Re: Authentication in Webapp and Wicket documentation...
I'll let one of the developers go into more detail about the
documentation issue :)
Regarding security there are several sub projects for you to choose.
and i would like to refer to this page for an overview of the
differences
http://wicketstuff.org/confluence/display/STUFFWIKI/Security+Framework+Comparison
From there you should be able to find more information although a good
place to look is also the old sourceforge mailinglist.
Maurice
On 8/9/07, Alexander Schatten [EMAIL PROTECTED] wrote:
Greetings to all Wicket experts
I try to get Wicket running for some rather simple web-application.
First (no offense, but have to say that), Wicket has the worst
documentation of an apparently good open source project I have seen in a
long time; and this is really a pity, because it seems, that if one
would know how to do it, many things can be performed quite easily.
Now to my current issue: I want to add a loginpage to my project and
protect some of the pages.
My first thought was to make a base class (worked) and somehow hook into
the lifecycle, check if the user is checked in (MySessio works) but this
is not running at all. lot of redirection errors, incoherent
documentation and so on. e.g.:
Javadoc 1.3 of Page talks about checkAccess() method... however, this
methdod can be found nowhere.
Now I check the mailing list archive, only useful thing I find is a
posting from 9.2.2006 suggesting:
protected void init()
{
getSecuritySettings().setAuthorizationStrategy(new
IAuthorizationStrategy()
{
public boolean authorizeAction(...) ...
public boolean authorizeInstantiation(...) ...
}
starting with 1.2. Well, this interface is still here, but these methods
are not available any longer.
There is no documentation about this strategy I could find and the
Javadoc (which is btw. not linked from the wicket website, and just this
made me search for an hour) is very unconclusive.
btw. another thing: when the documentation of a project is so bad, at
least the javadoc should be accessible: I tried to build mvn site with
wicket and got the error that you use a special template or somthing and
it does not build, and this template is apparently not in the repository
ARRRGGHHH.
sorry, but Wicket experience was far away from beeing pleasent. I am
quite willing to check several sources, but this here is really bad.
outdated information is not easy to distinguish from actual
documentation, the reference to the component doc is nice, but component
doc very incomplete and so on...
Wicket seems to be a quite productive and powerful framework (one of the
best I have seen so far, at least so it seems), but getting into it is a
damn frustrating experience, I can tell you...
(I did not even know where to start. happyily there is a maven archetype
at the Jetty website which was helpful.)
So, sorry for that outburst, but I was so frustrated...
best greetings
Alex
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication in Webapp and Wicket documentation...
http://cwiki.apache.org/WICKET/framework-documentation.html On 8/9/07, Alexander Schatten [EMAIL PROTECTED] wrote: I completly agree; just one addition: best-practices are completly missing in the introduction. at least a list what is available!! how should I know, that there is apparently an authentication framework? how do I access DAOs properly? there is support for working with databases (is there?) there is apparently a validation framework. I cam so far to understand (by browsing javadocs and a lot of trial and error, as again, documentation is not coherent, wiki, javadoc) that I can add validation rules to form elements, like this field should be min 5 max 10 chars and the like. ok, I have it running so far, that no other entries are excepted in this field, but I have no idea how I can react within the application for wrong entries, missing entries (you would want to give the user feedback that an entry was wrong). so where is the hook? how is the lifecycle of objects? where do I hook in to do special things? always in the constructor? somewhere else...? (there was a similar posting on this list recently) these are just examples: accidentally you stumble over a feature, that you were just on implementing yourself, and then it takes hours or days to figure out how to use it properly. again: extremly frustrating. Johan Maasing wrote: I have been playing with wicket for the last week. I must agree with what Alexander says. The documentation is rather lacking and quite frustrating. To bad because wicket is cool. So +1 for better docs. As a newbie to wicket I can't help in writing it but I can tell you what I find frustrating: The javadocs is not linked from the wicket site, it was hard to find even using google. The component reference is not complete. The examples have a link to 'view source' but it does not say which files to look at for a given example. It would be helpful if the component reference said which component belonged in which jar-file (wicket or wicket-extension). Personally I think that tapestrys component reference is helpful (http://tapestry.apache.org/tapestry4.1/components/index.html) Perhaps there could evolve some kind of javadoc convention or other documentation-convention for components that describes the component, the parameters, the css-classes the component renders and so on. Oh yeah, the component reference app is stateful so I constantly get session expired when looking at the examples, I can't for the life of me figure out why :-) It was a bit hard to find a reference to the wicket-tags, at least it is linked from wiki, but a schema-file would be helpful to get command completion in the HTML-editor. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Wicket joins the Apache Software Foundation as Apache Wicket Apache Wicket 1.3.0-beta2 is released Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.0-beta2/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication in Webapp and Wicket documentation...
On 8/8/07, Alexander Schatten [EMAIL PROTECTED] wrote:
Greetings to all Wicket experts
I try to get Wicket running for some rather simple web-application.
First (no offense, but have to say that), Wicket has the worst
documentation of an apparently good open source project I have seen in a
long time; and this is really a pity, because it seems, that if one
would know how to do it, many things can be performed quite easily.
have you seen the wiki?
Now to my current issue: I want to add a loginpage to my project and
protect some of the pages.
My first thought was to make a base class (worked) and somehow hook into
the lifecycle, check if the user is checked in (MySessio works) but this
is not running at all. lot of redirection errors, incoherent
documentation and so on. e.g.:
have you started by checking out Signin, Signin2, Authentication,
Authorization examples in wicket-examples?
Javadoc 1.3 of Page talks about checkAccess() method... however, this
methdod can be found nowhere.
yes the javadoc is outdated, fixed
Now I check the mailing list archive, only useful thing I find is a
posting from 9.2.2006 suggesting:
protected void init()
{
getSecuritySettings().setAuthorizationStrategy(new
IAuthorizationStrategy()
{
public boolean authorizeAction(...) ...
public boolean authorizeInstantiation(...) ...
}
starting with 1.2. Well, this interface is still here, but these methods
are not available any longer.
There is no documentation about this strategy I could find and the
Javadoc (which is btw. not linked from the wicket website, and just this
made me search for an hour) is very unconclusive.
we are working on linking the javadoc...you do know wicket is a maven
project right? so there is of course javadoc in the maven repo:
http://repo1.maven.org/maven2/org/apache/wicket/wicket/1.3.0-beta2/
further, since it is open source simply attach the sources to your ide and
you are set.
if you are using maven2 and eclipse add the wicket dep to your pom and do
mvn eclipse:eclipse -DdownloadSources=true - and you are all set.
now that you have found IAuthorizationStrategy have you even looked at it?
for example have you pulled up its class hieararchy to see an example
implementation? for example when i do it it leads me directly to
SimplePageAuthorizationStrategy - which will probably get you started - even
if you havent looked at the 4 examples i have mentioned.
btw. another thing: when the documentation of a project is so bad, at
least the javadoc should be accessible: I tried to build mvn site with
wicket and got the error that you use a special template or somthing and
it does not build, and this template is apparently not in the repository
ARRRGGHHH.
yes working on that too. maven2 site generation is a pita and eats up a lot
of time to get working.
sorry, but Wicket experience was far away from beeing pleasent. I am
quite willing to check several sources, but this here is really bad.
have you gotten the Pro Wicket book?
outdated information is not easy to distinguish from actual
documentation, the reference to the component doc is nice, but component
doc very incomplete and so on...
you are more then welcome to help out.
Wicket seems to be a quite productive and powerful framework (one of the
best I have seen so far, at least so it seems), but getting into it is a
damn frustrating experience, I can tell you...
you are meant to look at examples first. they cover all the basic usecases.
learn-by-example has been our philosophy so far.
(I did not even know where to start. happyily there is a maven archetype
at the Jetty website which was helpful.)
So, sorry for that outburst, but I was so frustrated...
no problem
-igor
best greetings
Alex
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication in Webapp and Wicket documentation...
Martijn Dashorst wrote: http://cwiki.apache.org/WICKET/framework-documentation.html thank you; but you see, this is again one of the things I mentioned!! when you follow the link (wiki) from the main Wicket page, you come here: http://cwiki.apache.org/WICKET/reference-library.html the link you suggested (thanks for that one) is: - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication in Webapp and Wicket documentation...
Martijn Dashorst wrote: http://cwiki.apache.org/WICKET/framework-documentation.html sorry, I sent the last email to quick, was a Mistake; what I wanted to point out is this: http://cwiki.apache.org/WICKET/framework-documentation.html this is your link, and it apparently has interesting information, whereas when you search (as probably every newbie would) starting from the wicket website, you go to the wiki and reference info, you come to: http://cwiki.apache.org/WICKET/reference-library.html now: this is what I meant before with very confusing documentation: these two pages apparently cover similar topics, but are different in details. then there is the confusing component reference plus the javadoc which is also misleading sometimes (see the authentication stuff with reference to non-existing methods). don't you think this information base should be consolidated? thank you very much Alex - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication in Webapp and Wicket documentation...
so how do you propose we consolidate it?
instead of javadoc have links to the wiki?
/**
* see wicket.apache.org/wiki/authstrat
*/
public interface IAuthorizationStrategy {...}
that would really really suck.
-igor
On 8/9/07, Alexander Schatten [EMAIL PROTECTED] wrote:
Martijn Dashorst wrote:
http://cwiki.apache.org/WICKET/framework-documentation.html
sorry, I sent the last email to quick, was a Mistake; what I wanted to
point out is this:
http://cwiki.apache.org/WICKET/framework-documentation.html
this is your link, and it apparently has interesting information,
whereas when you search (as probably every newbie would) starting from
the wicket website, you go to the wiki and reference info, you come to:
http://cwiki.apache.org/WICKET/reference-library.html
now: this is what I meant before with very confusing documentation:
these two pages apparently cover similar topics, but are different in
details. then there is the confusing component reference plus the
javadoc which is also misleading sometimes (see the authentication stuff
with reference to non-existing methods).
don't you think this information base should be consolidated?
thank you very much
Alex
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication in Webapp and Wicket documentation...
I am sorry I do completly understand your last mail. See, you pointed me
to the interesting page
http://cwiki.apache.org/WICKET/framework-documentation.html
(1) now, from the wicket website the reference link (was changed I
think?) points to the other page, with the similar information. It might
be a first start to figure out (you as experts) which of the two pages
is the relevant one and link the right one.
(2) plus at the moment, there is still no link at all to the javadoc
from the main website: I only found this one by accident.
this might be a second very helpful step.
(3) a third one would be best-practice guide on the main website listing
typical issues like:
-- database connection / DAOs
-- Ajax
-- authentication
-- build management (Maven)
-- logging
...
...
and make references to the existing documentation, examples plus javadoc
(4) bring a conclusive list of examples; it seems, that there are
several sets of examples distributed on the website, the wiki, the
distribution... also confusing. at least a conclusive list with examples
and where to find them would be very helpful
thank you
Alex
Igor Vaynberg wrote:
so how do you propose we consolidate it?
instead of javadoc have links to the wiki?
/**
* see wicket.apache.org/wiki/authstrat
*/
public interface IAuthorizationStrategy {...}
that would really really suck.
-igor
On 8/9/07, Alexander Schatten [EMAIL PROTECTED] wrote:
Martijn Dashorst wrote:
http://cwiki.apache.org/WICKET/framework-documentation.html
sorry, I sent the last email to quick, was a Mistake; what I wanted to
point out is this:
http://cwiki.apache.org/WICKET/framework-documentation.html
this is your link, and it apparently has interesting information,
whereas when you search (as probably every newbie would) starting from
the wicket website, you go to the wiki and reference info, you come to:
http://cwiki.apache.org/WICKET/reference-library.html
now: this is what I meant before with very confusing documentation:
these two pages apparently cover similar topics, but are different in
details. then there is the confusing component reference plus the
javadoc which is also misleading sometimes (see the authentication stuff
with reference to non-existing methods).
don't you think this information base should be consolidated?
thank you very much
Alex
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication in Webapp and Wicket documentation...
honestly spoken, this is not the best strategy for everyone... Obviously. But we have limited resources (no-one is paid for working on Wicket), so it is hard to cater to everyone. We have tried to attract writers (for a reference guide) from the very early start (even offered some money) but it just doesn't seem to be a task many people seem to be interested in doing. moreover, I think you are speaking of examples coming with the download; this dowload was again rather confusing (see my site problem); I am looking first at the exampleson the website, and there I could not find any of the examples you were mentioning. What I don't get - as a regular user of open source software - what is so difficult about just getting it from source control or creating a quick maven based project for that? I typically dive into several projects I didn't know before a month, and I just start with getting it from the repo, looking at the test cases and examples and Javadocs (which unfortunately is something most open source projects do a lot worse at than Wicket). btw. this is I see now one of the real issues with the wicket docs; it seems, that there is actually lot available, but very cluttered, not properly linked and partly redundant in different versions... We really depend on our users helping us out with that (and they have been quite a help already). The framework is in constant development, so this is something that needs constant attention. Help is very welcome. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication in Webapp and Wicket documentation...
No, actually I was not aware of that, was waiting for the Wicket in Action book... http://manning.com/dashorst/ You can get the first chapters now. Two more chapters will be released early next week. maybe one should also start writing some proper articles as a starting point; I might do that when I see clearer. There are quite a few articles you can find if you google for it. Many of them are for 1.2, so a bit stale if you plan to use 1.3 (which we recommend). So keep http://cwiki.apache.org/WICKET/migrate-13.html next to them. It's often more about the idea than that it is important that the examples are still completely recent. Eelco Eelco - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
