When you write it out with oncomponenttagbody it's not part of the
component hierarchy, it's just rendered markup.
Once the form is submitted, you can retrieve the value using the servlet
API.
What behavior would you want to add on top ?
Maarten
On Tue, May 26, 2009 at 12:17 PM, Jörn Zaefferer <
joern.zaeffe...@googlemail.com> wrote:
> How is that going the fix the problem? I'd end up with markup, but no
> behaviour on top of it.
>
> Jörn
>
> On Mon, May 25, 2009 at 5:52 PM, Igor Vaynberg <igor.vaynb...@gmail.com>
> wrote:
> > right, so remove that code since you have replaced that component with
> > pure markup.
> >
> > -igor
> >
> > On Mon, May 25, 2009 at 8:48 AM, Jörn Zaefferer
> > <joern.zaeffe...@googlemail.com> wrote:
> >> That was the idea. But Wicket still can't find the component markup
> >> when looking for it. The form adds this elsewhere:
> >>
> >> add(new HiddenField<String>("csrf-protection", new
> >> Model<String>(csrfProtection())).setRequired(true).add(new
> >> IValidator<String>() {
> >> public void validate(IValidatable<String> validatable) {
> >> log.warn("potential csrf attack, submitted value: " +
> >> validatable.getValue() + ", expected: " + csrfProtection());
> >> validatable.error(new ValidationError().setMessage("wrong
> csrf
> >> protection cookie"));
> >> }
> >> }));
> >>
> >> Jörn
> >>
> >> On Mon, May 25, 2009 at 5:44 PM, Igor Vaynberg <igor.vaynb...@gmail.com>
> wrote:
> >>> if you write it out in oncomponenttagbody then you dont need it in the
> >>> markupo anymore.
> >>>
> >>> -igor
> >>>
> >>> On Mon, May 25, 2009 at 6:32 AM, Jörn Zaefferer
> >>> <joern.zaeffe...@googlemail.com> wrote:
> >>>> Hi,
> >>>>
> >>>> my application uses a form subclass everywhere for CSRF protection.
> >>>> Each form needs a hidden field like this: <input type="hidden"
> >>>> wicket:id="csrf-protection" />
> >>>> The wicket component for that is added by the form subclass
> >>>> (SecureForm) which all other forms in the application extend.
> >>>>
> >>>> Currently each form has to include that markup somewhere, producing a
> >>>> lot of duplication.
> >>>>
> >>>> I'm looking for a way to get rid of that duplication. An approach I'm
> >>>> currently investigating is to generate the markup, similar to how Form
> >>>> genrates a hidden input it its onComponentTagBody:
> >>>>
> >>>> @Override
> >>>> protected void onComponentTagBody(MarkupStream markupStream,
> >>>> ComponentTag openTag) {
> >>>> String nameAndId = get("csrf-protection").getId();
> >>>> AppendingStringBuffer buffer = new AppendingStringBuffer(
> >>>> "<input type=\"hidden\" name=\"").append(nameAndId).append("\"
> />");
> >>>> getResponse().write(buffer);
> >>>> super.onComponentTagBody(markupStream, openTag);
> >>>> }
> >>>>
> >>>> That doesn't work, Wicket throws an exception of a missing reference
> >>>> in markup anyway. Likely because this just writes to the response, not
> >>>> extending the markup.
> >>>> I also don't see any way to achieve this via MarkupStream or
> ComponentTag.
> >>>>
> >>>> Any ideas?
> >>>>
> >>>> Regards
> >>>> Jörn Zaefferer
> >>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> >>>> For additional commands, e-mail: users-h...@wicket.apache.org
> >>>>
> >>>>
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> >>> For additional commands, e-mail: users-h...@wicket.apache.org
> >>>
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> >> For additional commands, e-mail: users-h...@wicket.apache.org
> >>
> >>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> > For additional commands, e-mail: users-h...@wicket.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>
