RE: [Wicket-user] Actions on invisible components

[Peter Veentjer - Anchor Men]

What are the other plans for Wicket 1.1?  

-----Oorspronkelijk bericht-----
Van: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Namens Matej Knopp
Verzonden: maandag 18 juli 2005 14:31
Aan: wicket-user@lists.sourceforge.net
Onderwerp: Re: [Wicket-user] Actions on invisible components

I suppose that this will be fixed in 1.1. Will it also be backported to
1.0.[2] ?

Matej

Martijn Dashorst wrote:
> Yeah,
> 
> That's what I meant, but didn't write ;-)
> 
> It should not fail silently though. In development this has to be 
> noticed. In production this should be readily visible.
> 
> Martijn
> 
> Eelco Hillenius wrote:
> 
>> Though given the malicious nature of the attempt, you don't want to 
>> give too much information. That's why just setting a HTTP status 
>> (like expired or not authorized could also be a good idea (combined 
>> with logging ofcourse).
>>
>> Eelco
>>
>> Martijn Dashorst wrote:
>>
>>> Hmm,
>>>
>>> I think this should result in an error, either:
>>> - someone is maliciously tampering with your application
>>> - there is a bug in your application or the wicket framework
>>>
>>> In both cases this should result in an error page, and not fail 
>>> silently. I suppose this could be made configurable in the same way 
>>> the error page is configurable.
>>>
>>> Martijn
>>>
>>>
>>> Matej Knopp wrote:
>>>
>>>> The easiest would be to do nothing. Do as normal, just ignore the 
>>>> action. So if put in a url that would trigger action on invisible 
>>>> component, I would just get redirected to 
>>>> appName?component=X&interface=IRedirectLitener,...etc
>>>>
>>>> Another one would be displaying an error page (like expired page).
>>>>
>>>> But I think the first one is a better (and simpler) solution, but 
>>>> that's only my opiniton (and it's more a feeling than an opinion 
>>>> :))
>>>>
>>>> -Matej
>>>>
>>>> Eelco Hillenius wrote:
>>>>
>>>>> Hmmm. Sure looks like an unwanted backdoor. I agree we should fix 
>>>>> this. What do you think would be the proper action to take when 
>>>>> Wicket regconizes that an invisible component is called?
>>>>>
>>>>> Eelco
>>>>>
>>>>> Matej Knopp wrote:
>>>>>
>>>>>> Hi. I'm using wicket 1.0 and I just realized, that it is possible

>>>>>> to invoke action (ILinkListener, etc) on an invisible component.
>>>>>>
>>>>>> Is this intentional?
>>>>>>
>>>>>> Because in my application it causes problems. For example I've 
>>>>>> page with my bean properties and several buttons to 
>>>>>> edit/manipulate it. I show/hide these buttons according to 
>>>>>> current user rights. But even if they are not visible, they can 
>>>>>> be invoked through url very simply.
>>>>>> Can anything be done to prevent this?
>>>>>>
>>>>>> I tried to alter this behavieor but didn't succeeded as every 
>>>>>> method in WebRequest dealing with invoking is either private or 
>>>>>> final. (I know it's a design decision and I accept it, no 
>>>>>> rambling here :))
>>>>>>
>>>>>> -Matej
>>>>>>
>>>>>>
>>>>>> -------------------------------------------------------
>>>>>> SF.Net email is sponsored by: Discover Easy Linux Migration 
>>>>>> Strategies from IBM. Find simple to follow Roadmaps, 
>>>>>> straightforward articles, informative Webcasts and more! Get 
>>>>>> everything you need to get up to speed, fast. 
>>>>>> http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
>>>>>> _______________________________________________
>>>>>> Wicket-user mailing list
>>>>>> Wicket-user@lists.sourceforge.net 
>>>>>> https://lists.sourceforge.net/lists/listinfo/wicket-user
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> -------------------------------------------------------
>>>>> SF.Net email is sponsored by: Discover Easy Linux Migration 
>>>>> Strategies from IBM. Find simple to follow Roadmaps, 
>>>>> straightforward articles, informative Webcasts and more! Get 
>>>>> everything you need to get up to speed, fast. 
>>>>> http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
>>>>> _______________________________________________
>>>>> Wicket-user mailing list
>>>>> Wicket-user@lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/wicket-user
>>>>>
>>>>
>>>>
>>>>
>>>> -------------------------------------------------------
>>>> SF.Net email is sponsored by: Discover Easy Linux Migration 
>>>> Strategies from IBM. Find simple to follow Roadmaps, 
>>>> straightforward articles, informative Webcasts and more! Get 
>>>> everything you need to get up to speed, fast. 
>>>> http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
>>>> _______________________________________________
>>>> Wicket-user mailing list
>>>> Wicket-user@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/wicket-user
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> -------------------------------------------------------
>>> SF.Net email is sponsored by: Discover Easy Linux Migration 
>>> Strategies from IBM. Find simple to follow Roadmaps, straightforward

>>> articles, informative Webcasts and more! Get everything you need to 
>>> get up to speed, fast. 
>>> http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
>>> _______________________________________________
>>> Wicket-user mailing list
>>> Wicket-user@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/wicket-user
>>
>>
>>
>>
>>
>>
>> -------------------------------------------------------
>> SF.Net email is sponsored by: Discover Easy Linux Migration 
>> Strategies from IBM. Find simple to follow Roadmaps, straightforward 
>> articles, informative Webcasts and more! Get everything you need to 
>> get up to speed, fast. 
>> http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
>> _______________________________________________
>> Wicket-user mailing list
>> Wicket-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/wicket-user
> 
> 
> 
> 
> 
> -------------------------------------------------------
> SF.Net email is sponsored by: Discover Easy Linux Migration Strategies

> from IBM. Find simple to follow Roadmaps, straightforward articles, 
> informative Webcasts and more! Get everything you need to get up to 
> speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
> _______________________________________________
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
> 



-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user





-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user