i use my own (graphic) buttons in wicket. after getting rid of my own code and just using a modified AjaxFallbackButton with overridden getCallbackUrl() method, the form was submitted but i could see an error in the error console of firefox (translated by me):
security error: content from http://localhost:8080/projectname/?wicket:interface=:0:2::: is not allowed to load data from https://localhost:8443/projectname/?wicket:interface=:0:content:container:areaTop:2:panelTop:container:loginForm:buttonLogin:2:IBehaviorListener:0:&random=0.573852961623538 error: uncaught exception: [Exception... "Access to restricted URI denied" code: "1012" nsresult: "0x805303f4 (NS_ERROR_DOM_BAD_URI)" location: "http://localhost:8080/projectname/resources/org.apache.wicket.ajax.WicketAjaxReference/wicket-ajax.js Line: 884"] is it about cross domain (http and https) AJAX queries? ________________________________ Von: Igor Vaynberg <igor.vaynb...@gmail.com> An: users@wicket.apache.org Gesendet: Montag, den 27. Juli 2009, 18:24:20 Uhr Betreff: Re: AW: SSL - ajax login hmm, it might be like you said - ajax request with an untrusted cert might be failing. it looks from the console like wicket is trying to hit that url, what you can do is set a breakpoint in wicketfilter and see if that request ever reaches the server. -igor On Mon, Jul 27, 2009 at 4:56 AM, Arthur Leigh Allen<arthurleigh.al...@yahoo.de> wrote: > Hi again Igor, > > I did the following now: > I called the website directly with https://localhost:8443/projectname and > then I performed a login and it worked. > > Any idea? > > Thx Arthur > > > > > ________________________________ > Von: Igor Vaynberg <igor.vaynb...@gmail.com> > An: users@wicket.apache.org > Gesendet: Sonntag, den 26. Juli 2009, 22:22:22 Uhr > Betreff: Re: AW: SSL - ajax login > > the href is not a problem; you seeing # appended to the end of the url > is the correct behavior. what should have happened was the ajax call > to that https url in the background. > > so what you should be looking into is why the ajax call with that > https url was never made or response from it not processed, since we > know the url itself works - because you pasted it into the browser and > it worked. maybe wicket ajax console can give you a clue, firebug also > has facilities that let you monitor requests being made. you should > see a call to that https url when you click the link. > > -igor > > On Sun, Jul 26, 2009 at 1:15 PM, Arthur Leigh > Allen<arthurleigh.al...@yahoo.de> wrote: >> Hi Igor, >> >> I used Firebug to have a look at the onClick event. >> I've inspected two links, one usual ajax link and one for the ssl login. >> >> ---- >> >> Regarding the first link: >> href="?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:linkForgotLogin:container:link::ILinkListener::" >> >> onClick="var >> wcall=wicketAjaxGet('?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:linkForgotLogin:container:link::IBehaviorListener:0:',null,null, >> function() {return Wicket.$('link141') != null;}.bind(this));return !wcall;" >> >> ---- >> >> Regarding the ssl login link: >> href="#" >> >> onClick="var wcall=wicketSubmitFormById('loginForm13b', >> 'https://localhost:8443/projectname/?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:buttonLogin:container:link::IActivePageBehaviorListener:0:&wicket:ignoreIfNotActive=true', >> 'buttonLogin:container:link' ,null,null, function() {return >> Wicket.$$(this)&&Wicket.$$('loginForm13b')}.bind(this));;; return false;" >> >> ---- >> >> I clicked on the ssl login link and the page jumped to the anchor # but the >> form is not submitted. The symbol # was appended to the address bar of the >> browser. >> I copied the url in the onClick event and entered it manually in the address >> bar of my browser. The xml code for the ajax response was shown in the >> browser - as known from wicket ajax debug. >> >> I guess the problem is the href attribute. I would expect to see an url like >> https://localhost:8443/projectname/wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:buttonLogin:container:link:: >> [etc.] >> >> Do you have any idea how I can solve the problem? >> >> Thx, >> Arthur >> >> >> >> >> >> >> >> ________________________________ >> Von: Igor Vaynberg <igor.vaynb...@gmail.com> >> An: users@wicket.apache.org >> Gesendet: Freitag, den 24. Juli 2009, 21:51:48 Uhr >> Betreff: Re: AW: SSL - ajax login >> >> whatever url you see when hovering over the link is not the url used >> for ajax - not necessarily. you should inspect the onclick handlers. >> >> -igor >> >> On Fri, Jul 24, 2009 at 12:20 PM, Arthur Leigh >> Allen<arthurleigh.al...@yahoo.de> wrote: >>> no, sorry... the url is not changing to http://locahost:8080/projectname/# >>> but when I hold the mouse pointer over the link, I see the url in the >>> status bar. When I hold the mouse pointer over other links, I see very long >>> urls a la >>> http://localhost:8080/projectname/;jsessionid=....wicket:interface..... >>> >>> But as you suggested, I'll debug the javascript to see the url >>> modifications. >>> Thank you for your support Igor! >>> >>> Have a nice weekend. >>> Greetz, Arthur >>> >>> >>> >>> ________________________________ >>> Von: Igor Vaynberg <igor.vaynb...@gmail.com> >>> An: users@wicket.apache.org >>> Gesendet: Freitag, den 24. Juli 2009, 17:30:27 Uhr >>> Betreff: Re: AW: SSL - ajax login >>> >>> no, i havent tried it myself. i never had to do an ajax login. >>> >>> the url in the browser changes to http://locahost:8080/projectname/# ? >>> thats fine. the main part is what the actual ajax url is used - you >>> wont see that in the browser's bar. i suggest you use firebug or >>> something similar to walk the javascript and see why your *ajax* url >>> is being mangled. >>> >>> obviously if you return just "https://localhost:8443/projectname"; that >>> will not work because that doesnt have the listener interface target >>> that will hit the behavior in your button. >>> >>> -igor >>> >>> >>> On Fri, Jul 24, 2009 at 2:19 AM, Arthur Leigh >>> Allen<arthurleigh.al...@yahoo.de> wrote: >>>> Hi Igor, >>>> >>>> I tried to do it as simple as possible so I returned >>>> https://localhost:8443/projectname in the overridden method getCallbackUrl >>>> of AjaxFormSubmitBehavior. The result was the same. The link pointed to >>>> the url http://locahost:8080/projectname/#. It seems to me that only >>>> relative pathes can be returned, else the standard url will be used. >>>> >>>> I wanted to understand how the given url is used in wicket. I found the >>>> method wicketAjaxGet in wicket-ajax.js. There the url is passed to >>>> Wicket.Ajax.Call(...). I couldn't trace the call deeper because I couldn't >>>> find Call() in any javascript file. >>>> >>>> Have you tried it yourself Igor? Does it work? >>>> I'm using wicket 1.3.5. Does it depend on the version I use? >>>> >>>> Is there a different entry point to manipulate the url for ajax calls? >>>> >>>> Thx again >>>> Arthur >>>> >>>> >>>> >>>> ________________________________ >>>> Von: Igor Vaynberg <igor.vaynb...@gmail.com> >>>> An: users@wicket.apache.org >>>> Gesendet: Donnerstag, den 23. Juli 2009, 16:37:22 Uhr >>>> Betreff: Re: AW: SSL - ajax login >>>> >>>> javascript invokes the url you give it, so it looked like it should >>>> work. you might have to trace deeper to see whats going on. >>>> >>>> -igor >>>> >>>> On Thu, Jul 23, 2009 at 4:41 AM, Arthur Leigh >>>> Allen<arthurleigh.al...@yahoo.de> wrote: >>>>> Hi Igor, >>>>> >>>>> I did it as you said. >>>>> I took the code from AjaxFallbackButton and I copied it to an own class. >>>>> In the constructor I overwrite the getCallbackUrl() method of the >>>>> AjaxFormSubmitBehavior. >>>>> I added the value https://localhost:8443/projectname/ as a prefix to >>>>> super.getCallbackUrl(). >>>>> By the way: getCallbackUrl() returns a long relative url beginning with >>>>> ";sessionid". >>>>> So my url is https://localhost:8443/projectname/;sessionid... >>>>> >>>>> When starting tomcat and accessing the website, the url wasn't applied. >>>>> When clicking the link, the url http://localhost:8080/projectname/# was >>>>> called. >>>>> I believe it's the wrong place to manipulate the url. Maybe it is >>>>> expected to return a relative path >>>>> beginning with ";sessionid". That url is maybe manipulated at a different >>>>> place, so in my case the >>>>> end result would be >>>>> http://localhost:8080/projectname/https://localhost:8443/projectname/;sessionid. >>>>> That would result in an error and maybe >>>>> http://localhost:8080/projectname/# is used therefore. >>>>> >>>>> Am I wrong? >>>>> >>>>> Thx >>>>> Arthur >>>>> >>>>> >>>>> >>>>> >>>>> ________________________________ >>>>> Von: Igor Vaynberg <igor.vaynb...@gmail.com> >>>>> An: users@wicket.apache.org >>>>> Gesendet: Mittwoch, den 22. Juli 2009, 18:31:27 Uhr >>>>> Betreff: Re: AW: SSL - ajax login >>>>> >>>>> ah, i thought i replied already because i looked into this yesterday. >>>>> >>>>> you will have to roll your own button. i would recommend looking at >>>>> the sourcecode of the default button. when you add the >>>>> formsubmitbehavior in your button you can override getcallbackurl() >>>>> and append https to it. >>>>> >>>>> -igor >>>>> >>>>> On Wed, Jul 22, 2009 at 2:37 AM, Arthur Leigh >>>>> Allen<arthurleigh.al...@yahoo.de> wrote: >>>>>> Hi again, >>>>>> >>>>>> I need to know if it's possible to switch to SSL via button or form. >>>>>> Otherwise I have to switch back to wicket 1.3.5. I'm in hurry because >>>>>> we will go online within the next 10-14 days. >>>>>> >>>>>> Can anyone give me a prompt answer please? >>>>>> >>>>>> Thx & Best regards >>>>>> Arthur >>>>>> >>>>>> >>>>>> >>>>>> ________________________________ >>>>>> Von: Arthur Leigh Allen <arthurleigh.al...@yahoo.de> >>>>>> An: users@wicket.apache.org >>>>>> Gesendet: Dienstag, den 21. Juli 2009, 19:18:18 Uhr >>>>>> Betreff: AW: SSL - ajax login >>>>>> >>>>>> Hello Igor, >>>>>> >>>>>> thanks for your early reply. >>>>>> Yes, my login form is submitted via ajax. >>>>>> >>>>>> public class BasePage { >>>>>> >>>>>> public void switchViaAjax(...) { ... } >>>>>> public void navigateViaAjax(...) { ... } >>>>>> >>>>>> } >>>>>> >>>>>> @RequireHttps >>>>>> public class SSLForm extends Form { ... } >>>>>> >>>>>> public class LoginPanel { >>>>>> >>>>>> public LoginPanel() { ... } >>>>>> >>>>>> public create() { >>>>>> SSLForm form = new SSLForm("loginForm"); >>>>>> form.add(username); >>>>>> form.add(password); >>>>>> >>>>>> AjaxFallbackButton loginButton = new >>>>>> AjaxFallbackButton("loginButton", form) { >>>>>> protected void onSubmit(AjaxRequestTarget target, Form form) >>>>>> { >>>>>> // perform login => login is done via http >>>>>> } >>>>>> } >>>>>> } >>>>>> } >>>>>> >>>>>> As you said @RequireSSL is for pages. >>>>>> Do you have any idea how I can remove @RequireHttps from the top of my >>>>>> BasePage and switch to https on login? >>>>>> Currently I think the only way to provide a ssl ajax call is to show the >>>>>> base page via ssl as a starting basis. >>>>>> >>>>>> Therefore I have to use @RequireSSL on the BasePage but that means every >>>>>> communication is done via ssl >>>>>> and that means more server ballast and a slower page refresh. >>>>>> >>>>>> Greetings >>>>>> Arthur >>>>>> >>>>>> >>>>>> >>>>>> ________________________________ >>>>>> Von: Igor Vaynberg <igor.vaynb...@gmail.com> >>>>>> An: users@wicket.apache.org >>>>>> Gesendet: Dienstag, den 21. Juli 2009, 18:08:48 Uhr >>>>>> Betreff: Re: SSL - ajax login >>>>>> >>>>>> @RequreHttps is meant to be a page-level feature, so it doesnt fit your >>>>>> usecase. >>>>>> >>>>>> is your login form submitted via ajax? >>>>>> >>>>>> show us the code to sslform, your login form - making sure to include >>>>>> the code to the component that submits it. >>>>>> >>>>>> -igor >>>>>> >>>>>> On Tue, Jul 21, 2009 at 8:34 AM, Arthur Leigh >>>>>> Allen<arthurleigh.al...@yahoo.de> wrote: >>>>>>> Hello folks, >>>>>>> >>>>>>> I'm using wicket 1.4 RC7 now and I have a question regarding the usage >>>>>>> of ssl. >>>>>>> I use the HttpsRequestCycleProcessor with the annotation @RequireHttps. >>>>>>> >>>>>>> Imagine the following case like it is realized on different sites like >>>>>>> web.de or gmx.de as well as xing.com. >>>>>>> The first call will result in a http url. If you enter your login name >>>>>>> and your password and submit the form, >>>>>>> then the form will be send via https. >>>>>>> >>>>>>> I only have one page. Everything on my page is exchanged via ajax. The >>>>>>> login is also done via ajax. >>>>>>> Currently I use the annotation above for my BasePage but from the first >>>>>>> call, the whole communication >>>>>>> is done with ssl. >>>>>>> >>>>>>> What I would like to realize is: Using the @RequireHttps annotation on >>>>>>> forms or submit buttons. >>>>>>> I implemented an own SSLForm class extending the wicket form class with >>>>>>> the annotation. >>>>>>> But when I use the SSLForm for my login, the communication is done >>>>>>> without ssl. >>>>>>> I would like to use my page via http, but the ajax login should be done >>>>>>> with ssl. >>>>>>> >>>>>>> The only thing I can do now is: >>>>>>> -page completely with ssl >>>>>>> -page completely without ssl >>>>>>> >>>>>>> I would appreciate any help. >>>>>>> >>>>>>> Best regards, >>>>>>> Arthur >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> --------------------------------------------------------------------- >>>>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>>>>> For additional commands, e-mail: users-h...@wicket.apache.org >>>>>> >>>>>> >>>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>>>> For additional commands, e-mail: users-h...@wicket.apache.org >>>>> >>>>> >>>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>>> For additional commands, e-mail: users-h...@wicket.apache.org >>>> >>>> >>>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>> For additional commands, e-mail: users-h...@wicket.apache.org >>> >>> >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
