Re: is possible that CryptedUrlWebRequestCodingStrategy not working
Fernando, It would be better to protect you application in an other way: e.g. create the ids with random, fixed-length postfixes. My practice is to create 4-length postfix with 0-9a-zA-Z random pattern. This is 62^4 possibility for each id in the sequence, e.g. 1aiP7, and 2pN63 is valid, but 1aiP6 is not (because it does not exists in the database). And if you strip the 4-length postfix, you can get a normal sequence (1, 2, ..., 9, a, ..., z, A, ..., Z, 10, 11, ...) Looking it in other way, if you create a hash for each id and accept only request knowing the hash, you are a bit safer (until a hacker decodes the hash algorithm). Hope it helps, Istvan - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
autocomplete based on other field's value + storing the reference
Hi, I've the following stripped down hierarchy: form wicket:id="form" |- input type="text" wicket:id="main" |- input type="text" wicket:id="description" |- input type="hidden" wicket:id="reference" I'd like the description field to work as an autocomplete field: when the users clicks into it, it might suggest descriptions from the server side list, based on the value of the 'main' field. If the user selects one description, the reference id should be stored in the hidden field. After that (or if there is no suggestion) the user is free to edit the description field as (s)he likes. In the same form, I have several of these fields, therefore I need some generic solution. Any ideas or similar solutions? Thanks and regards, Istvan - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
full JS page + include wicket components?
Hi, I have a complex editor page I plan to implement in JavaScript (YUI 3). However, there are components implemented in Wicket and present on other pages, that I'd like to reuse - if possible. For example I have a combobox that first contains only 10 items, the last one will populate 30 more, or it can switch to textfield + autocomplete also. Is there an easy way to reuse the later component in my JavaScript codes - e.g. to include on demand, use it and extract the final value? Regards, Istvan - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
YUI 3 anyone?
Hi, Is there a cool best-practice or even better an integration library to use YUI 3? I know the standard generic way, I'm interested specifically in YUI 3... Thanks, Istvan - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: HttpsRequestCycleProcessor goes back to http on form failure
Further analysis showed that this problem is somehow related to the apache + mod-proxy + mod-headers environment, because pure jetty or pure glassfish didn't have any issue. Regards, Istvan On Fri, Apr 23, 2010 at 4:12 PM, Istvan Soos wrote: > Hi, > > I'm using HttpsRequestCycleProcessor and it works in most of the > cases. However... > > My login form is https protected. > My non-bookmarkable urls are encrypted. > > On my login form, if the user misses the password, it will get > notified (part of the form gets red) and it has the chance to start > over. However this time the url is like http://example.com/?x= so > it got redirected back to http. > > How could I remain on https in such cases? > > Regards, > Istvan > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
HttpsRequestCycleProcessor goes back to http on form failure
Hi, I'm using HttpsRequestCycleProcessor and it works in most of the cases. However... My login form is https protected. My non-bookmarkable urls are encrypted. On my login form, if the user misses the password, it will get notified (part of the form gets red) and it has the chance to start over. However this time the url is like http://example.com/?x= so it got redirected back to http. How could I remain on https in such cases? Regards, Istvan - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
IE7 + ajax + cookie = no go?
Hi, I've a page where the user can edit his/her settings through an ajax-updated form. Each time a setting is modified it is being sent to the server side, stored in the session and in the database, and I issue a new cookie that contains the value too. (Of course if the user is not authenticated, only the session and the cookie is updated). Now the symptom is that IE7 keeps forgetting the cookie (and/or the session?). Does anybody else encountered similar problem? What could be the solution? Regards, Istvan - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Wicket Session Lifecycle Methods????
I meant that you probably have some forms in the application where you change these. Persist at that point, before/after calling the session's setters... Regards, Istvan On Tue, Mar 30, 2010 at 10:18 AM, corneliu.petrescu wrote: > That was my first ideea but i can't since > Session.getStyle, Session.setStyle are final. :( > > On Tue, 2010-03-30 at 10:06 +0200, Istvan Soos wrote: >> Why don't you persist when do user actually does the change (on the >> interface)? >> >> Regards, >> Istvan >> >> On Tue, Mar 30, 2010 at 9:56 AM, corneliu.petrescu >> wrote: >> > Hey, >> > I'm trying to store user application configuration in the session: >> > things like prefered style, prefered locale, etc... >> > Basically i store these things in a DB table for each user. When a user >> > logs in i load his settings into the WebSession, the problem is when i >> > have to persist the changes the user made as i can't find any >> > onSessionExpired, onLogout handlers. >> > The only thing i have is sessionDestroyed ... but its not enough since >> > at that moment the session does not exist anymore. >> > Any ideeas guys? >> > >> > >> > >> > >> > - >> > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> > For additional commands, e-mail: users-h...@wicket.apache.org >> > >> > >> >> - >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> > > > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Wicket Session Lifecycle Methods????
Why don't you persist when do user actually does the change (on the interface)? Regards, Istvan On Tue, Mar 30, 2010 at 9:56 AM, corneliu.petrescu wrote: > Hey, > I'm trying to store user application configuration in the session: > things like prefered style, prefered locale, etc... > Basically i store these things in a DB table for each user. When a user > logs in i load his settings into the WebSession, the problem is when i > have to persist the changes the user made as i can't find any > onSessionExpired, onLogout handlers. > The only thing i have is sessionDestroyed ... but its not enough since > at that moment the session does not exist anymore. > Any ideeas guys? > > > > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
wicket:message inside a script tag
Hi, I'd like to localize a simple javascript alert, e.g like this: alert('hello world'); However wicket:message key="helloWorld" is not parsed inside the
Re: wicket-jmx
To answer my own question: just put the wicket-jmx.jar in the classpath and enable the JMX server. That is it, really :) Regards, Istvan On Wed, Mar 17, 2010 at 2:04 PM, Istvan Soos wrote: > > Hi, > Is there any documentation around wicket-jmx? I've found only a few blog > entry so far, but not much in detail... (e.g. how to initialize it) > Thanks, > Istvan - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
wicket-jmx
Hi, Is there any documentation around wicket-jmx? I've found only a few blog entry so far, but not much in detail... (e.g. how to initialize it) Thanks, Istvan
Re: onkeyup ajax call with the key pressed
Thanks! Is there somewhere an example for this? E.g. with Java callback codes and like... Thanks, Istvan On Fri, Mar 12, 2010 at 1:40 PM, Pedro Santos wrote: > Yes, for example you can add an ajax behaviour to you page, and using his > callback url mount an script like > > wicketAjaxGet(callbackUrl + '&key=' + event.keyCode); > > on your div onkeyup event. > > On Fri, Mar 12, 2010 at 6:55 AM, Istvan Soos wrote: > >> Hi, >> >> Is there a way to combine onkeyup event (on a div panel, not on form >> component) into an ajax call, that will contain the character of the >> key pressed? >> >> Thanks, >> Istvan >> >> - >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> > > > -- > Pedro Henrique Oliveira dos Santos > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
onkeyup ajax call with the key pressed
Hi, Is there a way to combine onkeyup event (on a div panel, not on form component) into an ajax call, that will contain the character of the key pressed? Thanks, Istvan - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: mod_proxy + ssl + HttpsRequestCycleProcessor
The solution seems to be an extra header with the mod_header module and an extra filter before the wicket filter. With the later we can check the extra header, and overwrite the scheme to "https" if the header is present. Seems to be working for now... Regards, Istvan On Thu, Mar 4, 2010 at 6:04 PM, Istvan Soos wrote: > Hi, > > We are using HttpsRequestCycleProcessor + @RequireHttps annotation in > our local dev environment (the server is a jetty executed directly > from Eclipse). In the production environment, we have Apache + > mod_proxy, and I'd prefer if Apache could handle the SSL part (in that > case we are not required to configure SSL on the application server - > glassfish v3). Is there any best practice how to achieve this? > > Thanks and regards, > Istvan > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: mod_proxy + ssl + HttpsRequestCycleProcessor
That is ok, however in production I still would like to benefit of the @RequireHttps. Will it work? I suppose there should be a setup that uses mod_headers to inject a header in the request or something like that, but I'm only guessing this... Istvan On Thu, Mar 4, 2010 at 6:23 PM, Josh Chappelle wrote: > In your Application class you could check to see if you are running in > Production or Development mode. If you are running in Development mode then > use the HttpsRequestCycleProcessor. Otherwise use the default > RequestCycleProcessor. > > Josh > > -Original Message- > From: Istvan Soos [mailto:istvan.s...@gmail.com] > Sent: Thursday, March 04, 2010 11:05 AM > To: users@wicket.apache.org > Subject: mod_proxy + ssl + HttpsRequestCycleProcessor > > Hi, > > We are using HttpsRequestCycleProcessor + @RequireHttps annotation in > our local dev environment (the server is a jetty executed directly > from Eclipse). In the production environment, we have Apache + > mod_proxy, and I'd prefer if Apache could handle the SSL part (in that > case we are not required to configure SSL on the application server - > glassfish v3). Is there any best practice how to achieve this? > > Thanks and regards, > Istvan > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
mod_proxy + ssl + HttpsRequestCycleProcessor
Hi, We are using HttpsRequestCycleProcessor + @RequireHttps annotation in our local dev environment (the server is a jetty executed directly from Eclipse). In the production environment, we have Apache + mod_proxy, and I'd prefer if Apache could handle the SSL part (in that case we are not required to configure SSL on the application server - glassfish v3). Is there any best practice how to achieve this? Thanks and regards, Istvan - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: autologin redirect for https cookie and go back
It seems that I've buried myself too deep in the world of bookmarkable pages that I've forgotten the basics of http. Oh dear, such a simple answer, it must be Friday... :) Thanks, Istvan On Fri, Jan 8, 2010 at 5:30 PM, Igor Vaynberg wrote: > but you do have the original url, so redirect back to that > > -igor > > On Fri, Jan 8, 2010 at 8:16 AM, Istvan Soos wrote: >> Hi, >> >> I'd like to create automatic login with the following setup: >> - The auto-login key is stored in a secure cookie issued only over https. >> - I have created a separate page for this, it can read (a do >> authentication) or update the cookie (on form login), and it is >> sending the cookie only over https. >> - Most of the things the users will land on are http >> >> The HttpsRequestCycleProcessor gives a great job to achieve most of >> that, however I'm struggling with the autologin, because I'd like to >> do an initial redirect on session create. I can do a redirect to the >> cookie page, it will be https, it can send the cookie, however I do >> not know how to redirect back to the original page. I have no page nor >> pageClass information, because the redirect happens in >> WebApplication.newSession(...) and at that time the request.getPage() >> is null. >> >> Any idea or example how this should work? I'm storing the cookie >> page's redirect information in the session as pageClass and >> PageParameters, and these are populated manually, as the origin is >> well known. >> >> Thanks, >> Istvan >> >> - >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
autologin redirect for https cookie and go back
Hi, I'd like to create automatic login with the following setup: - The auto-login key is stored in a secure cookie issued only over https. - I have created a separate page for this, it can read (a do authentication) or update the cookie (on form login), and it is sending the cookie only over https. - Most of the things the users will land on are http The HttpsRequestCycleProcessor gives a great job to achieve most of that, however I'm struggling with the autologin, because I'd like to do an initial redirect on session create. I can do a redirect to the cookie page, it will be https, it can send the cookie, however I do not know how to redirect back to the original page. I have no page nor pageClass information, because the redirect happens in WebApplication.newSession(...) and at that time the request.getPage() is null. Any idea or example how this should work? I'm storing the cookie page's redirect information in the session as pageClass and PageParameters, and these are populated manually, as the origin is well known. Thanks, Istvan - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: traditional(?) form processing
Thanks, I do appreciate your fast response! Regards, Istvan On Wed, Jan 6, 2010 at 3:44 PM, Martijn Dashorst wrote: > > > add(new WebMarkupContainer("form").add(new > SimpleAttributeModifier("action", urlFor(pageClass))); > > Martijn > > On Wed, Jan 6, 2010 at 3:41 PM, Istvan Soos wrote: >> Sorry, missed an important part: >> >> What is the best way to populate the form's action attribute with a >> page's bookmarkable url (without knowning it either in the HTML or in >> the Java code, just the Page class is known)? >> >> Regards, >> Istvan >> >> On Wed, Jan 6, 2010 at 3:39 PM, Istvan Soos wrote: >>> Okay, this was too easy... :) what is the best way to populate the >>> form's action attribute? >>> >>> Regards, >>> Istvan >>> >>> On Wed, Jan 6, 2010 at 3:37 PM, Martijn Dashorst >>> wrote: >>>> >>>> >>>> >>>> >>>> >>>> No wicket required >>>> >>>> Martijn >>>> >>>> On Wed, Jan 6, 2010 at 3:30 PM, Istvan Soos wrote: >>>>> Hi, >>>>> >>>>> I'd like to create traditional form processing in wicket: to direct a >>>>> form target to a (bookmarkable) page and receive the form content as >>>>> PageParameters on that page. Is there any easy and supported way to >>>>> achieve this? >>>>> >>>>> E.g. I have a search page that receives the parameters that way, and >>>>> I'd like to have a form that targets that page with visible input >>>>> field and a hidden field. With the usual way, I'd create it as part of >>>>> a stateless form, but I'd like to skip the processing on the old page. >>>>> >>>>> Thanks and regards, >>>>> Istvan >>>>> >>>>> - >>>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>>>> For additional commands, e-mail: users-h...@wicket.apache.org >>>>> >>>>> >>>> >>>> >>>> >>>> -- >>>> Become a Wicket expert, learn from the best: http://wicketinaction.com >>>> Apache Wicket 1.4 increases type safety for web applications >>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4 >>>> >>>> - >>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>>> For additional commands, e-mail: users-h...@wicket.apache.org >>>> >>>> >>> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> > > > > -- > Become a Wicket expert, learn from the best: http://wicketinaction.com > Apache Wicket 1.4 increases type safety for web applications > Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4 > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: traditional(?) form processing
Sorry, missed an important part: What is the best way to populate the form's action attribute with a page's bookmarkable url (without knowning it either in the HTML or in the Java code, just the Page class is known)? Regards, Istvan On Wed, Jan 6, 2010 at 3:39 PM, Istvan Soos wrote: > Okay, this was too easy... :) what is the best way to populate the > form's action attribute? > > Regards, > Istvan > > On Wed, Jan 6, 2010 at 3:37 PM, Martijn Dashorst > wrote: >> >> >> >> >> >> No wicket required >> >> Martijn >> >> On Wed, Jan 6, 2010 at 3:30 PM, Istvan Soos wrote: >>> Hi, >>> >>> I'd like to create traditional form processing in wicket: to direct a >>> form target to a (bookmarkable) page and receive the form content as >>> PageParameters on that page. Is there any easy and supported way to >>> achieve this? >>> >>> E.g. I have a search page that receives the parameters that way, and >>> I'd like to have a form that targets that page with visible input >>> field and a hidden field. With the usual way, I'd create it as part of >>> a stateless form, but I'd like to skip the processing on the old page. >>> >>> Thanks and regards, >>> Istvan >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>> For additional commands, e-mail: users-h...@wicket.apache.org >>> >>> >> >> >> >> -- >> Become a Wicket expert, learn from the best: http://wicketinaction.com >> Apache Wicket 1.4 increases type safety for web applications >> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4 >> >> - >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: traditional(?) form processing
Okay, this was too easy... :) what is the best way to populate the form's action attribute? Regards, Istvan On Wed, Jan 6, 2010 at 3:37 PM, Martijn Dashorst wrote: > > > > > > No wicket required > > Martijn > > On Wed, Jan 6, 2010 at 3:30 PM, Istvan Soos wrote: >> Hi, >> >> I'd like to create traditional form processing in wicket: to direct a >> form target to a (bookmarkable) page and receive the form content as >> PageParameters on that page. Is there any easy and supported way to >> achieve this? >> >> E.g. I have a search page that receives the parameters that way, and >> I'd like to have a form that targets that page with visible input >> field and a hidden field. With the usual way, I'd create it as part of >> a stateless form, but I'd like to skip the processing on the old page. >> >> Thanks and regards, >> Istvan >> >> - >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> > > > > -- > Become a Wicket expert, learn from the best: http://wicketinaction.com > Apache Wicket 1.4 increases type safety for web applications > Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4 > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
traditional(?) form processing
Hi, I'd like to create traditional form processing in wicket: to direct a form target to a (bookmarkable) page and receive the form content as PageParameters on that page. Is there any easy and supported way to achieve this? E.g. I have a search page that receives the parameters that way, and I'd like to have a form that targets that page with visible input field and a hidden field. With the usual way, I'd create it as part of a stateless form, but I'd like to skip the processing on the old page. Thanks and regards, Istvan - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org