What goes into the converter? Cant you debug this?
I guess its the number formatter somehow
On 3/4/08, Ned Collyer [EMAIL PROTECTED] wrote:
I have the following
private class I18nForm extends Form {
public I18nForm(String id) {
super(id, new CompoundPropertyModel(new
Swarm throws a RestartResponseAtInterceptPageException to the login
page if it detects an anonymous user trying to access a secure page.
in the login page you can then do (after a successfull login)
if(!continueToOriginalDestination()) setResponsePage(somePage.class);
the if is only in place
Hi,
I wonder how I can achieve to use different pages from the same mounted root
page depending
on the page parameters.
For instance:
/cars/vendor
this should show a list of all cars by a vendor (ProductList.class),
vendor would be a page parameter
/cars/vendor/product
this should show the
Hey there,
Don't shoot, I just got here. And yes I did have look at the archive
to answer my question.
Actually I also read the MEAP Wicket in Action, but I wasn't satisfied
with the answers, so please hear me out and share your opinion.
The reason I'm here is that I fell in love with Wicket and
Yes, I suppose I can debug it after a while of downloading sources and
debugging stuff.
BigDecimalConverter bdc = new BigDecimalConverter();
System.out.println(bdc.convertToObject(3 000, Locale.FRENCH));
=3
DoubleConverter dc = new DoubleConverter();
System.out.println(dc.convertToObject(3 000,
On 3/3/08, Maurice Marrink [EMAIL PROTECTED] wrote:
Just using ajax to update one form field should not wipe out all the
other form fields, unless you add the entire form to your ajaxtarget.
It is sufficient to only add the formcomponent you are updating to
your ajaxtarget that way anything
How did you do the SSO?
Im trying the RemoteSSO but it doesnt seem to work out of the box... Or
they forgot to mention some critical information about it.. Do you have
to set a cross context or something?
regards
Toto Laricot wrote:
We've done it. Nothing Wicket-specific. JForum runs as a
Try adding a WindowClosedCallback to your modal window to repaint the
ListMultipleChoice.
something like
setWindowClosedCallback(new WindowClosedCallback()
{
private static final long serialVersionUID = 1L;
@Override
Hi,
I am trying to figure out where the time is lost.
This is my component, which has an AjaxEventBehaviour:
WebMarkupContainer timeslot = new WebMarkupContainer(id);
timeslot.add(new AjaxEventBehavior(onclick)
{
@Override
protected void
While that is true.. It's also true that wicket devs favor stuff proven
with a quickstart, because it becomes easier to make a fix for something
you can see in code..
So as I've written once before a quickstart should be the way to go or
just use one of the existing applications, phone book
I can claim anything in thought experiments. That is easy. Making it
true is something different.
Martijn
On 3/4/08, Ned Collyer [EMAIL PROTECTED] wrote:
Nick, I think you would be quite surprised at the level of auditing something
has to pass to be used in a financial system, especially a
Wicket does nothing to protect from CSRF attacks, and it is trivially
vulnerable. Sure it's a lot more difficult with the standard
?wicket:interface type URLs than it would be with more predictable URLs,
but you can still quite easily guess the URLs, and futhermore, to
improve your chances of
On 3/4/08, Gabor Szokoli [EMAIL PROTECTED] wrote:
In the ajax debug window, I can only see the modalwindow form
submission, and no further activity.
Woops, this part was wrong. The select component was sent in the
ajax response, but without the new choices added to the model by the
My point is, if the code path exists, doing some elaborate session hijacking
sniffer something something predict blah... can be a pain in the arse and
not really a valuable investment.
A better thing would be to ask the devs if it is plausible (regardless of
how hard it might be in the real
Yes!! This is what I want to say in my example! The request is made by the
victim's browser and the attacker don't require to hijack the session!!
Thank you Sebastiaan for explain better than me!
Arthur.
2008/3/4, Sebastiaan van Erk [EMAIL PROTECTED]:
The point of CSRF attack is that you
I believe that answers the original question, that CSRF protection is
*NOT* a security feature offered by Wicket.
I think the same, I said it and they tell me that URLs wasn't predictables
when the page identifiers are a correlative numbers, so vulnerable to CSRF
attacks.
I want to emphasize
As with all thing's you can make them more or less secure. As stated
before, depending on a level of paranoia nothing are secure!
Mounting a page and making it stateless, and further more making it take
parameters is one of less safer ones.
If the application is a web one, well use CSRF
That said...
Would a valid solution involving appending a pair of session keys to the
url workout?
http://thesiteiwannahack.com/?wicket:keyA=somethingreallylongwicket:keyB=somethinkreallylongwicket:interface=:11:formToHack::IFormSubmitListener::myparam1=val1
The wicket:key would be added
Having an quickstart as a usecase could help developers decide if its
worth the effort.
Since the moment that wicket does not add any random parameter to urls, the
applications are vulnerable to CSRF attacks, so I think that quickstart
application could be a good example but I think that we can
Hi,
Nino Saturnino Martinez Vazquez Wael wrote:
As with all thing's you can make them more or less secure. As stated
before, depending on a level of paranoia nothing are secure!
But that's got nothing to do with the question: does Wicket offer
security feature X? Nor does it help answer the
Wicket has support for protection just enable it:
CryptedUrlWebRequestCodingStrategy
and you can use that in combination with:
UrlCompressingWebRequestProcessor
The problem with this is i guess that the normal form get then also still
works but i am not sure
On Tue, Mar 4, 2008 at 11:42
Hi,
Could someone please explain (or point me in the direction of a tutorial)
the difference between HttpSessionStore and SecondLevelCacheSessionStore.
We have to use a HttpSessionStore, because otherwise we get
NotSerializableException's being thrown everywhere.
Does using HttpSessionStore
i would just fix the serialization exceptions
So that you can cluster when you want to or you can restart your server
without loosing sessions
HttpSessionStore does have its problems because of the stack it keeps (with
use of backbutton)
johan
On Tue, Mar 4, 2008 at 1:15 PM, richardwilko
Hmm, Im a little slow this week.. Theres even an article about it:
http://javathoughts.capesugarbird.com/2007/08/protecting-wicket-application-against.html
Johan Compagner wrote:
Wicket has support for protection just enable it:
CryptedUrlWebRequestCodingStrategy
and you can use that in
Nice. thank you!
But the real problem is that the RequestCycle#urlFor( Class, PageParams ) is
returning a relating path like:
../?wicket:bookmarkablePage=the.class.Name
Well the javadoc for urlFor() states:
*Returns a bookmarkable URL that references a given page class using a given
set of
Checkout the other part of this thread, I think this has become a dead
end...
http://javathoughts.capesugarbird.com/2007/08/protecting-wicket-application-against.html
Sebastiaan van Erk wrote:
Hi,
Nino Saturnino Martinez Vazquez Wael wrote:
As with all thing's you can make them more or less
good article Nino! Our paranoia is not going to be really a paranoia... ;-)
As Sebastian comment CSRF attack is relatively high risk, and relatively
low cost to fix.
Arthur.
2008/3/4, Nino Saturnino Martinez Vazquez Wael [EMAIL PROTECTED]:
Hmm, Im a little slow this week.. Theres even an
How does the crypted web url request coding strategy work with
bookmarkable pages and nice urls? Do they play nice together?
The form with the token looks good, the question I have is, why is
something like it not the default (since almost everybody's site will be
vulnerable without it)?
Arthur Ahiceh wrote:
good article Nino! Our paranoia is not going to be really a paranoia... ;-)
:)
As Sebastian comment CSRF attack is relatively high risk, and relatively
low cost to fix.
Yes that's true..
Arthur.
2008/3/4, Nino Saturnino Martinez Vazquez Wael [EMAIL
Sebastiaan van Erk wrote:
How does the crypted web url request coding strategy work with
bookmarkable pages and nice urls? Do they play nice together?
Im also thinking of Ajax, how does fit it...
The form with the token looks good, the question I have is, why is
something like it not the
I have Component using CompoundPropertyModel (sth like that):
public class MyPanelOne extends Panel {
public MyPanelOne(String id, CompoundPropertyModel cModel) {
super(id);
Form form = new Form(someForm,cModel);
form.add(new MyPanelTwo(panelTwo));
form.add(new Label(blabla));
You are adding the textfield not to panelTwo but to the form (in the
constructor of panelTwo).
That or you made some errors copy-pasting.
Try to add the textfield directly to PanelTwo and if that does not
work change the id of your textfield to panelTwo.textfield
Maurice
On Tue, Mar 4, 2008 at
https://issues.apache.org/jira/browse/WICKET-1394
Igor Vaynberg wrote:
ok, enter a jira rfe
-igor
On Fri, Feb 22, 2008 at 2:41 AM, Juha Alatalo
[EMAIL PROTECTED] wrote:
In this case I have to visit different page when browse is chosen. When
I come back form is cleared, isn't it?
- Juha
I am using markup inheritance (wicket:child and wicket:extend)
and need to set the
page title from my subpage. I currently add a label in the base class
(BasePage.java)
and make it use an abstract method getTitle(), which is overridden in
the subclass
(SubPage.java). Has anybody found a
I do basically the same thing, but since the title does not change on my
pages I see no need to have a (dynamic) model for the property, plus I
just use the constructor to set it, which saves some loc. In other words:
public abstract class BasePage extends WebPage
{
// ...
public
The way I do it is; dont specify a title in your base page then just add the
title in the subpage:
base page.html
html
!-- anything shared in all the pages eg a base.css file --
head
/head
body
wicket:child/
/body
/html
subpage.html:
wicket:head
titlehard code or use wicket label to
Just a thought from a security newbie... does/can wicket require POST
for form submissions? Would that prevent the issue of embedding the
evil param values in the src of an image?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
Forget it... it wouldn't help much.
http://en.wikipedia.org/wiki/Csrf:
Using POST instead of GET does not offer protection, as JavaScript can
be used to forge POST requests with ease.
On Mar 4, 2008, at 9:29 AM, Alex Jacoby wrote:
Just a thought from a security newbie... does/can wicket
Hi Wicket users!
We've published a new version of the Wicket plugin for Grails that works
with Wicket 1.3. See announcement here:
http://docs.codehaus.org/display/GRAILS/2008/03/04/Wicket+1.3+Grails+Plug-in+Released
And more info here: http://docs.codehaus.org/display/GRAILS/Wicket+Plugin
One
On 3/4/08, Sebastiaan van Erk [EMAIL PROTECTED] wrote:
I do basically the same thing, but since the title does not change on my
pages I see no need to have a (dynamic) model for the property, plus I
just use the constructor to set it, which saves some loc. In other words:
public abstract
Hi
I know theres the captcha in wicket extensions.. But have anyone
considered integrating something like this:
http://forge.octo.com/jcaptcha/confluence/display/general/Home
or
http://sourceforge.net/projects/simplecaptcha/
--
-Wicket for love
-Jme for fun
Nino Martinez Wael
Java
On the other hand, I've also done something with listviews.. Allowing
sub pages adding markup items to menus etc Using the listviews as
place holders...
Kaspar Fischer wrote:
Ah, 'course! Should have thought of it, that's an option they mention
in Wicket in Action.
However, Sebastiaan's
On 3/4/08, Sebastiaan van Erk [EMAIL PROTECTED] wrote:
James Carman wrote:
The problem with this approach is that you're not able to localize the
title if you hard-code it. What I've done is actually specify a key
for my messages file and I use that. So, every page has to define its
James Carman wrote:
The problem with this approach is that you're not able to localize the
title if you hard-code it. What I've done is actually specify a key
for my messages file and I use that. So, every page has to define its
page.title key in its PageClass.properties file.
That's what I
Hi. I am complete newby to Wicket, and currently making my way through the
forest if Wicket API :) br/
Today I tryed to create a proof-of-concept for new Wicket component, and
found some strange behavior of ModalWindow that is based on component
(Panel), and put within form tag.
To put in short
On Tue, Mar 4, 2008 at 4:34 AM, Paolo Di Tommaso
[EMAIL PROTECTED] wrote:
Nice. thank you!
But the real problem is that the RequestCycle#urlFor( Class, PageParams ) is
returning a relating path like:
../?wicket:bookmarkablePage=the.class.Name
why dont you mount your page and then use
if you want to propogate the cpm down to the panel, but maybe index it
with the panel's id you can do
class mypanel extends panel {
protected imodel initmodel() {
imodel model=super.initmodel(); // returns original cpm
return new compoundpropertymodel(new propertymodel(model,
you can mount productlist on /cars/vendors
and productdetail on /cars/vendor/product
-igor
On Tue, Mar 4, 2008 at 12:24 AM, okrohne [EMAIL PROTECTED] wrote:
Hi,
I wonder how I can achieve to use different pages from the same mounted root
page depending
on the page parameters.
For
Hey everyone. I am not sure wicket deals with anything like this but I wanted
to check before I decided to go the javascript route.
I want an autosuggest textfield for a listchoice. So say I have a a
listchoice that is supposed to show customer names from a table in the
database and say there
On Mon, Mar 03, 2008 at 07:27:41PM -0800, Gin Yeah exclaimed:
Can you just make your 1d list look like a 2d list to the ListView?
// this make a 1d list to look like a 2d list
class FoldingList extends AbstractListListString implements
Serializable {
ListString inputList;
There's also an autocomplete textfield that uses the scriptaculous
javascript library. a fancy demo of it can be found here:
http://demo.script.aculo.us/ajax/autocompleter_customized
On Tue, Mar 4, 2008 at 11:27 AM, Martin Makundi
[EMAIL PROTECTED] wrote:
The feature is called autocomplete
On Thu, 28 Feb 2008, Sven Schliesing wrote:
This works quite good. But I'm having problems with using too much
internal knowledge (e.g. the tabs-container id) of the AjaxTabbedPanel.
Sure, this is more an academically problem. But I'd like to know if
It's not plain academic, because this
Hi,
but how can I specify that vendor and product is variable?
For instance how would you mount this:
/cars/chrysler- uses ProductList.class
/cars/chrysler/voyager-ProductDetail.class
So chrysler(vendor) is a parameter for ProductList.class,
chrysler(vendor) and voyager(product) are
I have a use case that says that one user can only be logged on to one
device at a time. The way I implemented this is by allowing the user to log
on to a second device which would intern log them off the first device. I
have done this by having the session look for other sessions that have the
On Tue, Mar 4, 2008 at 9:47 AM, okrohne [EMAIL PROTECTED] wrote:
Hi,
but how can I specify that vendor and product is variable?
For instance how would you mount this:
/cars/chrysler- uses ProductList.class
/cars/chrysler/voyager-ProductDetail.class
So chrysler(vendor) is a
On Tue, Mar 4, 2008 at 4:42 AM, Sebastiaan van Erk [EMAIL PROTECTED] wrote:
The form with the token looks good, the question I have is, why is
something like it not the default (since almost everybody's site will be
vulnerable without it)?
because we are a generic framework and i believe
i've been given permission to open source the kitten captcha i wrote for
thoof. i don't have time right now, but hope to get to it before too long.
to see it, you can submit a story on thoof.
jon
Nino.Martinez wrote:
Hi
I know theres the captcha in wicket extensions.. But have
btw, if you really want to be extremely secure and don't mind some number
crunching overhead, you might try using cryptographically secure urls. it's
as easy as installing a new url coding strategy in wicket.
Arthur Ahiceh wrote:
Hi guys,
I have a very critical application in a banking
yeah, urls keyed to user's session...
-igor
On Tue, Mar 4, 2008 at 10:48 AM, Jonathan Locke
[EMAIL PROTECTED] wrote:
btw, if you really want to be extremely secure and don't mind some number
crunching overhead, you might try using cryptographically secure urls. it's
as easy as
I think you can put MyValidator.minimum in your app's properties file.
That makes it the app-level default.
Yuesong
-Original Message-
From: Michael Mehrle [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 04, 2008 1:53 PM
To: users@wicket.apache.org
Subject: Resource keys for custom
Yeah, that would work - thanks!
Michael
-Original Message-
From: Wang, Yuesong [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 04, 2008 11:31 AM
To: users@wicket.apache.org
Subject: RE: Resource keys for custom Validators?
I think you can put MyValidator.minimum in your app's properties
StringValidator
-Original Message-
From: Michael Mehrle [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 04, 2008 2:39 PM
To: users@wicket.apache.org
Subject: Textfield length validator?
Is there a validator in wicket that constrains the input length?
Michael
We have the following on our base TextField
public void setMaxLength(int maxLength)
{
this.maxLength = maxLength;
if (maxLength 0)
add(new AttributeModifier(maxlength, true, new
Model(maxLength)));
}
On Tue, Mar 4,
+1
we are a very open community and have historically encouraged
people to post wicket stories, jobs (poems, songs ;-)), really anything
wicket-related... i would not like to see that changed.
Matej Knopp-2 wrote:
I don't think there is anything wrong with posting emails about new
On 3/4/08, Hoover, William [EMAIL PROTECTED] wrote:
public abstract class BasePage extends WebPage {
public BasePage(final PageParameters parameters) {
// If the title is not set in any sub-pages this will be the
default
setTitle(new
could you share this technique? i think this might be a good idea.
Nino.Martinez wrote:
On the other hand, I've also done something with listviews.. Allowing
sub pages adding markup items to menus etc Using the listviews as
place holders...
Kaspar Fischer wrote:
Ah, 'course!
mvn eclipse:eclipse -DdownloadSources=true
-igor
On Tue, Mar 4, 2008 at 1:42 PM, SEIDLER DANIEL [EMAIL PROTECTED] wrote:
Hello,
is it possible to add the wicket javadoc as an artifact in pom.xml.
So maven can download and integrate javadoc Jar in eclipse by itself?
thanks in advance
Raised as https://issues.apache.org/jira/browse/WICKET-1395
Rgds
Ned
Ned Collyer wrote:
Yes, I suppose I can debug it after a while of downloading sources and
debugging stuff.
BigDecimalConverter bdc = new BigDecimalConverter();
System.out.println(bdc.convertToObject(3 000,
I have tried just logging off the user and not invalidateing the session and
it does work. I just wasn't sure if I was required to invalidate it when I
called logoff(...).
-Original Message-
From: Maurice Marrink [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 04, 2008 1:10 PM
To:
Hi,
I am sorry but I do not get it...
To what refers :
i was going to suggest that... ?
Maybe I have a blockhead , I don't see how I can mount
the pages appropriate ...or does your answer refer to using different panels
for detail and list?
Could you please give a code snippet or be more
Thx Guys, that worked !
Am 04.03.2008 um 22:55 schrieb Igor Vaynberg:
mvn eclipse:eclipse -DdownloadSources=true
Not required, just wise. therefor i would suggest only not
invalidating the session if you trigger an automatic logoff. if the
user himself loggs off i would definitely invalidate.
Also on an after thought, i am not sure if the app container is
automatically picking up you messing with someone
different panels
-igor
On Tue, Mar 4, 2008 at 2:08 PM, okrohne [EMAIL PROTECTED] wrote:
Hi,
I am sorry but I do not get it...
To what refers :
i was going to suggest that... ?
Maybe I have a blockhead , I don't see how I can mount
the pages appropriate ...or does your answer
We are building a somewhat similar application. The only difference is
that we don't need to synch the search criteria with the search panel
(the Ajax dropdowns in your case), since the search panel in our
application will do a clean search when used from the results page.
The code looks
I was thinking that leaving the session validated may cause problems
elsewhere. I am now thinking I should invalidate the session when I auto
logoff and then store a message for that device in some kind of device
specific message queue in my application. I already track each device's
unique id
On Tue, Mar 4, 2008 at 11:38 PM, Warren [EMAIL PROTECTED] wrote:
I was thinking that leaving the session validated may cause problems
elsewhere. I am now thinking I should invalidate the session when I auto
logoff and then store a message for that device in some kind of device
specific
Very interesting, i am guessing you have a very short session timeout?
or otherwise require your users to re-authenticate themselfs after a
period of inactivity? after all any one could pick up such a devise
and continue where an authenticated user left. Perhaps you are even
using somekind of
What is the easiest way to make Component's error() method output a
localized error message? I need a feedback panel with localized errors.
Thanks in advance!
Kaspar
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional
Hello:
I am reading the lastest wicket in action and saw a statement
A link component can be attached to tags other than a
such as spans td tr... I was a confused as I remember
to I have to create buttons within a data table in order
to hava link function. Is it true I could do the followin
why cant you just try and see if it works...
-igor
On Tue, Mar 4, 2008 at 8:34 PM, [EMAIL PROTECTED] wrote:
Hello:
I am reading the lastest wicket in action and saw a statement
A link component can be attached to tags other than a
such as spans td tr... I was a confused as I remember
I am reading it without immediate access to wicket dev environment.
so I'd like to confirm it before I forget it
why cant you just try and see if it works...
-igor
On Tue, Mar 4, 2008 at 8:34 PM, [EMAIL PROTECTED] wrote:
Hello:
I am reading the lastest wicket in action and saw a statement
what adds the text= and css= attributes? maybe ie doesnt work
because those are invalid?
-igor
On Tue, Mar 4, 2008 at 10:15 PM, MYoung [EMAIL PROTECTED] wrote:
I have this in the head section of my base template:
link href=css/layout.css rel=stylesheet typetext/css /
It's turned
Thank you all for your opinion,
it helped me decide not to enforce the Passive View pattern here, we
had to refactor one component from it back to the wicket way but it
didn't do much harm
I know the pattern has been split, and I meant Passive View, it's just
that I thought the MVP term is more
83 matches
Mail list logo