i have no idea. you might want to google it. -igor
On Tue, Jul 28, 2009 at 1:43 AM, Arthur Leigh Allen<arthurleigh.al...@yahoo.de> wrote: > i use my own (graphic) buttons in wicket. > after getting rid of my own code and just using a modified AjaxFallbackButton > with overridden getCallbackUrl() method, > the form was submitted but i could see an error in the error console of > firefox (translated by me): > > security error: content from > http://localhost:8080/projectname/?wicket:interface=:0:2::: is not allowed to > load data from > https://localhost:8443/projectname/?wicket:interface=:0:content:container:areaTop:2:panelTop:container:loginForm:buttonLogin:2:IBehaviorListener:0:&random=0.573852961623538 > > error: uncaught exception: [Exception... "Access to restricted URI denied" > code: "1012" nsresult: "0x805303f4 (NS_ERROR_DOM_BAD_URI)" location: > "http://localhost:8080/projectname/resources/org.apache.wicket.ajax.WicketAjaxReference/wicket-ajax.js > Line: 884"] > > is it about cross domain (http and https) AJAX queries? > > > > > > ________________________________ > Von: Igor Vaynberg <igor.vaynb...@gmail.com> > An: users@wicket.apache.org > Gesendet: Montag, den 27. Juli 2009, 18:24:20 Uhr > Betreff: Re: AW: SSL - ajax login > > hmm, it might be like you said - ajax request with an untrusted cert > might be failing. > > it looks from the console like wicket is trying to hit that url, what > you can do is set a breakpoint in wicketfilter and see if that request > ever reaches the server. > > -igor > > On Mon, Jul 27, 2009 at 4:56 AM, Arthur Leigh > Allen<arthurleigh.al...@yahoo.de> wrote: >> Hi again Igor, >> >> I did the following now: >> I called the website directly with https://localhost:8443/projectname and >> then I performed a login and it worked. >> >> Any idea? >> >> Thx Arthur >> >> >> >> >> ________________________________ >> Von: Igor Vaynberg <igor.vaynb...@gmail.com> >> An: users@wicket.apache.org >> Gesendet: Sonntag, den 26. Juli 2009, 22:22:22 Uhr >> Betreff: Re: AW: SSL - ajax login >> >> the href is not a problem; you seeing # appended to the end of the url >> is the correct behavior. what should have happened was the ajax call >> to that https url in the background. >> >> so what you should be looking into is why the ajax call with that >> https url was never made or response from it not processed, since we >> know the url itself works - because you pasted it into the browser and >> it worked. maybe wicket ajax console can give you a clue, firebug also >> has facilities that let you monitor requests being made. you should >> see a call to that https url when you click the link. >> >> -igor >> >> On Sun, Jul 26, 2009 at 1:15 PM, Arthur Leigh >> Allen<arthurleigh.al...@yahoo.de> wrote: >>> Hi Igor, >>> >>> I used Firebug to have a look at the onClick event. >>> I've inspected two links, one usual ajax link and one for the ssl login. >>> >>> ---- >>> >>> Regarding the first link: >>> href="?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:linkForgotLogin:container:link::ILinkListener::" >>> >>> onClick="var >>> wcall=wicketAjaxGet('?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:linkForgotLogin:container:link::IBehaviorListener:0:',null,null, >>> function() {return Wicket.$('link141') != null;}.bind(this));return >>> !wcall;" >>> >>> ---- >>> >>> Regarding the ssl login link: >>> href="#" >>> >>> onClick="var wcall=wicketSubmitFormById('loginForm13b', >>> 'https://localhost:8443/projectname/?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:buttonLogin:container:link::IActivePageBehaviorListener:0:&wicket:ignoreIfNotActive=true', >>> 'buttonLogin:container:link' ,null,null, function() {return >>> Wicket.$$(this)&&Wicket.$$('loginForm13b')}.bind(this));;; return false;" >>> >>> ---- >>> >>> I clicked on the ssl login link and the page jumped to the anchor # but the >>> form is not submitted. The symbol # was appended to the address bar of the >>> browser. >>> I copied the url in the onClick event and entered it manually in the >>> address bar of my browser. The xml code for the ajax response was shown in >>> the browser - as known from wicket ajax debug. >>> >>> I guess the problem is the href attribute. I would expect to see an url >>> like >>> https://localhost:8443/projectname/wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:buttonLogin:container:link:: >>> [etc.] >>> >>> Do you have any idea how I can solve the problem? >>> >>> Thx, >>> Arthur >>> >>> >>> >>> >>> >>> >>> >>> ________________________________ >>> Von: Igor Vaynberg <igor.vaynb...@gmail.com> >>> An: users@wicket.apache.org >>> Gesendet: Freitag, den 24. Juli 2009, 21:51:48 Uhr >>> Betreff: Re: AW: SSL - ajax login >>> >>> whatever url you see when hovering over the link is not the url used >>> for ajax - not necessarily. you should inspect the onclick handlers. >>> >>> -igor >>> >>> On Fri, Jul 24, 2009 at 12:20 PM, Arthur Leigh >>> Allen<arthurleigh.al...@yahoo.de> wrote: >>>> no, sorry... the url is not changing to http://locahost:8080/projectname/# >>>> but when I hold the mouse pointer over the link, I see the url in the >>>> status bar. When I hold the mouse pointer over other links, I see very >>>> long urls a la >>>> http://localhost:8080/projectname/;jsessionid=....wicket:interface..... >>>> >>>> But as you suggested, I'll debug the javascript to see the url >>>> modifications. >>>> Thank you for your support Igor! >>>> >>>> Have a nice weekend. >>>> Greetz, Arthur >>>> >>>> >>>> >>>> ________________________________ >>>> Von: Igor Vaynberg <igor.vaynb...@gmail.com> >>>> An: users@wicket.apache.org >>>> Gesendet: Freitag, den 24. Juli 2009, 17:30:27 Uhr >>>> Betreff: Re: AW: SSL - ajax login >>>> >>>> no, i havent tried it myself. i never had to do an ajax login. >>>> >>>> the url in the browser changes to http://locahost:8080/projectname/# ? >>>> thats fine. the main part is what the actual ajax url is used - you >>>> wont see that in the browser's bar. i suggest you use firebug or >>>> something similar to walk the javascript and see why your *ajax* url >>>> is being mangled. >>>> >>>> obviously if you return just "https://localhost:8443/projectname"; that >>>> will not work because that doesnt have the listener interface target >>>> that will hit the behavior in your button. >>>> >>>> -igor >>>> >>>> >>>> On Fri, Jul 24, 2009 at 2:19 AM, Arthur Leigh >>>> Allen<arthurleigh.al...@yahoo.de> wrote: >>>>> Hi Igor, >>>>> >>>>> I tried to do it as simple as possible so I returned >>>>> https://localhost:8443/projectname in the overridden method >>>>> getCallbackUrl of AjaxFormSubmitBehavior. The result was the same. The >>>>> link pointed to the url http://locahost:8080/projectname/#. It seems to >>>>> me that only relative pathes can be returned, else the standard url will >>>>> be used. >>>>> >>>>> I wanted to understand how the given url is used in wicket. I found the >>>>> method wicketAjaxGet in wicket-ajax.js. There the url is passed to >>>>> Wicket.Ajax.Call(...). I couldn't trace the call deeper because I >>>>> couldn't find Call() in any javascript file. >>>>> >>>>> Have you tried it yourself Igor? Does it work? >>>>> I'm using wicket 1.3.5. Does it depend on the version I use? >>>>> >>>>> Is there a different entry point to manipulate the url for ajax calls? >>>>> >>>>> Thx again >>>>> Arthur >>>>> >>>>> >>>>> >>>>> ________________________________ >>>>> Von: Igor Vaynberg <igor.vaynb...@gmail.com> >>>>> An: users@wicket.apache.org >>>>> Gesendet: Donnerstag, den 23. Juli 2009, 16:37:22 Uhr >>>>> Betreff: Re: AW: SSL - ajax login >>>>> >>>>> javascript invokes the url you give it, so it looked like it should >>>>> work. you might have to trace deeper to see whats going on. >>>>> >>>>> -igor >>>>> >>>>> On Thu, Jul 23, 2009 at 4:41 AM, Arthur Leigh >>>>> Allen<arthurleigh.al...@yahoo.de> wrote: >>>>>> Hi Igor, >>>>>> >>>>>> I did it as you said. >>>>>> I took the code from AjaxFallbackButton and I copied it to an own class. >>>>>> In the constructor I overwrite the getCallbackUrl() method of the >>>>>> AjaxFormSubmitBehavior. >>>>>> I added the value https://localhost:8443/projectname/ as a prefix to >>>>>> super.getCallbackUrl(). >>>>>> By the way: getCallbackUrl() returns a long relative url beginning with >>>>>> ";sessionid". >>>>>> So my url is https://localhost:8443/projectname/;sessionid... >>>>>> >>>>>> When starting tomcat and accessing the website, the url wasn't applied. >>>>>> When clicking the link, the url http://localhost:8080/projectname/# was >>>>>> called. >>>>>> I believe it's the wrong place to manipulate the url. Maybe it is >>>>>> expected to return a relative path >>>>>> beginning with ";sessionid". That url is maybe manipulated at a >>>>>> different place, so in my case the >>>>>> end result would be >>>>>> http://localhost:8080/projectname/https://localhost:8443/projectname/;sessionid. >>>>>> That would result in an error and maybe >>>>>> http://localhost:8080/projectname/# is used therefore. >>>>>> >>>>>> Am I wrong? >>>>>> >>>>>> Thx >>>>>> Arthur >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> ________________________________ >>>>>> Von: Igor Vaynberg <igor.vaynb...@gmail.com> >>>>>> An: users@wicket.apache.org >>>>>> Gesendet: Mittwoch, den 22. Juli 2009, 18:31:27 Uhr >>>>>> Betreff: Re: AW: SSL - ajax login >>>>>> >>>>>> ah, i thought i replied already because i looked into this yesterday. >>>>>> >>>>>> you will have to roll your own button. i would recommend looking at >>>>>> the sourcecode of the default button. when you add the >>>>>> formsubmitbehavior in your button you can override getcallbackurl() >>>>>> and append https to it. >>>>>> >>>>>> -igor >>>>>> >>>>>> On Wed, Jul 22, 2009 at 2:37 AM, Arthur Leigh >>>>>> Allen<arthurleigh.al...@yahoo.de> wrote: >>>>>>> Hi again, >>>>>>> >>>>>>> I need to know if it's possible to switch to SSL via button or form. >>>>>>> Otherwise I have to switch back to wicket 1.3.5. I'm in hurry because >>>>>>> we will go online within the next 10-14 days. >>>>>>> >>>>>>> Can anyone give me a prompt answer please? >>>>>>> >>>>>>> Thx & Best regards >>>>>>> Arthur >>>>>>> >>>>>>> >>>>>>> >>>>>>> ________________________________ >>>>>>> Von: Arthur Leigh Allen <arthurleigh.al...@yahoo.de> >>>>>>> An: users@wicket.apache.org >>>>>>> Gesendet: Dienstag, den 21. Juli 2009, 19:18:18 Uhr >>>>>>> Betreff: AW: SSL - ajax login >>>>>>> >>>>>>> Hello Igor, >>>>>>> >>>>>>> thanks for your early reply. >>>>>>> Yes, my login form is submitted via ajax. >>>>>>> >>>>>>> public class BasePage { >>>>>>> >>>>>>> public void switchViaAjax(...) { ... } >>>>>>> public void navigateViaAjax(...) { ... } >>>>>>> >>>>>>> } >>>>>>> >>>>>>> @RequireHttps >>>>>>> public class SSLForm extends Form { ... } >>>>>>> >>>>>>> public class LoginPanel { >>>>>>> >>>>>>> public LoginPanel() { ... } >>>>>>> >>>>>>> public create() { >>>>>>> SSLForm form = new SSLForm("loginForm"); >>>>>>> form.add(username); >>>>>>> form.add(password); >>>>>>> >>>>>>> AjaxFallbackButton loginButton = new >>>>>>> AjaxFallbackButton("loginButton", form) { >>>>>>> protected void onSubmit(AjaxRequestTarget target, Form >>>>>>> form) { >>>>>>> // perform login => login is done via http >>>>>>> } >>>>>>> } >>>>>>> } >>>>>>> } >>>>>>> >>>>>>> As you said @RequireSSL is for pages. >>>>>>> Do you have any idea how I can remove @RequireHttps from the top of my >>>>>>> BasePage and switch to https on login? >>>>>>> Currently I think the only way to provide a ssl ajax call is to >>>>>>> show the base page via ssl as a starting basis. >>>>>>> >>>>>>> Therefore I have to use @RequireSSL on the BasePage but that means >>>>>>> every communication is done via ssl >>>>>>> and that means more server ballast and a slower page refresh. >>>>>>> >>>>>>> Greetings >>>>>>> Arthur >>>>>>> >>>>>>> >>>>>>> >>>>>>> ________________________________ >>>>>>> Von: Igor Vaynberg <igor.vaynb...@gmail.com> >>>>>>> An: users@wicket.apache.org >>>>>>> Gesendet: Dienstag, den 21. Juli 2009, 18:08:48 Uhr >>>>>>> Betreff: Re: SSL - ajax login >>>>>>> >>>>>>> @RequreHttps is meant to be a page-level feature, so it doesnt fit your >>>>>>> usecase. >>>>>>> >>>>>>> is your login form submitted via ajax? >>>>>>> >>>>>>> show us the code to sslform, your login form - making sure to include >>>>>>> the code to the component that submits it. >>>>>>> >>>>>>> -igor >>>>>>> >>>>>>> On Tue, Jul 21, 2009 at 8:34 AM, Arthur Leigh >>>>>>> Allen<arthurleigh.al...@yahoo.de> wrote: >>>>>>>> Hello folks, >>>>>>>> >>>>>>>> I'm using wicket 1.4 RC7 now and I have a question regarding the usage >>>>>>>> of ssl. >>>>>>>> I use the HttpsRequestCycleProcessor with the annotation @RequireHttps. >>>>>>>> >>>>>>>> Imagine the following case like it is realized on different sites like >>>>>>>> web.de or gmx.de as well as xing.com. >>>>>>>> The first call will result in a http url. If you enter your login name >>>>>>>> and your password and submit the form, >>>>>>>> then the form will be send via https. >>>>>>>> >>>>>>>> I only have one page. Everything on my page is exchanged via ajax. The >>>>>>>> login is also done via ajax. >>>>>>>> Currently I use the annotation above for my BasePage but from the >>>>>>>> first call, the whole communication >>>>>>>> is done with ssl. >>>>>>>> >>>>>>>> What I would like to realize is: Using the @RequireHttps annotation on >>>>>>>> forms or submit buttons. >>>>>>>> I implemented an own SSLForm class extending the wicket form class >>>>>>>> with the annotation. >>>>>>>> But when I use the SSLForm for my login, the communication is done >>>>>>>> without ssl. >>>>>>>> I would like to use my page via http, but the ajax login should be >>>>>>>> done with ssl. >>>>>>>> >>>>>>>> The only thing I can do now is: >>>>>>>> -page completely with ssl >>>>>>>> -page completely without ssl >>>>>>>> >>>>>>>> I would appreciate any help. >>>>>>>> >>>>>>>> Best regards, >>>>>>>> Arthur >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> --------------------------------------------------------------------- >>>>>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>>>>>> For additional commands, e-mail: users-h...@wicket.apache.org >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> --------------------------------------------------------------------- >>>>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>>>>> For additional commands, e-mail: users-h...@wicket.apache.org >>>>>> >>>>>> >>>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>>>> For additional commands, e-mail: users-h...@wicket.apache.org >>>>> >>>>> >>>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>>> For additional commands, e-mail: users-h...@wicket.apache.org >>>> >>>> >>>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>> For additional commands, e-mail: users-h...@wicket.apache.org >>> >>> >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
