how about
class varsmodel extends abstractreadonlymodel {
object getobject() {
user currentUser=session.get().getuser();
HashMap<String,Object> vars = new HashMap<String,Object>();
vars.put("password", currentUser.getPassword());
return vars;
}
}
TextTemplateResourceReference ref =
new TextTemplateResourceReference(
BasePage.class,
"sensitive.js",
"text/javascript",
new varsmodel()){
@Override
public Time lastModifiedTime() { return Time.now(); }
};
-igor
On Fri, Jan 16, 2009 at 11:09 AM, Trent Larson <larsontr...@gmail.com> wrote:
> Yes, it sounds like caching. But it's not my browser: even if someone hits
> the page from a totally different computer or another browser, I get the
> same results: whatever was served first from that file is stuck, and nobody
> ever gets any different result. (If the first browser was not logged in to
> the app, then the value is "${password}" for everyone.) Yes, I tested my
> cache as you say.
>
> We've now tested with Tomcat as well, so it's not caching in the app
> server. We've also done Linux vs Windows servers, and with and without
> Apache in the middle, running from Eclipse and from scripted startup. I'm
> fairly sure I'm taking advantage of something in Wicket inadvertently; I've
> moved this stuff around into the session and a base page and the page
> constructor, and with and without any of the "final" keywords that I had at
> the beginning, all to no avail.
>
> My latest guess is that one of my shortcut methods that call a static method
> (eg. Session.get()) is getting the same one every time (though that's a
> stretch because all other pages show dynamics data correctly.) It's just
> the .js file that's always gives the same result, no matter who hits it and
> no matter where they're from.
>
> BTW, the URL of the .js resource is this:
> .../resources/com.max.backoffice.page.BasePage/sensitive.js
>
> I must have changed something, because I swear it worked a month ago. Erg.
>
> I'll try any wild ideas. Thanks!
>
> Trent
>
> PS: Yes, you're absolutely right about the password security! It hurts me
> to even show this as my example.
>
>
> On Thu, Jan 15, 2009 at 5:13 PM, Igor Vaynberg <igor.vaynb...@gmail.com>wrote:
>
>> sounds like your browser is caching it.
>>
>> try this:
>>
>> hit the page
>> check the value
>> empty browser cache
>> refresh the page
>> see if the value changed...
>>
>>
>> other then that i hope you know that storing a password in cleartext
>> inside a js file might not be the best idea :)
>>
>> -igor
>>
>> On Thu, Jan 15, 2009 at 4:02 PM, Trent Larson <larsontr...@gmail.com>
>> wrote:
>> > Some time ago, I wrote the following code to generate a javascript
>> resource
>> > with values that are unique to each user. I would have sworn that it
>> > worked, and that it would return a different value depending on which
>> user
>> > was logged in. However, I've just found that it is now always returning
>> the
>> > same value, whichever value was first retrieved. Any ideas?
>> >
>> > Here's the javascript file (named "sensitive.js"):
>> >
>> > function getInfoTraxPassword() {
>> > return "${password}";
>> > }
>> >
>> >
>> >
>> > Here is the Java code:
>> >
>> > HashMap<String,Object> vars = new HashMap<String,Object>();
>> > vars.put("password", currentUser.getPassword());
>> > TextTemplateResourceReference ref =
>> > new TextTemplateResourceReference(
>> > BasePage.class,
>> > "sensitive.js",
>> > "text/javascript",
>> > new Model(vars)){
>> > @Override
>> > public Time lastModifiedTime() { return Time.now(); }
>> > };
>> > add(new JavaScriptReference("sensitiveJavascript", ref));
>> >
>> >
>> > I'm including it in the HTML HEAD this way:
>> >
>> > <script wicket:id="sensitiveJavascript"></script>
>> >
>> >
>> > I'm currently running the Java code inside the Page class, and with my
>> > debugger I see it getting the right value as it steps through the code.
>> Ask
>> > me anything else, I dare you! I swear I've been through every
>> combination
>> > of logic, but once I hit that javascript file the first time, I can never
>> > get any other value for the ${password}. I'm currently using Jetty for
>> the
>> > app server, with nothing (like Apache) in between.
>> >
>> > Any brainstorms are welcome. Thanks!
>> > Trent
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>> For additional commands, e-mail: users-h...@wicket.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
