You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by matmar <ma...@gmail.com> on 2012/11/05 21:50:46 UTC
Wicket CryptoMapper loses RequestParameters for HomePage
(1.5-SNAPSHOT)
Hi!
We have a problem with using CryptoMapper, and a proposed fix. I'd like some
comments from this community regarding both the bug and the fix.
When CryptoMapper is used, query parameters are only found via
PageParameters, and not via RequestParameters, as expected.
Code to repro:
------code-----
HomePage.java
public HomePage(final PageParameters parameters) {
add(new Label("version",
getApplication().getFrameworkSettings().getVersion()));
add(new Label("fooFromPageParameters",
parameters.get("foo").toString("NOT_FOUND_FROM_PAGE_PARAMETERS")));
add(new Label("fooFromRequestParameters",
getRequest().getRequestParameters().getParameterValue("foo").toString("NOT_FOUND_FROM_REQUEST_PARAMETERS")));
}
HomePage.html
<div id="bd">
Congratulations!
<p>Wicket version: <wicket:container
wicket:id="version">1.5-SNAPSHOT</wicket:container></p>
<p>Foo from Page parameters: <wicket:container
wicket:id="fooFromPageParameters">fooFromPageParametes</wicket:container></p>
<p>Foo from request parameters: <wicket:container
wicket:id="fooFromRequestParameters">fooFromRequestParameters</wicket:container></p>
</div>
WicketApplication.java
public void init()
{
super.init();
//comment to get both parameters working
setRootRequestMapper(new CryptoMapper(getRootRequestMapper(),
this));
}
When called with url http://localhost:8080/?foo=bar, and CryptoMapper is
enabled, the value for foo is not found via requestParameters.
----code-------
And then the proposed fix:
http://pastebin.com/dWdPhcLD
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Wicket-CryptoMapper-loses-RequestParameters-for-HomePage-1-5-SNAPSHOT-tp4653637.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Wicket CryptoMapper loses RequestParameters for HomePage (1.5-SNAPSHOT)
Posted by Jesse Long <jp...@unknown.za.net>.
On 05/11/2012 22:50, matmar wrote:
> Hi!
>
> We have a problem with using CryptoMapper, and a proposed fix. I'd like some
> comments from this community regarding both the bug and the fix.
>
> When CryptoMapper is used, query parameters are only found via
> PageParameters, and not via RequestParameters, as expected.
>
> Code to repro:
> ------code-----
> HomePage.java
>
> public HomePage(final PageParameters parameters) {
> add(new Label("version",
> getApplication().getFrameworkSettings().getVersion()));
> add(new Label("fooFromPageParameters",
> parameters.get("foo").toString("NOT_FOUND_FROM_PAGE_PARAMETERS")));
> add(new Label("fooFromRequestParameters",
> getRequest().getRequestParameters().getParameterValue("foo").toString("NOT_FOUND_FROM_REQUEST_PARAMETERS")));
> }
>
> HomePage.html
>
> <div id="bd">
>
> Congratulations!
>
> <p>Wicket version: <wicket:container
> wicket:id="version">1.5-SNAPSHOT</wicket:container></p>
> <p>Foo from Page parameters: <wicket:container
> wicket:id="fooFromPageParameters">fooFromPageParametes</wicket:container></p>
> <p>Foo from request parameters: <wicket:container
> wicket:id="fooFromRequestParameters">fooFromRequestParameters</wicket:container></p>
> </div>
>
> WicketApplication.java
>
> public void init()
> {
> super.init();
> //comment to get both parameters working
> setRootRequestMapper(new CryptoMapper(getRootRequestMapper(),
> this));
>
> }
>
> When called with url http://localhost:8080/?foo=bar, and CryptoMapper is
> enabled, the value for foo is not found via requestParameters.
>
> ----code-------
>
> And then the proposed fix:
> http://pastebin.com/dWdPhcLD
>
>
Hi matmar,
The problem is this: The request comes in with an unencrypted url, like:
/?foo=bar. Then, the CryptoMapper encrypts this to something like:
/kjhskfdjhfksd and redirects to this URL. Then, after the redirect, the
request returned by Component.getRequest() is the Request containing the
encrypted URL. Request.getRequestParameters() returns an adapter which
works directly on the URL, and so does getQueryParamaters(). These are
actually doing their jobs correctly, the problem is that the wrong
Request is being returned by RequestCycle.get().getRequest().
This code should solve that:
CryptoMapper.java:
@Override
public IRequestHandler mapRequest(final Request request)
{
Url url = decryptUrl(request, request.getUrl());
if (url == null){
return wrappedMapper.mapRequest(request);
}
Request decryptedRequest = request.cloneWithUrl(url);
IRequestHandler requestHandler =
wrappedMapper.mapRequest(decryptedRequest);
if (requestHandler == null){
return null;
}
/* we must not simply set the correct request here, because we are
not sure
* that a potential parent request mapper may select another,
higher scoring,
* request handler. */
return new RequestSettingRequestHandler(decryptedRequest,
requestHandler);
}
private static class RequestSettingRequestHandler
implements IRequestHandler
{
private Request request;
private final IRequestHandler wrappedHandler;
public RequestSettingRequestHandler(Request request,
IRequestHandler wrappedHandler)
{
this.request = request;
this.wrappedHandler = wrappedHandler;
}
public void respond(IRequestCycle requestCycle)
{
RequestCycle.get().setRequest(request);
wrappedHandler.respond(requestCycle);
}
public void detach(IRequestCycle requestCycle)
{
wrappedHandler.detach(requestCycle);
}
}
Having said all that, we should not be encrypting the URL for the home
page, so we could simply change the beginning of
CryptoMapper.encryptUrl() from:
/* this is probably a bug, mea culpa */
if (url.getSegments().isEmpty() &&
url.getQueryParameters().isEmpty())
{
return url;
}
to:
if (url.getSegments().isEmpty())
{
return url;
}
Cheers,
Jesse
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Wicket CryptoMapper loses RequestParameters for HomePage
(1.5-SNAPSHOT)
Posted by matmar <ma...@gmail.com>.
Jesse, thanks for fixing this in Wicket 6.3.0!
https://issues.apache.org/jira/browse/WICKET-4865
On Mon, Nov 5, 2012 at 10:50 PM, matmar [via Apache Wicket] <
ml-node+s1842946n4653637h56@n4.nabble.com> wrote:
> Hi!
>
> We have a problem with using CryptoMapper, and a proposed fix. I'd like
> some comments from this community regarding both the bug and the fix.
>
> When CryptoMapper is used, query parameters are only found via
> PageParameters, and not via RequestParameters, as expected.
>
> Code to repro:
> ------code-----
> HomePage.java
>
> public HomePage(final PageParameters parameters) {
> add(new Label("version",
> getApplication().getFrameworkSettings().getVersion()));
> add(new Label("fooFromPageParameters",
> parameters.get("foo").toString("NOT_FOUND_FROM_PAGE_PARAMETERS")));
> add(new Label("fooFromRequestParameters",
> getRequest().getRequestParameters().getParameterValue("foo").toString("NOT_FOUND_FROM_REQUEST_PARAMETERS")));
>
> }
>
> HomePage.html
>
> <div id="bd">
> Congratulations! <p>Wicket
> version: <wicket:container
> wicket:id="version">1.5-SNAPSHOT</wicket:container></p>
> <p>Foo from Page parameters: <wicket:container
> wicket:id="fooFromPageParameters">fooFromPageParametes</wicket:container></p>
> <p>Foo from request parameters: <wicket:container
> wicket:id="fooFromRequestParameters">fooFromRequestParameters</wicket:container></p>
> </div>
>
> WicketApplication.java
>
> public void init()
> {
> super.init();
> //comment to get both parameters working
> setRootRequestMapper(new
> CryptoMapper(getRootRequestMapper(), this));
>
> }
>
> When called with url http://localhost:8080/?foo=bar, and CryptoMapper is
> enabled, the value for foo is not found via requestParameters.
>
> ----code-------
>
> And then the proposed fix:
> http://pastebin.com/dWdPhcLD
>
>
> ------------------------------
> If you reply to this email, your message will be added to the discussion
> below:
>
> http://apache-wicket.1842946.n4.nabble.com/Wicket-CryptoMapper-loses-RequestParameters-for-HomePage-1-5-SNAPSHOT-tp4653637.html
> This email was sent by matmar<http://apache-wicket.1842946.n4.nabble.com/template/NamlServlet.jtp?macro=user_nodes&user=99626>(via Nabble)
> To receive all replies by email, subscribe to this discussion<http://apache-wicket.1842946.n4.nabble.com/template/NamlServlet.jtp?macro=subscribe_by_code&node=4653637&code=bWFyY3VzLm1hdHRpbGFAZ21haWwuY29tfDQ2NTM2Mzd8LTg4NDY3MDUxNg==>
>
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Wicket-CryptoMapper-loses-RequestParameters-for-HomePage-1-5-SNAPSHOT-tp4653637p4654110.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org