CSRF protection and mounting pages

2013-09-18 Thread Andreas Kappler
Hi! I am currently looking into making our Wicket applications CSRF safe. From my understanding the CryptoMapper is the way to go, and I was able to set it up working successfully. There are however several mounted pages in the applications (with WebApplication.mountPage), where the URLs

Re: CSRF protection and mounting pages

2013-09-18 Thread Martin Grigorov
Hi, You can extend CryptoMapper and setup it as root mapper. In your custom CryptoMapper you can override Url mapHandler(final IRequestHandler requestHandler). If the passed requestHandler is IPageClassRequestHandler then you can call #getPageClass() on it and decide whether to encrypt the Url or

Re: CSRF protection and mounting pages

2013-09-18 Thread Andreas Kappler
Hi Martin, thanks for your answer. I tried that and I am not sure if I did something wrong, but still the URLs generated for posting forms are not encrypted. For example I have a page that contains a form to change the user's password and I want the page to be available as /changePassword.

Re: CSRF protection and mounting pages

2013-09-18 Thread Martin Grigorov
Check https://issues.apache.org/jira/browse/WICKET-5326 It talks about similar things On Wed, Sep 18, 2013 at 3:03 PM, Andreas Kappler andreas.kapp...@jato-consulting.de wrote: Hi Martin, thanks for your answer. I tried that and I am not sure if I did something wrong, but still the URLs

Re: CSRF protection and mounting pages

2013-09-18 Thread Andreas Kappler
instead of mounting pages, it seems to me to be the safest way. Am 18.09.2013 14:08, schrieb Martin Grigorov: Check https://issues.apache.org/jira/browse/WICKET-5326 It talks about similar things On Wed, Sep 18, 2013 at 3:03 PM, Andreas Kappler andreas.kapp...@jato-consulting.de wrote: Hi

Re: CSRF protection and mounting pages

2013-09-18 Thread Jesse Long
a solution for this common problem. I will probably go for the solution with redirects instead of mounting pages, it seems to me to be the safest way. Am 18.09.2013 14:08, schrieb Martin Grigorov: Check https://issues.apache.org/jira/browse/WICKET-5326 It talks about similar things On Wed

Re: CSRF protection and mounting pages

2013-09-18 Thread Andreas Kappler
for the solution with redirects instead of mounting pages, it seems to me to be the safest way. Am 18.09.2013 14:08, schrieb Martin Grigorov: Check https://issues.apache.org/jira/browse/WICKET-5326 It talks about similar things On Wed, Sep 18, 2013 at 3:03 PM, Andreas Kappler andreas.kapp

Mounting pages

2012-09-18 Thread Oscar Besga Arcauz
Hi wickers ! I'm using wicket 6, if anyone can help with a problem with mapping pages and web resources I've been reading about it, but I can't find a way to make a web work as I want + http://wicketinaction.com/2011/07/wicket-1-5-mounting-pages/ + http://wicketinaction.com/2011/07/wicket-1-5

Re: Mounting pages

2012-09-18 Thread Martin Grigorov
and web resources I've been reading about it, but I can't find a way to make a web work as I want + http://wicketinaction.com/2011/07/wicket-1-5-mounting-pages/ + http://wicketinaction.com/2011/07/wicket-1-5-request-mapper/ + https://cwiki.apache.org/confluence/display/WICKET/Request+mapping

Re: Mounting pages with trailing slash

2008-10-07 Thread Marat Radchenko
Anybody? 2008/8/29 Marat Radchenko [EMAIL PROTECTED]: Hi everyone! Is it supposed to be legal to use mount path with trailing slash? If yes, then I'll file a bugreport because it doesn't work [yup, I have a testcase]. If not, then that will be another story.

Mounting pages with trailing slash

2008-08-29 Thread Marat Radchenko
Hi everyone! Is it supposed to be legal to use mount path with trailing slash? If yes, then I'll file a bugreport because it doesn't work [yup, I have a testcase]. If not, then that will be another story. - To unsubscribe,