Re: [Wicket-user] ssl, roles and authorization
Solution found.
Within the newRequestCycleProcessor() method of the
MyAuthenticatedWebApplication class I caught the exception thrown by the
IRequestTarget respond method.
protected IRequestCycleProcessor newRequestCycleProcessor()
{
return new DefaultWebRequestCycleProcessor() {
protected IResponseStrategy newResponseStrategy()
{
return new IResponseStrategy() {
public void respond(RequestCycle requestCycle)
{
IRequestTarget requestTarget =
requestCycle.getRequestTarget();
if(requestTarget != null)
{
Application.get().logResponseTarget(requestTarget);
WebRequest webRequest =
(WebRequest)requestCycle.getRequest();
WebResponse webResponse =
(WebResponse)requestCycle.getResponse();
HttpServletRequest httpServletRequest =
webRequest.getHttpServletRequest();
Class pageClass = null;
if(requestTarget instanceof IPageRequestTarget)
{
IPageRequestTarget pageTarget =
(IPageRequestTarget)requestTarget;
pageClass = pageTarget.getPage().getClass();
} else
if(requestTarget instanceof
IBookmarkablePageRequestTarget)
{
IBookmarkablePageRequestTarget
bookmarkableTarget = (IBookmarkablePageRequestTarget)requestTarget;
pageClass =
bookmarkableTarget.getPageClass();
}
if(pageClass != null &&
!httpServletRequest.isSecure() &&
pageClass.isAnnotationPresent(RequiredSSL.class))
{
StringBuffer url = new StringBuffer((new
StringBuilder()).append("https://";).append(httpServletRequest.getServerName()).toString());
url.append(":8443");
String q =
RequestCycle.get().urlFor(requestTarget).toString();
url.append(q);
webResponse.redirect(url.toString());
} else
if(pageClass != null &&
httpServletRequest.isSecure() &&
!pageClass.isAnnotationPresent(RequiredSSL.class))
{
StringBuffer url = new StringBuffer((new
StringBuilder()).append("http://";).append(httpServletRequest.getServerName()).toString());
String q =
RequestCycle.get().urlFor(requestTarget).toString();
url.append(q);
webResponse.redirect(url.toString());
}
try{
requestTarget.respond(requestCycle);
}catch(Exception e){
logger.debug("Error caught: "+e);
}
}
}
};
}
};
}
}
It's more of a hack than an elegant solution. It would be nice for the
designers to release a robust example of SSL working with roles and
authorization.
wired wrote:
>
> Hi
>
> I'm trying to mix authentication using annotations and SSL, but I'm having
> problems.
>
> I am simply using the code found in the auth-roles-examples (1.2.1) and I
> have made some changes using the "Switch to SSL" example
> (http://www.wicket-wiki.org.uk/wiki/index.php/Switch_to_SSL_mode)
>
> If I try to access a page that requires me to sign in, and I am redirected
> to the MySignInPage to which I have added the annotation @RequiredSSL, an
> exception is thrown which is caused by:
>
> wicket.WicketRuntimeException: Already redirecting to
> 'https://localhost:8443/wirap/authentication?wicket:interface=:1::'.
> Cannot redirect more than once
>
> Now I have verified that the @RequiredSSL annotation works. It only fails
> when I try to access a page that requires authorization and I'm redirected
> to the login page over SSL.
>
> Does anyone have any solutions?
>
> Many thanks in advance!
>
--
View this message in context:
http://www.nabble.com/ssl%2C-roles-and-authorization-tf2087198.html#a5762945
Sent from the Wicket - User forum at Nabble.com.
-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Re: [Wicket-user] SSL Handoff in Wicket - Solved
Hi Igor,
Many thanks Igor, that solves our
issue.
Regards
Dipu
- Original Message -
From:
Igor
Vaynberg
To: wicket-user@lists.sourceforge.net
Sent: Wednesday, August 02, 2006 5:17
PM
Subject: Re: [Wicket-user] SSL Handoff in
Wicket
you can write your own request coding strategy that looks
something like thismystrategy.encode(requestcycle, target)
{ private boolean gotossl=false; if (target instanceof
ListerInterfaceRequestTarget) {
listenertarget=(ListerInterfaceRqeuestTarget)target;
if (listenertarget.getpage() has @SSL
annotation&¬ in ssl mode)
{
gotossl=true; } }CharSequence
orig= super.encode(requestcycle, target);
return
(gotossl)?orig+"&gotossl=true":orig;}hope this gets you
started-IgorOn 8/2/06, Dipu <[EMAIL PROTECTED]>
wrote:
Hi
Eelco,Thanks for your response, but if you read the rest of the
email you will seethat the solutions proposed on themailing list and
on the wiki are not appropriate.We are just about to go live and
this is the last issue so we would appreciate some
help.RegardsDipu- Original Message
-From: "Eelco Hillenius" <[EMAIL PROTECTED]>To:
<
wicket-user@lists.sourceforge.net>Sent: Wednesday, August 02,
2006 4:36 PMSubject: Re: [Wicket-user] SSL Handoff in
Wicket>I haven't read you whole message, but did you search
through the> mailing lists as well? I think there was a thread on
this just last> week.>> http://woogle.billen.dk/search/q/SSL>>
Eelco>>> On 8/2/06, Dipu <[EMAIL PROTECTED]>
wrote:>>>>>> Hi
All,>>>>>> We are trying setup a suitable
switch to SSL method for our Wicket >> application. I have read
the wiki page regarding SSL switching:>> http://www.wicket-wiki.org.uk/wiki/index.php/Switch_to_SSL_mode
>>>> but this does not solve our problem. We have
apache and mod_proxy in>> front of Tomcat. Our wicket application
will be used on multiple>> domains, so we can't hard code the
hostname into our application for SSL >> switching
because that will depend on which domain name was used for>> the
request. Getting our application to sense the calling hostname
is>> also not appropriate because some users (a from a third party
network) >> will be accessing the application by IP via a NAT'ed
connection, so the>> hostname sensed by the Servlet would be
incorrect.>>>> Also, we want the application to work
from our internal network on the >> default Tomcat port of
8080.>>>> In short, we want Apache to handle SSL
switching by redirecting (using>> mod_rewrite) to the SSL URL.
Apache already knows the hostname(s) it is>> controlling, so no
hard coding of hostnames in the application would>> required - far
more versatile in our opinion.>>>> To get this to work
properly however, an HTTP GET is required. Using the >>
REDIRECT_TO_BUFFER RenderStrategy causes HTTP 302 redirects to a
new>> friendly URL (via HTTP GET). This is perfect, except that
apache can't>> tell the difference between pages that we wish to
be secured, and those >> that we do not. So here's the
question:>>>> Is it possible for us to modify the URL
(perhaps by adding a GET>> parameter) generated for the HTTP 302
as generated by using the>> REDIRECT_TO_BUFFER
RenderStrategy?>>>> I hope this makes sense!
:)>>>> Kind regards,>>>>
Dipu.>>>>
-
>> Take Surveys. Earn Cash. Influence the Future of IT>>
Join SourceForge.net's Techsay panel and you'll get the chance to
share>> your>> opinions on IT & business topics
through brief surveys -- and earn cash >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV>>>>
___ >> Wicket-user
mailing list>> Wicket-user@lists.sourceforge.net>>
https://lists.sourceforge.net/lists/listinfo/wicket-user
>>>>>>>>
->
Take Surveys. Earn Cash. Influence the Future of IT> Join
SourceForge.net's Techsay panel and you'll get the chance to share >
your> opinions on IT & business topics through brief surveys --
and earn cash> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Re: [Wicket-user] SSL Handoff in Wicket
you can write your own request coding strategy that looks something like thismystrategy.encode(requestcycle, target) { private boolean gotossl=false; if (target instanceof ListerInterfaceRequestTarget) {
listenertarget=(ListerInterfaceRqeuestTarget)target; if (listenertarget.getpage() has @SSL annotation&¬ in ssl mode) { gotossl=true; } }CharSequence orig=
super.encode(requestcycle, target);return (gotossl)?orig+"&gotossl=true":orig;}hope this gets you started-IgorOn 8/2/06,
Dipu <[EMAIL PROTECTED]> wrote:
Hi Eelco,Thanks for your response, but if you read the rest of the email you will seethat the solutions proposed on themailing list and on the wiki are not appropriate.We are just about to go live and this is the last issue so we would
appreciate some help.RegardsDipu- Original Message -From: "Eelco Hillenius" <[EMAIL PROTECTED]>To: <
wicket-user@lists.sourceforge.net>Sent: Wednesday, August 02, 2006 4:36 PMSubject: Re: [Wicket-user] SSL Handoff in Wicket>I haven't read you whole message, but did you search through the
> mailing lists as well? I think there was a thread on this just last> week.>> http://woogle.billen.dk/search/q/SSL>> Eelco>
>> On 8/2/06, Dipu <[EMAIL PROTECTED]> wrote:>>>>>> Hi All,>>>>>> We are trying setup a suitable switch to SSL method for our Wicket
>> application. I have read the wiki page regarding SSL switching:>> http://www.wicket-wiki.org.uk/wiki/index.php/Switch_to_SSL_mode
>>>> but this does not solve our problem. We have apache and mod_proxy in>> front of Tomcat. Our wicket application will be used on multiple>> domains, so we can't hard code the hostname into our application for SSL
>> switching because that will depend on which domain name was used for>> the request. Getting our application to sense the calling hostname is>> also not appropriate because some users (a from a third party network)
>> will be accessing the application by IP via a NAT'ed connection, so the>> hostname sensed by the Servlet would be incorrect.>>>> Also, we want the application to work from our internal network on the
>> default Tomcat port of 8080.>>>> In short, we want Apache to handle SSL switching by redirecting (using>> mod_rewrite) to the SSL URL. Apache already knows the hostname(s) it is
>> controlling, so no hard coding of hostnames in the application would>> required - far more versatile in our opinion.>>>> To get this to work properly however, an HTTP GET is required. Using the
>> REDIRECT_TO_BUFFER RenderStrategy causes HTTP 302 redirects to a new>> friendly URL (via HTTP GET). This is perfect, except that apache can't>> tell the difference between pages that we wish to be secured, and those
>> that we do not. So here's the question:>>>> Is it possible for us to modify the URL (perhaps by adding a GET>> parameter) generated for the HTTP 302 as generated by using the
>> REDIRECT_TO_BUFFER RenderStrategy?>>>> I hope this makes sense! :)>>>> Kind regards,>>>> Dipu.>>>> -
>> Take Surveys. Earn Cash. Influence the Future of IT>> Join SourceForge.net's Techsay panel and you'll get the chance to share>> your>> opinions on IT & business topics through brief surveys -- and earn cash
>> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV>>>> ___
>> Wicket-user mailing list>> Wicket-user@lists.sourceforge.net>> https://lists.sourceforge.net/lists/listinfo/wicket-user
>>>>>>>> -> Take Surveys. Earn Cash. Influence the Future of IT> Join SourceForge.net's Techsay panel and you'll get the chance to share
> your> opinions on IT & business topics through brief surveys -- and earn cash> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> ___> Wicket-user mailing list> Wicket-user@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/wicket-user-Take Surveys. Earn Cash. Influence the Future of ITJoin SourceForge.net
's Techsay panel and you'll get the chance to share youropinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV___Wicke
Re: [Wicket-user] SSL Handoff in Wicket
Hi Eelco, Thanks for your response, but if you read the rest of the email you will see that the solutions proposed on the mailing list and on the wiki are not appropriate. We are just about to go live and this is the last issue so we would appreciate some help. Regards Dipu - Original Message - From: "Eelco Hillenius" <[EMAIL PROTECTED]> To: Sent: Wednesday, August 02, 2006 4:36 PM Subject: Re: [Wicket-user] SSL Handoff in Wicket >I haven't read you whole message, but did you search through the > mailing lists as well? I think there was a thread on this just last > week. > > http://woogle.billen.dk/search/q/SSL > > Eelco > > > On 8/2/06, Dipu <[EMAIL PROTECTED]> wrote: >> >> >> Hi All, >> >> >> We are trying setup a suitable switch to SSL method for our Wicket >> application. I have read the wiki page regarding SSL switching: >> http://www.wicket-wiki.org.uk/wiki/index.php/Switch_to_SSL_mode >> >> but this does not solve our problem. We have apache and mod_proxy in >> front of Tomcat. Our wicket application will be used on multiple >> domains, so we can't hard code the hostname into our application for SSL >> switching because that will depend on which domain name was used for >> the request. Getting our application to sense the calling hostname is >> also not appropriate because some users (a from a third party network) >> will be accessing the application by IP via a NAT'ed connection, so the >> hostname sensed by the Servlet would be incorrect. >> >> Also, we want the application to work from our internal network on the >> default Tomcat port of 8080. >> >> In short, we want Apache to handle SSL switching by redirecting (using >> mod_rewrite) to the SSL URL. Apache already knows the hostname(s) it is >> controlling, so no hard coding of hostnames in the application would >> required - far more versatile in our opinion. >> >> To get this to work properly however, an HTTP GET is required. Using the >> REDIRECT_TO_BUFFER RenderStrategy causes HTTP 302 redirects to a new >> friendly URL (via HTTP GET). This is perfect, except that apache can't >> tell the difference between pages that we wish to be secured, and those >> that we do not. So here's the question: >> >> Is it possible for us to modify the URL (perhaps by adding a GET >> parameter) generated for the HTTP 302 as generated by using the >> REDIRECT_TO_BUFFER RenderStrategy? >> >> I hope this makes sense! :) >> >> Kind regards, >> >> Dipu. >> >> - >> Take Surveys. Earn Cash. Influence the Future of IT >> Join SourceForge.net's Techsay panel and you'll get the chance to share >> your >> opinions on IT & business topics through brief surveys -- and earn cash >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >> >> ___ >> Wicket-user mailing list >> Wicket-user@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/wicket-user >> >> >> > > - > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share > your > opinions on IT & business topics through brief surveys -- and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > ___ > Wicket-user mailing list > Wicket-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wicket-user - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] SSL Handoff in Wicket
I haven't read you whole message, but did you search through the mailing lists as well? I think there was a thread on this just last week. http://woogle.billen.dk/search/q/SSL Eelco On 8/2/06, Dipu <[EMAIL PROTECTED]> wrote: > > > Hi All, > > > We are trying setup a suitable switch to SSL method for our Wicket > application. I have read the wiki page regarding SSL switching: > http://www.wicket-wiki.org.uk/wiki/index.php/Switch_to_SSL_mode > > but this does not solve our problem. We have apache and mod_proxy in > front of Tomcat. Our wicket application will be used on multiple > domains, so we can't hard code the hostname into our application for SSL > switching because that will depend on which domain name was used for > the request. Getting our application to sense the calling hostname is > also not appropriate because some users (a from a third party network) > will be accessing the application by IP via a NAT'ed connection, so the > hostname sensed by the Servlet would be incorrect. > > Also, we want the application to work from our internal network on the > default Tomcat port of 8080. > > In short, we want Apache to handle SSL switching by redirecting (using > mod_rewrite) to the SSL URL. Apache already knows the hostname(s) it is > controlling, so no hard coding of hostnames in the application would > required - far more versatile in our opinion. > > To get this to work properly however, an HTTP GET is required. Using the > REDIRECT_TO_BUFFER RenderStrategy causes HTTP 302 redirects to a new > friendly URL (via HTTP GET). This is perfect, except that apache can't > tell the difference between pages that we wish to be secured, and those > that we do not. So here's the question: > > Is it possible for us to modify the URL (perhaps by adding a GET > parameter) generated for the HTTP 302 as generated by using the > REDIRECT_TO_BUFFER RenderStrategy? > > I hope this makes sense! :) > > Kind regards, > > Dipu. > > - > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys -- and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > > ___ > Wicket-user mailing list > Wicket-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wicket-user > > > - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] SSL
Hi Johan , many thanks for the help.
Regards
Dipu
- Original Message -
From:
Johan
Compagner
To: wicket-user@lists.sourceforge.net
Sent: Monday, July 31, 2006 8:35 PM
Subject: Re: [Wicket-user] SSL
something like this:cycle.setRequestTarget(new
IRequestTarget()
{
public void detach(RequestCycle
requestCycle)
{
}
public Object
getLock(RequestCycle requestCycle)
{
return null;
}
public void respond(RequestCycle
requestCycle)
{
// Redirect
there
cycle.getResponse().redirect("https://x/dsfsadf?x=y");
} });
On 7/31/06, Dipu
<[EMAIL PROTECTED]>
wrote:
Hi Johan,
Can you please give me an example on how to do
redirect using IRequestTarget
Thanks
Dipu
-
Original Message -
From:
Johan Compagner
To:
wicket-user@lists.sourceforge.net
Sent:
Thursday, July 06, 2006 9:48 AM
Subject:
Re: [Wicket-user] SSL
Redirect to a full url or use an ExternalLink (pointing to
your own site but then with ssl)Do that redirect with a
IRequestTarget.I don't know how you do it now but doing a redirect should
always be donethrough request targets. johan
On 7/6/06, Joe
Toth <[EMAIL PROTECTED]>
wrote:
How
can I implement a way switch over to https?Depending on how the
user navigates I need to swich over to https froma form
submit. Every time I try a different way to implement
thistransparently I receive "Caused by:
wicket.WicketRuntimeException:Already redirecting to '/app/Checkout'.
Cannot redirect more thanonce"At first I tried to annotate a
class with @RequiredSSL and created anew IResponseStrategy that would
test if the request was secure, if not, WebResponse.redirect to the
https version of the requested url.Second I tried to do the same
in the constructor of my Base Class forall my pages and throw an
AbortException, but I had the same problem. Any
ideas?Also, are there any plans to add a https feature in 2.0 core
or extensions?Thanks!Using Tomcat but need to do more?
Need to support web services, security?Get stuff done quickly with
pre-integrated technology to make your job easier Download IBM
WebSphere Application Server v.1.0.1 based on Apache Geronimohttp://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
___Wicket-user
mailing listWicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Using Tomcat but need to do more? Need to support web services,
security?Get stuff done quickly with pre-integrated technology to make
your job easierDownload IBM WebSphere Application Server v.1.0.1 based
on Apache Geronimohttp://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
___Wicket-user
mailing listWicket-user@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/wicket-user
-Take
Surveys. Earn Cash. Influence the Future of ITJoin SourceForge.net's
Techsay panel and you'll get the chance to share youropinions on IT
& business topics through brief surveys -- and earn cashhttp://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV___Wicket-user
mailing listWicket-user@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/wicket-user
-Take
Surveys. Earn Cash. Influence the Future of ITJoin SourceForge.net's
Techsay panel and you'll get the chance to share youropinions on IT &
business topics through brief surveys -- and earn
cashhttp://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
___Wicket-user mailing
listWicket-user@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/wicket-user
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=s
Re: [Wicket-user] SSL
something like this:cycle.setRequestTarget(new IRequestTarget() { public void detach(RequestCycle requestCycle) { } public Object getLock(RequestCycle requestCycle)
{ return null; } public void respond(RequestCycle requestCycle) { // Redirect there
cycle.getResponse().redirect("https://x/dsfsadf?x=y"); } });On 7/31/06,
Dipu <[EMAIL PROTECTED]> wrote:
Hi Johan,
Can you please give me an example on how to do
redirect using IRequestTarget
Thanks
Dipu
- Original Message -
From:
Johan
Compagner
To:
wicket-user@lists.sourceforge.net
Sent: Thursday, July 06, 2006 9:48
AM
Subject: Re: [Wicket-user] SSL
Redirect to a full url or use an ExternalLink (pointing to your
own site but then with ssl)Do that redirect with a IRequestTarget.I
don't know how you do it now but doing a redirect should always be
donethrough request targets. johan
On 7/6/06, Joe Toth
<[EMAIL PROTECTED]> wrote:
How
can I implement a way switch over to https?Depending on how the user
navigates I need to swich over to https froma form
submit. Every time I try a different way to implement
thistransparently I receive "Caused by:
wicket.WicketRuntimeException:Already redirecting to '/app/Checkout'.
Cannot redirect more thanonce"At first I tried to annotate a
class with @RequiredSSL and created anew IResponseStrategy that would
test if the request was secure, if not, WebResponse.redirect to the
https version of the requested url.Second I tried to do the same in
the constructor of my Base Class forall my pages and throw an
AbortException, but I had the same problem. Any ideas?Also,
are there any plans to add a https feature in 2.0 core or
extensions?Thanks!Using Tomcat but need to do more? Need to
support web services, security?Get stuff done quickly with
pre-integrated technology to make your job easier Download IBM WebSphere
Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
___Wicket-user
mailing listWicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
Using Tomcat but need to do more? Need to support web services,
security?Get stuff done quickly with pre-integrated technology to make
your job easierDownload IBM WebSphere Application Server v.1.0.1 based on
Apache
Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
___Wicket-user mailing
listWicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
-Take Surveys. Earn Cash. Influence the Future of ITJoin SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV___Wicket-user mailing list
Wicket-user@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/wicket-user
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] SSL
Hi Johan, Can you please give me an example on how to do redirect using IRequestTarget Thanks Dipu - Original Message - From: Johan Compagner To: wicket-user@lists.sourceforge.net Sent: Thursday, July 06, 2006 9:48 AM Subject: Re: [Wicket-user] SSL Redirect to a full url or use an ExternalLink (pointing to your own site but then with ssl)Do that redirect with a IRequestTarget.I don't know how you do it now but doing a redirect should always be donethrough request targets. johan On 7/6/06, Joe Toth <[EMAIL PROTECTED]> wrote: How can I implement a way switch over to https?Depending on how the user navigates I need to swich over to https froma form submit. Every time I try a different way to implement thistransparently I receive "Caused by: wicket.WicketRuntimeException:Already redirecting to '/app/Checkout'. Cannot redirect more thanonce"At first I tried to annotate a class with @RequiredSSL and created anew IResponseStrategy that would test if the request was secure, if not, WebResponse.redirect to the https version of the requested url.Second I tried to do the same in the constructor of my Base Class forall my pages and throw an AbortException, but I had the same problem. Any ideas?Also, are there any plans to add a https feature in 2.0 core or extensions?Thanks!Using Tomcat but need to do more? Need to support web services, security?Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimohttp://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___Wicket-user mailing listWicket-user@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/wicket-user Using Tomcat but need to do more? Need to support web services, security?Get stuff done quickly with pre-integrated technology to make your job easierDownload IBM WebSphere Application Server v.1.0.1 based on Apache Geronimohttp://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___Wicket-user mailing listWicket-user@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/wicket-user - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] SSL
The code had a small little fix:There is an extra condition in the if condition: else if( pageClass != null && httpServletRequest.isSecure
() && !isSecurityRequired ) {Using the ONE_PASS method rendering strategy everything works fine now.
Did you have to do the same?Yes had to use the One pass rendering strategy else there was an error saying
something about double calls. I dont remeber the actual error now.Shams
-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
___
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] SSL
Using the ONE_PASS method rendering strategy everything works fine now. Did you have to do the same?ThanksOn 7/10/06,
[EMAIL PROTECTED] Imam <[EMAIL PROTECTED]> wrote:
Hi,I had a similar problemI decided not to use that RequiredSSL method.Instead i maintain an array of page classes that require https and used the following code. It worked fine for me. Hope it helps you.
protected IResponseStrategy newResponseStrategy() { return new IResponseStrategy() { @SuppressWarnings("unchecked") public void respond( RequestCycle requestCycle )
{ IRequestTarget requestTarget = requestCycle.getRequestTarget(); if( requestTarget != null ) { Application.get().logResponseTarget( requestTarget );
WebRequest webRequest = (WebRequest) requestCycle.getRequest(); WebResponse webResponse = (WebResponse) requestCycle .getResponse();
HttpServletRequest httpServletRequest = webRequest .getHttpServletRequest(); Class pageClass = null; if( requestTarget instanceof IPageRequestTarget ) {
IPageRequestTarget pageTarget = (IPageRequestTarget) requestTarget; pageClass = pageTarget.getPage().getClass(); }
else if( requestTarget instanceof IBookmarkablePageRequestTarget ) { IBookmarkablePageRequestTarget bookmarkableTarget = (IBookmarkablePageRequestTarget) requestTarget;
pageClass = bookmarkableTarget.getPageClass(); } boolean isSecurityRequired = false; if( pageClass != null ) { for( int i = 0; i <
secureClasses.length && !isSecurityRequired; i++ ) { isSecurityRequired = secureClasses[i] .isAssignableFrom( pageClass );
} } if( pageClass != null && !httpServletRequest.isSecure() && isSecurityRequired ) {
StringBuffer url = "" StringBuffer( "https://" + httpServletRequest.getServerName() ); url.append( ":" + getSslPortNumber() );
String q = RequestCycle.get().urlFor( requestTarget ) .toString(); url.append( q ); webResponse.redirect
( url.toString() ); } else if( httpServletRequest.isSecure() && !isSecurityRequired ) { StringBuffer url = "" StringBuffer( "http://"
+ httpServletRequest.getServerName() ); url.append( ":" + getNormalPortNumber() ); String q = RequestCycle.get().urlFor( requestTarget )
.toString(); url.append( q ); webResponse.redirect( url.toString() ); } else {
requestTarget.respond( requestCycle ); } } }; }Shams.
On 7/10/06,
Johan Compagner <[EMAIL PROTECTED]> wrote:
then you are doing the redirect wrong.How and when do you do the redirect??On 7/7/06,
Joe Toth <[EMAIL PROTECTED]
> wrote:Weird...I'm only getting the error in Jetty 6 (Beta17).
wicket.WicketRuntimeException: Internal Error: Could not render error page class wicket.markup.html.pages.InternalErrorPage at wicket.request.compound.DefaultExceptionResponseStrategy.respond
(DefaultExceptionResponseStrategy.java:109) at wicket.request.compound.AbstractCompoundRequestCycleProcessor.respond(AbstractCompoundRequestCycleProcessor.java:76) at wicket.RequestCycle.step(RequestCycle.java
:1000) at wicket.RequestCycle.steps(RequestCycle.java:1034) at wicket.RequestCycle.request(RequestCycle.java:453) at wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:215) at javax.servlet.http.HttpServlet.service
(HttpServlet.java:747) at javax.servlet.http.HttpServlet.service(HttpServlet.java:860) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:423) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter
(ServletHandler.java:966) at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:174) at org.springframework.web.filter.OncePerRequestFilter.doFilter
(OncePerRequestFilter.java:77) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:957) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:353) at
org.mo
Re: [Wicket-user] SSL
Hi,I had a similar problemI decided not to use that RequiredSSL method.Instead i maintain an array of page classes that require https and used the following code. It worked fine for me. Hope it helps you.
protected IResponseStrategy newResponseStrategy() { return new IResponseStrategy() { @SuppressWarnings("unchecked") public void respond( RequestCycle requestCycle )
{ IRequestTarget requestTarget = requestCycle.getRequestTarget(); if( requestTarget != null ) { Application.get().logResponseTarget( requestTarget );
WebRequest webRequest = (WebRequest) requestCycle.getRequest(); WebResponse webResponse = (WebResponse) requestCycle .getResponse();
HttpServletRequest httpServletRequest = webRequest .getHttpServletRequest(); Class pageClass = null; if( requestTarget instanceof IPageRequestTarget ) {
IPageRequestTarget pageTarget = (IPageRequestTarget) requestTarget; pageClass = pageTarget.getPage().getClass(); }
else if( requestTarget instanceof IBookmarkablePageRequestTarget ) { IBookmarkablePageRequestTarget bookmarkableTarget = (IBookmarkablePageRequestTarget) requestTarget;
pageClass = bookmarkableTarget.getPageClass(); } boolean isSecurityRequired = false; if( pageClass != null ) { for( int i = 0; i <
secureClasses.length && !isSecurityRequired; i++ ) { isSecurityRequired = secureClasses[i] .isAssignableFrom( pageClass );
} } if( pageClass != null && !httpServletRequest.isSecure() && isSecurityRequired ) {
StringBuffer url = "" StringBuffer( "https://" + httpServletRequest.getServerName() ); url.append( ":" + getSslPortNumber() );
String q = RequestCycle.get().urlFor( requestTarget ) .toString(); url.append( q ); webResponse.redirect
( url.toString() ); } else if( httpServletRequest.isSecure() && !isSecurityRequired ) { StringBuffer url = "" StringBuffer( "http://"
+ httpServletRequest.getServerName() ); url.append( ":" + getNormalPortNumber() ); String q = RequestCycle.get().urlFor( requestTarget )
.toString(); url.append( q ); webResponse.redirect( url.toString() ); } else {
requestTarget.respond( requestCycle ); } } }; }Shams.On 7/10/06,
Johan Compagner <[EMAIL PROTECTED]> wrote:
then you are doing the redirect wrong.How and when do you do the redirect??On 7/7/06,
Joe Toth <[EMAIL PROTECTED]
> wrote:Weird...I'm only getting the error in Jetty 6 (Beta17).
wicket.WicketRuntimeException: Internal Error: Could not render error page class wicket.markup.html.pages.InternalErrorPage at wicket.request.compound.DefaultExceptionResponseStrategy.respond
(DefaultExceptionResponseStrategy.java:109) at wicket.request.compound.AbstractCompoundRequestCycleProcessor.respond(AbstractCompoundRequestCycleProcessor.java:76) at wicket.RequestCycle.step(RequestCycle.java
:1000) at wicket.RequestCycle.steps(RequestCycle.java:1034) at wicket.RequestCycle.request(RequestCycle.java:453) at wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:215) at javax.servlet.http.HttpServlet.service
(HttpServlet.java:747) at javax.servlet.http.HttpServlet.service(HttpServlet.java:860) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:423) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter
(ServletHandler.java:966) at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:174) at org.springframework.web.filter.OncePerRequestFilter.doFilter
(OncePerRequestFilter.java:77) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:957) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:353) at
org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:226) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:567) at org.mortbay.jetty.handler.H
Re: [Wicket-user] SSL
then you are doing the redirect wrong.How and when do you do the redirect??On 7/7/06, Joe Toth <[EMAIL PROTECTED] > wrote:Weird...I'm only getting the error in Jetty 6 (Beta17). wicket.WicketRuntimeException: Internal Error: Could not render error page class wicket.markup.html.pages.InternalErrorPage at wicket.request.compound.DefaultExceptionResponseStrategy.respond (DefaultExceptionResponseStrategy.java:109) at wicket.request.compound.AbstractCompoundRequestCycleProcessor.respond(AbstractCompoundRequestCycleProcessor.java:76) at wicket.RequestCycle.step(RequestCycle.java :1000) at wicket.RequestCycle.steps(RequestCycle.java:1034) at wicket.RequestCycle.request(RequestCycle.java:453) at wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:215) at javax.servlet.http.HttpServlet.service (HttpServlet.java:747) at javax.servlet.http.HttpServlet.service(HttpServlet.java:860) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:423) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter (ServletHandler.java:966) at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:174) at org.springframework.web.filter.OncePerRequestFilter.doFilter (OncePerRequestFilter.java:77) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:957) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:353) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:226) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:567) at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java :126) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:119) at org.mortbay.jetty.Server.handle(Server.java:248) at org.mortbay.jetty.HttpConnection.handlerRequest(HttpConnection.java :360) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:614) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:487) at org.mortbay.jetty.HttpParser.parseAvailable (HttpParser.java:197) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:288) at org.mortbay.jetty.nio.SelectChannelConnector$HttpChannelEndPoint.run(SelectChannelConnector.java:805) at org.mortbay.thread.BoundedThreadPool$PoolThread.run (BoundedThreadPool.java:475)Caused by: wicket.WicketRuntimeException: Already redirecting to 'https://localhost:8443/app '. Cannot redirect more than once at wicket.protocol.http.BufferedWebResponse.redirect (BufferedWebResponse.java:92) at wicket.protocol.http.WebRequestCycle.redirectTo(WebRequestCycle.java:225) at wicket.request.target.component.PageRequestTarget.respond(PageRequestTarget.java:60) at wicket.request.compound.DefaultResponseStrategy.respond (DefaultResponseStrategy.java:49) at wicket.request.compound.AbstractCompoundRequestCycleProcessor.respond(AbstractCompoundRequestCycleProcessor.java:66) at wicket.RequestCycle.respond(RequestCycle.java:905) at wicket.RequestCycle.step(RequestCycle.java:975) ... 23 moreOn 7/6/06, Johan Compagner < [EMAIL PROTECTED]> wrote:Redirect to a full url or use an ExternalLink (pointing to your own site but then with ssl)Do that redirect with a IRequestTarget.I don't know how you do it now but doing a redirect should always be donethrough request targets. johanOn 7/6/06, Joe Toth < [EMAIL PROTECTED]> wrote: How can I implement a way switch over to https?Depending on how the user navigates I need to swich over to https froma form submit. Every time I try a different way to implement thistransparently I receive "Caused by: wicket.WicketRuntimeException:Already redirecting to '/app/Checkout'. Cannot redirect more thanonce"At first I tried to annotate a class with @RequiredSSL and created anew IResponseStrategy that would test if the request was secure, if not, WebResponse.redirect to the https version of the requested url.Second I tried to do the same in the constructor of my Base Class forall my pages and throw an AbortException, but I had the same problem. Any ideas?Also, are there any plans to add a https feature in 2.0 core or extensions?Thanks!Using Tomcat but need to do more? Need to support web services, security?Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___Wicket-user mailing listWicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user Using Tomcat but need to do more? Need to support web services, security?Get stuff done quickly with pre-integrated technology to make your job easierDownload IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk
Re: [Wicket-user] SSL
Weird...I'm only getting the error in Jetty 6 (Beta17). wicket.WicketRuntimeException: Internal Error: Could not render error page class wicket.markup.html.pages.InternalErrorPage at wicket.request.compound.DefaultExceptionResponseStrategy.respond (DefaultExceptionResponseStrategy.java:109) at wicket.request.compound.AbstractCompoundRequestCycleProcessor.respond(AbstractCompoundRequestCycleProcessor.java:76) at wicket.RequestCycle.step(RequestCycle.java :1000) at wicket.RequestCycle.steps(RequestCycle.java:1034) at wicket.RequestCycle.request(RequestCycle.java:453) at wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:215) at javax.servlet.http.HttpServlet.service (HttpServlet.java:747) at javax.servlet.http.HttpServlet.service(HttpServlet.java:860) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:423) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter (ServletHandler.java:966) at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:174) at org.springframework.web.filter.OncePerRequestFilter.doFilter (OncePerRequestFilter.java:77) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:957) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:353) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:226) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:567) at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java :126) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:119) at org.mortbay.jetty.Server.handle(Server.java:248) at org.mortbay.jetty.HttpConnection.handlerRequest(HttpConnection.java :360) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:614) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:487) at org.mortbay.jetty.HttpParser.parseAvailable (HttpParser.java:197) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:288) at org.mortbay.jetty.nio.SelectChannelConnector$HttpChannelEndPoint.run(SelectChannelConnector.java:805) at org.mortbay.thread.BoundedThreadPool$PoolThread.run (BoundedThreadPool.java:475)Caused by: wicket.WicketRuntimeException: Already redirecting to 'https://localhost:8443/app'. Cannot redirect more than once at wicket.protocol.http.BufferedWebResponse.redirect (BufferedWebResponse.java:92) at wicket.protocol.http.WebRequestCycle.redirectTo(WebRequestCycle.java:225) at wicket.request.target.component.PageRequestTarget.respond(PageRequestTarget.java:60) at wicket.request.compound.DefaultResponseStrategy.respond (DefaultResponseStrategy.java:49) at wicket.request.compound.AbstractCompoundRequestCycleProcessor.respond(AbstractCompoundRequestCycleProcessor.java:66) at wicket.RequestCycle.respond(RequestCycle.java:905) at wicket.RequestCycle.step(RequestCycle.java:975) ... 23 moreOn 7/6/06, Johan Compagner < [EMAIL PROTECTED]> wrote:Redirect to a full url or use an ExternalLink (pointing to your own site but then with ssl)Do that redirect with a IRequestTarget.I don't know how you do it now but doing a redirect should always be donethrough request targets. johanOn 7/6/06, Joe Toth < [EMAIL PROTECTED]> wrote: How can I implement a way switch over to https?Depending on how the user navigates I need to swich over to https froma form submit. Every time I try a different way to implement thistransparently I receive "Caused by: wicket.WicketRuntimeException:Already redirecting to '/app/Checkout'. Cannot redirect more thanonce"At first I tried to annotate a class with @RequiredSSL and created anew IResponseStrategy that would test if the request was secure, if not, WebResponse.redirect to the https version of the requested url.Second I tried to do the same in the constructor of my Base Class forall my pages and throw an AbortException, but I had the same problem. Any ideas?Also, are there any plans to add a https feature in 2.0 core or extensions?Thanks!Using Tomcat but need to do more? Need to support web services, security?Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___Wicket-user mailing listWicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user Using Tomcat but need to do more? Need to support web services, security?Get stuff done quickly with pre-integrated technology to make your job easierDownload IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___Wicket-user mailing listWicket-user@lists.sourceforge.n
Re: [Wicket-user] SSL
Redirect to a full url or use an ExternalLink (pointing to your own site but then with ssl)Do that redirect with a IRequestTarget.I don't know how you do it now but doing a redirect should always be donethrough request targets. johanOn 7/6/06, Joe Toth <[EMAIL PROTECTED]> wrote: How can I implement a way switch over to https?Depending on how the user navigates I need to swich over to https froma form submit. Every time I try a different way to implement thistransparently I receive "Caused by: wicket.WicketRuntimeException:Already redirecting to '/app/Checkout'. Cannot redirect more thanonce"At first I tried to annotate a class with @RequiredSSL and created anew IResponseStrategy that would test if the request was secure, if not, WebResponse.redirect to the https version of the requested url.Second I tried to do the same in the constructor of my Base Class forall my pages and throw an AbortException, but I had the same problem. Any ideas?Also, are there any plans to add a https feature in 2.0 core or extensions?Thanks!Using Tomcat but need to do more? Need to support web services, security?Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimohttp://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___Wicket-user mailing listWicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
