wicket property files are meant for externalizing ui strings, not configuration values :)
-igor On Fri, Jul 23, 2010 at 12:12 PM, Jim Pinkham <[email protected]> wrote: > I was just looking around for my dunce cap after noticing this little gotcha > - and I thought of this forum instead to share my moment of > not-so-brilliance: > > public LoginForm(final String id) { > ... other stuff ... > add(new FormComponentFeedbackBorder("user.feedback").add(new > TextField("user").setRequired(true))); > passwordField = new PasswordTextField("password"); > passwordField.setRequired(true); > add(new > FormComponentFeedbackBorder("password.feedback").add(passwordField)); > } > protected void onSubmit() { > String password=getString("password").trim(); > if (password.equalsIgnoreCase(getPassword())) { > ((AuctionSession)getSession()).setAdmin(true); > ((AuctionSession)getSession()).setUserName(getUser()); > if (!continueToOriginalDestination()) > setResponsePage(getApplication().getHomePage()); > } else > passwordField.error("invalid user/password"); > } > } > > Pretty basic, I know. Maybe you have a page like this in your Wicket app? > > > The mistake I wanted to share is that I'm using the same name for the > "password" wicket:id, and the string property in MyLoginPage.properties, > which just has a line that says password=super_secret_whatever. (Actually, > it's ${profile.password} and I have different maven profiles for different > versions of the app, but that's another story). > > Anyway, imagine my suprise when I accidentally left the password blank by > mistake - the required error message uses the same property and shows the > password to the wide world in the feedback message: 'super_secret_whatever' > is required. Hah! (Yup, it's been in production for quite a while like > this...) > > Just wanted to share that one with y'all - may all your mistakes be > entertaining and/or educational... > :) > > -- Jim. > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
