Answers inline. -- Jeremy Thomerson http://www.wickettraining.com
On Fri, Oct 23, 2009 at 3:48 AM, Lester Chua <[email protected]> wrote: > Hi, > > I've read the preliminary materials on the site and I'm also reading > Manning's Wicket in Action. I like Wicket's programming model a lot and is > considering my next project using wicket. But before that I am doing an > evaluation project to convert an part of an existing application using > wicket. > > Question1: > Applications that I work with typically feature girds. My past approach had > been to use ExtJS+JSON Servlets and more recently JQuery+DWR. Although we > are quite productive, my main gripe was that there are too much work done > wiring HTML and Server Side (which is why I much prefer Wicket's approach). > > Is there a robust implementation on Wicket that I can use that offers > similar functionality to things like Ext's grids or JqGrid? Or must I create > my own grid component from scratch in Wicket? I can't seem to find it? > > I think the Inmethod Grid is the most robust grid implementation available for Wicket. Check it out. > Question 2: > In my environment, security is the most important issue. In fact a proxy > server sits between users and the servers, it changes requests ips and make > it look like all requests originate from some ip addresses (this hits the > web layer). Will this interfere with Wicket's state management? Sorry I'm > very new to Wicket and may be asking a silly question, apologies if this has > been answered on the wiki. > > Wicket relies on the servlet container for sessions - the servlet container uses jsessionid cookies just like any other servlet. So, no, IPs will not effect Wicket sessions. > Question 3: > DWR prevent XSS on Ajax exploits by implementing secret-key mechanism. Is > there a similar implementation in Wicket? Is there any best practice or > techniques that we should use to avoid inadvertently exposing our ajax code > to hijacking? > > It's very hard to hijack Wicket URLs at all (ajax or not) because they are all session relative. Especially ajax URLs are not action oriented (i.e. /posts/delete?id=foo) but are session path oriented. > Thanks in advance. > > Lester > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
