You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Martin Makundi <ma...@koodaripalvelut.com> on 2009/07/31 16:07:51 UTC
Stateless login form?
Hi!
My login page html looks like this:
<form id="loginForm" method="post"
action="https://www.mydomain.com/?wicket:interface=:0:loginForm::IFormSubmitListener::">
Can set some switch to make it more "stateless"? I would like the form
submit target to be a stateless url. Why? I assume that currently if
the user does not have a session but attempts to login, he will get an
error message. This often happens when the login page itself is cached
or the session has died while being unused.
In principle there should not be any problem to process the form
statelessly, because the user is identified using the form so in
general no previous informatin is needed. Ofcourse I could do this by
building my own pageParameter parser I am curious if such
functionality is available out-of-the-box in Wicket.
**
Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Stateless login form?
Posted by Martin Makundi <ma...@koodaripalvelut.com>.
> Jeremy Thomerson already gave you the hint: override isStateless and return
> true... thus you'll not get a session relative url.
Ok. That might work, I actually get:
https://localhost/login/wicket:interface/:0:loginForm::IFormSubmitListener::;jsessionid=139rzdeu5rm09
And on a first try, it really does seem to work though it "appears"
stateful (=to an uneducated eye).
Thank you!
My next challenge is that sometimes users bookmark authenticated pages
and when they return, for some reason Wicket instantiates such pages
that require authentication though it should be prevented by specific
annotations. Instatiation results in nullpointer exceptions due to
lacking login data...
**
Martin.
>
> Alex.
>
>
>
> MartinM wrote:
>>
>> Login page is visible, but the form
>> action="/?wicket:interface=:0:1::::" which is stateful. If my session
>> dies I will definitely get an error.
>>
>> Try clicking this link with a new browser that does not have a session
>> on the site: http://www.tipspot.com/?wicket:interface=:0:1::::
>>
>> This is what you would get if your browser loaded the page from cache
>> (or if you let it wait until the session invalidates). Does not look
>> professional and it is totaly unnecessary, in my opinnion. It should
>> be possible to handle forms on "virgin" (=no state bound yet)
>> invocations too.
>>
>> **
>> Martin
>>
>> 2009/8/2 Erik van Oosten <e....@grons.nl>:
>>> Martin,
>>>
>>> I am not sure what you mean. On the site you are referring, the login
>>> page
>>> is always visible under /login.
>>>
>>> Regards,
>>> Erik.
>>>
>>> Martin Makundi wrote:
>>>>>
>>>>> If I understood correctly, you might find this interesting:
>>>>>
>>>>> http://day-to-day-stuff.blogspot.com/2008/10/wicket-extreme-consistent-urls.html
>>>>>
>>>>
>>>> Does appear to make stateless-looking urls AFTER you CLICK/REDIRECT
>>>> (looking at the example page referred on the site). Not BEFORE you
>>>> CLICK...
>>>>
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>>
>
> --
> View this message in context: http://www.nabble.com/Stateless-login-form--tp24757066p24782234.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Stateless login form?
Posted by Alex Objelean <al...@yahoo.com>.
Jeremy Thomerson already gave you the hint: override isStateless and return
true... thus you'll not get a session relative url.
Alex.
MartinM wrote:
>
> Login page is visible, but the form
> action="/?wicket:interface=:0:1::::" which is stateful. If my session
> dies I will definitely get an error.
>
> Try clicking this link with a new browser that does not have a session
> on the site: http://www.tipspot.com/?wicket:interface=:0:1::::
>
> This is what you would get if your browser loaded the page from cache
> (or if you let it wait until the session invalidates). Does not look
> professional and it is totaly unnecessary, in my opinnion. It should
> be possible to handle forms on "virgin" (=no state bound yet)
> invocations too.
>
> **
> Martin
>
> 2009/8/2 Erik van Oosten <e....@grons.nl>:
>> Martin,
>>
>> I am not sure what you mean. On the site you are referring, the login
>> page
>> is always visible under /login.
>>
>> Regards,
>> Erik.
>>
>> Martin Makundi wrote:
>>>>
>>>> If I understood correctly, you might find this interesting:
>>>>
>>>> http://day-to-day-stuff.blogspot.com/2008/10/wicket-extreme-consistent-urls.html
>>>>
>>>
>>> Does appear to make stateless-looking urls AFTER you CLICK/REDIRECT
>>> (looking at the example page referred on the site). Not BEFORE you
>>> CLICK...
>>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Stateless-login-form--tp24757066p24782234.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Stateless login form?
Posted by Erik van Oosten <e....@grons.nl>.
Ah, I get it. Yes, you are right too, just never got around rewriting
the login to a stateless form. It has no priority though as our session
never dies.
Regards,
Erik.
Martin Makundi wrote:
> Login page is visible, but the form
> action="/?wicket:interface=:0:1::::" which is stateful. If my session
> dies I will definitely get an error.
>
> Try clicking this link with a new browser that does not have a session
> on the site: http://www.tipspot.com/?wicket:interface=:0:1::::
>
> This is what you would get if your browser loaded the page from cache
> (or if you let it wait until the session invalidates). Does not look
> professional and it is totaly unnecessary, in my opinnion. It should
> be possible to handle forms on "virgin" (=no state bound yet)
> invocations too.
>
> **
> Martin
>
> 2009/8/2 Erik van Oosten <e....@grons.nl>:
>
>> Martin,
>>
>> I am not sure what you mean. On the site you are referring, the login page
>> is always visible under /login.
>>
>> Regards,
>> Erik.
>>
>> Martin Makundi wrote:
>>
>>>> If I understood correctly, you might find this interesting:
>>>>
>>>> http://day-to-day-stuff.blogspot.com/2008/10/wicket-extreme-consistent-urls.html
>>>>
>>>>
>>> Does appear to make stateless-looking urls AFTER you CLICK/REDIRECT
>>> (looking at the example page referred on the site). Not BEFORE you
>>> CLICK...
>>>
>>>
--
Erik van Oosten
http://day-to-day-stuff.blogspot.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Stateless login form?
Posted by Martin Makundi <ma...@koodaripalvelut.com>.
Login page is visible, but the form
action="/?wicket:interface=:0:1::::" which is stateful. If my session
dies I will definitely get an error.
Try clicking this link with a new browser that does not have a session
on the site: http://www.tipspot.com/?wicket:interface=:0:1::::
This is what you would get if your browser loaded the page from cache
(or if you let it wait until the session invalidates). Does not look
professional and it is totaly unnecessary, in my opinnion. It should
be possible to handle forms on "virgin" (=no state bound yet)
invocations too.
**
Martin
2009/8/2 Erik van Oosten <e....@grons.nl>:
> Martin,
>
> I am not sure what you mean. On the site you are referring, the login page
> is always visible under /login.
>
> Regards,
> Erik.
>
> Martin Makundi wrote:
>>>
>>> If I understood correctly, you might find this interesting:
>>>
>>> http://day-to-day-stuff.blogspot.com/2008/10/wicket-extreme-consistent-urls.html
>>>
>>
>> Does appear to make stateless-looking urls AFTER you CLICK/REDIRECT
>> (looking at the example page referred on the site). Not BEFORE you
>> CLICK...
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Stateless login form?
Posted by Erik van Oosten <e....@grons.nl>.
Martin,
I am not sure what you mean. On the site you are referring, the login
page is always visible under /login.
Regards,
Erik.
Martin Makundi wrote:
>> If I understood correctly, you might find this interesting:
>> http://day-to-day-stuff.blogspot.com/2008/10/wicket-extreme-consistent-urls.html
>>
>
> Does appear to make stateless-looking urls AFTER you CLICK/REDIRECT
> (looking at the example page referred on the site). Not BEFORE you
> CLICK...
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Stateless login form?
Posted by Martin Makundi <ma...@koodaripalvelut.com>.
Seems funny if wicket does not have robust login page capability
out-of-the-box ;)
> If I understood correctly, you might find this interesting:
> http://day-to-day-stuff.blogspot.com/2008/10/wicket-extreme-consistent-urls.html
Does appear to make stateless-looking urls AFTER you CLICK/REDIRECT
(looking at the example page referred on the site). Not BEFORE you
CLICK...
Some other trick?
**
Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Stateless login form?
Posted by francisco treacy <fr...@gmail.com>.
If I understood correctly, you might find this interesting:
http://day-to-day-stuff.blogspot.com/2008/10/wicket-extreme-consistent-urls.html
Francisco
2009/7/31 Martin Makundi <ma...@koodaripalvelut.com>:
>> 1 - override isStateless and return true
>
> Will the form work ok? What about retry: if there are validation
> errors, will such a stateless page work?
>
>> 2 - make it submit to a bookmarkable page and process the input from
>> the PageParameters
>
> q1: Will I have to manually hack the submit target?
> q2: Will I have to manually hack this pageparameters processing?
>
>
> **
> Martin
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Stateless login form?
Posted by Martin Makundi <ma...@koodaripalvelut.com>.
> 1 - override isStateless and return true
Will the form work ok? What about retry: if there are validation
errors, will such a stateless page work?
> 2 - make it submit to a bookmarkable page and process the input from
> the PageParameters
q1: Will I have to manually hack the submit target?
q2: Will I have to manually hack this pageparameters processing?
**
Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Stateless login form?
Posted by Jeremy Thomerson <je...@wickettraining.com>.
You could either:
1 - override isStateless and return true
or
2 - make it submit to a bookmarkable page and process the input from
the PageParameters
--
Jeremy Thomerson
http://www.wickettraining.com
On Fri, Jul 31, 2009 at 9:07 AM, Martin
Makundi<ma...@koodaripalvelut.com> wrote:
> Hi!
>
> My login page html looks like this:
> <form id="loginForm" method="post"
> action="https://www.mydomain.com/?wicket:interface=:0:loginForm::IFormSubmitListener::">
>
> Can set some switch to make it more "stateless"? I would like the form
> submit target to be a stateless url. Why? I assume that currently if
> the user does not have a session but attempts to login, he will get an
> error message. This often happens when the login page itself is cached
> or the session has died while being unused.
>
> In principle there should not be any problem to process the form
> statelessly, because the user is identified using the form so in
> general no previous informatin is needed. Ofcourse I could do this by
> building my own pageParameter parser I am curious if such
> functionality is available out-of-the-box in Wicket.
>
> **
> Martin
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org