Re: How to encrypt/obfuscate resource reference?

2010-03-02 Thread Sergey Olefir
As I briefly mentioned before, class aliases are, IMO, a terribly unreliable thing to maintain. Every time someone comes up with new component that uses resource reference they must not forget to go and register the alias for it. I'm predicting a 100% probability that soon enough someone will

Re: How to encrypt/obfuscate resource reference?

2010-03-02 Thread bgooren
Sorry, I overlooked that part of your original post. I've been toying with the same idea, since class aliases are bound to cause problems as projects grow bigger. As long as the aliases are user-generated, they might not be unique. So I had a quick look at the source code of

Re: How to encrypt/obfuscate resource reference?

2010-03-02 Thread bgooren
Ok, scratch that comment too... I see Antoine dug up an old thread of yours where you already found out about the possibility to override WebRequestCodingStrategy. I also see that Antoine created WICKET-2731 and that it has been closed as resolved/fixed, so there should be some hooks available

Re: How to encrypt/obfuscate resource reference?

2010-03-02 Thread Sergey Olefir
Thing is, I already toyed with WebRequestCodingStrategy -- specifically I changed how resources are encoded by replacing URL path with URL parameter. And I broke CSS/relative references in the process as I found out much later :) (as you found out already in your another post ;)) Although if I

Re: How to encrypt/obfuscate resource reference?

2010-03-02 Thread Antoine van Wel
A flag has been introduced that when set will throw an error when an fqn would be used. It will be in 1.4.7, which is currently in the voting phase, so it will be available within a week. But this would mean you'd have to alias all the classes anyway. Antoine On Tue, Mar 2, 2010 at 12:33 PM,

Re: How to encrypt/obfuscate resource reference?

2010-03-02 Thread Sergey Olefir
Thanks for heads up. I guess it's back to hacking WebRequestCodingStrategy for me, the flag is better than nothing, but I'm not eager in having application crash in production because someone forgot to map something and somehow it slipped past testing. Antoine van Wel wrote: A flag has

Re: How to encrypt/obfuscate resource reference?

2010-03-02 Thread Martijn Dashorst
Create a unit test case that scans your application for resources and checks if the class is set. If not, fail. If set, check if it is unique, if not fail. Martijn On Tue, Mar 2, 2010 at 12:40 PM, Sergey Olefir solf.li...@gmail.com wrote: Thanks for heads up. I guess it's back to hacking

Re: How to encrypt/obfuscate resource reference?

2010-03-02 Thread Sergey Olefir
Err, I guess I don't quite understand what you're proposing... My understanding is that I need to know all class names that are used by application as part of ResourceReference (and possibly something else too). How would I scan for that? Martijn Dashorst wrote: Create a unit test case that

Re: How to encrypt/obfuscate resource reference?

2010-03-02 Thread Martijn Dashorst
Take a look at the spring component scanner for an implementation of how to search the class path. Then it is just a series of ResourceReference.class.isAssignableFrom(clz) queries and applying your specific logic. For example we use the following code to scan for specific patterns in html files

Re: How to encrypt/obfuscate resource reference?

2010-03-02 Thread Sergey Olefir
I admit I didn't research in-depth what you've suggested, but from the quoted piece it seems that your suggestion will find all subclasses of ResourceReference. But to actually test that all resources are properly mapped, it would be necessary to locate all invocations of the ResourceReference

Re: How to encrypt/obfuscate resource reference?

2010-03-02 Thread James Carman
You might also look into the scannotation project. On Tue, Mar 2, 2010 at 8:33 AM, Martijn Dashorst martijn.dasho...@gmail.com wrote: Take a look at the spring component scanner for an implementation of how to search the class path. Then it is just a series of

Re: How to encrypt/obfuscate resource reference?

2010-03-02 Thread Sergey Olefir
bgooren wrote: So I had a quick look at the source code of WebRequestCodingStrategy, and I think it should be possible to create a solution for your problem quite easily: Thanks to your idea, I played around with WebRequestCodingStrategy and below is what I came up with. It uses

Re: How to encrypt/obfuscate resource reference?

2010-03-02 Thread bgooren
Good to know I contributed something useful to this thread haha. The code looks like the stuff I had in mind. You gotta love Wicket for making it quite easy to do this stuff; Although the URL encoding/decoding can be quite complex for beginners, but that is likely to be fixed in the future

Re: How to encrypt/obfuscate resource reference?

2010-03-01 Thread Antoine van Wel
for a discussion and suggestion see http://old.nabble.com/CryptedUrlWebRequestCodingStrategy-%2B-WebRequestCodingStrategy-%3D-resource-URLs-are-not-encrypted-(bug-).-td27209560.html quote I was able to get around this by subclassing WebRequestCodingStrategy and overriding methods:

Re: How to encrypt/obfuscate resource reference?

2010-03-01 Thread Sergey Olefir
He he, that was my old thread there :) Thing is, I just recently discovered, that encoding resources as arguments (rather than paths) completely breaks relative URLs discussed there: http://old.nabble.com/How-to-'resolve'-URL-in-stylesheet--td27720293.html (for the simple reason that browser

Re: How to encrypt/obfuscate resource reference?

2010-03-01 Thread Antoine van Wel
Oops :-) can't you just take the path and encrypt that using the same strategy as the cryptedurl.. thingy is using? Antoine On Mon, Mar 1, 2010 at 5:43 PM, Sergey Olefir solf.li...@gmail.com wrote: He he, that was my old thread there :) Thing is, I just recently discovered, that encoding

Re: How to encrypt/obfuscate resource reference?

2010-03-01 Thread bgooren
The easiest way around this is to specify http://wicket.apache.org/docs/1.4/org/apache/wicket/SharedResources.html#putClassAlias(java.lang.Class, java.lang.String) class aliases . The upside is that you control the generated URL, the downside is that you have to make sure the alias is unique.