how about class varsmodel extends abstractreadonlymodel { object getobject() { user currentUser=session.get().getuser(); HashMap<String,Object> vars = new HashMap<String,Object>(); vars.put("password", currentUser.getPassword()); return vars; } }
TextTemplateResourceReference ref = new TextTemplateResourceReference( BasePage.class, "sensitive.js", "text/javascript", new varsmodel()){ @Override public Time lastModifiedTime() { return Time.now(); } }; -igor On Fri, Jan 16, 2009 at 11:09 AM, Trent Larson <larsontr...@gmail.com> wrote: > Yes, it sounds like caching. But it's not my browser: even if someone hits > the page from a totally different computer or another browser, I get the > same results: whatever was served first from that file is stuck, and nobody > ever gets any different result. (If the first browser was not logged in to > the app, then the value is "${password}" for everyone.) Yes, I tested my > cache as you say. > > We've now tested with Tomcat as well, so it's not caching in the app > server. We've also done Linux vs Windows servers, and with and without > Apache in the middle, running from Eclipse and from scripted startup. I'm > fairly sure I'm taking advantage of something in Wicket inadvertently; I've > moved this stuff around into the session and a base page and the page > constructor, and with and without any of the "final" keywords that I had at > the beginning, all to no avail. > > My latest guess is that one of my shortcut methods that call a static method > (eg. Session.get()) is getting the same one every time (though that's a > stretch because all other pages show dynamics data correctly.) It's just > the .js file that's always gives the same result, no matter who hits it and > no matter where they're from. > > BTW, the URL of the .js resource is this: > .../resources/com.max.backoffice.page.BasePage/sensitive.js > > I must have changed something, because I swear it worked a month ago. Erg. > > I'll try any wild ideas. Thanks! > > Trent > > PS: Yes, you're absolutely right about the password security! It hurts me > to even show this as my example. > > > On Thu, Jan 15, 2009 at 5:13 PM, Igor Vaynberg <igor.vaynb...@gmail.com>wrote: > >> sounds like your browser is caching it. >> >> try this: >> >> hit the page >> check the value >> empty browser cache >> refresh the page >> see if the value changed... >> >> >> other then that i hope you know that storing a password in cleartext >> inside a js file might not be the best idea :) >> >> -igor >> >> On Thu, Jan 15, 2009 at 4:02 PM, Trent Larson <larsontr...@gmail.com> >> wrote: >> > Some time ago, I wrote the following code to generate a javascript >> resource >> > with values that are unique to each user. I would have sworn that it >> > worked, and that it would return a different value depending on which >> user >> > was logged in. However, I've just found that it is now always returning >> the >> > same value, whichever value was first retrieved. Any ideas? >> > >> > Here's the javascript file (named "sensitive.js"): >> > >> > function getInfoTraxPassword() { >> > return "${password}"; >> > } >> > >> > >> > >> > Here is the Java code: >> > >> > HashMap<String,Object> vars = new HashMap<String,Object>(); >> > vars.put("password", currentUser.getPassword()); >> > TextTemplateResourceReference ref = >> > new TextTemplateResourceReference( >> > BasePage.class, >> > "sensitive.js", >> > "text/javascript", >> > new Model(vars)){ >> > @Override >> > public Time lastModifiedTime() { return Time.now(); } >> > }; >> > add(new JavaScriptReference("sensitiveJavascript", ref)); >> > >> > >> > I'm including it in the HTML HEAD this way: >> > >> > <script wicket:id="sensitiveJavascript"></script> >> > >> > >> > I'm currently running the Java code inside the Page class, and with my >> > debugger I see it getting the right value as it steps through the code. >> Ask >> > me anything else, I dare you! I swear I've been through every >> combination >> > of logic, but once I hit that javascript file the first time, I can never >> > get any other value for the ${password}. I'm currently using Jetty for >> the >> > app server, with nothing (like Apache) in between. >> > >> > Any brainstorms are welcome. Thanks! >> > Trent >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org