DropDownChoice and Object/Property
Hey all, Is there a way to have a DropDownChoice use a complex object (think ORM class) as it’s list, but get/set the Model’s value as the ID instead of the complex object? So for: new DropDownChoice<>(“shipMethod”, new PropertyModel<>(OrderPage.this .getOrderController().order().shippingHeader(), “shipMethod"), new ListModel<>(shipMethods), new ChoiceRenderer<>("description", "id")) It puts in the ORM object’s toString into the “shipMethod” column and I want it to put in the value for “id” from the renderer. Additionally, I want it to get it’s initial value from the “id” value instead and convert it to the ORM object (from shipMethods list). Hopefully this makes sense. :P -Lon (Wicket Newb, WebObjects Refugee)
Wicket 6.15 - Component not getting refreshed
Hi, We recently upgraded from wicket 1.3 to wicket 6.15. However, it was a step by step upgrade for each major version. On one of the pages in the application we have a set of radio buttons. We have AJAX behavior on those radio buttons. On click of the "Yes" options, some follow up questions get shown which are text fields. On click of the "No" options the follow up question fields get hidden. Both of these AJAX calls work fine in the normal scenario. However, when there are any error messages in the feedback panel (e.g. when some required field validation failed) the components are not getting refreshed (i.e. the follow up questions are not getting hidden on click of the "No" options). I have kept exactly the same code in both the onSubmit(AjaxRequestTarget target) and onError(final AjaxRequestTarget target) methods. The onError method does get called in the scenario where I am having issues but the component is somehow not refreshed. Following is what I have written - radiochoice.add(new AjaxFormSubmitBehavior(form, "onClick") { protected void onSubmit(AjaxRequestTarget target) { final Component questionComp = radiochoice.findParent(QuestionGroupPanel.class); target.add(questionComp); } @Override protected void onError(final AjaxRequestTarget target){ super.onError(target); final Component questionComp = radiochoice.findParent(QuestionGroupPanel.class); target.add(questionComp); } In Wicket 1.3 the code was working fine even without the onError method. Kinda clueless as to what might be happening. Any help would be much appreciated. Thanks! -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Wicket-6-15-Component-not-getting-refreshed-tp4674552.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Restrict wicket/bookmarkable
For now I just removed BookmarkableMapper. Everything works. But it seems to me that some cases might go wrong... And as side effect: hrefs just empty to pages without mounts. Probably I would expect some other behavior if url can't be resolved for a page. Thanks, Ilia On May 4, 2016 6:54 AM, "Martin Grigorov"wrote: > On Wed, May 4, 2016 at 3:27 PM, Sven Meier wrote: > > > Hi, > > > > well, it seems I wasn't completely out of my mind when I pushed for > > WICKET-5094: > > - I've checked 1.4 and the logic of #enforceMounts was exactly like it is > > now > > - the javadoc for #setEnforceMounts() matches the current behavior: > > > > "Sets whether mounts should be enforced. If true, requests for mounted > > targets have to done through the mounted paths. If, for instance, a > > bookmarkable page is mounted to a path, a request to that same page via > the > > bookmarkablePage parameter will be denied." > > > > For those trying to prevent any requests to non-mounted pages: Couldn't > > you just remove the BookmarkableMapper? > > > > ICompoundRequestMapper mappers = > getRootRequestMapperAsCompound(); > > mappers.forEach((mapper) -> {if (mapper instanceof > > BookmarkableMapper) mappers.remove(mapper); }); > > > > Personally I wouldn't mind to change/remove/rename this setting for > Wicket > > 8.x, so it is more useful. > > > > +1 to change the behavior to what it was after WICKET-3849 and before > WICKET-5094 > > > > > > Have fun > > Sven > > > > > > > > On 04.05.2016 08:23, Martin Grigorov wrote: > > > >> Hi, > >> > >> I also think the current behavior is not correct. See my question at > >> http://markmail.org/message/xmo74m3tbc5v4nwp. > >> I read the name of the method "enforceMounts" as "do not allow urls to > >> page > >> which are not explicitly mounted". I believe also this is the reason > this > >> method is in SecuritySettings, and not in PageSettings. > >> And its javadoc also says the same. That's why I've -reintroduced this > >> behavior with https://issues.apache.org/jira/browse/WICKET-3849. > >> > >> According to Sven the behavior in Wicket 1.4.x was different and he > >> changed > >> it with https://issues.apache.org/jira/browse/WICKET-5094. > >> IMO Wicket 1.4.x must had a bug but there is no one to confirm :-/ > >> > >> Martin Grigorov > >> Wicket Training and Consulting > >> https://twitter.com/mtgrigorov > >> > >> On Wed, May 4, 2016 at 7:57 AM, Илья Нарыжный wrote: > >> > >> Martin, > >>> > >>> Checked this issue: https://issues.apache.org/jira/browse/WICKET-5094 > >>> Absolutely disagree with discussed behavior. It's meaningless to > >>> prevent accessing /wicket/bookmarkable/ only if there is mount > >>> point for that page. > >>> Please help to find consensus. In mine case it's real security hole. > >>> > >>> Thanks, > >>> > >>> Ilia > >>> > >>> 2016-05-03 22:50 GMT-07:00 Илья Нарыжный : > >>> > Martin, > > Just checked: it doesn't work as expected. It seems that this code > doesn't work as it was assumed: > > BookmarkableMapper.java > if (application.getSecuritySettings().getEnforceMounts()) > { > // we make an exception if the homepage itself was mounted, see > > >>> WICKET-1898 > >>> > if (!pageClass.equals(application.getHomePage())) > { > // WICKET-5094 only enforce mount if page is mounted > if (isPageMounted(pageClass, > application.getRootRequestMapperAsCompound()))// HERE!!! > { > return null; > } > } > } > > Imho condition at line marked by HERE!!! should be opposite. > Please check. > > In my case getSecuritySettings().setEnforceMounts(true); doesn't have > any effect. > > Thanks, > > Ilia > > 2016-05-03 10:59 GMT-07:00 Илья Нарыжный : > > > Thank you Martin! I did know that there should be easier way to do > > that, but could not be able to find it:) > > > > Regards, > > > > Ilia > > > > 2016-05-03 0:06 GMT-07:00 Martin Grigorov : > > > >> Hi, > >> > >> I always thought > >> that org.apache.wicket.settings.SecuritySettings#getEnforceMounts() > is > >> > > for > >>> > this. Also its javadoc seems to say that. > >> But there were some changes to its behavior after which I am no more > >> > > sure > >>> > what exactly it does :-/ > >> > >> Martin Grigorov > >> Wicket Training and Consulting > >> https://twitter.com/mtgrigorov > >> > >> On Tue, May 3, 2016 at 8:53 AM, Илья Нарыжный > wrote: > >> > >> Yea - that's possible. Even instrumentation is possible, but > probably > >>> this problem somehow solved already in wicket. I would briefly > >>> summarize the problem like: > >>> > >>> Wicket allow to directly address bookmarkable pages from
Re: weird "Unable to find component with id"
Guten Tag Ernesto Reinaldo Barreiro, am Mittwoch, 4. Mai 2016 um 12:27 schrieben Sie: > I have tried to reproduce this locally in "development" and "production" > modes with no success. Are there any known issues that can cause this? Any > leads would be appreciated. I often have problems with an error message like yours, not with the strange ids though, during development, if I e.g. change markup and just reload a formerly working page in the browser instead of requesting a new and/or restarting Tomcat. So if your customer is not changing markup, he maybe has customers accessing old versions of pages referencing things in markup which don't exist anymore because of upgrades and such. Mit freundlichen Grüßen, Thorsten Schöning -- Thorsten Schöning E-Mail: thorsten.schoen...@am-soft.de AM-SoFT IT-Systeme http://www.AM-SoFT.de/ Telefon...05151- 9468- 55 Fax...05151- 9468- 88 Mobil..0178-8 9468- 04 AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Restrict wicket/bookmarkable
On Wed, May 4, 2016 at 3:27 PM, Sven Meierwrote: > Hi, > > well, it seems I wasn't completely out of my mind when I pushed for > WICKET-5094: > - I've checked 1.4 and the logic of #enforceMounts was exactly like it is > now > - the javadoc for #setEnforceMounts() matches the current behavior: > > "Sets whether mounts should be enforced. If true, requests for mounted > targets have to done through the mounted paths. If, for instance, a > bookmarkable page is mounted to a path, a request to that same page via the > bookmarkablePage parameter will be denied." > > For those trying to prevent any requests to non-mounted pages: Couldn't > you just remove the BookmarkableMapper? > > ICompoundRequestMapper mappers = getRootRequestMapperAsCompound(); > mappers.forEach((mapper) -> {if (mapper instanceof > BookmarkableMapper) mappers.remove(mapper); }); > > Personally I wouldn't mind to change/remove/rename this setting for Wicket > 8.x, so it is more useful. > +1 to change the behavior to what it was after WICKET-3849 and before WICKET-5094 > > Have fun > Sven > > > > On 04.05.2016 08:23, Martin Grigorov wrote: > >> Hi, >> >> I also think the current behavior is not correct. See my question at >> http://markmail.org/message/xmo74m3tbc5v4nwp. >> I read the name of the method "enforceMounts" as "do not allow urls to >> page >> which are not explicitly mounted". I believe also this is the reason this >> method is in SecuritySettings, and not in PageSettings. >> And its javadoc also says the same. That's why I've -reintroduced this >> behavior with https://issues.apache.org/jira/browse/WICKET-3849. >> >> According to Sven the behavior in Wicket 1.4.x was different and he >> changed >> it with https://issues.apache.org/jira/browse/WICKET-5094. >> IMO Wicket 1.4.x must had a bug but there is no one to confirm :-/ >> >> Martin Grigorov >> Wicket Training and Consulting >> https://twitter.com/mtgrigorov >> >> On Wed, May 4, 2016 at 7:57 AM, Илья Нарыжный wrote: >> >> Martin, >>> >>> Checked this issue: https://issues.apache.org/jira/browse/WICKET-5094 >>> Absolutely disagree with discussed behavior. It's meaningless to >>> prevent accessing /wicket/bookmarkable/ only if there is mount >>> point for that page. >>> Please help to find consensus. In mine case it's real security hole. >>> >>> Thanks, >>> >>> Ilia >>> >>> 2016-05-03 22:50 GMT-07:00 Илья Нарыжный : >>> Martin, Just checked: it doesn't work as expected. It seems that this code doesn't work as it was assumed: BookmarkableMapper.java if (application.getSecuritySettings().getEnforceMounts()) { // we make an exception if the homepage itself was mounted, see >>> WICKET-1898 >>> if (!pageClass.equals(application.getHomePage())) { // WICKET-5094 only enforce mount if page is mounted if (isPageMounted(pageClass, application.getRootRequestMapperAsCompound()))// HERE!!! { return null; } } } Imho condition at line marked by HERE!!! should be opposite. Please check. In my case getSecuritySettings().setEnforceMounts(true); doesn't have any effect. Thanks, Ilia 2016-05-03 10:59 GMT-07:00 Илья Нарыжный : > Thank you Martin! I did know that there should be easier way to do > that, but could not be able to find it:) > > Regards, > > Ilia > > 2016-05-03 0:06 GMT-07:00 Martin Grigorov : > >> Hi, >> >> I always thought >> that org.apache.wicket.settings.SecuritySettings#getEnforceMounts() is >> > for >>> this. Also its javadoc seems to say that. >> But there were some changes to its behavior after which I am no more >> > sure >>> what exactly it does :-/ >> >> Martin Grigorov >> Wicket Training and Consulting >> https://twitter.com/mtgrigorov >> >> On Tue, May 3, 2016 at 8:53 AM, Илья Нарыжный wrote: >> >> Yea - that's possible. Even instrumentation is possible, but probably >>> this problem somehow solved already in wicket. I would briefly >>> summarize the problem like: >>> >>> Wicket allow to directly address bookmarkable pages from 3rd party >>> libraries without good way to manage accessibility. >>> Potentially it means that with having control over some 3rd partly >>> lib >>> it's possible to include "backdoor page" >>> Thanks, >>> >>> Ilia >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>> For additional commands, e-mail: users-h...@wicket.apache.org >>> >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>> For
Re: Restrict wicket/bookmarkable
Hi, well, it seems I wasn't completely out of my mind when I pushed for WICKET-5094: - I've checked 1.4 and the logic of #enforceMounts was exactly like it is now - the javadoc for #setEnforceMounts() matches the current behavior: "Sets whether mounts should be enforced. If true, requests for mounted targets have to done through the mounted paths. If, for instance, a bookmarkable page is mounted to a path, a request to that same page via the bookmarkablePage parameter will be denied." For those trying to prevent any requests to non-mounted pages: Couldn't you just remove the BookmarkableMapper? ICompoundRequestMapper mappers = getRootRequestMapperAsCompound(); mappers.forEach((mapper) -> {if (mapper instanceof BookmarkableMapper) mappers.remove(mapper); }); Personally I wouldn't mind to change/remove/rename this setting for Wicket 8.x, so it is more useful. Have fun Sven On 04.05.2016 08:23, Martin Grigorov wrote: Hi, I also think the current behavior is not correct. See my question at http://markmail.org/message/xmo74m3tbc5v4nwp. I read the name of the method "enforceMounts" as "do not allow urls to page which are not explicitly mounted". I believe also this is the reason this method is in SecuritySettings, and not in PageSettings. And its javadoc also says the same. That's why I've -reintroduced this behavior with https://issues.apache.org/jira/browse/WICKET-3849. According to Sven the behavior in Wicket 1.4.x was different and he changed it with https://issues.apache.org/jira/browse/WICKET-5094. IMO Wicket 1.4.x must had a bug but there is no one to confirm :-/ Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Wed, May 4, 2016 at 7:57 AM, Илья Нарыжныйwrote: Martin, Checked this issue: https://issues.apache.org/jira/browse/WICKET-5094 Absolutely disagree with discussed behavior. It's meaningless to prevent accessing /wicket/bookmarkable/ only if there is mount point for that page. Please help to find consensus. In mine case it's real security hole. Thanks, Ilia 2016-05-03 22:50 GMT-07:00 Илья Нарыжный : Martin, Just checked: it doesn't work as expected. It seems that this code doesn't work as it was assumed: BookmarkableMapper.java if (application.getSecuritySettings().getEnforceMounts()) { // we make an exception if the homepage itself was mounted, see WICKET-1898 if (!pageClass.equals(application.getHomePage())) { // WICKET-5094 only enforce mount if page is mounted if (isPageMounted(pageClass, application.getRootRequestMapperAsCompound()))// HERE!!! { return null; } } } Imho condition at line marked by HERE!!! should be opposite. Please check. In my case getSecuritySettings().setEnforceMounts(true); doesn't have any effect. Thanks, Ilia 2016-05-03 10:59 GMT-07:00 Илья Нарыжный : Thank you Martin! I did know that there should be easier way to do that, but could not be able to find it:) Regards, Ilia 2016-05-03 0:06 GMT-07:00 Martin Grigorov : Hi, I always thought that org.apache.wicket.settings.SecuritySettings#getEnforceMounts() is for this. Also its javadoc seems to say that. But there were some changes to its behavior after which I am no more sure what exactly it does :-/ Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Tue, May 3, 2016 at 8:53 AM, Илья Нарыжный wrote: Yea - that's possible. Even instrumentation is possible, but probably this problem somehow solved already in wicket. I would briefly summarize the problem like: Wicket allow to directly address bookmarkable pages from 3rd party libraries without good way to manage accessibility. Potentially it means that with having control over some 3rd partly lib it's possible to include "backdoor page" Thanks, Ilia - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
weird "Unable to find component with id"
Hi, Or a customers production server this happens sometimes.. === 2016-05-03 19:36:15,936 ERROR org.apache.wicket.DefaultExceptionMapper: 170 [req: I7Ax7LCI5L9 p: XwklMo8cZ3X][acc: anonymous] - Unexpected error occurred Unable to find component with id 'main' in [TransparentWebMarkupContainer [Component id = wicket_extend8]] Expected: 'wicket_child7:wicket_extend8:main'. Found with similar names: 'header:loginForm:loginForm:email' MarkupStream: [markup = file:/var/lib/tomcat8/webapps/.../WEB-INF/classes/./ReplyToProjectRequestPage.html , index = 2, current = '' (line 0, column 0)] at org.apache.wicket.markup.MarkupStream.throwMarkupException(MarkupStream.java:526) at org.apache.wicket.MarkupContainer.renderNext(MarkupContainer.java:1438) at org.apache.wicket.MarkupContainer.renderAll(MarkupContainer.java:1557) at org.apache.wicket.MarkupContainer.renderComponentTagBody(MarkupContainer.java:1532) at org.apache.wicket.MarkupContainer.onComponentTagBody(MarkupContainer.java:1487) at org.apache.wicket.markup.html.panel.DefaultMarkupSourcingStrategy.onComponentTagBody(DefaultMarkupSourcingStrategy.java:71) at org.apache.wicket.Component.internalRenderComponent(Component.java:2536) at org.apache.wicket.MarkupContainer.onRender(MarkupContainer.java:1496) at org.apache.wicket.Component.internalRender(Component.java:2366) at org.apache.wicket.Component.render(Component.java:2294) at org.apache.wicket.MarkupContainer.renderNext(MarkupContainer.java:1392) at org.apache.wicket.MarkupContainer.renderAll(MarkupContainer.java:1557) = I have tried to reproduce this locally in "development" and "production" modes with no success. Are there any known issues that can cause this? Any leads would be appreciated. -- Regards - Ernesto Reinaldo Barreiro
Re: Restrict wicket/bookmarkable
Hi, I also think the current behavior is not correct. See my question at http://markmail.org/message/xmo74m3tbc5v4nwp. I read the name of the method "enforceMounts" as "do not allow urls to page which are not explicitly mounted". I believe also this is the reason this method is in SecuritySettings, and not in PageSettings. And its javadoc also says the same. That's why I've -reintroduced this behavior with https://issues.apache.org/jira/browse/WICKET-3849. According to Sven the behavior in Wicket 1.4.x was different and he changed it with https://issues.apache.org/jira/browse/WICKET-5094. IMO Wicket 1.4.x must had a bug but there is no one to confirm :-/ Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Wed, May 4, 2016 at 7:57 AM, Илья Нарыжныйwrote: > Martin, > > Checked this issue: https://issues.apache.org/jira/browse/WICKET-5094 > Absolutely disagree with discussed behavior. It's meaningless to > prevent accessing /wicket/bookmarkable/ only if there is mount > point for that page. > Please help to find consensus. In mine case it's real security hole. > > Thanks, > > Ilia > > 2016-05-03 22:50 GMT-07:00 Илья Нарыжный : > > Martin, > > > > Just checked: it doesn't work as expected. It seems that this code > > doesn't work as it was assumed: > > > > BookmarkableMapper.java > > if (application.getSecuritySettings().getEnforceMounts()) > > { > > // we make an exception if the homepage itself was mounted, see > WICKET-1898 > > if (!pageClass.equals(application.getHomePage())) > > { > > // WICKET-5094 only enforce mount if page is mounted > > if (isPageMounted(pageClass, > > application.getRootRequestMapperAsCompound()))// HERE!!! > > { > > return null; > > } > > } > > } > > > > Imho condition at line marked by HERE!!! should be opposite. > > Please check. > > > > In my case getSecuritySettings().setEnforceMounts(true); doesn't have > > any effect. > > > > Thanks, > > > > Ilia > > > > 2016-05-03 10:59 GMT-07:00 Илья Нарыжный : > >> Thank you Martin! I did know that there should be easier way to do > >> that, but could not be able to find it:) > >> > >> Regards, > >> > >> Ilia > >> > >> 2016-05-03 0:06 GMT-07:00 Martin Grigorov : > >>> Hi, > >>> > >>> I always thought > >>> that org.apache.wicket.settings.SecuritySettings#getEnforceMounts() is > for > >>> this. Also its javadoc seems to say that. > >>> But there were some changes to its behavior after which I am no more > sure > >>> what exactly it does :-/ > >>> > >>> Martin Grigorov > >>> Wicket Training and Consulting > >>> https://twitter.com/mtgrigorov > >>> > >>> On Tue, May 3, 2016 at 8:53 AM, Илья Нарыжный wrote: > >>> > Yea - that's possible. Even instrumentation is possible, but probably > this problem somehow solved already in wicket. I would briefly > summarize the problem like: > > Wicket allow to directly address bookmarkable pages from 3rd party > libraries without good way to manage accessibility. > Potentially it means that with having control over some 3rd partly lib > it's possible to include "backdoor page" > Thanks, > > Ilia > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > >