DropDownChoice and Object/Property

2016-05-04 Thread Lon Varscsak 
Hey all,

Is there a way to have a DropDownChoice use a complex object (think ORM
class) as it’s list, but get/set the Model’s value as the ID instead of the
complex object?

So for:

new DropDownChoice<>(“shipMethod”, new PropertyModel<>(OrderPage.this
.getOrderController().order().shippingHeader(), “shipMethod"), new
ListModel<>(shipMethods), new ChoiceRenderer<>("description", "id"))

It puts in the ORM object’s toString into the “shipMethod” column and I
want it to put in the value for “id” from the renderer.  Additionally, I
want it to get it’s initial value from the “id” value instead and convert
it to the ORM object (from shipMethods list).

Hopefully this makes sense. :P

-Lon (Wicket Newb, WebObjects Refugee)

Wicket 6.15 - Component not getting refreshed

2016-05-04 Thread sameerkhanna 
Hi,

We recently upgraded from wicket 1.3 to wicket 6.15. However, it was a step
by step upgrade for each major version. 

On one of the pages in the application we have a set of radio buttons. We
have AJAX behavior on those radio buttons. On click of the "Yes" options,
some follow up questions get shown which are text fields. On click of the
"No" options the follow up question fields get hidden. Both of these AJAX
calls work fine in the normal scenario. However, when there are any error
messages in the feedback panel (e.g. when some required field validation
failed) the components are not getting refreshed (i.e. the follow up
questions are not getting hidden on click of the "No" options). I have kept
exactly the same code in both the onSubmit(AjaxRequestTarget target) and
onError(final AjaxRequestTarget target) methods. The onError method does get
called in the scenario where I am having issues but the component is somehow
not refreshed. 

Following is what I have written - 

radiochoice.add(new AjaxFormSubmitBehavior(form, "onClick")
{
protected void 
onSubmit(AjaxRequestTarget target)
 {
final Component questionComp =
radiochoice.findParent(QuestionGroupPanel.class);
 
 target.add(questionComp);
 
 
 }


@Override
protected void onError(final 
AjaxRequestTarget target){

super.onError(target);
final Component questionComp =
radiochoice.findParent(QuestionGroupPanel.class);
 
 target.add(questionComp);
 
}

In Wicket 1.3 the code was working fine even without the onError method.
Kinda clueless as to what might be happening. Any help would be much
appreciated. Thanks! 

--
View this message in context: 
http://apache-wicket.1842946.n4.nabble.com/Wicket-6-15-Component-not-getting-refreshed-tp4674552.html
Sent from the Users forum mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Re: Restrict wicket/bookmarkable

2016-05-04 Thread Илья Нарыжный 
For now I just removed BookmarkableMapper. Everything works. But it seems
to me that some cases might go wrong... And as side effect: hrefs just
empty to pages without mounts. Probably I would expect some other behavior
if url can't be resolved for a page.

Thanks,

Ilia
On May 4, 2016 6:54 AM, "Martin Grigorov"  wrote:

> On Wed, May 4, 2016 at 3:27 PM, Sven Meier  wrote:
>
> > Hi,
> >
> > well, it seems I wasn't completely out of my mind when I pushed for
> > WICKET-5094:
> > - I've checked 1.4 and the logic of #enforceMounts was exactly like it is
> > now
> > - the javadoc for #setEnforceMounts() matches the current behavior:
> >
> > "Sets whether mounts should be enforced. If true, requests for mounted
> > targets have to done through the mounted paths. If, for instance, a
> > bookmarkable page is mounted to a path, a request to that same page via
> the
> > bookmarkablePage parameter will be denied."
> >
> > For those trying to prevent any requests to non-mounted pages: Couldn't
> > you just remove the BookmarkableMapper?
> >
> > ICompoundRequestMapper mappers =
> getRootRequestMapperAsCompound();
> > mappers.forEach((mapper) -> {if (mapper instanceof
> > BookmarkableMapper) mappers.remove(mapper); });
> >
> > Personally I wouldn't mind to change/remove/rename this setting for
> Wicket
> > 8.x, so it is more useful.
> >
>
> +1 to change the behavior to what it was after WICKET-3849 and before
> WICKET-5094
>
>
> >
> > Have fun
> > Sven
> >
> >
> >
> > On 04.05.2016 08:23, Martin Grigorov wrote:
> >
> >> Hi,
> >>
> >> I also think the current behavior is not correct. See my question at
> >> http://markmail.org/message/xmo74m3tbc5v4nwp.
> >> I read the name of the method "enforceMounts" as "do not allow urls to
> >> page
> >> which are not explicitly mounted". I believe also this is the reason
> this
> >> method is in SecuritySettings, and not in PageSettings.
> >> And its javadoc also says the same. That's why I've -reintroduced this
> >> behavior with https://issues.apache.org/jira/browse/WICKET-3849.
> >>
> >> According to Sven the behavior in Wicket 1.4.x was different and he
> >> changed
> >> it with https://issues.apache.org/jira/browse/WICKET-5094.
> >> IMO Wicket 1.4.x must had a bug but there is no one to confirm :-/
> >>
> >> Martin Grigorov
> >> Wicket Training and Consulting
> >> https://twitter.com/mtgrigorov
> >>
> >> On Wed, May 4, 2016 at 7:57 AM, Илья Нарыжный  wrote:
> >>
> >> Martin,
> >>>
> >>> Checked this issue: https://issues.apache.org/jira/browse/WICKET-5094
> >>> Absolutely disagree with discussed behavior. It's meaningless to
> >>> prevent accessing /wicket/bookmarkable/ only if there is mount
> >>> point for that page.
> >>> Please help to find consensus. In mine case it's real security hole.
> >>>
> >>> Thanks,
> >>>
> >>> Ilia
> >>>
> >>> 2016-05-03 22:50 GMT-07:00 Илья Нарыжный :
> >>>
>  Martin,
> 
>  Just checked: it doesn't work as expected. It seems that this code
>  doesn't work as it was assumed:
> 
>  BookmarkableMapper.java
>  if (application.getSecuritySettings().getEnforceMounts())
>  {
>  // we make an exception if the homepage itself was mounted, see
> 
> >>> WICKET-1898
> >>>
>  if (!pageClass.equals(application.getHomePage()))
>  {
>  // WICKET-5094 only enforce mount if page is mounted
>  if (isPageMounted(pageClass,
>  application.getRootRequestMapperAsCompound()))// HERE!!!
>  {
>  return null;
>  }
>  }
>  }
> 
>  Imho condition at line marked by HERE!!! should be opposite.
>  Please check.
> 
>  In my case getSecuritySettings().setEnforceMounts(true); doesn't have
>  any effect.
> 
>  Thanks,
> 
>  Ilia
> 
>  2016-05-03 10:59 GMT-07:00 Илья Нарыжный :
> 
> > Thank you Martin! I did know that there should be easier way to do
> > that, but could not be able to find it:)
> >
> > Regards,
> >
> > Ilia
> >
> > 2016-05-03 0:06 GMT-07:00 Martin Grigorov :
> >
> >> Hi,
> >>
> >> I always thought
> >> that org.apache.wicket.settings.SecuritySettings#getEnforceMounts()
> is
> >>
> > for
> >>>
>  this. Also its javadoc seems to say that.
> >> But there were some changes to its behavior after which I am no more
> >>
> > sure
> >>>
>  what exactly it does :-/
> >>
> >> Martin Grigorov
> >> Wicket Training and Consulting
> >> https://twitter.com/mtgrigorov
> >>
> >> On Tue, May 3, 2016 at 8:53 AM, Илья Нарыжный 
> wrote:
> >>
> >> Yea - that's possible. Even instrumentation is possible, but
> probably
> >>> this problem somehow solved already in wicket. I would briefly
> >>> summarize the problem like:
> >>>
> >>> Wicket allow to directly address bookmarkable pages from

Re: weird "Unable to find component with id"

2016-05-04 Thread Thorsten Schöning 
Guten Tag Ernesto Reinaldo Barreiro,
am Mittwoch, 4. Mai 2016 um 12:27 schrieben Sie:

> I have tried to reproduce this locally in "development" and "production"
> modes with no success. Are there any known issues that can cause this? Any
> leads would be appreciated.

I often have problems with an error message like yours, not with the
strange ids though, during development, if I e.g. change markup and
just reload a formerly working page in the browser instead of
requesting a new and/or restarting Tomcat.

So if your customer is not changing markup, he maybe has customers
accessing old versions of pages referencing things in markup which
don't exist anymore because of upgrades and such.

Mit freundlichen Grüßen,

Thorsten Schöning

-- 
Thorsten Schöning   E-Mail: thorsten.schoen...@am-soft.de
AM-SoFT IT-Systeme  http://www.AM-SoFT.de/

Telefon...05151-  9468- 55
Fax...05151-  9468- 88
Mobil..0178-8 9468- 04

AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln
AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow


-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Re: Restrict wicket/bookmarkable

2016-05-04 Thread Martin Grigorov 
On Wed, May 4, 2016 at 3:27 PM, Sven Meier  wrote:

> Hi,
>
> well, it seems I wasn't completely out of my mind when I pushed for
> WICKET-5094:
> - I've checked 1.4 and the logic of #enforceMounts was exactly like it is
> now
> - the javadoc for #setEnforceMounts() matches the current behavior:
>
> "Sets whether mounts should be enforced. If true, requests for mounted
> targets have to done through the mounted paths. If, for instance, a
> bookmarkable page is mounted to a path, a request to that same page via the
> bookmarkablePage parameter will be denied."
>
> For those trying to prevent any requests to non-mounted pages: Couldn't
> you just remove the BookmarkableMapper?
>
> ICompoundRequestMapper mappers = getRootRequestMapperAsCompound();
> mappers.forEach((mapper) -> {if (mapper instanceof
> BookmarkableMapper) mappers.remove(mapper); });
>
> Personally I wouldn't mind to change/remove/rename this setting for Wicket
> 8.x, so it is more useful.
>

+1 to change the behavior to what it was after WICKET-3849 and before
WICKET-5094


>
> Have fun
> Sven
>
>
>
> On 04.05.2016 08:23, Martin Grigorov wrote:
>
>> Hi,
>>
>> I also think the current behavior is not correct. See my question at
>> http://markmail.org/message/xmo74m3tbc5v4nwp.
>> I read the name of the method "enforceMounts" as "do not allow urls to
>> page
>> which are not explicitly mounted". I believe also this is the reason this
>> method is in SecuritySettings, and not in PageSettings.
>> And its javadoc also says the same. That's why I've -reintroduced this
>> behavior with https://issues.apache.org/jira/browse/WICKET-3849.
>>
>> According to Sven the behavior in Wicket 1.4.x was different and he
>> changed
>> it with https://issues.apache.org/jira/browse/WICKET-5094.
>> IMO Wicket 1.4.x must had a bug but there is no one to confirm :-/
>>
>> Martin Grigorov
>> Wicket Training and Consulting
>> https://twitter.com/mtgrigorov
>>
>> On Wed, May 4, 2016 at 7:57 AM, Илья Нарыжный  wrote:
>>
>> Martin,
>>>
>>> Checked this issue: https://issues.apache.org/jira/browse/WICKET-5094
>>> Absolutely disagree with discussed behavior. It's meaningless to
>>> prevent accessing /wicket/bookmarkable/ only if there is mount
>>> point for that page.
>>> Please help to find consensus. In mine case it's real security hole.
>>>
>>> Thanks,
>>>
>>> Ilia
>>>
>>> 2016-05-03 22:50 GMT-07:00 Илья Нарыжный :
>>>
 Martin,

 Just checked: it doesn't work as expected. It seems that this code
 doesn't work as it was assumed:

 BookmarkableMapper.java
 if (application.getSecuritySettings().getEnforceMounts())
 {
 // we make an exception if the homepage itself was mounted, see

>>> WICKET-1898
>>>
 if (!pageClass.equals(application.getHomePage()))
 {
 // WICKET-5094 only enforce mount if page is mounted
 if (isPageMounted(pageClass,
 application.getRootRequestMapperAsCompound()))// HERE!!!
 {
 return null;
 }
 }
 }

 Imho condition at line marked by HERE!!! should be opposite.
 Please check.

 In my case getSecuritySettings().setEnforceMounts(true); doesn't have
 any effect.

 Thanks,

 Ilia

 2016-05-03 10:59 GMT-07:00 Илья Нарыжный :

> Thank you Martin! I did know that there should be easier way to do
> that, but could not be able to find it:)
>
> Regards,
>
> Ilia
>
> 2016-05-03 0:06 GMT-07:00 Martin Grigorov :
>
>> Hi,
>>
>> I always thought
>> that org.apache.wicket.settings.SecuritySettings#getEnforceMounts() is
>>
> for
>>>
 this. Also its javadoc seems to say that.
>> But there were some changes to its behavior after which I am no more
>>
> sure
>>>
 what exactly it does :-/
>>
>> Martin Grigorov
>> Wicket Training and Consulting
>> https://twitter.com/mtgrigorov
>>
>> On Tue, May 3, 2016 at 8:53 AM, Илья Нарыжный  wrote:
>>
>> Yea - that's possible. Even instrumentation is possible, but probably
>>> this problem somehow solved already in wicket. I would briefly
>>> summarize the problem like:
>>>
>>> Wicket allow to directly address bookmarkable pages from 3rd party
>>> libraries without good way to manage accessibility.
>>> Potentially it means that with having control over some 3rd partly
>>> lib
>>> it's possible to include "backdoor page"
>>> Thanks,
>>>
>>> Ilia
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>>> For additional commands, e-mail: users-h...@wicket.apache.org
>>>
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>>> For

Re: Restrict wicket/bookmarkable

2016-05-04 Thread Sven Meier 

Hi,

well, it seems I wasn't completely out of my mind when I pushed for 
WICKET-5094:
- I've checked 1.4 and the logic of #enforceMounts was exactly like it 
is now

- the javadoc for #setEnforceMounts() matches the current behavior:

"Sets whether mounts should be enforced. If true, requests for mounted 
targets have to done through the mounted paths. If, for instance, a 
bookmarkable page is mounted to a path, a request to that same page via 
the bookmarkablePage parameter will be denied."


For those trying to prevent any requests to non-mounted pages: Couldn't 
you just remove the BookmarkableMapper?


ICompoundRequestMapper mappers = getRootRequestMapperAsCompound();
mappers.forEach((mapper) -> {if (mapper instanceof 
BookmarkableMapper) mappers.remove(mapper); });


Personally I wouldn't mind to change/remove/rename this setting for 
Wicket 8.x, so it is more useful.


Have fun
Sven


On 04.05.2016 08:23, Martin Grigorov wrote:

Hi,

I also think the current behavior is not correct. See my question at
http://markmail.org/message/xmo74m3tbc5v4nwp.
I read the name of the method "enforceMounts" as "do not allow urls to page
which are not explicitly mounted". I believe also this is the reason this
method is in SecuritySettings, and not in PageSettings.
And its javadoc also says the same. That's why I've -reintroduced this
behavior with https://issues.apache.org/jira/browse/WICKET-3849.

According to Sven the behavior in Wicket 1.4.x was different and he changed
it with https://issues.apache.org/jira/browse/WICKET-5094.
IMO Wicket 1.4.x must had a bug but there is no one to confirm :-/

Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov

On Wed, May 4, 2016 at 7:57 AM, Илья Нарыжный  wrote:


Martin,

Checked this issue: https://issues.apache.org/jira/browse/WICKET-5094
Absolutely disagree with discussed behavior. It's meaningless to
prevent accessing /wicket/bookmarkable/ only if there is mount
point for that page.
Please help to find consensus. In mine case it's real security hole.

Thanks,

Ilia

2016-05-03 22:50 GMT-07:00 Илья Нарыжный :

Martin,

Just checked: it doesn't work as expected. It seems that this code
doesn't work as it was assumed:

BookmarkableMapper.java
if (application.getSecuritySettings().getEnforceMounts())
{
// we make an exception if the homepage itself was mounted, see

WICKET-1898

if (!pageClass.equals(application.getHomePage()))
{
// WICKET-5094 only enforce mount if page is mounted
if (isPageMounted(pageClass,
application.getRootRequestMapperAsCompound()))// HERE!!!
{
return null;
}
}
}

Imho condition at line marked by HERE!!! should be opposite.
Please check.

In my case getSecuritySettings().setEnforceMounts(true); doesn't have
any effect.

Thanks,

Ilia

2016-05-03 10:59 GMT-07:00 Илья Нарыжный :

Thank you Martin! I did know that there should be easier way to do
that, but could not be able to find it:)

Regards,

Ilia

2016-05-03 0:06 GMT-07:00 Martin Grigorov :

Hi,

I always thought
that org.apache.wicket.settings.SecuritySettings#getEnforceMounts() is

for

this. Also its javadoc seems to say that.
But there were some changes to its behavior after which I am no more

sure

what exactly it does :-/

Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov

On Tue, May 3, 2016 at 8:53 AM, Илья Нарыжный  wrote:


Yea - that's possible. Even instrumentation is possible, but probably
this problem somehow solved already in wicket. I would briefly
summarize the problem like:

Wicket allow to directly address bookmarkable pages from 3rd party
libraries without good way to manage accessibility.
Potentially it means that with having control over some 3rd partly lib
it's possible to include "backdoor page"
Thanks,

Ilia

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

weird "Unable to find component with id"

2016-05-04 Thread Ernesto Reinaldo Barreiro 
Hi,

Or a customers production server this happens sometimes..

===
2016-05-03 19:36:15,936 ERROR
org.apache.wicket.DefaultExceptionMapper: 170 [req:
I7Ax7LCI5L9 p: XwklMo8cZ3X][acc: anonymous] - Unexpected error occurred
Unable to find component with id 'main' in
[TransparentWebMarkupContainer [Component
id = wicket_extend8]]
Expected: 'wicket_child7:wicket_extend8:main'.
Found with similar names: 'header:loginForm:loginForm:email'
MarkupStream: [markup =
file:/var/lib/tomcat8/webapps/.../WEB-INF/classes/./ReplyToProjectRequestPage.html










,  index = 2, current = '' (line 0,
column 0)]
at
org.apache.wicket.markup.MarkupStream.throwMarkupException(MarkupStream.java:526)
at org.apache.wicket.MarkupContainer.renderNext(MarkupContainer.java:1438)
at org.apache.wicket.MarkupContainer.renderAll(MarkupContainer.java:1557)
at
org.apache.wicket.MarkupContainer.renderComponentTagBody(MarkupContainer.java:1532)
at
org.apache.wicket.MarkupContainer.onComponentTagBody(MarkupContainer.java:1487)
at
org.apache.wicket.markup.html.panel.DefaultMarkupSourcingStrategy.onComponentTagBody(DefaultMarkupSourcingStrategy.java:71)
at org.apache.wicket.Component.internalRenderComponent(Component.java:2536)
at org.apache.wicket.MarkupContainer.onRender(MarkupContainer.java:1496)
at org.apache.wicket.Component.internalRender(Component.java:2366)
at org.apache.wicket.Component.render(Component.java:2294)
at org.apache.wicket.MarkupContainer.renderNext(MarkupContainer.java:1392)
at org.apache.wicket.MarkupContainer.renderAll(MarkupContainer.java:1557)
=

I have tried to reproduce this locally in "development" and "production"
modes with no success. Are there any known issues that can cause this? Any
leads would be appreciated.


-- 
Regards - Ernesto Reinaldo Barreiro

Re: Restrict wicket/bookmarkable

2016-05-04 Thread Martin Grigorov 
Hi,

I also think the current behavior is not correct. See my question at
http://markmail.org/message/xmo74m3tbc5v4nwp.
I read the name of the method "enforceMounts" as "do not allow urls to page
which are not explicitly mounted". I believe also this is the reason this
method is in SecuritySettings, and not in PageSettings.
And its javadoc also says the same. That's why I've -reintroduced this
behavior with https://issues.apache.org/jira/browse/WICKET-3849.

According to Sven the behavior in Wicket 1.4.x was different and he changed
it with https://issues.apache.org/jira/browse/WICKET-5094.
IMO Wicket 1.4.x must had a bug but there is no one to confirm :-/

Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov

On Wed, May 4, 2016 at 7:57 AM, Илья Нарыжный  wrote:

> Martin,
>
> Checked this issue: https://issues.apache.org/jira/browse/WICKET-5094
> Absolutely disagree with discussed behavior. It's meaningless to
> prevent accessing /wicket/bookmarkable/ only if there is mount
> point for that page.
> Please help to find consensus. In mine case it's real security hole.
>
> Thanks,
>
> Ilia
>
> 2016-05-03 22:50 GMT-07:00 Илья Нарыжный :
> > Martin,
> >
> > Just checked: it doesn't work as expected. It seems that this code
> > doesn't work as it was assumed:
> >
> > BookmarkableMapper.java
> > if (application.getSecuritySettings().getEnforceMounts())
> > {
> > // we make an exception if the homepage itself was mounted, see
> WICKET-1898
> > if (!pageClass.equals(application.getHomePage()))
> > {
> > // WICKET-5094 only enforce mount if page is mounted
> > if (isPageMounted(pageClass,
> > application.getRootRequestMapperAsCompound()))// HERE!!!
> > {
> > return null;
> > }
> > }
> > }
> >
> > Imho condition at line marked by HERE!!! should be opposite.
> > Please check.
> >
> > In my case getSecuritySettings().setEnforceMounts(true); doesn't have
> > any effect.
> >
> > Thanks,
> >
> > Ilia
> >
> > 2016-05-03 10:59 GMT-07:00 Илья Нарыжный :
> >> Thank you Martin! I did know that there should be easier way to do
> >> that, but could not be able to find it:)
> >>
> >> Regards,
> >>
> >> Ilia
> >>
> >> 2016-05-03 0:06 GMT-07:00 Martin Grigorov :
> >>> Hi,
> >>>
> >>> I always thought
> >>> that org.apache.wicket.settings.SecuritySettings#getEnforceMounts() is
> for
> >>> this. Also its javadoc seems to say that.
> >>> But there were some changes to its behavior after which I am no more
> sure
> >>> what exactly it does :-/
> >>>
> >>> Martin Grigorov
> >>> Wicket Training and Consulting
> >>> https://twitter.com/mtgrigorov
> >>>
> >>> On Tue, May 3, 2016 at 8:53 AM, Илья Нарыжный  wrote:
> >>>
>  Yea - that's possible. Even instrumentation is possible, but probably
>  this problem somehow solved already in wicket. I would briefly
>  summarize the problem like:
> 
>  Wicket allow to directly address bookmarkable pages from 3rd party
>  libraries without good way to manage accessibility.
>  Potentially it means that with having control over some 3rd partly lib
>  it's possible to include "backdoor page"
>  Thanks,
> 
>  Ilia
> 
>  -
>  To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>  For additional commands, e-mail: users-h...@wicket.apache.org
> 
> 
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>