(Reference) On Nov 30, 2007 4:29 AM, William Hoover <[EMAIL PROTECTED]> wrote: > While your on the subject... shouldn't there be a forJavaScript that is > external from the HeaderContributor that does a more intelligent insertion of > the script farther down the dom tree to increase performance > (http://developer.yahoo.com/performance/rules.html#js_bottom)? I'm not sure what the catches are there. If you could open up a feature request for, we can investigate it for 1.4. Eelco - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: cannot render a menubar using menu2 package
Send along the credentials and link to the qa server please. -Original Message- From: rik rik [mailto:[EMAIL PROTECTED] Sent: Monday, December 03, 2007 10:46 AM To: users@wicket.apache.org Subject: RE: cannot render a menubar using menu2 package Hi, I made these steps: 1) svn checkout from this path https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-c ontrib-yui-examples/src/main/java/org/wicketstuff/yui/examples 2) add style.css to my webapp root 2) configure web.xml in my webapp to point to org.wicketstuff.yui.examples.pages.YuiApplication 3) click on MenuBar2Page I have the same javascript error "YAHOO is not defined", even if in the WicketExampleApplication the method init contains "getMarkupSettings().setStripWicketTags(true)" I hope this helps Rik > Date: Mon, 3 Dec 2007 05:58:09 -0800> From: [EMAIL PROTECTED]> To: users@wicket.apache.org> Subject: RE: cannot render a menubar using menu2 package> > > Correction. It is not the wicket code that is having a problem...it is the> YUI code that does not like the wicket:id tags. All the wicket code (menu2)> does is create the html that YUI recognizes. At the browser, there is no> wicket stuff going on.> > As far what the problem is with regards to the wicket:id tags...that is> going to be tough to debug. I haven't debugged javascript code before and> not sure what "good" debugger there is to do this. However, I will take a> look to see if anyone else in the YUI community has had problems.> > Did you get the wicketstuff examples to work? I checked in the application> class with the appropriate setting change. That should work for you and> serve as a working example.> > - Doug> -- > View this message in context: http://www.nabble.com/wicket-success-stories-tf4877640.html#a14130319> Sent from the Wicket - User mailing list archive at Nabble.com.> > > -> To unsubscribe, e-mail: [EMAIL PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]> _ Conosci Doretta? Contattala, è ora su Messenger! http://www.doretta82.it/banner/index.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: cannot render a menubar using menu2 package
Hi, I made these steps: 1) svn checkout from this path https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-contrib-yui-examples/src/main/java/org/wicketstuff/yui/examples 2) add style.css to my webapp root 2) configure web.xml in my webapp to point to org.wicketstuff.yui.examples.pages.YuiApplication 3) click on MenuBar2Page I have the same javascript error "YAHOO is not defined", even if in the WicketExampleApplication the method init contains "getMarkupSettings().setStripWicketTags(true)" I hope this helps Rik > Date: Mon, 3 Dec 2007 05:58:09 -0800> From: [EMAIL PROTECTED]> To: > users@wicket.apache.org> Subject: RE: cannot render a menubar using menu2 > package> > > Correction. It is not the wicket code that is having a > problem...it is the> YUI code that does not like the wicket:id tags. All the > wicket code (menu2)> does is create the html that YUI recognizes. At the > browser, there is no> wicket stuff going on.> > As far what the problem is > with regards to the wicket:id tags...that is> going to be tough to debug. I > haven't debugged javascript code before and> not sure what "good" debugger > there is to do this. However, I will take a> look to see if anyone else in > the YUI community has had problems.> > Did you get the wicketstuff examples > to work? I checked in the application> class with the appropriate setting > change. That should work for you and> serve as a working example.> > - Doug> > -- > View this message in context: > http://www.nabble.com/wicket-success-stories-tf4877640.html#a14130319> Sent > from the Wicket - User mailing list archive at Nabble.com.> > > > -> To > unsubscribe, e-mail: [EMAIL PROTECTED]> For additional commands, e-mail: > [EMAIL PROTECTED]> _ Conosci Doretta? Contattala, è ora su Messenger! http://www.doretta82.it/banner/index.html
Re: How to secure passwords?
Korbinian Bachl wrote: > > This is nothing about wicket - its about base security. MD5 is a > hash-algorithm (see: http://en.wikipedia.org/wiki/Md5) which is no more > secure (flaw found 1996) as there are tables to reverse given md5 (from > 2003 on) to a valid input > thank you for your answers. I know that MD5 isn't much secure, but it doesn't matter (I just want to obfuscate them, to prevent an admin to get a clear password from his admin console). But I agree, SHA may be better... I guessed there was a wicket way to 1) crypt some data before sending them out of the client's browser (so it doesn't travel in clear) 2) compare it on the server side with the required hashed password. I know how to write the crypto algorithm... I just don't know the best way to integrate it into wicket. However, I saw some interface on Wicket (like ICrypt) and guessed there is a way to use it well... Thank you for your interest ;) -- View this message in context: http://www.nabble.com/How-to-secure-passwords--tf4936916.html#a14132134 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: wicketAjaxGet is not defined.. javascript error
Just a quick update. I followed Matej's advice & tried this after an upgrade to wicket 1.3 It works for me now!! Thanks a lot for your assistance Matej narend wrote: > > Thanks Matej! > I think I will try upgrading to 1.3 & will let you all you know if that > solved it. > On a related note.. I found a post with the same problem as mine. I > hard-coded the ajax script in the header like the post suggested and it > solved the issue. But hard-coding is not a real long-term solution for me > though. > http://www.mail-archive.com/[EMAIL PROTECTED]/msg30896.html > > > Matej Knopp-2 wrote: >> >> Looks like a bug in 1.2.6. Can you upgrade to 1.3? >> >> -Matej >> >> On Nov 28, 2007 9:29 PM, narend <[EMAIL PROTECTED]> wrote: >>> >>> Hi folks >>> I use AjaxSubmitLink & AutoCompleteTextField on my wicket page. The >>> AjaxSubmitLink works fine when I first access the page, but when I >>> navigate >>> away from the page and try the AjaxSubmitLink again, I get a javascript >>> error. When I refresh the page, the AjaxSubmitLink works fine again. >>> >>> Javascript error : "wicketAjaxGet is not defined" >>> >>> I took a look at the page source when I receive the error. The ajax >>> javascript (see below) are missing in the header when I get the error. >>> When >>> I refresh the page, the ajax javascript is back in the header. >>> >>> JavaScript snippet from the header of page: >>> >> src="/resources/wicket.ajax.AbstractDefaultAjaxBehavior/wicket-ajax.js"> >>> >> src="/resources/wicket.ajax.AbstractDefaultAjaxBehavior/wicket-ajax-debug-drag.js"> >>> >> src="/resources/wicket.ajax.AbstractDefaultAjaxBehavior/wicket-ajax-debug.js"> >>> >>> Is this a bug in wicket 1.2.6? Or is anyone familiar with a fix to >>> this? >>> I did a search in the forums but I did not find a solution to this >>> problem >>> >>> fyi... I inject the CSS for the page using HeaderContributor >>> Let me know if you need more information while I take a crack at this >>> issue >>> in the meantime >>> -- >>> View this message in context: >>> http://www.nabble.com/wicketAjaxGet-is-not-defined..-javascript-error-tf4891958.html#a14008494 >>> Sent from the Wicket - User mailing list archive at Nabble.com. >>> >>> >>> - >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> > > -- View this message in context: http://www.nabble.com/wicketAjaxGet-is-not-defined..-javascript-error-tf4891958.html#a14132131 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Lightbox javascript
Newgro schrieb: Hi Per i tried to use your "mini". But i couldn't get it to work. Caused by: java.lang.IllegalArgumentException: resource /js/lightbox_baseUrl.js not found for scope class org.codesmell.wicket.lightbox.LightBox2Panel (path = /js/lightbox_baseUrl.js) that is weird. all i do there is add(TextTemplateHeaderContributor.forJavaScript(this.getClass(), "/js/lightbox_baseUrl.js", someVariableModel)); and it works for me and some other guys. this is very interesting to me. is there any way i could reprodue the error to track it down? could you provide more detail about container, (maybe classloading settings)? i assume, you use wicket 1.3-rc1? feel free to contact me in private if more appropriate. cu uwe - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to secure passwords?
Korbinian Bachl wrote: This is nothing about wicket - its about base security. MD5 is a hash-algorithm (see: http://en.wikipedia.org/wiki/Md5) which is no more secure (flaw found 1996) as there are tables to reverse given md5 (from 2003 on) to a valid input As far as I can remember, they can generate two different documents with the same MD5 hash. However, they *CAN NOT* generate a collision for an arbitrary hash. Furthermore, doing this in a limited size string (like a password) adds another complication. Furthermore, there is generally no way to know what MD5 hash a user has, so even if there was an attack which could generate a string with the chosen MD5 hash, you still could not hack a user's account because you wouldn't know which MD5 hash you want your string to have. Nope, MD5 password hashes are still perfectly fine. I've a little question with wicket: I would like to hash my users' passwords (with md5) to make them unreadable for a human. And I also would like to hash them before sending them through the network (to avoid the biggest part of security issues). Is there a way to achieve this? Thank you ;) Hashing the password client side is actually UNSAFE. This means the hash goes over the network, and somebody else can just send the same hash to the server to log in without ever knowing the user's password. What you need is either: 1) SSL (https) to encrypt the traffic to the server (in which case there is no need to hash passwords client side), or 2) Use a challenge response algorithm (like CRAM-MD5). Since 1) is already built into the browser and 2) is a pain and requires somebody to implement it in JavaScript, I strongly suggest you use 1). Futhermore, trying to think of your own security algorithms, or implement known security algorithms yourself (e.g., in JavaScript) instead of using a library is very dangerous unless you are a security expert. Regards, Sebastiaan smime.p7s Description: S/MIME Cryptographic Signature
Re: How to secure passwords?
This is nothing about wicket - its about base security. MD5 is a hash-algorithm (see: http://en.wikipedia.org/wiki/Md5) which is no more secure (flaw found 1996) as there are tables to reverse given md5 (from 2003 on) to a valid input if you need security youre best with SHA at the moment, that has a greater length than the 128 Bit of MD5 and therefore more non-collision space - have a look here: http://en.wikipedia.org/wiki/SHA_hash_functions the implementation is available in java itself have a look at these examples here: http://mindprod.com/jgloss/sha1.html http://o9y.net/archives/2005/11/30/java-string-to-md5-hash/ Best, Korbinian Pills schrieb: Hello, I've a little question with wicket: I would like to hash my users' passwords (with md5) to make them unreadable for a human. And I also would like to hash them before sending them through the network (to avoid the biggest part of security issues). Is there a way to achieve this? Thank you ;) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to secure passwords?
Pills, I don't really thing this has anything to do w/ Wicket... Do a Google search for java password hash. A quick search found this: http://www.devarticles.com/c/a/Java/Password-Encryption-Rationale-and-Java-Example/ J On Dec 3, 2007 9:40 AM, Pills <[EMAIL PROTECTED]> wrote: > > Hello, > > I've a little question with wicket: I would like to hash my users' > passwords > (with md5) to make them unreadable for a human. And I also would like to > hash them before sending them through the network (to avoid the biggest > part > of security issues). > > Is there a way to achieve this? > > Thank you ;) > -- > View this message in context: > http://www.nabble.com/How-to-secure-passwords--tf4936916.html#a14131090 > Sent from the Wicket - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: Wicket 1.3 rc1 Relative URLs not working properly
The /1 is the web app context. Change it to ../ breaks it on the pages that were working before. One thing I noticed is that if I deploy this to a server which has mod_proxy set up to hide the /1 it seems to work fine. j On Dec 3, 2007 4:10 AM, Johan Compagner <[EMAIL PROTECTED]> wrote: > and /1/ is your servlyet path? > what happens if you put "../css/style.css" in your markup? > > Because from the normal page that is the css you want i guess? > > johan > > > > On Dec 2, 2007 11:08 PM, Jeremy Levy <[EMAIL PROTECTED]> wrote: > > > I just upgraded to Wicket 1.3, it was remarkably smooth. It took about > 6 > > hours overall. Every single thing was explained very well in the > > migration > > guide and the things i was looking forward to in 1.3 are working > > perfectly. > > > > The only issue I am having is if I have a page this is not mounted as a > > bookmarkable page the relative paths for my stylesheet and other > resources > > are written out incorrect. Below are examples for the same page if I > > mount > > the page versus not. > > > > > > *Bookmarked Page URL (works):* > > http://localhost/1/gettingstarted > > > > > > > > > > *Nonbookmarked Page URL (doesn't work): > > * > > > > > http://localhost/1/?x=5uwbo6kafiblurBY3bq1UEFwOyXneRheYz2FfwYwMiQAxP5GPHI1HfUHBUhydOCe > > > > > > > > > > *As it's written in my base page html:* > > > > > > Is this something I missed in the migration, or a left over, bug maybe? > > > > Jeremy > > >
Wicket Modal Window
I have displayed a Wicket modal window(pop-up). it contains one text box with button. I have done date validation, if i give wrong date in text box, I have set the message in label. But label have not displayed. Please explain... -- View this message in context: http://www.nabble.com/Wicket-Modal-Window-tf4937030.html#a14131480 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to secure passwords?
Hello, I've a little question with wicket: I would like to hash my users' passwords (with md5) to make them unreadable for a human. And I also would like to hash them before sending them through the network (to avoid the biggest part of security issues). Is there a way to achieve this? Thank you ;) -- View this message in context: http://www.nabble.com/How-to-secure-passwords--tf4936916.html#a14131090 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: MarkupId() problem for data view in wicket...
when you're updating a listview (or dataview) by means of ajax, you have to replace the container that contains the view - the view itself doesn't have a markupid (at least i think so) hope this helps michael wicketshafi wrote: > > > > I am using DATAVIEW , > I also set dataView.setOutMarkupId(true); > > But in wicket ajax debug it is giving the probelm that " Make sure you > called component.setOutputMarkupId(true) on the component whose markup you > are trying to update. " > It is giving when I click on page 2,3 > > can help me to resolve this > > regards > Shafi > > > > > - Michael Sparer http://talk-on-tech.blogspot.com -- View this message in context: http://www.nabble.com/MarkupId%28%29-problem-for-data-view-in-wicket...-tf4936681.html#a14130827 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: cannot render a menubar using menu2 package
Correction. It is not the wicket code that is having a problem...it is the YUI code that does not like the wicket:id tags. All the wicket code (menu2) does is create the html that YUI recognizes. At the browser, there is no wicket stuff going on. As far what the problem is with regards to the wicket:id tags...that is going to be tough to debug. I haven't debugged javascript code before and not sure what "good" debugger there is to do this. However, I will take a look to see if anyone else in the YUI community has had problems. Did you get the wicketstuff examples to work? I checked in the application class with the appropriate setting change. That should work for you and serve as a working example. - Doug -- View this message in context: http://www.nabble.com/wicket-success-stories-tf4877640.html#a14130319 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
MarkupId() problem for data view in wicket...
I am using DATAVIEW , I also set dataView.setOutMarkupId(true); But in wicket ajax debug it is giving the probelm that " Make sure you called component.setOutputMarkupId(true) on the component whose markup you are trying to update. " It is giving when I click on page 2,3 can help me to resolve this regards Shafi -- View this message in context: http://www.nabble.com/MarkupId%28%29-problem-for-data-view-in-wicket...-tf4936681.html#a14130314 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to change years in YUI datepicker ?
it works, indeed thanks On Dec 3, 2007 10:32 AM, Maris Orbidans <[EMAIL PROTECTED]> wrote: Hi I need a calendar that allows to change years quickly. I have an input field where user should enter his birth date. But YUI calendar has buttons to change month only. We can't ask our users to click on those buttons hundred times to move calendar to their birth date. Is there any way to configure YUI calendar to have buttons that changes year ? override DatePicker#enableMonthYearSelection and return true: class MyDatePicker extends DatePicker { protected boolean enableMonthYearSelection() { return true; } } hth, Gerolf And if not what should I do ? It seems that other calendar (from extensions) is a lot better than this YUI crap but it has been removed in 1.3. Maris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Thx everybody that attended the user group meeting in The Netherlands
> > > > I put our presentation on slideshare: > > http://www.slideshare.net/nielsvk/wicket-plugin-architecture > > Can the other speakers upload their slides too please? will do > > > Niels > > P.S. Are the IRC logs available online? http://wicketstuff.org/teatime/log/2007-11-30/ johan
Re: Thx everybody that attended the user group meeting in The Netherlands
On Dec 3, 2007 2:02 PM, Niels van Kampenhout <[EMAIL PROTECTED]> wrote: > P.S. Are the IRC logs available online? > http://wicketstuff.org/teatime/log/2007-11-30/ Frank
Re: Lightbox javascript
Hi Uwe, i tried to use your "mini". But i couldn't get it to work. I added the org.codesmell.wicket.lightbox-1.0.5.jar to the libs in web-inf content. But if i try it this way i get the exception. List list = new LinkedList(); list.add(new LightBoxImage("Index-Dateien/error.gif","Index-Dateien/error.gif")); add(new LightBox2Panel("url", list)); Thanks for your help Per 14:17:28,946 INFO [STDOUT] 14:17:28,946 ERROR [RequestCycle] Method onLinkClicked of interface org.apache.wicket.markup.html.link.ILinkListener targe ted at component [MarkupContainer [Component id = Custom German, page = de.myown.iowa.frontend.wicket.base.Index, path = 0:Custom German.PageLink, isVis ible = true, isVersioned = true]] threw an exception org.apache.wicket.WicketRuntimeException: Method onLinkClicked of interface org.apache.wicket.markup.html.link.ILinkListener targeted at component [Ma rkupContainer [Component id = Custom German, page = de.myown.iowa.frontend.wicket.base.Index, path = 0:Custom German.PageLink, isVisible = true, isVersi oned = true]] threw an exception at org.apache.wicket.RequestListenerInterface.invoke(RequestListenerInterface.java:194) at org.apache.wicket.request.target.component.listener.ListenerInterfaceRequestTarget.processEvents(ListenerInterfaceRequestTarget.java:73) at org.apache.wicket.request.AbstractRequestCycleProcessor.processEvents(AbstractRequestCycleProcessor.java:90) at org.apache.wicket.RequestCycle.processEventsAndRespond(RequestCycle.java:1094) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1169) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1248) at org.apache.wicket.RequestCycle.request(RequestCycle.java:489) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:343) at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:193) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) at java.lang.Thread.run(Thread.java:619) Caused by: java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.wicket.RequestListenerInterface.invoke(RequestListenerInterface.java:183) ... 26 more Caused by: java.lang.IllegalArgumentException: resource /js/lightbox_baseUrl.js not found for scope class org.codesmell.wicket.lightbox.LightBox2Panel (path = /js/lightbox_baseUrl.js) at org.apache.wicket.util.template.PackagedTextTemplate.(PackagedTextTemplate.java:161) at org.apache.wicket.util.template.PackagedTextTemplate.(PackagedTextTemplate.java:130) at org.apache.wicket.util.template.PackagedTextTemplate.(PackagedTextTemplate.java:114) at org.apache.wicket.util.template.TextTemplateHeaderContributor.forJavaScript(TextTemplateHeaderContributor.java:173) at org.codesmell.wicket.lightbox.LightBox2Panel.addHeaderContributions(LightBox2Panel.java:117) at org.codesmell.wicket.lightbox.LightBox2Panel.(LightBox2Panel.java:71) at org.codesmell.wicket.lightbox.LightBox2Panel.(LightBox2Panel.java:53) at de.myown.iowa.frontend.wicke
Re: Thx everybody that attended the user group meeting in The Netherlands
Roy van Rijn wrote: Somebody answer this question please, I would love to see the Hippo presentation again :-) It was the best presentation I've seen in years, I learned something and had a good laugh with all the Lego and Hippo pictures. (see the IRC logs). Thanks! :-) But its a good question, where can we find the slides? I put our presentation on slideshare: http://www.slideshare.net/nielsvk/wicket-plugin-architecture Can the other speakers upload their slides too please? Niels P.S. Are the IRC logs available online? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Pagination Probelm with date_Sub(): MYSQL +HIberante
Not really a Wicket question... but as long as we answer :) You can just use Date objects in Hibernate: Criteria criteria = session.createCriteria(Sale.class); if (startDate != null) { criteria.add(Expression.ge("date",startDate); } List results = criteria.list(); And in HQL you can do: Map parameters = new HashMap(); StringBuffer queryBuf = new StringBuffer("from Sale s "); boolean firstClause = true; if (startDate != null) { queryBuf.append(firstClause ? " where " : " and "); queryBuf.append("s.date >= :startDate"); parameters.put("startDate",startDate); firstClause = false; } (examples from: http://www.javalobby.org/articles/hibernatequery102/) Roy On 12/3/07, wicketshafi <[EMAIL PROTECTED]> wrote: > > > I am using wicket ,hibernate ... > > Use Case: getting all the records which are created within 30 days > > DATE_SUB(CURDATE(),INTERVAL 30 DAY) is giving error in hibernate > can any body help me to solve this issue > > if you know hibernate date functions regarding this issue.. > could you let me know once... > > regards > Shafi > > > > > -- > View this message in context: > http://www.nabble.com/Pagination-Probelm-with-date_Sub%28%29%3A-MYSQL-%2BHIberante-tf4936098.html#a14128684 > Sent from the Wicket - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Link to dynamic pdf (jasperreports)
Hi *, i've read the threads for jasperreports-theme. But i don't get a glow for my task. I display a button at the end of a checkout process. This button represents a "Get as pdf". So it should be clicked and then the report should be generated. If generation succeeded zhe report should be managed with the "download" dialog. I do it this way until now, but my report is empty. Report located at /reports/report.jasper <--- compiled template public class ConclusionPanel extends Panel { public ConclusionPanel(String pId, IModel pModel) { super(pId, pModel); Label thx = new Label("thx", new ResourceModel("label.thx")); add(thx); ServletContext context = ((WebApplication) getApplication()).getServletContext(); final File reportFile = new File(context.getRealPath("/reports/report.jasper")); final JRResource pdfResource = new JRPdfResource(reportFile); Link pdf = new ResourceLink("pdf", pdfResource) { /** * @see org.apache.wicket.markup.html.link.ResourceLink#onClick() */ public void onClick() { super.onClick(); pdfResourceReference.setReportParameters(getParamsForCurrentReportDynamically()); }; pdf.add(new Label("pdfLabel", new ResourceModel("label.pdf"))); add(pdf); } } What am i missing? Thanks Per -- View this message in context: http://www.nabble.com/Link-to-dynamic-pdf-%28jasperreports%29-tf4936362.html#a14129410 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Wicket Trees - presentation/diagram
Hi, the diagram looks ok, however it covers a lot of internal tree state, which is something the users shouldn't be botherered with. Are you sure you want to go into such details? -Matej On Dec 2, 2007 9:39 PM, jweekend <[EMAIL PROTECTED]> wrote: > > I'm preparing a presentation on Trees in Wicket (core) for the > http://jweekend.com/dev/LWUGReg/ London Wicket Users Group event on > Wednesday. > Could someone (Matej maybe ;-) take a quick look over > http://jweekend.com/presentation/WicketCoreTrees.png this high level UML > class diagram (~1024x768) I have started putting together to explain the > inner-workings/key-concepts to go along with the demo-code/slides on how to > use these components? > Also let me know if you feel this sort of thing is helpful for people > learning Wicket. > Regards - Cemal > http://jWeekend.co.uk http://jWeekend.co.uk > -- > View this message in context: > http://www.nabble.com/Wicket-Trees---presentation-diagram-tf4933100.html#a14119659 > Sent from the Wicket - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Pagination Probelm with date_Sub(): MYSQL +HIberante
I am using wicket ,hibernate ... Use Case: getting all the records which are created within 30 days DATE_SUB(CURDATE(),INTERVAL 30 DAY) is giving error in hibernate can any body help me to solve this issue if you know hibernate date functions regarding this issue.. could you let me know once... regards Shafi -- View this message in context: http://www.nabble.com/Pagination-Probelm-with-date_Sub%28%29%3A-MYSQL-%2BHIberante-tf4936098.html#a14128684 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Thx everybody that attended the user group meeting in The Netherlands
Niels van Kampenhout schrieb: Do we have a place to upload slides to, e.g. slideshare? oh please! i´d love to see what i´ve missed. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Thx everybody that attended the user group meeting in The Netherlands
Somebody answer this question please, I would love to see the Hippo presentation again :-) It was the best presentation I've seen in years, I learned something and had a good laugh with all the Lego and Hippo pictures. (see the IRC logs). But its a good question, where can we find the slides? On 12/3/07, Niels van Kampenhout <[EMAIL PROTECTED]> wrote: > Eelco Hillenius wrote: > > Where are the pictures, slides and videos? :-) > > Do we have a place to upload slides to, e.g. slideshare? > > Niels > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: pagination in Wicket...
This also works pretty well using Hibernate: Criteria c = session.createCriteria(...); c.setFirstResult(start); c.setMaxResults(length); But beware with using this. Hibernate has Java-Filters for some cases. ResultTransformers can't be used in combination with paging. The query will select the amount you need but the transformers could remove results from that list. We've noticed that if you automaticly join tables using the HBM file (fetch) then Hibernate will remove results too. This is very annoying. For example: Table 1: key - t2key - value 1 1 First entry 2 1 Second entry 3 2 Blabla 4 3 More bla.. Table 2: key - value 1 Some value 2 Some other value 3 Some third value If you fetch-join table 1 when you query table 2 and try to collect the first 3 results hibernate will generate the following SQL: select * from table2 t2 left join table1 t1 on t2.t2key = t2.key limit 0,2; What will be retrieved: 1 Some value 1 1 First entry 1 Some value 2 1 Second entry 2 Some other value 3 2 Blabla Because the first (queried) table has duplicate entries Hibernate will create the following objects: table1 object: "1, Some value" with List {"1,1,First entry", "2,1,Second entry"} and table1 object: "2, Some other value" with List {"3,2,Bla bla"} Just two results... paging messed up :( This is my experience with paging and ORM mappers, you have to be very carefull hehe. If somebody here knows a solution to this problem, please let me know! Roy On 12/3/07, Uwe Schäfer <[EMAIL PROTECTED]> wrote: > wicketshafi schrieb: > > > how do I query the start and count in mysql > > The LIMIT clause can be used to constrain the number of rows returned > by the SELECT statement. LIMIT takes one or two numeric arguments, > which must both be non-negative integer constants (except when using > prepared statements). > > With two arguments, the first argument specifies the offset of the first > row to return, and the second specifies the maximum number of rows to > return. The offset of the initial row is 0 (not 1): > > SELECT * FROM tbl LIMIT 5,10; # Retrieve rows 6-15 > > see http://dev.mysql.com/doc/refman/5.0/en/select.html > > -- > > THOMAS DAILY GmbH > Adlerstraße 19 > 79098 Freiburg > Deutschland > T + 49 761 3 85 59 0 > F + 49 761 3 85 59 550 > E [EMAIL PROTECTED] > www.thomas-daily.de > > Geschäftsführer/Managing Directors: > Wendy Thomas, Susanne Larbig > Handelsregister Freiburg i.Br., HRB 3947 > > Registrieren Sie sich unter http://morningnews.thomas-daily.de für die > kostenfreien TD Morning News, eine Auswahl aktueller Themen des Tages > morgens um 9:00 in Ihrer Mailbox. > > Hinweis: Der Redaktionsschluss für unsere TD Morning News ist täglich um > 8:30 Uhr. Es werden vorrangig Informationen berücksichtigt, die nach > 16:00 Uhr des Vortages eingegangen sind. Die Email-Adresse unserer > Redaktion lautet [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
PagingNavigationIncrementLink special behaviour
Hi there. I implemented a AjaxFallbackDefaultDataTable which has a custom AjaxNavigationToolbar with a custom AjaxPagingNavigator. In this AjaxPagingNavigator I want that when the user clicks on ">" (which is always enabled), more data from a service is loaded: @Override public void onClick(AjaxRequestTarget target) { // ">" was clicked and no more pages available -> load more data if (increment==1 && isLast()) { getDataProvider().update(); pageable.setCurrentPage(getPageNumber()); // pageable.setCurrentPage(getPageNumber()+1); // would throw IndexOutOfBoundsException } else { super.onClick(target); } } So, this works perfectly, but the page is not changed to the new one, because of PagingNavigationIncrementLink.getPageNumber() which is final: int idx = pageable.getCurrentPage() + increment; // make sure the index lies between 0 and the last page return Math.max(0, Math.min(pageable.getPageCount() - 1, idx)); It refers on pageable.getPageCount(), which has at this time still the old amount of pages. Any idea how to get around this? Or can PagingNavigationIncrementLink.getPageNumber() be made not-final? Thomas -- View this message in context: http://www.nabble.com/PagingNavigationIncrementLink-special-behaviour-tf4935583.html#a14127228 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: cannot render a menubar using menu2 package
Hi Doug, ok, so the common point is that the code on wicketstuff doesn't work properly, now we should understand why, if it is possible :-) I put the code you suggested into the init() function of my webapplication class, but nothing has changed, because in the rendered html I continue to have the reference to YAHOO.widget.MenuBar But for you is the same? Because I didn't yet understood if the widget is mandatory or not to correctly render the page. About this point, I copied the renderered html to another file, and I made some attempts leaving and removing the script including the YAHOO.widget.MenuBar, and nothing has changed in the rendering, the only difference is that the javascript error is not shown, but the menubar is not displayed... I'm curious to know if with your previous version the rendered html contained the widget, and in which way it could work, because I'm searching in the svn repository, and, as you said, nothing seems has changed in the code, because the YuiMenuBar contains the reference to menubarinit.vm from the first checkin, and the menubarinit.vm contains the reference to YAHOO.widget.MenuBar from the first checkin, too. I hope we can reach the solution... Rik > Date: Sun, 2 Dec 2007 15:20:30 -0800> From: [EMAIL PROTECTED]> To: > users@wicket.apache.org> Subject: RE: cannot render a menubar using menu2 > package> > > Rik,> > Ok...I see where you are having problems. I updated my > local version of> wicket-contrib-yui and wicketstuff-yui-examples and ran the > example> application. I expected it to work but didn't. I saw on the update > that> some files were changed and checked to see if these changes had any > affect> but they didn't.> > I then made sure the YUI resources were > correct...and they were.> > The final thing I did was to have the example > application strip the wicket> tags since I saw all the wicket tags in the > source.> > getMarkupSettings().setStripWicketTags(true);> > in the init() > function.> > and what do you know it works like a charm. Why this is so...I > don't know. > It worked when I checked everything in Sept and haven't touched > it since.> > In summary...I would make sure you strip the wicket tags in your > application> as noted above. If this still doesn't work for you, I will have > to> investigate so more.> > Hope this helps.> > - Doug> -- > View this > message in context: > http://www.nabble.com/wicket-success-stories-tf4877640.html#a14121442> Sent > from the Wicket - User mailing list archive at Nabble.com.> > > > -> To > unsubscribe, e-mail: [EMAIL PROTECTED]> For additional commands, e-mail: > [EMAIL PROTECTED]> _ Scarica GRATIS 30 emoticon per Messenger! http://www.emoticons-livemessenger.com/pages/msnit/index.htm
Re: Thx everybody that attended the user group meeting in The Netherlands
Eelco Hillenius wrote: Where are the pictures, slides and videos? :-) Do we have a place to upload slides to, e.g. slideshare? Niels - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Wicket 1.3 rc1 Relative URLs not working properly
and /1/ is your servlyet path? what happens if you put "../css/style.css" in your markup? Because from the normal page that is the css you want i guess? johan On Dec 2, 2007 11:08 PM, Jeremy Levy <[EMAIL PROTECTED]> wrote: > I just upgraded to Wicket 1.3, it was remarkably smooth. It took about 6 > hours overall. Every single thing was explained very well in the > migration > guide and the things i was looking forward to in 1.3 are working > perfectly. > > The only issue I am having is if I have a page this is not mounted as a > bookmarkable page the relative paths for my stylesheet and other resources > are written out incorrect. Below are examples for the same page if I > mount > the page versus not. > > > *Bookmarked Page URL (works):* > http://localhost/1/gettingstarted > > > > > *Nonbookmarked Page URL (doesn't work): > * > > http://localhost/1/?x=5uwbo6kafiblurBY3bq1UEFwOyXneRheYz2FfwYwMiQAxP5GPHI1HfUHBUhydOCe > > > > > *As it's written in my base page html:* > > > Is this something I missed in the migration, or a left over, bug maybe? > > Jeremy >
yui calendar in IFRAME on IE7
Hi *, i use the yui calendar on a page / panel. This behaves like expected on localhost (every browser). If i add the page to an IFRAME so that the application is running on a different machine, clicking the calendar icon is doing nothing. It's working with firefox but not with the IE7. The icon will be displayed and the cursor becomes a hand while onmouseover. But clicking is not presenting the calendar. Can i solve this issue? Cheers Per -- View this message in context: http://www.nabble.com/yui-calendar-in-IFRAME-on-IE7-tf4935092.html#a14125851 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: pagination in Wicket...
wicketshafi schrieb: how do I query the start and count in mysql The LIMIT clause can be used to constrain the number of rows returned by the SELECT statement. LIMIT takes one or two numeric arguments, which must both be non-negative integer constants (except when using prepared statements). With two arguments, the first argument specifies the offset of the first row to return, and the second specifies the maximum number of rows to return. The offset of the initial row is 0 (not 1): SELECT * FROM tbl LIMIT 5,10; # Retrieve rows 6-15 see http://dev.mysql.com/doc/refman/5.0/en/select.html -- THOMAS DAILY GmbH Adlerstraße 19 79098 Freiburg Deutschland T + 49 761 3 85 59 0 F + 49 761 3 85 59 550 E [EMAIL PROTECTED] www.thomas-daily.de Geschäftsführer/Managing Directors: Wendy Thomas, Susanne Larbig Handelsregister Freiburg i.Br., HRB 3947 Registrieren Sie sich unter http://morningnews.thomas-daily.de für die kostenfreien TD Morning News, eine Auswahl aktueller Themen des Tages morgens um 9:00 in Ihrer Mailbox. Hinweis: Der Redaktionsschluss für unsere TD Morning News ist täglich um 8:30 Uhr. Es werden vorrangig Informationen berücksichtigt, die nach 16:00 Uhr des Vortages eingegangen sind. Die Email-Adresse unserer Redaktion lautet [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: serious change for ajax related unit tests
i ran a coverage analysis with EclEmma [0] (recommended by Al Maw for the occasional check [1]), and posted the results to my p.a.o site [2]. i don't know about the reliability of the results, but if this is anywhere near correct, everybody knows in what areas wicket lacks unit tests -> patches welcome ;) Cheers, Gerolf [0] http://www.eclemma.org [1] http://herebebeasties.com/2007-06-20/eclemma-code-coverage-made-easy/ [2] http://people.apache.org/~gseitz/wicket-coverage/ On Dec 3, 2007 2:11 AM, Ryan Sonnek <[EMAIL PROTECTED]> wrote: > Just curious if anyone has run clover or cobertura maven reports > against the codebase to see what kind of unit test coverage their > currently is. I have *no* doubt that wicket's unit test coverage is > *extremely* high compared to other web frameworks, but it might be > good to see if there are any important gaps (like this) that need > coverage. > > From a community perspective, I know I would be comfortable > contributing unit tests to help out. > > On Dec 2, 2007 6:24 PM, Gerolf Seitz <[EMAIL PROTECTED]> wrote: > > hi all, > > > > there has been an issue, that ajax related unit tests didn't test with > an > > ajax request, > > but rather with a normal request[0]. > > as a consequence, the generated markup inside the ajax response was > actually > > the markup for normal requests > > (eg. included wicket tags and wicket attributes, which is not the case > for > > "real" ajax responses). > > > > the effect of this change is, that your ajax related unit tests will > > probably fail with the current trunk. > > i expect that most failed tests can be fixed by correcting the expected > ajax > > result. > > > > it's rather unfortunate that this happens so close to the 1.3.0 final > > release, but then again it's fortunate > > that we caught it before the release at all ;) > > > > as usual, if there are any questions left unanswered, don't hesitate to > > ask/complain/investigate/... > > > > Regards, > > Gerolf > > > > [0] https://issues.apache.org/jira/browse/WICKET-1199 > > >
Re: maven repository for wicketstuff
No comment on the gmap2 but for the jmx you could try adding true to the repository, since the wicket stuff repo is mainly a snapshot repository. Maurice On Dec 3, 2007 5:29 AM, Ryan McKinley <[EMAIL PROTECTED]> wrote: > Hello- > > I am stumbling through learning wicket and am hitting some things I > don't grock about maven. > > I want to run the gmap2 example. When I check it out and then run: > $ mvn jetty:run (or mvn install) > > I get an error that says "Missing: > org.wicketstuff:wicket-contrib-gmap2:jar:1.3.0-SNAPSHOT" > > How do I fix that? > > Also, I want to try the wicketstuff-jmx-panel component. How do I add > that to the quickstart app? I tried adding: > > > > org.wicketstuff > wicketstuff-jmx-panel > ${wicket.version} > > > and > > > >wicket-stuff-repository >Wicket-Stuff Repository >http://www.wicketstuff.org/maven/repository/ > > > > to pom.xml, but that does not seem to work. Do I have the repository wrong? > > thanks > ryan > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to get siders with wicket
There are actually several ways to do it. Pro's and con's for all of them. But here is a very simple one. Create a base Page with 2 abstract methods returning a Panel. something like getLeftSideBar and getRightSideBar with html to match. Then have all your pages extend this page and implement those 2 methods. Maurice On Dec 3, 2007 5:18 AM, ddduuu <[EMAIL PROTECTED]> wrote: > > Hi, all, > I know we can use wicket to do page layout for header, content and footer, > now I want to add left sider and right sider, so I can put some menu links > on each sider, does anyone know how to do that? > > Thanks, I am a wicket newbie, just trying to learn it. > > ddd > -- > View this message in context: > http://www.nabble.com/How-to-get-siders-with-wicket-tf4934288.html#a14123679 > Sent from the Wicket - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Using another webapp's authentication
Just my thoughts on the subject. You could use swarm in combination with acegi and because of the way acegi works you can reuse the user credentials in your wicket app. couple of things you need to do, that i can think of: 1 copy acegi config to the wicket app 2 inside your wicket app translate acegi credentials to principals 3 check for credentials with acegi before redirecting to the login page. For the rest you can follow standard swarm practices It would be possible to not let the wicket app have a login page and thus forcing the use of jsp app but it would be easier if the wicket app had its own login page. And because the user credentials would be shared through acegi there would not be any difference in a user logging in through wicket or through jsp. More info: http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security http://wicketstuff.org/confluence/display/STUFFWIKI/Swarm+and+Acegi+HowTo Maurice On Dec 2, 2007 7:50 PM, suranjay <[EMAIL PROTECTED]> wrote: > > Hi! > > I'm new to web-security and this is my question. I have a webapp (jsp) which > uses Acegi for user login authentication. Once a user has logged in, on the > first page he sees, there is a static link that points to a Wicket webapp, > deployed in the same servlet container(jboss). Is there a way in which I can > use the other webapp's authentication to make sure that access to the wicket > webapp is secured? i.e. allow access to the wicket webapp only though that > link? Can I do something like checking for a value on the session? Would I > need to add the custom session classes etc used by the other webapp to the > wicket webapp? > > Any help would be greatly appreciated. > Thanks. > -- > View this message in context: > http://www.nabble.com/Using-another-webapp%27s-authentication-tf4932724.html#a14118561 > Sent from the Wicket - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Resource locale problem
Can you make a jira issue with possible an unit test or quickstart On 12/3/07, John Patterson <[EMAIL PROTECTED]> wrote: > I have upgraded to the latest trunk and the problem still exists > > On 30 Nov 2007, at 01:40, Johan Compagner wrote: > > > What kind of resource is that? > > > > I have simply used a tag in the and wicket is creating > the resource. I can see that it is a PackageResource. > > > Normally package resources reference default to the locale for which > > the resource is really loaded. > > > > The Locale being passed to the LocaleResourceNameIterator is null and > that causes no locale variations to be looked for. > > > > Also if the is somehow a locale appended that isnt there then that > > shouldnt matter because the resource should fallback. > > > > This does not happen when the locale is null > > > So can you give us a little more sample code that you use? > > > > There is no Java code - just the normal html link tag. > > The first time a page is requested that includes the CSS file the > link has NO locale appended > > e.g resources/styles.css > > The next time the page is requested a local is appended > > e.g resources/styles_en_US.css > > But resources/styles_en_GB.css is not found > > If I request the resource before a page is requested then resources/ > styles_en_US.css is not found. > > > Cheers, > > John > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
pagination in Wicket...
I'm using pagination , i want to get records from the next page... how do I query the start and count in mysql can any one help me ... regards Shafi -- View this message in context: http://www.nabble.com/pagination-in-Wicket...-tf4934874.html#a14125319 Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]