Re: UnauthorizedActionException wrapped in an InvalidUrlException - how to deal with it ?

2009-07-27 Thread Olger Warnier
On 26 jul 2009, at 22:59, Alex Objelean wrote: If you think this would help, then you could remove InvalidUrlException and invalidate the jira RFE created by me... I don't think this would heart anyone... Intresting, I assume that it is of value to have this construction, could you give

Re: UnauthorizedActionException wrapped in an InvalidUrlException - how to deal with it ?

2009-07-27 Thread Erik van Oosten
Olger Warnier schreef: Intresting, I assume that it is of value to have this construction, could you give me the link to the RFE ? https://issues.apache.org/jira/browse/WICKET-2200 -- Erik van Oosten http://day-to-day-stuff.blogspot.com/

Re: UnauthorizedActionException wrapped in an InvalidUrlException - how to deal with it ?

2009-07-27 Thread Alex Objelean
This is the link of the RFE: https://issues.apache.org/jira/browse/WICKET-2307 Olger Warnier-2 wrote: On 26 jul 2009, at 22:59, Alex Objelean wrote: If you think this would help, then you could remove InvalidUrlException and invalidate the jira RFE created by me... I don't think this

Re: UnauthorizedActionException wrapped in an InvalidUrlException - how to deal with it ?

2009-07-27 Thread Erik van Oosten
Sorry Olger, that was a copy paste error. Please see Alex' e-mail. Regards, Erik. Erik van Oosten schreef: Olger Warnier schreef: Intresting, I assume that it is of value to have this construction, could you give me the link to the RFE ? https://issues.apache.org/jira/browse/WICKET-2200

Re: UnauthorizedActionException wrapped in an InvalidUrlException - how to deal with it ?

2009-07-27 Thread Olger Warnier
Sorry to keep on buggin over this, I try to understand what is the best option to plugin the unauthorized type of exceptions into the wicket framework. It seems (maybe because of lack of understanding) that the UnAuthorizedException handling can't work as it is now. Now to move on: I've

Re: UnauthorizedActionException wrapped in an InvalidUrlException - how to deal with it ?

2009-07-27 Thread Alex Objelean
You can treat runtime exceptions by overriding newRequestCycle method of your Application class... @Override public Page onRuntimeException(final Page page, final RuntimeException e) { if (e instanceof InvalidUrlException) { //redirect to 404 } else { return

Re: UnauthorizedActionException wrapped in an InvalidUrlException - how to deal with it ?

2009-07-27 Thread Olger Warnier
Well, I'll add that to the WaspWebApplication and check if that will do. Thanks. I'll check On 27 jul 2009, at 12:37, Alex Objelean wrote: You can treat runtime exceptions by overriding newRequestCycle method of your Application class... @Override public Page onRuntimeException(final

UnauthorizedActionException wrapped in an InvalidUrlException - how to deal with it ?

2009-07-26 Thread Olger Warnier
Hi Developers, Slowly but surely I move through the tests of the wicket security framework. In one test, the SecureFormTest, i ran into some strange behaviour. It starts with an exception like this: org.apache.wicket.protocol.http.request.InvalidUrlException:

Re: UnauthorizedActionException wrapped in an InvalidUrlException - how to deal with it ?

2009-07-26 Thread Igor Vaynberg
if the form is disabled why is it allowed to be submitted? -igor On Sun, Jul 26, 2009 at 10:58 AM, Olger Warnierol...@xs4all.nl wrote: Hi Developers, Slowly but surely I move through the tests of the wicket security framework. In one test, the SecureFormTest, i ran into some strange

Re: UnauthorizedActionException wrapped in an InvalidUrlException - how to deal with it ?

2009-07-26 Thread Olger Warnier
Hi Igor, if the form is disabled why is it allowed to be submitted? In a test you can ;) When you know what to submit, it is possible to submit those values without a page, although I can imagine that it is quite hard to achieve due to the way wicket handles form variables and stuff (via

Re: UnauthorizedActionException wrapped in an InvalidUrlException - how to deal with it ?

2009-07-26 Thread Igor Vaynberg
then we are getting in a debate of what use an invalidurlexception really is. if we forward page expired and a bunch of other exceptions, why do we even need an invalidurlexception... the point is the user has submitted a form that they should not have been able to, it is an invalid url... i

Re: UnauthorizedActionException wrapped in an InvalidUrlException - how to deal with it ?

2009-07-26 Thread Alex Objelean
I just want to remind the reason why the InvalidUrlException was introduced: to avoid situations when user would tweak somehow the url and get the InternalError Page... I introduced a request for enhancement for InvalidUrlException feature and if there are any problems related to it, you can

Re: UnauthorizedActionException wrapped in an InvalidUrlException - how to deal with it ?

2009-07-26 Thread Igor Vaynberg
my point is that this case is on the fence. it is an invalid url, and it is a security violation. so which one should take precendence? my other concern is that we would have to maintain a long list of exceptions that should be passed through, which becomes a pita. -igor On Sun, Jul 26, 2009

Re: UnauthorizedActionException wrapped in an InvalidUrlException - how to deal with it ?

2009-07-26 Thread Alex Objelean
If you think this would help, then you could remove InvalidUrlException and invalidate the jira RFE created by me... I don't think this would heart anyone... Alex igor.vaynberg wrote: my point is that this case is on the fence. it is an invalid url, and it is a security violation. so