I was just looking around for my dunce cap after noticing this little gotcha
- and I thought of this forum instead to share my moment of
not-so-brilliance:
public LoginForm(final String id) {
... other stuff ...
add(new FormComponentFeedbackBorder("user.feedback").add(new
TextField("user").setRequired(true)));
passwordField = new PasswordTextField("password");
passwordField.setRequired(true);
add(new
FormComponentFeedbackBorder("password.feedback").add(passwordField));
}
protected void onSubmit() {
String password=getString("password").trim();
if (password.equalsIgnoreCase(getPassword())) {
((AuctionSession)getSession()).setAdmin(true);
((AuctionSession)getSession()).setUserName(getUser());
if (!continueToOriginalDestination())
setResponsePage(getApplication().getHomePage());
} else
passwordField.error("invalid user/password");
}
}
Pretty basic, I know. Maybe you have a page like this in your Wicket app?
The mistake I wanted to share is that I'm using the same name for the
"password" wicket:id, and the string property in MyLoginPage.properties,
which just has a line that says password=super_secret_whatever. (Actually,
it's ${profile.password} and I have different maven profiles for different
versions of the app, but that's another story).
Anyway, imagine my suprise when I accidentally left the password blank by
mistake - the required error message uses the same property and shows the
password to the wide world in the feedback message: 'super_secret_whatever'
is required. Hah! (Yup, it's been in production for quite a while like
this...)
Just wanted to share that one with y'all - may all your mistakes be
entertaining and/or educational...
:)
-- Jim.
