On 10/11/06, Korbinian Bachl <[EMAIL PROTECTED]> wrote:
Hi,
i hope its ok to hok me in, even if im new to wicket and not one of the
developers.
anyone and everyone are welcome
With nice URLs you have following advantages:
* Since all requests are routed through a single servlet (typically
mapped to /app), J2EE declarative security, which is path-based, is
defeated.
you are free to use page mounting to alter the path if you want to use
declarative security. noting that this security model is built for old style
model 1/2 apps and wicket has a much more powerful model for security.
* Ugly URLs tend to be longer than friendly URLs, which can make a
difference when creating a WML application.
this is completely and utterly false. because wicket does not rely on
parameter encoding in the url its urls are usually shorter.
?wicket:interface=10:some.path.to.comp:5
is a lot shorter then if you keep the state on the url
/books.do?sort1=up&sort2=down&sort3=none&page=4&filter.name=%bob%&filter.agelt=30&filter.agegt=45
furthermore if you turn on urlcompressor your urls will always be
?wicket:interface=a:b:c where a,b,c are ints, so ?wicket:interface=10:32:4
* A single directory may contain all the artifacts (HTML templates,
specifications, properties files) for all the pages in an entire
application. There isn't a sanctioned approach to organizing things into
subdirectories.
wicket doesnt work with directories, it works with packages. you are free to
organize your static resources any way you like.
* The reliance on query parameters means that common search engines will
only see a tiny fraction of the application.
the jury on this one is still out. google has plenty urls in it with
?jsessionid var so it must be indexing those.
wicket is not the best tech to do this because it is stateful by default. so
if you need this type of thing you need to build that portion of your app
using stateless pages only.
Plus (!) the important security feature that your technology is not revealed
to the outer world, making attacks on it mor difficult (if your url is
http://127.0.0.1:8080/WhiskyworldV6-war?wicket:interface=:0:pagination:navig
ation:1:pageLink::ILinkListener its easy to know that wicket is used, and
its a JEE server then...)
heh. well you know its wicket. so? there are plenty of .do struts apps out
there. security by obfuscation is not the greatest thing to do anyways.
what you are missing is that wicket is by far much much much more secure
then other frameworks because all urls in wicket are session-relative(!). so
unless someone manages to hijack a session there is really nothing they can
do. and even then the urls are always changing(!) even if they are pointing
to the same action, so that makes it even harder to for someone to do
anything.
furthermore we have a crypt-url-encoding-strategy that can encrypt the urls.
For me, the big question is
a, why do we need state all time? - and if we have a state, cant it be
serialized ? (e.g: parameters?)
because by assuming everything is stateful all the time we make coding
satateful components easy(!) - and this is the most important goal of
wicket.
b, if we neednt state all time, why cant this be translated to a nice link?
it can - see bookmarkable pages and page mounting
-Igor
