You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Arthur Leigh Allen <ar...@yahoo.de> on 2009/07/21 17:34:46 UTC
SSL - ajax login
Hello folks,
I'm using wicket 1.4 RC7 now and I have a question regarding the usage of ssl.
I use the HttpsRequestCycleProcessor with the annotation @RequireHttps.
Imagine the following case like it is realized on different sites like web.de or gmx.de as well as xing.com.
The first call will result in a http url. If you enter your login name and your password and submit the form,
then the form will be send via https.
I only have one page. Everything on my page is exchanged via ajax. The login is also done via ajax.
Currently I use the annotation above for my BasePage but from the first call, the whole communication
is done with ssl.
What I would like to realize is: Using the @RequireHttps annotation on forms or submit buttons.
I implemented an own SSLForm class extending the wicket form class with the annotation.
But when I use the SSLForm for my login, the communication is done without ssl.
I would like to use my page via http, but the ajax login should be done with ssl.
The only thing I can do now is:
-page completely with ssl
-page completely without ssl
I would appreciate any help.
Best regards,
Arthur
Re: AW: SSL - ajax login
Posted by Andreas Petersson <an...@petersson.at>.
according to some, it has to do with non-port 80 requests appearing more
suspicous that port-80, and just in combination with firefox <= 3.0.
did you try deploying your site to http://localhost:80 and
https://localhost:443 ? this worked for me.
firefox 3.5 did not complain about port 8080/8443 though.
> i have no idea. you might want to google it.
>
> -igor
>
> On Tue, Jul 28, 2009 at 1:43 AM, Arthur Leigh
> Allen<ar...@yahoo.de> wrote:
>
>> i use my own (graphic) buttons in wicket.
>> after getting rid of my own code and just using a modified AjaxFallbackButton with overridden getCallbackUrl() method,
>> the form was submitted but i could see an error in the error console of firefox (translated by me):
>>
>> security error: content from http://localhost:8080/projectname/?wicket:interface=:0:2::: is not allowed to load data from https://localhost:8443/projectname/?wicket:interface=:0:content:container:areaTop:2:panelTop:container:loginForm:buttonLogin:2:IBehaviorListener:0:&random=0.573852961623538
>>
>> error: uncaught exception: [Exception... "Access to restricted URI denied" code: "1012" nsresult: "0x805303f4 (NS_ERROR_DOM_BAD_URI)" location: "http://localhost:8080/projectname/resources/org.apache.wicket.ajax.WicketAjaxReference/wicket-ajax.js Line: 884"]
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: AW: SSL - ajax login
Posted by Igor Vaynberg <ig...@gmail.com>.
i have no idea. you might want to google it.
-igor
On Tue, Jul 28, 2009 at 1:43 AM, Arthur Leigh
Allen<ar...@yahoo.de> wrote:
> i use my own (graphic) buttons in wicket.
> after getting rid of my own code and just using a modified AjaxFallbackButton with overridden getCallbackUrl() method,
> the form was submitted but i could see an error in the error console of firefox (translated by me):
>
> security error: content from http://localhost:8080/projectname/?wicket:interface=:0:2::: is not allowed to load data from https://localhost:8443/projectname/?wicket:interface=:0:content:container:areaTop:2:panelTop:container:loginForm:buttonLogin:2:IBehaviorListener:0:&random=0.573852961623538
>
> error: uncaught exception: [Exception... "Access to restricted URI denied" code: "1012" nsresult: "0x805303f4 (NS_ERROR_DOM_BAD_URI)" location: "http://localhost:8080/projectname/resources/org.apache.wicket.ajax.WicketAjaxReference/wicket-ajax.js Line: 884"]
>
> is it about cross domain (http and https) AJAX queries?
>
>
>
>
>
> ________________________________
> Von: Igor Vaynberg <ig...@gmail.com>
> An: users@wicket.apache.org
> Gesendet: Montag, den 27. Juli 2009, 18:24:20 Uhr
> Betreff: Re: AW: SSL - ajax login
>
> hmm, it might be like you said - ajax request with an untrusted cert
> might be failing.
>
> it looks from the console like wicket is trying to hit that url, what
> you can do is set a breakpoint in wicketfilter and see if that request
> ever reaches the server.
>
> -igor
>
> On Mon, Jul 27, 2009 at 4:56 AM, Arthur Leigh
> Allen<ar...@yahoo.de> wrote:
>> Hi again Igor,
>>
>> I did the following now:
>> I called the website directly with https://localhost:8443/projectname and then I performed a login and it worked.
>>
>> Any idea?
>>
>> Thx Arthur
>>
>>
>>
>>
>> ________________________________
>> Von: Igor Vaynberg <ig...@gmail.com>
>> An: users@wicket.apache.org
>> Gesendet: Sonntag, den 26. Juli 2009, 22:22:22 Uhr
>> Betreff: Re: AW: SSL - ajax login
>>
>> the href is not a problem; you seeing # appended to the end of the url
>> is the correct behavior. what should have happened was the ajax call
>> to that https url in the background.
>>
>> so what you should be looking into is why the ajax call with that
>> https url was never made or response from it not processed, since we
>> know the url itself works - because you pasted it into the browser and
>> it worked. maybe wicket ajax console can give you a clue, firebug also
>> has facilities that let you monitor requests being made. you should
>> see a call to that https url when you click the link.
>>
>> -igor
>>
>> On Sun, Jul 26, 2009 at 1:15 PM, Arthur Leigh
>> Allen<ar...@yahoo.de> wrote:
>>> Hi Igor,
>>>
>>> I used Firebug to have a look at the onClick event.
>>> I've inspected two links, one usual ajax link and one for the ssl login.
>>>
>>> ----
>>>
>>> Regarding the first link:
>>> href="?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:linkForgotLogin:container:link::ILinkListener::"
>>>
>>> onClick="var wcall=wicketAjaxGet('?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:linkForgotLogin:container:link::IBehaviorListener:0:',null,null, function() {return Wicket.$('link141') != null;}.bind(this));return !wcall;"
>>>
>>> ----
>>>
>>> Regarding the ssl login link:
>>> href="#"
>>>
>>> onClick="var wcall=wicketSubmitFormById('loginForm13b', 'https://localhost:8443/projectname/?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:buttonLogin:container:link::IActivePageBehaviorListener:0:&wicket:ignoreIfNotActive=true', 'buttonLogin:container:link' ,null,null, function() {return Wicket.$$(this)&&Wicket.$$('loginForm13b')}.bind(this));;; return false;"
>>>
>>> ----
>>>
>>> I clicked on the ssl login link and the page jumped to the anchor # but the form is not submitted. The symbol # was appended to the address bar of the browser.
>>> I copied the url in the onClick event and entered it manually in the address bar of my browser. The xml code for the ajax response was shown in the browser - as known from wicket ajax debug.
>>>
>>> I guess the problem is the href attribute. I would expect to see an url like https://localhost:8443/projectname/wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:buttonLogin:container:link:: [etc.]
>>>
>>> Do you have any idea how I can solve the problem?
>>>
>>> Thx,
>>> Arthur
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> ________________________________
>>> Von: Igor Vaynberg <ig...@gmail.com>
>>> An: users@wicket.apache.org
>>> Gesendet: Freitag, den 24. Juli 2009, 21:51:48 Uhr
>>> Betreff: Re: AW: SSL - ajax login
>>>
>>> whatever url you see when hovering over the link is not the url used
>>> for ajax - not necessarily. you should inspect the onclick handlers.
>>>
>>> -igor
>>>
>>> On Fri, Jul 24, 2009 at 12:20 PM, Arthur Leigh
>>> Allen<ar...@yahoo.de> wrote:
>>>> no, sorry... the url is not changing to http://locahost:8080/projectname/# but when I hold the mouse pointer over the link, I see the url in the status bar. When I hold the mouse pointer over other links, I see very long urls a la http://localhost:8080/projectname/;jsessionid=....wicket:interface.....
>>>>
>>>> But as you suggested, I'll debug the javascript to see the url modifications.
>>>> Thank you for your support Igor!
>>>>
>>>> Have a nice weekend.
>>>> Greetz, Arthur
>>>>
>>>>
>>>>
>>>> ________________________________
>>>> Von: Igor Vaynberg <ig...@gmail.com>
>>>> An: users@wicket.apache.org
>>>> Gesendet: Freitag, den 24. Juli 2009, 17:30:27 Uhr
>>>> Betreff: Re: AW: SSL - ajax login
>>>>
>>>> no, i havent tried it myself. i never had to do an ajax login.
>>>>
>>>> the url in the browser changes to http://locahost:8080/projectname/# ?
>>>> thats fine. the main part is what the actual ajax url is used - you
>>>> wont see that in the browser's bar. i suggest you use firebug or
>>>> something similar to walk the javascript and see why your *ajax* url
>>>> is being mangled.
>>>>
>>>> obviously if you return just "https://localhost:8443/projectname" that
>>>> will not work because that doesnt have the listener interface target
>>>> that will hit the behavior in your button.
>>>>
>>>> -igor
>>>>
>>>>
>>>> On Fri, Jul 24, 2009 at 2:19 AM, Arthur Leigh
>>>> Allen<ar...@yahoo.de> wrote:
>>>>> Hi Igor,
>>>>>
>>>>> I tried to do it as simple as possible so I returned https://localhost:8443/projectname in the overridden method getCallbackUrl of AjaxFormSubmitBehavior. The result was the same. The link pointed to the url http://locahost:8080/projectname/#. It seems to me that only relative pathes can be returned, else the standard url will be used.
>>>>>
>>>>> I wanted to understand how the given url is used in wicket. I found the method wicketAjaxGet in wicket-ajax.js. There the url is passed to Wicket.Ajax.Call(...). I couldn't trace the call deeper because I couldn't find Call() in any javascript file.
>>>>>
>>>>> Have you tried it yourself Igor? Does it work?
>>>>> I'm using wicket 1.3.5. Does it depend on the version I use?
>>>>>
>>>>> Is there a different entry point to manipulate the url for ajax calls?
>>>>>
>>>>> Thx again
>>>>> Arthur
>>>>>
>>>>>
>>>>>
>>>>> ________________________________
>>>>> Von: Igor Vaynberg <ig...@gmail.com>
>>>>> An: users@wicket.apache.org
>>>>> Gesendet: Donnerstag, den 23. Juli 2009, 16:37:22 Uhr
>>>>> Betreff: Re: AW: SSL - ajax login
>>>>>
>>>>> javascript invokes the url you give it, so it looked like it should
>>>>> work. you might have to trace deeper to see whats going on.
>>>>>
>>>>> -igor
>>>>>
>>>>> On Thu, Jul 23, 2009 at 4:41 AM, Arthur Leigh
>>>>> Allen<ar...@yahoo.de> wrote:
>>>>>> Hi Igor,
>>>>>>
>>>>>> I did it as you said.
>>>>>> I took the code from AjaxFallbackButton and I copied it to an own class.
>>>>>> In the constructor I overwrite the getCallbackUrl() method of the AjaxFormSubmitBehavior.
>>>>>> I added the value https://localhost:8443/projectname/ as a prefix to super.getCallbackUrl().
>>>>>> By the way: getCallbackUrl() returns a long relative url beginning with ";sessionid".
>>>>>> So my url is https://localhost:8443/projectname/;sessionid...
>>>>>>
>>>>>> When starting tomcat and accessing the website, the url wasn't applied.
>>>>>> When clicking the link, the url http://localhost:8080/projectname/# was called.
>>>>>> I believe it's the wrong place to manipulate the url. Maybe it is expected to return a relative path
>>>>>> beginning with ";sessionid". That url is maybe manipulated at a different place, so in my case the
>>>>>> end result would be http://localhost:8080/projectname/https://localhost:8443/projectname/;sessionid.
>>>>>> That would result in an error and maybe http://localhost:8080/projectname/# is used therefore.
>>>>>>
>>>>>> Am I wrong?
>>>>>>
>>>>>> Thx
>>>>>> Arthur
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> ________________________________
>>>>>> Von: Igor Vaynberg <ig...@gmail.com>
>>>>>> An: users@wicket.apache.org
>>>>>> Gesendet: Mittwoch, den 22. Juli 2009, 18:31:27 Uhr
>>>>>> Betreff: Re: AW: SSL - ajax login
>>>>>>
>>>>>> ah, i thought i replied already because i looked into this yesterday.
>>>>>>
>>>>>> you will have to roll your own button. i would recommend looking at
>>>>>> the sourcecode of the default button. when you add the
>>>>>> formsubmitbehavior in your button you can override getcallbackurl()
>>>>>> and append https to it.
>>>>>>
>>>>>> -igor
>>>>>>
>>>>>> On Wed, Jul 22, 2009 at 2:37 AM, Arthur Leigh
>>>>>> Allen<ar...@yahoo.de> wrote:
>>>>>>> Hi again,
>>>>>>>
>>>>>>> I need to know if it's possible to switch to SSL via button or form.
>>>>>>> Otherwise I have to switch back to wicket 1.3.5. I'm in hurry because
>>>>>>> we will go online within the next 10-14 days.
>>>>>>>
>>>>>>> Can anyone give me a prompt answer please?
>>>>>>>
>>>>>>> Thx & Best regards
>>>>>>> Arthur
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ________________________________
>>>>>>> Von: Arthur Leigh Allen <ar...@yahoo.de>
>>>>>>> An: users@wicket.apache.org
>>>>>>> Gesendet: Dienstag, den 21. Juli 2009, 19:18:18 Uhr
>>>>>>> Betreff: AW: SSL - ajax login
>>>>>>>
>>>>>>> Hello Igor,
>>>>>>>
>>>>>>> thanks for your early reply.
>>>>>>> Yes, my login form is submitted via ajax.
>>>>>>>
>>>>>>> public class BasePage {
>>>>>>>
>>>>>>> public void switchViaAjax(...) { ... }
>>>>>>> public void navigateViaAjax(...) { ... }
>>>>>>>
>>>>>>> }
>>>>>>>
>>>>>>> @RequireHttps
>>>>>>> public class SSLForm extends Form { ... }
>>>>>>>
>>>>>>> public class LoginPanel {
>>>>>>>
>>>>>>> public LoginPanel() { ... }
>>>>>>>
>>>>>>> public create() {
>>>>>>> SSLForm form = new SSLForm("loginForm");
>>>>>>> form.add(username);
>>>>>>> form.add(password);
>>>>>>>
>>>>>>> AjaxFallbackButton loginButton = new AjaxFallbackButton("loginButton", form) {
>>>>>>> protected void onSubmit(AjaxRequestTarget target, Form form) {
>>>>>>> // perform login => login is done via http
>>>>>>> }
>>>>>>> }
>>>>>>> }
>>>>>>> }
>>>>>>>
>>>>>>> As you said @RequireSSL is for pages.
>>>>>>> Do you have any idea how I can remove @RequireHttps from the top of my BasePage and switch to https on login?
>>>>>>> Currently I think the only way to provide a ssl ajax call is to show the base page via ssl as a starting basis.
>>>>>>>
>>>>>>> Therefore I have to use @RequireSSL on the BasePage but that means every communication is done via ssl
>>>>>>> and that means more server ballast and a slower page refresh.
>>>>>>>
>>>>>>> Greetings
>>>>>>> Arthur
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ________________________________
>>>>>>> Von: Igor Vaynberg <ig...@gmail.com>
>>>>>>> An: users@wicket.apache.org
>>>>>>> Gesendet: Dienstag, den 21. Juli 2009, 18:08:48 Uhr
>>>>>>> Betreff: Re: SSL - ajax login
>>>>>>>
>>>>>>> @RequreHttps is meant to be a page-level feature, so it doesnt fit your usecase.
>>>>>>>
>>>>>>> is your login form submitted via ajax?
>>>>>>>
>>>>>>> show us the code to sslform, your login form - making sure to include
>>>>>>> the code to the component that submits it.
>>>>>>>
>>>>>>> -igor
>>>>>>>
>>>>>>> On Tue, Jul 21, 2009 at 8:34 AM, Arthur Leigh
>>>>>>> Allen<ar...@yahoo.de> wrote:
>>>>>>>> Hello folks,
>>>>>>>>
>>>>>>>> I'm using wicket 1.4 RC7 now and I have a question regarding the usage of ssl.
>>>>>>>> I use the HttpsRequestCycleProcessor with the annotation @RequireHttps.
>>>>>>>>
>>>>>>>> Imagine the following case like it is realized on different sites like web.de or gmx.de as well as xing.com.
>>>>>>>> The first call will result in a http url. If you enter your login name and your password and submit the form,
>>>>>>>> then the form will be send via https.
>>>>>>>>
>>>>>>>> I only have one page. Everything on my page is exchanged via ajax. The login is also done via ajax.
>>>>>>>> Currently I use the annotation above for my BasePage but from the first call, the whole communication
>>>>>>>> is done with ssl.
>>>>>>>>
>>>>>>>> What I would like to realize is: Using the @RequireHttps annotation on forms or submit buttons.
>>>>>>>> I implemented an own SSLForm class extending the wicket form class with the annotation.
>>>>>>>> But when I use the SSLForm for my login, the communication is done without ssl.
>>>>>>>> I would like to use my page via http, but the ajax login should be done with ssl.
>>>>>>>>
>>>>>>>> The only thing I can do now is:
>>>>>>>> -page completely with ssl
>>>>>>>> -page completely without ssl
>>>>>>>>
>>>>>>>> I would appreciate any help.
>>>>>>>>
>>>>>>>> Best regards,
>>>>>>>> Arthur
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>
>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
AW: AW: SSL - ajax login
Posted by Arthur Leigh Allen <ar...@yahoo.de>.
i use my own (graphic) buttons in wicket.
after getting rid of my own code and just using a modified AjaxFallbackButton with overridden getCallbackUrl() method,
the form was submitted but i could see an error in the error console of firefox (translated by me):
security error: content from http://localhost:8080/projectname/?wicket:interface=:0:2::: is not allowed to load data from https://localhost:8443/projectname/?wicket:interface=:0:content:container:areaTop:2:panelTop:container:loginForm:buttonLogin:2:IBehaviorListener:0:&random=0.573852961623538
error: uncaught exception: [Exception... "Access to restricted URI denied" code: "1012" nsresult: "0x805303f4 (NS_ERROR_DOM_BAD_URI)" location: "http://localhost:8080/projectname/resources/org.apache.wicket.ajax.WicketAjaxReference/wicket-ajax.js Line: 884"]
is it about cross domain (http and https) AJAX queries?
________________________________
Von: Igor Vaynberg <ig...@gmail.com>
An: users@wicket.apache.org
Gesendet: Montag, den 27. Juli 2009, 18:24:20 Uhr
Betreff: Re: AW: SSL - ajax login
hmm, it might be like you said - ajax request with an untrusted cert
might be failing.
it looks from the console like wicket is trying to hit that url, what
you can do is set a breakpoint in wicketfilter and see if that request
ever reaches the server.
-igor
On Mon, Jul 27, 2009 at 4:56 AM, Arthur Leigh
Allen<ar...@yahoo.de> wrote:
> Hi again Igor,
>
> I did the following now:
> I called the website directly with https://localhost:8443/projectname and then I performed a login and it worked.
>
> Any idea?
>
> Thx Arthur
>
>
>
>
> ________________________________
> Von: Igor Vaynberg <ig...@gmail.com>
> An: users@wicket.apache.org
> Gesendet: Sonntag, den 26. Juli 2009, 22:22:22 Uhr
> Betreff: Re: AW: SSL - ajax login
>
> the href is not a problem; you seeing # appended to the end of the url
> is the correct behavior. what should have happened was the ajax call
> to that https url in the background.
>
> so what you should be looking into is why the ajax call with that
> https url was never made or response from it not processed, since we
> know the url itself works - because you pasted it into the browser and
> it worked. maybe wicket ajax console can give you a clue, firebug also
> has facilities that let you monitor requests being made. you should
> see a call to that https url when you click the link.
>
> -igor
>
> On Sun, Jul 26, 2009 at 1:15 PM, Arthur Leigh
> Allen<ar...@yahoo.de> wrote:
>> Hi Igor,
>>
>> I used Firebug to have a look at the onClick event.
>> I've inspected two links, one usual ajax link and one for the ssl login.
>>
>> ----
>>
>> Regarding the first link:
>> href="?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:linkForgotLogin:container:link::ILinkListener::"
>>
>> onClick="var wcall=wicketAjaxGet('?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:linkForgotLogin:container:link::IBehaviorListener:0:',null,null, function() {return Wicket.$('link141') != null;}.bind(this));return !wcall;"
>>
>> ----
>>
>> Regarding the ssl login link:
>> href="#"
>>
>> onClick="var wcall=wicketSubmitFormById('loginForm13b', 'https://localhost:8443/projectname/?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:buttonLogin:container:link::IActivePageBehaviorListener:0:&wicket:ignoreIfNotActive=true', 'buttonLogin:container:link' ,null,null, function() {return Wicket.$$(this)&&Wicket.$$('loginForm13b')}.bind(this));;; return false;"
>>
>> ----
>>
>> I clicked on the ssl login link and the page jumped to the anchor # but the form is not submitted. The symbol # was appended to the address bar of the browser.
>> I copied the url in the onClick event and entered it manually in the address bar of my browser. The xml code for the ajax response was shown in the browser - as known from wicket ajax debug.
>>
>> I guess the problem is the href attribute. I would expect to see an url like https://localhost:8443/projectname/wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:buttonLogin:container:link:: [etc.]
>>
>> Do you have any idea how I can solve the problem?
>>
>> Thx,
>> Arthur
>>
>>
>>
>>
>>
>>
>>
>> ________________________________
>> Von: Igor Vaynberg <ig...@gmail.com>
>> An: users@wicket.apache.org
>> Gesendet: Freitag, den 24. Juli 2009, 21:51:48 Uhr
>> Betreff: Re: AW: SSL - ajax login
>>
>> whatever url you see when hovering over the link is not the url used
>> for ajax - not necessarily. you should inspect the onclick handlers.
>>
>> -igor
>>
>> On Fri, Jul 24, 2009 at 12:20 PM, Arthur Leigh
>> Allen<ar...@yahoo.de> wrote:
>>> no, sorry... the url is not changing to http://locahost:8080/projectname/# but when I hold the mouse pointer over the link, I see the url in the status bar. When I hold the mouse pointer over other links, I see very long urls a la http://localhost:8080/projectname/;jsessionid=....wicket:interface.....
>>>
>>> But as you suggested, I'll debug the javascript to see the url modifications.
>>> Thank you for your support Igor!
>>>
>>> Have a nice weekend.
>>> Greetz, Arthur
>>>
>>>
>>>
>>> ________________________________
>>> Von: Igor Vaynberg <ig...@gmail.com>
>>> An: users@wicket.apache.org
>>> Gesendet: Freitag, den 24. Juli 2009, 17:30:27 Uhr
>>> Betreff: Re: AW: SSL - ajax login
>>>
>>> no, i havent tried it myself. i never had to do an ajax login.
>>>
>>> the url in the browser changes to http://locahost:8080/projectname/# ?
>>> thats fine. the main part is what the actual ajax url is used - you
>>> wont see that in the browser's bar. i suggest you use firebug or
>>> something similar to walk the javascript and see why your *ajax* url
>>> is being mangled.
>>>
>>> obviously if you return just "https://localhost:8443/projectname" that
>>> will not work because that doesnt have the listener interface target
>>> that will hit the behavior in your button.
>>>
>>> -igor
>>>
>>>
>>> On Fri, Jul 24, 2009 at 2:19 AM, Arthur Leigh
>>> Allen<ar...@yahoo.de> wrote:
>>>> Hi Igor,
>>>>
>>>> I tried to do it as simple as possible so I returned https://localhost:8443/projectname in the overridden method getCallbackUrl of AjaxFormSubmitBehavior. The result was the same. The link pointed to the url http://locahost:8080/projectname/#. It seems to me that only relative pathes can be returned, else the standard url will be used.
>>>>
>>>> I wanted to understand how the given url is used in wicket. I found the method wicketAjaxGet in wicket-ajax.js. There the url is passed to Wicket.Ajax.Call(...). I couldn't trace the call deeper because I couldn't find Call() in any javascript file.
>>>>
>>>> Have you tried it yourself Igor? Does it work?
>>>> I'm using wicket 1.3.5. Does it depend on the version I use?
>>>>
>>>> Is there a different entry point to manipulate the url for ajax calls?
>>>>
>>>> Thx again
>>>> Arthur
>>>>
>>>>
>>>>
>>>> ________________________________
>>>> Von: Igor Vaynberg <ig...@gmail.com>
>>>> An: users@wicket.apache.org
>>>> Gesendet: Donnerstag, den 23. Juli 2009, 16:37:22 Uhr
>>>> Betreff: Re: AW: SSL - ajax login
>>>>
>>>> javascript invokes the url you give it, so it looked like it should
>>>> work. you might have to trace deeper to see whats going on.
>>>>
>>>> -igor
>>>>
>>>> On Thu, Jul 23, 2009 at 4:41 AM, Arthur Leigh
>>>> Allen<ar...@yahoo.de> wrote:
>>>>> Hi Igor,
>>>>>
>>>>> I did it as you said.
>>>>> I took the code from AjaxFallbackButton and I copied it to an own class.
>>>>> In the constructor I overwrite the getCallbackUrl() method of the AjaxFormSubmitBehavior.
>>>>> I added the value https://localhost:8443/projectname/ as a prefix to super.getCallbackUrl().
>>>>> By the way: getCallbackUrl() returns a long relative url beginning with ";sessionid".
>>>>> So my url is https://localhost:8443/projectname/;sessionid...
>>>>>
>>>>> When starting tomcat and accessing the website, the url wasn't applied.
>>>>> When clicking the link, the url http://localhost:8080/projectname/# was called.
>>>>> I believe it's the wrong place to manipulate the url. Maybe it is expected to return a relative path
>>>>> beginning with ";sessionid". That url is maybe manipulated at a different place, so in my case the
>>>>> end result would be http://localhost:8080/projectname/https://localhost:8443/projectname/;sessionid.
>>>>> That would result in an error and maybe http://localhost:8080/projectname/# is used therefore.
>>>>>
>>>>> Am I wrong?
>>>>>
>>>>> Thx
>>>>> Arthur
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ________________________________
>>>>> Von: Igor Vaynberg <ig...@gmail.com>
>>>>> An: users@wicket.apache.org
>>>>> Gesendet: Mittwoch, den 22. Juli 2009, 18:31:27 Uhr
>>>>> Betreff: Re: AW: SSL - ajax login
>>>>>
>>>>> ah, i thought i replied already because i looked into this yesterday.
>>>>>
>>>>> you will have to roll your own button. i would recommend looking at
>>>>> the sourcecode of the default button. when you add the
>>>>> formsubmitbehavior in your button you can override getcallbackurl()
>>>>> and append https to it.
>>>>>
>>>>> -igor
>>>>>
>>>>> On Wed, Jul 22, 2009 at 2:37 AM, Arthur Leigh
>>>>> Allen<ar...@yahoo.de> wrote:
>>>>>> Hi again,
>>>>>>
>>>>>> I need to know if it's possible to switch to SSL via button or form.
>>>>>> Otherwise I have to switch back to wicket 1.3.5. I'm in hurry because
>>>>>> we will go online within the next 10-14 days.
>>>>>>
>>>>>> Can anyone give me a prompt answer please?
>>>>>>
>>>>>> Thx & Best regards
>>>>>> Arthur
>>>>>>
>>>>>>
>>>>>>
>>>>>> ________________________________
>>>>>> Von: Arthur Leigh Allen <ar...@yahoo.de>
>>>>>> An: users@wicket.apache.org
>>>>>> Gesendet: Dienstag, den 21. Juli 2009, 19:18:18 Uhr
>>>>>> Betreff: AW: SSL - ajax login
>>>>>>
>>>>>> Hello Igor,
>>>>>>
>>>>>> thanks for your early reply.
>>>>>> Yes, my login form is submitted via ajax.
>>>>>>
>>>>>> public class BasePage {
>>>>>>
>>>>>> public void switchViaAjax(...) { ... }
>>>>>> public void navigateViaAjax(...) { ... }
>>>>>>
>>>>>> }
>>>>>>
>>>>>> @RequireHttps
>>>>>> public class SSLForm extends Form { ... }
>>>>>>
>>>>>> public class LoginPanel {
>>>>>>
>>>>>> public LoginPanel() { ... }
>>>>>>
>>>>>> public create() {
>>>>>> SSLForm form = new SSLForm("loginForm");
>>>>>> form.add(username);
>>>>>> form.add(password);
>>>>>>
>>>>>> AjaxFallbackButton loginButton = new AjaxFallbackButton("loginButton", form) {
>>>>>> protected void onSubmit(AjaxRequestTarget target, Form form) {
>>>>>> // perform login => login is done via http
>>>>>> }
>>>>>> }
>>>>>> }
>>>>>> }
>>>>>>
>>>>>> As you said @RequireSSL is for pages.
>>>>>> Do you have any idea how I can remove @RequireHttps from the top of my BasePage and switch to https on login?
>>>>>> Currently I think the only way to provide a ssl ajax call is to show the base page via ssl as a starting basis.
>>>>>>
>>>>>> Therefore I have to use @RequireSSL on the BasePage but that means every communication is done via ssl
>>>>>> and that means more server ballast and a slower page refresh.
>>>>>>
>>>>>> Greetings
>>>>>> Arthur
>>>>>>
>>>>>>
>>>>>>
>>>>>> ________________________________
>>>>>> Von: Igor Vaynberg <ig...@gmail.com>
>>>>>> An: users@wicket.apache.org
>>>>>> Gesendet: Dienstag, den 21. Juli 2009, 18:08:48 Uhr
>>>>>> Betreff: Re: SSL - ajax login
>>>>>>
>>>>>> @RequreHttps is meant to be a page-level feature, so it doesnt fit your usecase.
>>>>>>
>>>>>> is your login form submitted via ajax?
>>>>>>
>>>>>> show us the code to sslform, your login form - making sure to include
>>>>>> the code to the component that submits it.
>>>>>>
>>>>>> -igor
>>>>>>
>>>>>> On Tue, Jul 21, 2009 at 8:34 AM, Arthur Leigh
>>>>>> Allen<ar...@yahoo.de> wrote:
>>>>>>> Hello folks,
>>>>>>>
>>>>>>> I'm using wicket 1.4 RC7 now and I have a question regarding the usage of ssl.
>>>>>>> I use the HttpsRequestCycleProcessor with the annotation @RequireHttps.
>>>>>>>
>>>>>>> Imagine the following case like it is realized on different sites like web.de or gmx.de as well as xing.com.
>>>>>>> The first call will result in a http url. If you enter your login name and your password and submit the form,
>>>>>>> then the form will be send via https.
>>>>>>>
>>>>>>> I only have one page. Everything on my page is exchanged via ajax. The login is also done via ajax.
>>>>>>> Currently I use the annotation above for my BasePage but from the first call, the whole communication
>>>>>>> is done with ssl.
>>>>>>>
>>>>>>> What I would like to realize is: Using the @RequireHttps annotation on forms or submit buttons.
>>>>>>> I implemented an own SSLForm class extending the wicket form class with the annotation.
>>>>>>> But when I use the SSLForm for my login, the communication is done without ssl.
>>>>>>> I would like to use my page via http, but the ajax login should be done with ssl.
>>>>>>>
>>>>>>> The only thing I can do now is:
>>>>>>> -page completely with ssl
>>>>>>> -page completely without ssl
>>>>>>>
>>>>>>> I would appreciate any help.
>>>>>>>
>>>>>>> Best regards,
>>>>>>> Arthur
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>
>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: AW: SSL - ajax login
Posted by Igor Vaynberg <ig...@gmail.com>.
hmm, it might be like you said - ajax request with an untrusted cert
might be failing.
it looks from the console like wicket is trying to hit that url, what
you can do is set a breakpoint in wicketfilter and see if that request
ever reaches the server.
-igor
On Mon, Jul 27, 2009 at 4:56 AM, Arthur Leigh
Allen<ar...@yahoo.de> wrote:
> Hi again Igor,
>
> I did the following now:
> I called the website directly with https://localhost:8443/projectname and then I performed a login and it worked.
>
> Any idea?
>
> Thx Arthur
>
>
>
>
> ________________________________
> Von: Igor Vaynberg <ig...@gmail.com>
> An: users@wicket.apache.org
> Gesendet: Sonntag, den 26. Juli 2009, 22:22:22 Uhr
> Betreff: Re: AW: SSL - ajax login
>
> the href is not a problem; you seeing # appended to the end of the url
> is the correct behavior. what should have happened was the ajax call
> to that https url in the background.
>
> so what you should be looking into is why the ajax call with that
> https url was never made or response from it not processed, since we
> know the url itself works - because you pasted it into the browser and
> it worked. maybe wicket ajax console can give you a clue, firebug also
> has facilities that let you monitor requests being made. you should
> see a call to that https url when you click the link.
>
> -igor
>
> On Sun, Jul 26, 2009 at 1:15 PM, Arthur Leigh
> Allen<ar...@yahoo.de> wrote:
>> Hi Igor,
>>
>> I used Firebug to have a look at the onClick event.
>> I've inspected two links, one usual ajax link and one for the ssl login.
>>
>> ----
>>
>> Regarding the first link:
>> href="?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:linkForgotLogin:container:link::ILinkListener::"
>>
>> onClick="var wcall=wicketAjaxGet('?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:linkForgotLogin:container:link::IBehaviorListener:0:',null,null, function() {return Wicket.$('link141') != null;}.bind(this));return !wcall;"
>>
>> ----
>>
>> Regarding the ssl login link:
>> href="#"
>>
>> onClick="var wcall=wicketSubmitFormById('loginForm13b', 'https://localhost:8443/projectname/?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:buttonLogin:container:link::IActivePageBehaviorListener:0:&wicket:ignoreIfNotActive=true', 'buttonLogin:container:link' ,null,null, function() {return Wicket.$$(this)&&Wicket.$$('loginForm13b')}.bind(this));;; return false;"
>>
>> ----
>>
>> I clicked on the ssl login link and the page jumped to the anchor # but the form is not submitted. The symbol # was appended to the address bar of the browser.
>> I copied the url in the onClick event and entered it manually in the address bar of my browser. The xml code for the ajax response was shown in the browser - as known from wicket ajax debug.
>>
>> I guess the problem is the href attribute. I would expect to see an url like https://localhost:8443/projectname/wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:buttonLogin:container:link:: [etc.]
>>
>> Do you have any idea how I can solve the problem?
>>
>> Thx,
>> Arthur
>>
>>
>>
>>
>>
>>
>>
>> ________________________________
>> Von: Igor Vaynberg <ig...@gmail.com>
>> An: users@wicket.apache.org
>> Gesendet: Freitag, den 24. Juli 2009, 21:51:48 Uhr
>> Betreff: Re: AW: SSL - ajax login
>>
>> whatever url you see when hovering over the link is not the url used
>> for ajax - not necessarily. you should inspect the onclick handlers.
>>
>> -igor
>>
>> On Fri, Jul 24, 2009 at 12:20 PM, Arthur Leigh
>> Allen<ar...@yahoo.de> wrote:
>>> no, sorry... the url is not changing to http://locahost:8080/projectname/# but when I hold the mouse pointer over the link, I see the url in the status bar. When I hold the mouse pointer over other links, I see very long urls a la http://localhost:8080/projectname/;jsessionid=....wicket:interface.....
>>>
>>> But as you suggested, I'll debug the javascript to see the url modifications.
>>> Thank you for your support Igor!
>>>
>>> Have a nice weekend.
>>> Greetz, Arthur
>>>
>>>
>>>
>>> ________________________________
>>> Von: Igor Vaynberg <ig...@gmail.com>
>>> An: users@wicket.apache.org
>>> Gesendet: Freitag, den 24. Juli 2009, 17:30:27 Uhr
>>> Betreff: Re: AW: SSL - ajax login
>>>
>>> no, i havent tried it myself. i never had to do an ajax login.
>>>
>>> the url in the browser changes to http://locahost:8080/projectname/# ?
>>> thats fine. the main part is what the actual ajax url is used - you
>>> wont see that in the browser's bar. i suggest you use firebug or
>>> something similar to walk the javascript and see why your *ajax* url
>>> is being mangled.
>>>
>>> obviously if you return just "https://localhost:8443/projectname" that
>>> will not work because that doesnt have the listener interface target
>>> that will hit the behavior in your button.
>>>
>>> -igor
>>>
>>>
>>> On Fri, Jul 24, 2009 at 2:19 AM, Arthur Leigh
>>> Allen<ar...@yahoo.de> wrote:
>>>> Hi Igor,
>>>>
>>>> I tried to do it as simple as possible so I returned https://localhost:8443/projectname in the overridden method getCallbackUrl of AjaxFormSubmitBehavior. The result was the same. The link pointed to the url http://locahost:8080/projectname/#. It seems to me that only relative pathes can be returned, else the standard url will be used.
>>>>
>>>> I wanted to understand how the given url is used in wicket. I found the method wicketAjaxGet in wicket-ajax.js. There the url is passed to Wicket.Ajax.Call(...). I couldn't trace the call deeper because I couldn't find Call() in any javascript file.
>>>>
>>>> Have you tried it yourself Igor? Does it work?
>>>> I'm using wicket 1.3.5. Does it depend on the version I use?
>>>>
>>>> Is there a different entry point to manipulate the url for ajax calls?
>>>>
>>>> Thx again
>>>> Arthur
>>>>
>>>>
>>>>
>>>> ________________________________
>>>> Von: Igor Vaynberg <ig...@gmail.com>
>>>> An: users@wicket.apache.org
>>>> Gesendet: Donnerstag, den 23. Juli 2009, 16:37:22 Uhr
>>>> Betreff: Re: AW: SSL - ajax login
>>>>
>>>> javascript invokes the url you give it, so it looked like it should
>>>> work. you might have to trace deeper to see whats going on.
>>>>
>>>> -igor
>>>>
>>>> On Thu, Jul 23, 2009 at 4:41 AM, Arthur Leigh
>>>> Allen<ar...@yahoo.de> wrote:
>>>>> Hi Igor,
>>>>>
>>>>> I did it as you said.
>>>>> I took the code from AjaxFallbackButton and I copied it to an own class.
>>>>> In the constructor I overwrite the getCallbackUrl() method of the AjaxFormSubmitBehavior.
>>>>> I added the value https://localhost:8443/projectname/ as a prefix to super.getCallbackUrl().
>>>>> By the way: getCallbackUrl() returns a long relative url beginning with ";sessionid".
>>>>> So my url is https://localhost:8443/projectname/;sessionid...
>>>>>
>>>>> When starting tomcat and accessing the website, the url wasn't applied.
>>>>> When clicking the link, the url http://localhost:8080/projectname/# was called.
>>>>> I believe it's the wrong place to manipulate the url. Maybe it is expected to return a relative path
>>>>> beginning with ";sessionid". That url is maybe manipulated at a different place, so in my case the
>>>>> end result would be http://localhost:8080/projectname/https://localhost:8443/projectname/;sessionid.
>>>>> That would result in an error and maybe http://localhost:8080/projectname/# is used therefore.
>>>>>
>>>>> Am I wrong?
>>>>>
>>>>> Thx
>>>>> Arthur
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ________________________________
>>>>> Von: Igor Vaynberg <ig...@gmail.com>
>>>>> An: users@wicket.apache.org
>>>>> Gesendet: Mittwoch, den 22. Juli 2009, 18:31:27 Uhr
>>>>> Betreff: Re: AW: SSL - ajax login
>>>>>
>>>>> ah, i thought i replied already because i looked into this yesterday.
>>>>>
>>>>> you will have to roll your own button. i would recommend looking at
>>>>> the sourcecode of the default button. when you add the
>>>>> formsubmitbehavior in your button you can override getcallbackurl()
>>>>> and append https to it.
>>>>>
>>>>> -igor
>>>>>
>>>>> On Wed, Jul 22, 2009 at 2:37 AM, Arthur Leigh
>>>>> Allen<ar...@yahoo.de> wrote:
>>>>>> Hi again,
>>>>>>
>>>>>> I need to know if it's possible to switch to SSL via button or form.
>>>>>> Otherwise I have to switch back to wicket 1.3.5. I'm in hurry because
>>>>>> we will go online within the next 10-14 days.
>>>>>>
>>>>>> Can anyone give me a prompt answer please?
>>>>>>
>>>>>> Thx & Best regards
>>>>>> Arthur
>>>>>>
>>>>>>
>>>>>>
>>>>>> ________________________________
>>>>>> Von: Arthur Leigh Allen <ar...@yahoo.de>
>>>>>> An: users@wicket.apache.org
>>>>>> Gesendet: Dienstag, den 21. Juli 2009, 19:18:18 Uhr
>>>>>> Betreff: AW: SSL - ajax login
>>>>>>
>>>>>> Hello Igor,
>>>>>>
>>>>>> thanks for your early reply.
>>>>>> Yes, my login form is submitted via ajax.
>>>>>>
>>>>>> public class BasePage {
>>>>>>
>>>>>> public void switchViaAjax(...) { ... }
>>>>>> public void navigateViaAjax(...) { ... }
>>>>>>
>>>>>> }
>>>>>>
>>>>>> @RequireHttps
>>>>>> public class SSLForm extends Form { ... }
>>>>>>
>>>>>> public class LoginPanel {
>>>>>>
>>>>>> public LoginPanel() { ... }
>>>>>>
>>>>>> public create() {
>>>>>> SSLForm form = new SSLForm("loginForm");
>>>>>> form.add(username);
>>>>>> form.add(password);
>>>>>>
>>>>>> AjaxFallbackButton loginButton = new AjaxFallbackButton("loginButton", form) {
>>>>>> protected void onSubmit(AjaxRequestTarget target, Form form) {
>>>>>> // perform login => login is done via http
>>>>>> }
>>>>>> }
>>>>>> }
>>>>>> }
>>>>>>
>>>>>> As you said @RequireSSL is for pages.
>>>>>> Do you have any idea how I can remove @RequireHttps from the top of my BasePage and switch to https on login?
>>>>>> Currently I think the only way to provide a ssl ajax call is to show the base page via ssl as a starting basis.
>>>>>>
>>>>>> Therefore I have to use @RequireSSL on the BasePage but that means every communication is done via ssl
>>>>>> and that means more server ballast and a slower page refresh.
>>>>>>
>>>>>> Greetings
>>>>>> Arthur
>>>>>>
>>>>>>
>>>>>>
>>>>>> ________________________________
>>>>>> Von: Igor Vaynberg <ig...@gmail.com>
>>>>>> An: users@wicket.apache.org
>>>>>> Gesendet: Dienstag, den 21. Juli 2009, 18:08:48 Uhr
>>>>>> Betreff: Re: SSL - ajax login
>>>>>>
>>>>>> @RequreHttps is meant to be a page-level feature, so it doesnt fit your usecase.
>>>>>>
>>>>>> is your login form submitted via ajax?
>>>>>>
>>>>>> show us the code to sslform, your login form - making sure to include
>>>>>> the code to the component that submits it.
>>>>>>
>>>>>> -igor
>>>>>>
>>>>>> On Tue, Jul 21, 2009 at 8:34 AM, Arthur Leigh
>>>>>> Allen<ar...@yahoo.de> wrote:
>>>>>>> Hello folks,
>>>>>>>
>>>>>>> I'm using wicket 1.4 RC7 now and I have a question regarding the usage of ssl.
>>>>>>> I use the HttpsRequestCycleProcessor with the annotation @RequireHttps.
>>>>>>>
>>>>>>> Imagine the following case like it is realized on different sites like web.de or gmx.de as well as xing.com.
>>>>>>> The first call will result in a http url. If you enter your login name and your password and submit the form,
>>>>>>> then the form will be send via https.
>>>>>>>
>>>>>>> I only have one page. Everything on my page is exchanged via ajax. The login is also done via ajax.
>>>>>>> Currently I use the annotation above for my BasePage but from the first call, the whole communication
>>>>>>> is done with ssl.
>>>>>>>
>>>>>>> What I would like to realize is: Using the @RequireHttps annotation on forms or submit buttons.
>>>>>>> I implemented an own SSLForm class extending the wicket form class with the annotation.
>>>>>>> But when I use the SSLForm for my login, the communication is done without ssl.
>>>>>>> I would like to use my page via http, but the ajax login should be done with ssl.
>>>>>>>
>>>>>>> The only thing I can do now is:
>>>>>>> -page completely with ssl
>>>>>>> -page completely without ssl
>>>>>>>
>>>>>>> I would appreciate any help.
>>>>>>>
>>>>>>> Best regards,
>>>>>>> Arthur
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>
>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
AW: AW: SSL - ajax login
Posted by Arthur Leigh Allen <ar...@yahoo.de>.
I'll try to find out more.
Here is the output from wicket debug console:
---
SSL-Link clicked:
INFO: focus set on link34
INFO: Using XMLHttpRequest transport
INFO:
INFO: Initiating Ajax POST request on https://localhost:8443/projectname/;jsessionid=039EAC776571BA623EA885F798AC6A10?wicket:interface=:0:content:container:areaTop:2:panelTop:container:loginForm:buttonLogin:container:link::IBehaviorListener:0:&random=0.30097839823986994
INFO: Invoking pre-call handler(s)... (<-- no answer/response)
INFO: focus removed from link76
INFO: focus set on link7b
INFO: Channel busy - postponing... (<-- shown when a different link is clicked)
----
Usual Link clicked:
INFO: focus set on link7b
INFO: Using XMLHttpRequest transport
INFO:
INFO: Initiating Ajax GET request on ?wicket:interface=:2:content:container:areaTop:2:panelTop:container:loginForm:linkForgotLogin:container:link::IBehaviorListener:0:&random=0.39846398226416335
INFO: Invoking pre-call handler(s)...
INFO: Received ajax response (20795 characters)
INFO:
<?xml version="1.0" encoding="UTF-8"?><ajax-response>...</ajax-response>
INFO: Response parsed. Now invoking steps...
INFO: setHistoryItem: 1
INFO: setHistoryItem: 2
INFO: Response processed successfully.
INFO: Invoking post-call handler(s)...
INFO: Couldn't set focus on not on the page anymore
---
btw: I'm using an own made ssl certificate for testing purposes, so it's not trustable.
Could it be because of that?
For example: When using a non ajax ssl link the browser (IE) ask me if I'd like to proceed.
Only if I proceed, the website is loaded/shown.
If it's an ajax ssl call, maybe there is no way to ask the user whether he want to proceed or not.
Arthur
________________________________
Von: Igor Vaynberg <ig...@gmail.com>
An: users@wicket.apache.org
Gesendet: Sonntag, den 26. Juli 2009, 22:22:22 Uhr
Betreff: Re: AW: SSL - ajax login
the href is not a problem; you seeing # appended to the end of the url
is the correct behavior. what should have happened was the ajax call
to that https url in the background.
so what you should be looking into is why the ajax call with that
https url was never made or response from it not processed, since we
know the url itself works - because you pasted it into the browser and
it worked. maybe wicket ajax console can give you a clue, firebug also
has facilities that let you monitor requests being made. you should
see a call to that https url when you click the link.
-igor
On Sun, Jul 26, 2009 at 1:15 PM, Arthur Leigh
Allen<ar...@yahoo.de> wrote:
> Hi Igor,
>
> I used Firebug to have a look at the onClick event.
> I've inspected two links, one usual ajax link and one for the ssl login.
>
> ----
>
> Regarding the first link:
> href="?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:linkForgotLogin:container:link::ILinkListener::"
>
> onClick="var wcall=wicketAjaxGet('?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:linkForgotLogin:container:link::IBehaviorListener:0:',null,null, function() {return Wicket.$('link141') != null;}.bind(this));return !wcall;"
>
> ----
>
> Regarding the ssl login link:
> href="#"
>
> onClick="var wcall=wicketSubmitFormById('loginForm13b', 'https://localhost:8443/projectname/?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:buttonLogin:container:link::IActivePageBehaviorListener:0:&wicket:ignoreIfNotActive=true', 'buttonLogin:container:link' ,null,null, function() {return Wicket.$$(this)&&Wicket.$$('loginForm13b')}.bind(this));;; return false;"
>
> ----
>
> I clicked on the ssl login link and the page jumped to the anchor # but the form is not submitted. The symbol # was appended to the address bar of the browser.
> I copied the url in the onClick event and entered it manually in the address bar of my browser. The xml code for the ajax response was shown in the browser - as known from wicket ajax debug.
>
> I guess the problem is the href attribute. I would expect to see an url like https://localhost:8443/projectname/wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:buttonLogin:container:link:: [etc.]
>
> Do you have any idea how I can solve the problem?
>
> Thx,
> Arthur
>
>
>
>
>
>
>
> ________________________________
> Von: Igor Vaynberg <ig...@gmail.com>
> An: users@wicket.apache.org
> Gesendet: Freitag, den 24. Juli 2009, 21:51:48 Uhr
> Betreff: Re: AW: SSL - ajax login
>
> whatever url you see when hovering over the link is not the url used
> for ajax - not necessarily. you should inspect the onclick handlers.
>
> -igor
>
> On Fri, Jul 24, 2009 at 12:20 PM, Arthur Leigh
> Allen<ar...@yahoo.de> wrote:
>> no, sorry... the url is not changing to http://locahost:8080/projectname/# but when I hold the mouse pointer over the link, I see the url in the status bar. When I hold the mouse pointer over other links, I see very long urls a la http://localhost:8080/projectname/;jsessionid=....wicket:interface.....
>>
>> But as you suggested, I'll debug the javascript to see the url modifications.
>> Thank you for your support Igor!
>>
>> Have a nice weekend.
>> Greetz, Arthur
>>
>>
>>
>> ________________________________
>> Von: Igor Vaynberg <ig...@gmail.com>
>> An: users@wicket.apache.org
>> Gesendet: Freitag, den 24. Juli 2009, 17:30:27 Uhr
>> Betreff: Re: AW: SSL - ajax login
>>
>> no, i havent tried it myself. i never had to do an ajax login.
>>
>> the url in the browser changes to http://locahost:8080/projectname/# ?
>> thats fine. the main part is what the actual ajax url is used - you
>> wont see that in the browser's bar. i suggest you use firebug or
>> something similar to walk the javascript and see why your *ajax* url
>> is being mangled.
>>
>> obviously if you return just "https://localhost:8443/projectname" that
>> will not work because that doesnt have the listener interface target
>> that will hit the behavior in your button.
>>
>> -igor
>>
>>
>> On Fri, Jul 24, 2009 at 2:19 AM, Arthur Leigh
>> Allen<ar...@yahoo.de> wrote:
>>> Hi Igor,
>>>
>>> I tried to do it as simple as possible so I returned https://localhost:8443/projectname in the overridden method getCallbackUrl of AjaxFormSubmitBehavior. The result was the same. The link pointed to the url http://locahost:8080/projectname/#. It seems to me that only relative pathes can be returned, else the standard url will be used.
>>>
>>> I wanted to understand how the given url is used in wicket. I found the method wicketAjaxGet in wicket-ajax.js. There the url is passed to Wicket.Ajax.Call(...). I couldn't trace the call deeper because I couldn't find Call() in any javascript file.
>>>
>>> Have you tried it yourself Igor? Does it work?
>>> I'm using wicket 1.3.5. Does it depend on the version I use?
>>>
>>> Is there a different entry point to manipulate the url for ajax calls?
>>>
>>> Thx again
>>> Arthur
>>>
>>>
>>>
>>> ________________________________
>>> Von: Igor Vaynberg <ig...@gmail.com>
>>> An: users@wicket.apache.org
>>> Gesendet: Donnerstag, den 23. Juli 2009, 16:37:22 Uhr
>>> Betreff: Re: AW: SSL - ajax login
>>>
>>> javascript invokes the url you give it, so it looked like it should
>>> work. you might have to trace deeper to see whats going on.
>>>
>>> -igor
>>>
>>> On Thu, Jul 23, 2009 at 4:41 AM, Arthur Leigh
>>> Allen<ar...@yahoo.de> wrote:
>>>> Hi Igor,
>>>>
>>>> I did it as you said.
>>>> I took the code from AjaxFallbackButton and I copied it to an own class.
>>>> In the constructor I overwrite the getCallbackUrl() method of the AjaxFormSubmitBehavior.
>>>> I added the value https://localhost:8443/projectname/ as a prefix to super.getCallbackUrl().
>>>> By the way: getCallbackUrl() returns a long relative url beginning with ";sessionid".
>>>> So my url is https://localhost:8443/projectname/;sessionid...
>>>>
>>>> When starting tomcat and accessing the website, the url wasn't applied.
>>>> When clicking the link, the url http://localhost:8080/projectname/# was called.
>>>> I believe it's the wrong place to manipulate the url. Maybe it is expected to return a relative path
>>>> beginning with ";sessionid". That url is maybe manipulated at a different place, so in my case the
>>>> end result would be http://localhost:8080/projectname/https://localhost:8443/projectname/;sessionid.
>>>> That would result in an error and maybe http://localhost:8080/projectname/# is used therefore.
>>>>
>>>> Am I wrong?
>>>>
>>>> Thx
>>>> Arthur
>>>>
>>>>
>>>>
>>>>
>>>> ________________________________
>>>> Von: Igor Vaynberg <ig...@gmail.com>
>>>> An: users@wicket.apache.org
>>>> Gesendet: Mittwoch, den 22. Juli 2009, 18:31:27 Uhr
>>>> Betreff: Re: AW: SSL - ajax login
>>>>
>>>> ah, i thought i replied already because i looked into this yesterday.
>>>>
>>>> you will have to roll your own button. i would recommend looking at
>>>> the sourcecode of the default button. when you add the
>>>> formsubmitbehavior in your button you can override getcallbackurl()
>>>> and append https to it.
>>>>
>>>> -igor
>>>>
>>>> On Wed, Jul 22, 2009 at 2:37 AM, Arthur Leigh
>>>> Allen<ar...@yahoo.de> wrote:
>>>>> Hi again,
>>>>>
>>>>> I need to know if it's possible to switch to SSL via button or form.
>>>>> Otherwise I have to switch back to wicket 1.3.5. I'm in hurry because
>>>>> we will go online within the next 10-14 days.
>>>>>
>>>>> Can anyone give me a prompt answer please?
>>>>>
>>>>> Thx & Best regards
>>>>> Arthur
>>>>>
>>>>>
>>>>>
>>>>> ________________________________
>>>>> Von: Arthur Leigh Allen <ar...@yahoo.de>
>>>>> An: users@wicket.apache.org
>>>>> Gesendet: Dienstag, den 21. Juli 2009, 19:18:18 Uhr
>>>>> Betreff: AW: SSL - ajax login
>>>>>
>>>>> Hello Igor,
>>>>>
>>>>> thanks for your early reply.
>>>>> Yes, my login form is submitted via ajax.
>>>>>
>>>>> public class BasePage {
>>>>>
>>>>> public void switchViaAjax(...) { ... }
>>>>> public void navigateViaAjax(...) { ... }
>>>>>
>>>>> }
>>>>>
>>>>> @RequireHttps
>>>>> public class SSLForm extends Form { ... }
>>>>>
>>>>> public class LoginPanel {
>>>>>
>>>>> public LoginPanel() { ... }
>>>>>
>>>>> public create() {
>>>>> SSLForm form = new SSLForm("loginForm");
>>>>> form.add(username);
>>>>> form.add(password);
>>>>>
>>>>> AjaxFallbackButton loginButton = new AjaxFallbackButton("loginButton", form) {
>>>>> protected void onSubmit(AjaxRequestTarget target, Form form) {
>>>>> // perform login => login is done via http
>>>>> }
>>>>> }
>>>>> }
>>>>> }
>>>>>
>>>>> As you said @RequireSSL is for pages.
>>>>> Do you have any idea how I can remove @RequireHttps from the top of my BasePage and switch to https on login?
>>>>> Currently I think the only way to provide a ssl ajax call is to show the base page via ssl as a starting basis.
>>>>>
>>>>> Therefore I have to use @RequireSSL on the BasePage but that means every communication is done via ssl
>>>>> and that means more server ballast and a slower page refresh.
>>>>>
>>>>> Greetings
>>>>> Arthur
>>>>>
>>>>>
>>>>>
>>>>> ________________________________
>>>>> Von: Igor Vaynberg <ig...@gmail.com>
>>>>> An: users@wicket.apache.org
>>>>> Gesendet: Dienstag, den 21. Juli 2009, 18:08:48 Uhr
>>>>> Betreff: Re: SSL - ajax login
>>>>>
>>>>> @RequreHttps is meant to be a page-level feature, so it doesnt fit your usecase.
>>>>>
>>>>> is your login form submitted via ajax?
>>>>>
>>>>> show us the code to sslform, your login form - making sure to include
>>>>> the code to the component that submits it.
>>>>>
>>>>> -igor
>>>>>
>>>>> On Tue, Jul 21, 2009 at 8:34 AM, Arthur Leigh
>>>>> Allen<ar...@yahoo.de> wrote:
>>>>>> Hello folks,
>>>>>>
>>>>>> I'm using wicket 1.4 RC7 now and I have a question regarding the usage of ssl.
>>>>>> I use the HttpsRequestCycleProcessor with the annotation @RequireHttps.
>>>>>>
>>>>>> Imagine the following case like it is realized on different sites like web.de or gmx.de as well as xing.com.
>>>>>> The first call will result in a http url. If you enter your login name and your password and submit the form,
>>>>>> then the form will be send via https.
>>>>>>
>>>>>> I only have one page. Everything on my page is exchanged via ajax. The login is also done via ajax.
>>>>>> Currently I use the annotation above for my BasePage but from the first call, the whole communication
>>>>>> is done with ssl.
>>>>>>
>>>>>> What I would like to realize is: Using the @RequireHttps annotation on forms or submit buttons.
>>>>>> I implemented an own SSLForm class extending the wicket form class with the annotation.
>>>>>> But when I use the SSLForm for my login, the communication is done without ssl.
>>>>>> I would like to use my page via http, but the ajax login should be done with ssl.
>>>>>>
>>>>>> The only thing I can do now is:
>>>>>> -page completely with ssl
>>>>>> -page completely without ssl
>>>>>>
>>>>>> I would appreciate any help.
>>>>>>
>>>>>> Best regards,
>>>>>> Arthur
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>
>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: the effective ways of wicket models to access database
Posted by Maarten Bosteels <mb...@gmail.com>.
On Mon, Jul 27, 2009 at 2:58 PM, David Chang <da...@yahoo.com>wrote:
>
> Martin and all, thanks for your input.
>
> >>You can use spring to inject the service, using @SpringBean and
> calling in the constructor InjectorHolder.getInjector().inject(this);
> (or use salve)
>
> You mean add a member to this CheeseModel class and use @SpringBean to
> inject it? From reading this book, I know it works. How about creating a
> super custom model (implements IModel) which has DAO ready and other classes
> such as CheeseModel simply extends it?
>
> What do you mean by "salve"?
http://code.google.com/p/salve/
Maarten
>
>
> Thanks.
>
>
>
> --- On Mon, 7/27/09, Martijn Dashorst <ma...@gmail.com> wrote:
>
> > From: Martijn Dashorst <ma...@gmail.com>
> > Subject: Re: the effective ways of wicket models to access database
> > To: users@wicket.apache.org
> > Date: Monday, July 27, 2009, 8:29 AM
> > You can use spring to inject the
> > service, using @SpringBean and
> > calling in the constructor
> > InjectorHolder.getInjector().inject(this);
> > (or use salve)
> >
> > Service locator is also a possibility. That is why we left
> > it open :)
> >
> > Martijn
> >
> > On Mon, Jul 27, 2009 at 2:20 PM, David Chang<da...@yahoo.com>
> > wrote:
> > >
> > > Hello, I am reading <<Wicket in Action>>
> > to learn Wicket. The example on Page 99 is about teaching
> > detachable models. Here it goes:
> > >
> > > -----------
> > > public class CheeseModel extends Model {
> > > private Long id;
> > > private transient Cheese cheese;
> > > public CheeseModel() {
> > > }
> > > public CheeseModel(Cheese cheese) {
> > > setObject(cheese);
> > > }
> > > public CheeseModel(Long id) {
> > > this.id = id;
> > > }
> > > @Override
> > > public Object getObject() {
> > > if(cheese != null) return
> > cheese;
> > > if(id == null ) {
> > > cheese = new
> > Cheese();
> > > } else {
> > > CheeseDao dao =
> > ...
> > > cheese =
> > dao.getCheese(id);
> > > }
> > > return cheese;
> > > }
> > > @Override
> > > public void setObject(Object object) {
> > > this. cheese = (Cheese)object;
> > > id = (cheese == null) ? null :
> > cheese.getId();
> > > }
> > > @Override
> > > public void detach() {
> > > this. cheese = null;
> > > }
> > > }
> > > -----------
> > >
> > > I would like to know how dao is obtained as indicated
> > as follows:
> > >
> > > CheeseDao dao =
> > ...
> > >
> > > Use a locator pattern? Or should I let CheeseModel
> > extend a custom model in which dao is set via Spring? Does
> > the latter way create more memory footprint? What are the
> > effective ways of getting DAO avaiable to wicket models?
> > >
> > > Thanks for your input!
> > >
> > > Cheers!
> > >
> > >
> > >
> > >
> > >
> > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> > > For additional commands, e-mail: users-help@wicket.apache.org
> > >
> > >
> >
> >
> >
> > --
> > Become a Wicket expert, learn from the best: http://wicketinaction.com
> > Apache Wicket 1.3.5 is released
> > Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> > For additional commands, e-mail: users-help@wicket.apache.org
> >
> >
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
Re: the effective ways of wicket models to access database
Posted by David Chang <da...@yahoo.com>.
Martin and all, thanks for your input.
>>You can use spring to inject the service, using @SpringBean and
calling in the constructor InjectorHolder.getInjector().inject(this);
(or use salve)
You mean add a member to this CheeseModel class and use @SpringBean to inject it? From reading this book, I know it works. How about creating a super custom model (implements IModel) which has DAO ready and other classes such as CheeseModel simply extends it?
What do you mean by "salve"?
Thanks.
--- On Mon, 7/27/09, Martijn Dashorst <ma...@gmail.com> wrote:
> From: Martijn Dashorst <ma...@gmail.com>
> Subject: Re: the effective ways of wicket models to access database
> To: users@wicket.apache.org
> Date: Monday, July 27, 2009, 8:29 AM
> You can use spring to inject the
> service, using @SpringBean and
> calling in the constructor
> InjectorHolder.getInjector().inject(this);
> (or use salve)
>
> Service locator is also a possibility. That is why we left
> it open :)
>
> Martijn
>
> On Mon, Jul 27, 2009 at 2:20 PM, David Chang<da...@yahoo.com>
> wrote:
> >
> > Hello, I am reading <<Wicket in Action>>
> to learn Wicket. The example on Page 99 is about teaching
> detachable models. Here it goes:
> >
> > -----------
> > public class CheeseModel extends Model {
> > private Long id;
> > private transient Cheese cheese;
> > public CheeseModel() {
> > }
> > public CheeseModel(Cheese cheese) {
> > setObject(cheese);
> > }
> > public CheeseModel(Long id) {
> > this.id = id;
> > }
> > @Override
> > public Object getObject() {
> > if(cheese != null) return
> cheese;
> > if(id == null ) {
> > cheese = new
> Cheese();
> > } else {
> > CheeseDao dao =
> ...
> > cheese =
> dao.getCheese(id);
> > }
> > return cheese;
> > }
> > @Override
> > public void setObject(Object object) {
> > this. cheese = (Cheese)object;
> > id = (cheese == null) ? null :
> cheese.getId();
> > }
> > @Override
> > public void detach() {
> > this. cheese = null;
> > }
> > }
> > -----------
> >
> > I would like to know how dao is obtained as indicated
> as follows:
> >
> > CheeseDao dao =
> ...
> >
> > Use a locator pattern? Or should I let CheeseModel
> extend a custom model in which dao is set via Spring? Does
> the latter way create more memory footprint? What are the
> effective ways of getting DAO avaiable to wicket models?
> >
> > Thanks for your input!
> >
> > Cheers!
> >
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> > For additional commands, e-mail: users-help@wicket.apache.org
> >
> >
>
>
>
> --
> Become a Wicket expert, learn from the best: http://wicketinaction.com
> Apache Wicket 1.3.5 is released
> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: the effective ways of wicket models to access database
Posted by Martijn Dashorst <ma...@gmail.com>.
You can use spring to inject the service, using @SpringBean and
calling in the constructor InjectorHolder.getInjector().inject(this);
(or use salve)
Service locator is also a possibility. That is why we left it open :)
Martijn
On Mon, Jul 27, 2009 at 2:20 PM, David Chang<da...@yahoo.com> wrote:
>
> Hello, I am reading <<Wicket in Action>> to learn Wicket. The example on Page 99 is about teaching detachable models. Here it goes:
>
> -----------
> public class CheeseModel extends Model {
> private Long id;
> private transient Cheese cheese;
> public CheeseModel() {
> }
> public CheeseModel(Cheese cheese) {
> setObject(cheese);
> }
> public CheeseModel(Long id) {
> this.id = id;
> }
> @Override
> public Object getObject() {
> if(cheese != null) return cheese;
> if(id == null ) {
> cheese = new Cheese();
> } else {
> CheeseDao dao = ...
> cheese = dao.getCheese(id);
> }
> return cheese;
> }
> @Override
> public void setObject(Object object) {
> this. cheese = (Cheese)object;
> id = (cheese == null) ? null : cheese.getId();
> }
> @Override
> public void detach() {
> this. cheese = null;
> }
> }
> -----------
>
> I would like to know how dao is obtained as indicated as follows:
>
> CheeseDao dao = ...
>
> Use a locator pattern? Or should I let CheeseModel extend a custom model in which dao is set via Spring? Does the latter way create more memory footprint? What are the effective ways of getting DAO avaiable to wicket models?
>
> Thanks for your input!
>
> Cheers!
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
--
Become a Wicket expert, learn from the best: http://wicketinaction.com
Apache Wicket 1.3.5 is released
Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: the effective ways of wicket models to access database
Posted by Linda van der Pal <lv...@heritageagenturen.nl>.
Well the reason the book leaves it open is that it really is up to you
how you get your DAOs. That has nothing to do with Wicket anymore and
depends wholly on your own preferences.
Regards,
Linda
David Chang wrote:
> Hello, I am reading <<Wicket in Action>> to learn Wicket. The example on Page 99 is about teaching detachable models. Here it goes:
>
> -----------
> public class CheeseModel extends Model {
> private Long id;
> private transient Cheese cheese;
> public CheeseModel() {
> }
> public CheeseModel(Cheese cheese) {
> setObject(cheese);
> }
> public CheeseModel(Long id) {
> this.id = id;
> }
> @Override
> public Object getObject() {
> if(cheese != null) return cheese;
> if(id == null ) {
> cheese = new Cheese();
> } else {
> CheeseDao dao = ...
> cheese = dao.getCheese(id);
> }
> return cheese;
> }
> @Override
> public void setObject(Object object) {
> this. cheese = (Cheese)object;
> id = (cheese == null) ? null : cheese.getId();
> }
> @Override
> public void detach() {
> this. cheese = null;
> }
> }
> -----------
>
> I would like to know how dao is obtained as indicated as follows:
>
> CheeseDao dao = ...
>
> Use a locator pattern? Or should I let CheeseModel extend a custom model in which dao is set via Spring? Does the latter way create more memory footprint? What are the effective ways of getting DAO avaiable to wicket models?
>
> Thanks for your input!
>
> Cheers!
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
> ------------------------------------------------------------------------
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.5.392 / Virus Database: 270.13.32/2266 - Release Date: 07/27/09 05:58:00
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
AW: the effective ways of wicket models to access database
Posted by Arthur Leigh Allen <ar...@yahoo.de>.
what about the LoadableDetachableModel?
IModel model = new LoadableDetachableModel() {
protected Object load() {
return dao.getX();
}
};
________________________________
Von: David Chang <da...@yahoo.com>
An: users@wicket.apache.org
Gesendet: Montag, den 27. Juli 2009, 14:20:14 Uhr
Betreff: the effective ways of wicket models to access database
Hello, I am reading <<Wicket in Action>> to learn Wicket. The example on Page 99 is about teaching detachable models. Here it goes:
-----------
public class CheeseModel extends Model {
private Long id;
private transient Cheese cheese;
public CheeseModel() {
}
public CheeseModel(Cheese cheese) {
setObject(cheese);
}
public CheeseModel(Long id) {
this.id = id;
}
@Override
public Object getObject() {
if(cheese != null) return cheese;
if(id == null ) {
cheese = new Cheese();
} else {
CheeseDao dao = ...
cheese = dao.getCheese(id);
}
return cheese;
}
@Override
public void setObject(Object object) {
this. cheese = (Cheese)object;
id = (cheese == null) ? null : cheese.getId();
}
@Override
public void detach() {
this. cheese = null;
}
}
-----------
I would like to know how dao is obtained as indicated as follows:
CheeseDao dao = ...
Use a locator pattern? Or should I let CheeseModel extend a custom model in which dao is set via Spring? Does the latter way create more memory footprint? What are the effective ways of getting DAO avaiable to wicket models?
Thanks for your input!
Cheers!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
the effective ways of wicket models to access database
Posted by David Chang <da...@yahoo.com>.
Hello, I am reading <<Wicket in Action>> to learn Wicket. The example on Page 99 is about teaching detachable models. Here it goes:
-----------
public class CheeseModel extends Model {
private Long id;
private transient Cheese cheese;
public CheeseModel() {
}
public CheeseModel(Cheese cheese) {
setObject(cheese);
}
public CheeseModel(Long id) {
this.id = id;
}
@Override
public Object getObject() {
if(cheese != null) return cheese;
if(id == null ) {
cheese = new Cheese();
} else {
CheeseDao dao = ...
cheese = dao.getCheese(id);
}
return cheese;
}
@Override
public void setObject(Object object) {
this. cheese = (Cheese)object;
id = (cheese == null) ? null : cheese.getId();
}
@Override
public void detach() {
this. cheese = null;
}
}
-----------
I would like to know how dao is obtained as indicated as follows:
CheeseDao dao = ...
Use a locator pattern? Or should I let CheeseModel extend a custom model in which dao is set via Spring? Does the latter way create more memory footprint? What are the effective ways of getting DAO avaiable to wicket models?
Thanks for your input!
Cheers!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
AW: AW: SSL - ajax login
Posted by Arthur Leigh Allen <ar...@yahoo.de>.
Hi again Igor,
I did the following now:
I called the website directly with https://localhost:8443/projectname and then I performed a login and it worked.
Any idea?
Thx Arthur
________________________________
Von: Igor Vaynberg <ig...@gmail.com>
An: users@wicket.apache.org
Gesendet: Sonntag, den 26. Juli 2009, 22:22:22 Uhr
Betreff: Re: AW: SSL - ajax login
the href is not a problem; you seeing # appended to the end of the url
is the correct behavior. what should have happened was the ajax call
to that https url in the background.
so what you should be looking into is why the ajax call with that
https url was never made or response from it not processed, since we
know the url itself works - because you pasted it into the browser and
it worked. maybe wicket ajax console can give you a clue, firebug also
has facilities that let you monitor requests being made. you should
see a call to that https url when you click the link.
-igor
On Sun, Jul 26, 2009 at 1:15 PM, Arthur Leigh
Allen<ar...@yahoo.de> wrote:
> Hi Igor,
>
> I used Firebug to have a look at the onClick event.
> I've inspected two links, one usual ajax link and one for the ssl login.
>
> ----
>
> Regarding the first link:
> href="?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:linkForgotLogin:container:link::ILinkListener::"
>
> onClick="var wcall=wicketAjaxGet('?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:linkForgotLogin:container:link::IBehaviorListener:0:',null,null, function() {return Wicket.$('link141') != null;}.bind(this));return !wcall;"
>
> ----
>
> Regarding the ssl login link:
> href="#"
>
> onClick="var wcall=wicketSubmitFormById('loginForm13b', 'https://localhost:8443/projectname/?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:buttonLogin:container:link::IActivePageBehaviorListener:0:&wicket:ignoreIfNotActive=true', 'buttonLogin:container:link' ,null,null, function() {return Wicket.$$(this)&&Wicket.$$('loginForm13b')}.bind(this));;; return false;"
>
> ----
>
> I clicked on the ssl login link and the page jumped to the anchor # but the form is not submitted. The symbol # was appended to the address bar of the browser.
> I copied the url in the onClick event and entered it manually in the address bar of my browser. The xml code for the ajax response was shown in the browser - as known from wicket ajax debug.
>
> I guess the problem is the href attribute. I would expect to see an url like https://localhost:8443/projectname/wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:buttonLogin:container:link:: [etc.]
>
> Do you have any idea how I can solve the problem?
>
> Thx,
> Arthur
>
>
>
>
>
>
>
> ________________________________
> Von: Igor Vaynberg <ig...@gmail.com>
> An: users@wicket.apache.org
> Gesendet: Freitag, den 24. Juli 2009, 21:51:48 Uhr
> Betreff: Re: AW: SSL - ajax login
>
> whatever url you see when hovering over the link is not the url used
> for ajax - not necessarily. you should inspect the onclick handlers.
>
> -igor
>
> On Fri, Jul 24, 2009 at 12:20 PM, Arthur Leigh
> Allen<ar...@yahoo.de> wrote:
>> no, sorry... the url is not changing to http://locahost:8080/projectname/# but when I hold the mouse pointer over the link, I see the url in the status bar. When I hold the mouse pointer over other links, I see very long urls a la http://localhost:8080/projectname/;jsessionid=....wicket:interface.....
>>
>> But as you suggested, I'll debug the javascript to see the url modifications.
>> Thank you for your support Igor!
>>
>> Have a nice weekend.
>> Greetz, Arthur
>>
>>
>>
>> ________________________________
>> Von: Igor Vaynberg <ig...@gmail.com>
>> An: users@wicket.apache.org
>> Gesendet: Freitag, den 24. Juli 2009, 17:30:27 Uhr
>> Betreff: Re: AW: SSL - ajax login
>>
>> no, i havent tried it myself. i never had to do an ajax login.
>>
>> the url in the browser changes to http://locahost:8080/projectname/# ?
>> thats fine. the main part is what the actual ajax url is used - you
>> wont see that in the browser's bar. i suggest you use firebug or
>> something similar to walk the javascript and see why your *ajax* url
>> is being mangled.
>>
>> obviously if you return just "https://localhost:8443/projectname" that
>> will not work because that doesnt have the listener interface target
>> that will hit the behavior in your button.
>>
>> -igor
>>
>>
>> On Fri, Jul 24, 2009 at 2:19 AM, Arthur Leigh
>> Allen<ar...@yahoo.de> wrote:
>>> Hi Igor,
>>>
>>> I tried to do it as simple as possible so I returned https://localhost:8443/projectname in the overridden method getCallbackUrl of AjaxFormSubmitBehavior. The result was the same. The link pointed to the url http://locahost:8080/projectname/#. It seems to me that only relative pathes can be returned, else the standard url will be used.
>>>
>>> I wanted to understand how the given url is used in wicket. I found the method wicketAjaxGet in wicket-ajax.js. There the url is passed to Wicket.Ajax.Call(...). I couldn't trace the call deeper because I couldn't find Call() in any javascript file.
>>>
>>> Have you tried it yourself Igor? Does it work?
>>> I'm using wicket 1.3.5. Does it depend on the version I use?
>>>
>>> Is there a different entry point to manipulate the url for ajax calls?
>>>
>>> Thx again
>>> Arthur
>>>
>>>
>>>
>>> ________________________________
>>> Von: Igor Vaynberg <ig...@gmail.com>
>>> An: users@wicket.apache.org
>>> Gesendet: Donnerstag, den 23. Juli 2009, 16:37:22 Uhr
>>> Betreff: Re: AW: SSL - ajax login
>>>
>>> javascript invokes the url you give it, so it looked like it should
>>> work. you might have to trace deeper to see whats going on.
>>>
>>> -igor
>>>
>>> On Thu, Jul 23, 2009 at 4:41 AM, Arthur Leigh
>>> Allen<ar...@yahoo.de> wrote:
>>>> Hi Igor,
>>>>
>>>> I did it as you said.
>>>> I took the code from AjaxFallbackButton and I copied it to an own class.
>>>> In the constructor I overwrite the getCallbackUrl() method of the AjaxFormSubmitBehavior.
>>>> I added the value https://localhost:8443/projectname/ as a prefix to super.getCallbackUrl().
>>>> By the way: getCallbackUrl() returns a long relative url beginning with ";sessionid".
>>>> So my url is https://localhost:8443/projectname/;sessionid...
>>>>
>>>> When starting tomcat and accessing the website, the url wasn't applied.
>>>> When clicking the link, the url http://localhost:8080/projectname/# was called.
>>>> I believe it's the wrong place to manipulate the url. Maybe it is expected to return a relative path
>>>> beginning with ";sessionid". That url is maybe manipulated at a different place, so in my case the
>>>> end result would be http://localhost:8080/projectname/https://localhost:8443/projectname/;sessionid.
>>>> That would result in an error and maybe http://localhost:8080/projectname/# is used therefore.
>>>>
>>>> Am I wrong?
>>>>
>>>> Thx
>>>> Arthur
>>>>
>>>>
>>>>
>>>>
>>>> ________________________________
>>>> Von: Igor Vaynberg <ig...@gmail.com>
>>>> An: users@wicket.apache.org
>>>> Gesendet: Mittwoch, den 22. Juli 2009, 18:31:27 Uhr
>>>> Betreff: Re: AW: SSL - ajax login
>>>>
>>>> ah, i thought i replied already because i looked into this yesterday.
>>>>
>>>> you will have to roll your own button. i would recommend looking at
>>>> the sourcecode of the default button. when you add the
>>>> formsubmitbehavior in your button you can override getcallbackurl()
>>>> and append https to it.
>>>>
>>>> -igor
>>>>
>>>> On Wed, Jul 22, 2009 at 2:37 AM, Arthur Leigh
>>>> Allen<ar...@yahoo.de> wrote:
>>>>> Hi again,
>>>>>
>>>>> I need to know if it's possible to switch to SSL via button or form.
>>>>> Otherwise I have to switch back to wicket 1.3.5. I'm in hurry because
>>>>> we will go online within the next 10-14 days.
>>>>>
>>>>> Can anyone give me a prompt answer please?
>>>>>
>>>>> Thx & Best regards
>>>>> Arthur
>>>>>
>>>>>
>>>>>
>>>>> ________________________________
>>>>> Von: Arthur Leigh Allen <ar...@yahoo.de>
>>>>> An: users@wicket.apache.org
>>>>> Gesendet: Dienstag, den 21. Juli 2009, 19:18:18 Uhr
>>>>> Betreff: AW: SSL - ajax login
>>>>>
>>>>> Hello Igor,
>>>>>
>>>>> thanks for your early reply.
>>>>> Yes, my login form is submitted via ajax.
>>>>>
>>>>> public class BasePage {
>>>>>
>>>>> public void switchViaAjax(...) { ... }
>>>>> public void navigateViaAjax(...) { ... }
>>>>>
>>>>> }
>>>>>
>>>>> @RequireHttps
>>>>> public class SSLForm extends Form { ... }
>>>>>
>>>>> public class LoginPanel {
>>>>>
>>>>> public LoginPanel() { ... }
>>>>>
>>>>> public create() {
>>>>> SSLForm form = new SSLForm("loginForm");
>>>>> form.add(username);
>>>>> form.add(password);
>>>>>
>>>>> AjaxFallbackButton loginButton = new AjaxFallbackButton("loginButton", form) {
>>>>> protected void onSubmit(AjaxRequestTarget target, Form form) {
>>>>> // perform login => login is done via http
>>>>> }
>>>>> }
>>>>> }
>>>>> }
>>>>>
>>>>> As you said @RequireSSL is for pages.
>>>>> Do you have any idea how I can remove @RequireHttps from the top of my BasePage and switch to https on login?
>>>>> Currently I think the only way to provide a ssl ajax call is to show the base page via ssl as a starting basis.
>>>>>
>>>>> Therefore I have to use @RequireSSL on the BasePage but that means every communication is done via ssl
>>>>> and that means more server ballast and a slower page refresh.
>>>>>
>>>>> Greetings
>>>>> Arthur
>>>>>
>>>>>
>>>>>
>>>>> ________________________________
>>>>> Von: Igor Vaynberg <ig...@gmail.com>
>>>>> An: users@wicket.apache.org
>>>>> Gesendet: Dienstag, den 21. Juli 2009, 18:08:48 Uhr
>>>>> Betreff: Re: SSL - ajax login
>>>>>
>>>>> @RequreHttps is meant to be a page-level feature, so it doesnt fit your usecase.
>>>>>
>>>>> is your login form submitted via ajax?
>>>>>
>>>>> show us the code to sslform, your login form - making sure to include
>>>>> the code to the component that submits it.
>>>>>
>>>>> -igor
>>>>>
>>>>> On Tue, Jul 21, 2009 at 8:34 AM, Arthur Leigh
>>>>> Allen<ar...@yahoo.de> wrote:
>>>>>> Hello folks,
>>>>>>
>>>>>> I'm using wicket 1.4 RC7 now and I have a question regarding the usage of ssl.
>>>>>> I use the HttpsRequestCycleProcessor with the annotation @RequireHttps.
>>>>>>
>>>>>> Imagine the following case like it is realized on different sites like web.de or gmx.de as well as xing.com.
>>>>>> The first call will result in a http url. If you enter your login name and your password and submit the form,
>>>>>> then the form will be send via https.
>>>>>>
>>>>>> I only have one page. Everything on my page is exchanged via ajax. The login is also done via ajax.
>>>>>> Currently I use the annotation above for my BasePage but from the first call, the whole communication
>>>>>> is done with ssl.
>>>>>>
>>>>>> What I would like to realize is: Using the @RequireHttps annotation on forms or submit buttons.
>>>>>> I implemented an own SSLForm class extending the wicket form class with the annotation.
>>>>>> But when I use the SSLForm for my login, the communication is done without ssl.
>>>>>> I would like to use my page via http, but the ajax login should be done with ssl.
>>>>>>
>>>>>> The only thing I can do now is:
>>>>>> -page completely with ssl
>>>>>> -page completely without ssl
>>>>>>
>>>>>> I would appreciate any help.
>>>>>>
>>>>>> Best regards,
>>>>>> Arthur
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>
>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: AW: SSL - ajax login
Posted by Igor Vaynberg <ig...@gmail.com>.
the href is not a problem; you seeing # appended to the end of the url
is the correct behavior. what should have happened was the ajax call
to that https url in the background.
so what you should be looking into is why the ajax call with that
https url was never made or response from it not processed, since we
know the url itself works - because you pasted it into the browser and
it worked. maybe wicket ajax console can give you a clue, firebug also
has facilities that let you monitor requests being made. you should
see a call to that https url when you click the link.
-igor
On Sun, Jul 26, 2009 at 1:15 PM, Arthur Leigh
Allen<ar...@yahoo.de> wrote:
> Hi Igor,
>
> I used Firebug to have a look at the onClick event.
> I've inspected two links, one usual ajax link and one for the ssl login.
>
> ----
>
> Regarding the first link:
> href="?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:linkForgotLogin:container:link::ILinkListener::"
>
> onClick="var wcall=wicketAjaxGet('?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:linkForgotLogin:container:link::IBehaviorListener:0:',null,null, function() {return Wicket.$('link141') != null;}.bind(this));return !wcall;"
>
> ----
>
> Regarding the ssl login link:
> href="#"
>
> onClick="var wcall=wicketSubmitFormById('loginForm13b', 'https://localhost:8443/projectname/?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:buttonLogin:container:link::IActivePageBehaviorListener:0:&wicket:ignoreIfNotActive=true', 'buttonLogin:container:link' ,null,null, function() {return Wicket.$$(this)&&Wicket.$$('loginForm13b')}.bind(this));;; return false;"
>
> ----
>
> I clicked on the ssl login link and the page jumped to the anchor # but the form is not submitted. The symbol # was appended to the address bar of the browser.
> I copied the url in the onClick event and entered it manually in the address bar of my browser. The xml code for the ajax response was shown in the browser - as known from wicket ajax debug.
>
> I guess the problem is the href attribute. I would expect to see an url like https://localhost:8443/projectname/wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:buttonLogin:container:link:: [etc.]
>
> Do you have any idea how I can solve the problem?
>
> Thx,
> Arthur
>
>
>
>
>
>
>
> ________________________________
> Von: Igor Vaynberg <ig...@gmail.com>
> An: users@wicket.apache.org
> Gesendet: Freitag, den 24. Juli 2009, 21:51:48 Uhr
> Betreff: Re: AW: SSL - ajax login
>
> whatever url you see when hovering over the link is not the url used
> for ajax - not necessarily. you should inspect the onclick handlers.
>
> -igor
>
> On Fri, Jul 24, 2009 at 12:20 PM, Arthur Leigh
> Allen<ar...@yahoo.de> wrote:
>> no, sorry... the url is not changing to http://locahost:8080/projectname/# but when I hold the mouse pointer over the link, I see the url in the status bar. When I hold the mouse pointer over other links, I see very long urls a la http://localhost:8080/projectname/;jsessionid=....wicket:interface.....
>>
>> But as you suggested, I'll debug the javascript to see the url modifications.
>> Thank you for your support Igor!
>>
>> Have a nice weekend.
>> Greetz, Arthur
>>
>>
>>
>> ________________________________
>> Von: Igor Vaynberg <ig...@gmail.com>
>> An: users@wicket.apache.org
>> Gesendet: Freitag, den 24. Juli 2009, 17:30:27 Uhr
>> Betreff: Re: AW: SSL - ajax login
>>
>> no, i havent tried it myself. i never had to do an ajax login.
>>
>> the url in the browser changes to http://locahost:8080/projectname/# ?
>> thats fine. the main part is what the actual ajax url is used - you
>> wont see that in the browser's bar. i suggest you use firebug or
>> something similar to walk the javascript and see why your *ajax* url
>> is being mangled.
>>
>> obviously if you return just "https://localhost:8443/projectname" that
>> will not work because that doesnt have the listener interface target
>> that will hit the behavior in your button.
>>
>> -igor
>>
>>
>> On Fri, Jul 24, 2009 at 2:19 AM, Arthur Leigh
>> Allen<ar...@yahoo.de> wrote:
>>> Hi Igor,
>>>
>>> I tried to do it as simple as possible so I returned https://localhost:8443/projectname in the overridden method getCallbackUrl of AjaxFormSubmitBehavior. The result was the same. The link pointed to the url http://locahost:8080/projectname/#. It seems to me that only relative pathes can be returned, else the standard url will be used.
>>>
>>> I wanted to understand how the given url is used in wicket. I found the method wicketAjaxGet in wicket-ajax.js. There the url is passed to Wicket.Ajax.Call(...). I couldn't trace the call deeper because I couldn't find Call() in any javascript file.
>>>
>>> Have you tried it yourself Igor? Does it work?
>>> I'm using wicket 1.3.5. Does it depend on the version I use?
>>>
>>> Is there a different entry point to manipulate the url for ajax calls?
>>>
>>> Thx again
>>> Arthur
>>>
>>>
>>>
>>> ________________________________
>>> Von: Igor Vaynberg <ig...@gmail.com>
>>> An: users@wicket.apache.org
>>> Gesendet: Donnerstag, den 23. Juli 2009, 16:37:22 Uhr
>>> Betreff: Re: AW: SSL - ajax login
>>>
>>> javascript invokes the url you give it, so it looked like it should
>>> work. you might have to trace deeper to see whats going on.
>>>
>>> -igor
>>>
>>> On Thu, Jul 23, 2009 at 4:41 AM, Arthur Leigh
>>> Allen<ar...@yahoo.de> wrote:
>>>> Hi Igor,
>>>>
>>>> I did it as you said.
>>>> I took the code from AjaxFallbackButton and I copied it to an own class.
>>>> In the constructor I overwrite the getCallbackUrl() method of the AjaxFormSubmitBehavior.
>>>> I added the value https://localhost:8443/projectname/ as a prefix to super.getCallbackUrl().
>>>> By the way: getCallbackUrl() returns a long relative url beginning with ";sessionid".
>>>> So my url is https://localhost:8443/projectname/;sessionid...
>>>>
>>>> When starting tomcat and accessing the website, the url wasn't applied.
>>>> When clicking the link, the url http://localhost:8080/projectname/# was called.
>>>> I believe it's the wrong place to manipulate the url. Maybe it is expected to return a relative path
>>>> beginning with ";sessionid". That url is maybe manipulated at a different place, so in my case the
>>>> end result would be http://localhost:8080/projectname/https://localhost:8443/projectname/;sessionid.
>>>> That would result in an error and maybe http://localhost:8080/projectname/# is used therefore.
>>>>
>>>> Am I wrong?
>>>>
>>>> Thx
>>>> Arthur
>>>>
>>>>
>>>>
>>>>
>>>> ________________________________
>>>> Von: Igor Vaynberg <ig...@gmail.com>
>>>> An: users@wicket.apache.org
>>>> Gesendet: Mittwoch, den 22. Juli 2009, 18:31:27 Uhr
>>>> Betreff: Re: AW: SSL - ajax login
>>>>
>>>> ah, i thought i replied already because i looked into this yesterday.
>>>>
>>>> you will have to roll your own button. i would recommend looking at
>>>> the sourcecode of the default button. when you add the
>>>> formsubmitbehavior in your button you can override getcallbackurl()
>>>> and append https to it.
>>>>
>>>> -igor
>>>>
>>>> On Wed, Jul 22, 2009 at 2:37 AM, Arthur Leigh
>>>> Allen<ar...@yahoo.de> wrote:
>>>>> Hi again,
>>>>>
>>>>> I need to know if it's possible to switch to SSL via button or form.
>>>>> Otherwise I have to switch back to wicket 1.3.5. I'm in hurry because
>>>>> we will go online within the next 10-14 days.
>>>>>
>>>>> Can anyone give me a prompt answer please?
>>>>>
>>>>> Thx & Best regards
>>>>> Arthur
>>>>>
>>>>>
>>>>>
>>>>> ________________________________
>>>>> Von: Arthur Leigh Allen <ar...@yahoo.de>
>>>>> An: users@wicket.apache.org
>>>>> Gesendet: Dienstag, den 21. Juli 2009, 19:18:18 Uhr
>>>>> Betreff: AW: SSL - ajax login
>>>>>
>>>>> Hello Igor,
>>>>>
>>>>> thanks for your early reply.
>>>>> Yes, my login form is submitted via ajax.
>>>>>
>>>>> public class BasePage {
>>>>>
>>>>> public void switchViaAjax(...) { ... }
>>>>> public void navigateViaAjax(...) { ... }
>>>>>
>>>>> }
>>>>>
>>>>> @RequireHttps
>>>>> public class SSLForm extends Form { ... }
>>>>>
>>>>> public class LoginPanel {
>>>>>
>>>>> public LoginPanel() { ... }
>>>>>
>>>>> public create() {
>>>>> SSLForm form = new SSLForm("loginForm");
>>>>> form.add(username);
>>>>> form.add(password);
>>>>>
>>>>> AjaxFallbackButton loginButton = new AjaxFallbackButton("loginButton", form) {
>>>>> protected void onSubmit(AjaxRequestTarget target, Form form) {
>>>>> // perform login => login is done via http
>>>>> }
>>>>> }
>>>>> }
>>>>> }
>>>>>
>>>>> As you said @RequireSSL is for pages.
>>>>> Do you have any idea how I can remove @RequireHttps from the top of my BasePage and switch to https on login?
>>>>> Currently I think the only way to provide a ssl ajax call is to show the base page via ssl as a starting basis.
>>>>>
>>>>> Therefore I have to use @RequireSSL on the BasePage but that means every communication is done via ssl
>>>>> and that means more server ballast and a slower page refresh.
>>>>>
>>>>> Greetings
>>>>> Arthur
>>>>>
>>>>>
>>>>>
>>>>> ________________________________
>>>>> Von: Igor Vaynberg <ig...@gmail.com>
>>>>> An: users@wicket.apache.org
>>>>> Gesendet: Dienstag, den 21. Juli 2009, 18:08:48 Uhr
>>>>> Betreff: Re: SSL - ajax login
>>>>>
>>>>> @RequreHttps is meant to be a page-level feature, so it doesnt fit your usecase.
>>>>>
>>>>> is your login form submitted via ajax?
>>>>>
>>>>> show us the code to sslform, your login form - making sure to include
>>>>> the code to the component that submits it.
>>>>>
>>>>> -igor
>>>>>
>>>>> On Tue, Jul 21, 2009 at 8:34 AM, Arthur Leigh
>>>>> Allen<ar...@yahoo.de> wrote:
>>>>>> Hello folks,
>>>>>>
>>>>>> I'm using wicket 1.4 RC7 now and I have a question regarding the usage of ssl.
>>>>>> I use the HttpsRequestCycleProcessor with the annotation @RequireHttps.
>>>>>>
>>>>>> Imagine the following case like it is realized on different sites like web.de or gmx.de as well as xing.com.
>>>>>> The first call will result in a http url. If you enter your login name and your password and submit the form,
>>>>>> then the form will be send via https.
>>>>>>
>>>>>> I only have one page. Everything on my page is exchanged via ajax. The login is also done via ajax.
>>>>>> Currently I use the annotation above for my BasePage but from the first call, the whole communication
>>>>>> is done with ssl.
>>>>>>
>>>>>> What I would like to realize is: Using the @RequireHttps annotation on forms or submit buttons.
>>>>>> I implemented an own SSLForm class extending the wicket form class with the annotation.
>>>>>> But when I use the SSLForm for my login, the communication is done without ssl.
>>>>>> I would like to use my page via http, but the ajax login should be done with ssl.
>>>>>>
>>>>>> The only thing I can do now is:
>>>>>> -page completely with ssl
>>>>>> -page completely without ssl
>>>>>>
>>>>>> I would appreciate any help.
>>>>>>
>>>>>> Best regards,
>>>>>> Arthur
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>
>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
AW: AW: SSL - ajax login
Posted by Arthur Leigh Allen <ar...@yahoo.de>.
Hi Igor,
I used Firebug to have a look at the onClick event.
I've inspected two links, one usual ajax link and one for the ssl login.
----
Regarding the first link:
href="?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:linkForgotLogin:container:link::ILinkListener::"
onClick="var wcall=wicketAjaxGet('?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:linkForgotLogin:container:link::IBehaviorListener:0:',null,null, function() {return Wicket.$('link141') != null;}.bind(this));return !wcall;"
----
Regarding the ssl login link:
href="#"
onClick="var wcall=wicketSubmitFormById('loginForm13b', 'https://localhost:8443/projectname/?wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:buttonLogin:container:link::IActivePageBehaviorListener:0:&wicket:ignoreIfNotActive=true', 'buttonLogin:container:link' ,null,null, function() {return Wicket.$$(this)&&Wicket.$$('loginForm13b')}.bind(this));;; return false;"
----
I clicked on the ssl login link and the page jumped to the anchor # but the form is not submitted. The symbol # was appended to the address bar of the browser.
I copied the url in the onClick event and entered it manually in the address bar of my browser. The xml code for the ajax response was shown in the browser - as known from wicket ajax debug.
I guess the problem is the href attribute. I would expect to see an url like https://localhost:8443/projectname/wicket:interface=:6:content:container:areaTop:2:panelTop:container:loginForm:buttonLogin:container:link:: [etc.]
Do you have any idea how I can solve the problem?
Thx,
Arthur
________________________________
Von: Igor Vaynberg <ig...@gmail.com>
An: users@wicket.apache.org
Gesendet: Freitag, den 24. Juli 2009, 21:51:48 Uhr
Betreff: Re: AW: SSL - ajax login
whatever url you see when hovering over the link is not the url used
for ajax - not necessarily. you should inspect the onclick handlers.
-igor
On Fri, Jul 24, 2009 at 12:20 PM, Arthur Leigh
Allen<ar...@yahoo.de> wrote:
> no, sorry... the url is not changing to http://locahost:8080/projectname/# but when I hold the mouse pointer over the link, I see the url in the status bar. When I hold the mouse pointer over other links, I see very long urls a la http://localhost:8080/projectname/;jsessionid=....wicket:interface.....
>
> But as you suggested, I'll debug the javascript to see the url modifications.
> Thank you for your support Igor!
>
> Have a nice weekend.
> Greetz, Arthur
>
>
>
> ________________________________
> Von: Igor Vaynberg <ig...@gmail.com>
> An: users@wicket.apache.org
> Gesendet: Freitag, den 24. Juli 2009, 17:30:27 Uhr
> Betreff: Re: AW: SSL - ajax login
>
> no, i havent tried it myself. i never had to do an ajax login.
>
> the url in the browser changes to http://locahost:8080/projectname/# ?
> thats fine. the main part is what the actual ajax url is used - you
> wont see that in the browser's bar. i suggest you use firebug or
> something similar to walk the javascript and see why your *ajax* url
> is being mangled.
>
> obviously if you return just "https://localhost:8443/projectname" that
> will not work because that doesnt have the listener interface target
> that will hit the behavior in your button.
>
> -igor
>
>
> On Fri, Jul 24, 2009 at 2:19 AM, Arthur Leigh
> Allen<ar...@yahoo.de> wrote:
>> Hi Igor,
>>
>> I tried to do it as simple as possible so I returned https://localhost:8443/projectname in the overridden method getCallbackUrl of AjaxFormSubmitBehavior. The result was the same. The link pointed to the url http://locahost:8080/projectname/#. It seems to me that only relative pathes can be returned, else the standard url will be used.
>>
>> I wanted to understand how the given url is used in wicket. I found the method wicketAjaxGet in wicket-ajax.js. There the url is passed to Wicket.Ajax.Call(...). I couldn't trace the call deeper because I couldn't find Call() in any javascript file.
>>
>> Have you tried it yourself Igor? Does it work?
>> I'm using wicket 1.3.5. Does it depend on the version I use?
>>
>> Is there a different entry point to manipulate the url for ajax calls?
>>
>> Thx again
>> Arthur
>>
>>
>>
>> ________________________________
>> Von: Igor Vaynberg <ig...@gmail.com>
>> An: users@wicket.apache.org
>> Gesendet: Donnerstag, den 23. Juli 2009, 16:37:22 Uhr
>> Betreff: Re: AW: SSL - ajax login
>>
>> javascript invokes the url you give it, so it looked like it should
>> work. you might have to trace deeper to see whats going on.
>>
>> -igor
>>
>> On Thu, Jul 23, 2009 at 4:41 AM, Arthur Leigh
>> Allen<ar...@yahoo.de> wrote:
>>> Hi Igor,
>>>
>>> I did it as you said.
>>> I took the code from AjaxFallbackButton and I copied it to an own class.
>>> In the constructor I overwrite the getCallbackUrl() method of the AjaxFormSubmitBehavior.
>>> I added the value https://localhost:8443/projectname/ as a prefix to super.getCallbackUrl().
>>> By the way: getCallbackUrl() returns a long relative url beginning with ";sessionid".
>>> So my url is https://localhost:8443/projectname/;sessionid...
>>>
>>> When starting tomcat and accessing the website, the url wasn't applied.
>>> When clicking the link, the url http://localhost:8080/projectname/# was called.
>>> I believe it's the wrong place to manipulate the url. Maybe it is expected to return a relative path
>>> beginning with ";sessionid". That url is maybe manipulated at a different place, so in my case the
>>> end result would be http://localhost:8080/projectname/https://localhost:8443/projectname/;sessionid.
>>> That would result in an error and maybe http://localhost:8080/projectname/# is used therefore.
>>>
>>> Am I wrong?
>>>
>>> Thx
>>> Arthur
>>>
>>>
>>>
>>>
>>> ________________________________
>>> Von: Igor Vaynberg <ig...@gmail.com>
>>> An: users@wicket.apache.org
>>> Gesendet: Mittwoch, den 22. Juli 2009, 18:31:27 Uhr
>>> Betreff: Re: AW: SSL - ajax login
>>>
>>> ah, i thought i replied already because i looked into this yesterday.
>>>
>>> you will have to roll your own button. i would recommend looking at
>>> the sourcecode of the default button. when you add the
>>> formsubmitbehavior in your button you can override getcallbackurl()
>>> and append https to it.
>>>
>>> -igor
>>>
>>> On Wed, Jul 22, 2009 at 2:37 AM, Arthur Leigh
>>> Allen<ar...@yahoo.de> wrote:
>>>> Hi again,
>>>>
>>>> I need to know if it's possible to switch to SSL via button or form.
>>>> Otherwise I have to switch back to wicket 1.3.5. I'm in hurry because
>>>> we will go online within the next 10-14 days.
>>>>
>>>> Can anyone give me a prompt answer please?
>>>>
>>>> Thx & Best regards
>>>> Arthur
>>>>
>>>>
>>>>
>>>> ________________________________
>>>> Von: Arthur Leigh Allen <ar...@yahoo.de>
>>>> An: users@wicket.apache.org
>>>> Gesendet: Dienstag, den 21. Juli 2009, 19:18:18 Uhr
>>>> Betreff: AW: SSL - ajax login
>>>>
>>>> Hello Igor,
>>>>
>>>> thanks for your early reply.
>>>> Yes, my login form is submitted via ajax.
>>>>
>>>> public class BasePage {
>>>>
>>>> public void switchViaAjax(...) { ... }
>>>> public void navigateViaAjax(...) { ... }
>>>>
>>>> }
>>>>
>>>> @RequireHttps
>>>> public class SSLForm extends Form { ... }
>>>>
>>>> public class LoginPanel {
>>>>
>>>> public LoginPanel() { ... }
>>>>
>>>> public create() {
>>>> SSLForm form = new SSLForm("loginForm");
>>>> form.add(username);
>>>> form.add(password);
>>>>
>>>> AjaxFallbackButton loginButton = new AjaxFallbackButton("loginButton", form) {
>>>> protected void onSubmit(AjaxRequestTarget target, Form form) {
>>>> // perform login => login is done via http
>>>> }
>>>> }
>>>> }
>>>> }
>>>>
>>>> As you said @RequireSSL is for pages.
>>>> Do you have any idea how I can remove @RequireHttps from the top of my BasePage and switch to https on login?
>>>> Currently I think the only way to provide a ssl ajax call is to show the base page via ssl as a starting basis.
>>>>
>>>> Therefore I have to use @RequireSSL on the BasePage but that means every communication is done via ssl
>>>> and that means more server ballast and a slower page refresh.
>>>>
>>>> Greetings
>>>> Arthur
>>>>
>>>>
>>>>
>>>> ________________________________
>>>> Von: Igor Vaynberg <ig...@gmail.com>
>>>> An: users@wicket.apache.org
>>>> Gesendet: Dienstag, den 21. Juli 2009, 18:08:48 Uhr
>>>> Betreff: Re: SSL - ajax login
>>>>
>>>> @RequreHttps is meant to be a page-level feature, so it doesnt fit your usecase.
>>>>
>>>> is your login form submitted via ajax?
>>>>
>>>> show us the code to sslform, your login form - making sure to include
>>>> the code to the component that submits it.
>>>>
>>>> -igor
>>>>
>>>> On Tue, Jul 21, 2009 at 8:34 AM, Arthur Leigh
>>>> Allen<ar...@yahoo.de> wrote:
>>>>> Hello folks,
>>>>>
>>>>> I'm using wicket 1.4 RC7 now and I have a question regarding the usage of ssl.
>>>>> I use the HttpsRequestCycleProcessor with the annotation @RequireHttps.
>>>>>
>>>>> Imagine the following case like it is realized on different sites like web.de or gmx.de as well as xing.com.
>>>>> The first call will result in a http url. If you enter your login name and your password and submit the form,
>>>>> then the form will be send via https.
>>>>>
>>>>> I only have one page. Everything on my page is exchanged via ajax. The login is also done via ajax.
>>>>> Currently I use the annotation above for my BasePage but from the first call, the whole communication
>>>>> is done with ssl.
>>>>>
>>>>> What I would like to realize is: Using the @RequireHttps annotation on forms or submit buttons.
>>>>> I implemented an own SSLForm class extending the wicket form class with the annotation.
>>>>> But when I use the SSLForm for my login, the communication is done without ssl.
>>>>> I would like to use my page via http, but the ajax login should be done with ssl.
>>>>>
>>>>> The only thing I can do now is:
>>>>> -page completely with ssl
>>>>> -page completely without ssl
>>>>>
>>>>> I would appreciate any help.
>>>>>
>>>>> Best regards,
>>>>> Arthur
>>>>>
>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
AW: AW: SSL - ajax login
Posted by Arthur Leigh Allen <ar...@yahoo.de>.
btw: the xml code I saw showed me, that the login was successfully executed because login content was presented in the xml code.
________________________________
Von: Igor Vaynberg <ig...@gmail.com>
An: users@wicket.apache.org
Gesendet: Freitag, den 24. Juli 2009, 21:51:48 Uhr
Betreff: Re: AW: SSL - ajax login
whatever url you see when hovering over the link is not the url used
for ajax - not necessarily. you should inspect the onclick handlers.
-igor
On Fri, Jul 24, 2009 at 12:20 PM, Arthur Leigh
Allen<ar...@yahoo.de> wrote:
> no, sorry... the url is not changing to http://locahost:8080/projectname/# but when I hold the mouse pointer over the link, I see the url in the status bar. When I hold the mouse pointer over other links, I see very long urls a la http://localhost:8080/projectname/;jsessionid=....wicket:interface.....
>
> But as you suggested, I'll debug the javascript to see the url modifications.
> Thank you for your support Igor!
>
> Have a nice weekend.
> Greetz, Arthur
>
>
>
> ________________________________
> Von: Igor Vaynberg <ig...@gmail.com>
> An: users@wicket.apache.org
> Gesendet: Freitag, den 24. Juli 2009, 17:30:27 Uhr
> Betreff: Re: AW: SSL - ajax login
>
> no, i havent tried it myself. i never had to do an ajax login.
>
> the url in the browser changes to http://locahost:8080/projectname/# ?
> thats fine. the main part is what the actual ajax url is used - you
> wont see that in the browser's bar. i suggest you use firebug or
> something similar to walk the javascript and see why your *ajax* url
> is being mangled.
>
> obviously if you return just "https://localhost:8443/projectname" that
> will not work because that doesnt have the listener interface target
> that will hit the behavior in your button.
>
> -igor
>
>
> On Fri, Jul 24, 2009 at 2:19 AM, Arthur Leigh
> Allen<ar...@yahoo.de> wrote:
>> Hi Igor,
>>
>> I tried to do it as simple as possible so I returned https://localhost:8443/projectname in the overridden method getCallbackUrl of AjaxFormSubmitBehavior. The result was the same. The link pointed to the url http://locahost:8080/projectname/#. It seems to me that only relative pathes can be returned, else the standard url will be used.
>>
>> I wanted to understand how the given url is used in wicket. I found the method wicketAjaxGet in wicket-ajax.js. There the url is passed to Wicket.Ajax.Call(...). I couldn't trace the call deeper because I couldn't find Call() in any javascript file.
>>
>> Have you tried it yourself Igor? Does it work?
>> I'm using wicket 1.3.5. Does it depend on the version I use?
>>
>> Is there a different entry point to manipulate the url for ajax calls?
>>
>> Thx again
>> Arthur
>>
>>
>>
>> ________________________________
>> Von: Igor Vaynberg <ig...@gmail.com>
>> An: users@wicket.apache.org
>> Gesendet: Donnerstag, den 23. Juli 2009, 16:37:22 Uhr
>> Betreff: Re: AW: SSL - ajax login
>>
>> javascript invokes the url you give it, so it looked like it should
>> work. you might have to trace deeper to see whats going on.
>>
>> -igor
>>
>> On Thu, Jul 23, 2009 at 4:41 AM, Arthur Leigh
>> Allen<ar...@yahoo.de> wrote:
>>> Hi Igor,
>>>
>>> I did it as you said.
>>> I took the code from AjaxFallbackButton and I copied it to an own class.
>>> In the constructor I overwrite the getCallbackUrl() method of the AjaxFormSubmitBehavior.
>>> I added the value https://localhost:8443/projectname/ as a prefix to super.getCallbackUrl().
>>> By the way: getCallbackUrl() returns a long relative url beginning with ";sessionid".
>>> So my url is https://localhost:8443/projectname/;sessionid...
>>>
>>> When starting tomcat and accessing the website, the url wasn't applied.
>>> When clicking the link, the url http://localhost:8080/projectname/# was called.
>>> I believe it's the wrong place to manipulate the url. Maybe it is expected to return a relative path
>>> beginning with ";sessionid". That url is maybe manipulated at a different place, so in my case the
>>> end result would be http://localhost:8080/projectname/https://localhost:8443/projectname/;sessionid.
>>> That would result in an error and maybe http://localhost:8080/projectname/# is used therefore.
>>>
>>> Am I wrong?
>>>
>>> Thx
>>> Arthur
>>>
>>>
>>>
>>>
>>> ________________________________
>>> Von: Igor Vaynberg <ig...@gmail.com>
>>> An: users@wicket.apache.org
>>> Gesendet: Mittwoch, den 22. Juli 2009, 18:31:27 Uhr
>>> Betreff: Re: AW: SSL - ajax login
>>>
>>> ah, i thought i replied already because i looked into this yesterday.
>>>
>>> you will have to roll your own button. i would recommend looking at
>>> the sourcecode of the default button. when you add the
>>> formsubmitbehavior in your button you can override getcallbackurl()
>>> and append https to it.
>>>
>>> -igor
>>>
>>> On Wed, Jul 22, 2009 at 2:37 AM, Arthur Leigh
>>> Allen<ar...@yahoo.de> wrote:
>>>> Hi again,
>>>>
>>>> I need to know if it's possible to switch to SSL via button or form.
>>>> Otherwise I have to switch back to wicket 1.3.5. I'm in hurry because
>>>> we will go online within the next 10-14 days.
>>>>
>>>> Can anyone give me a prompt answer please?
>>>>
>>>> Thx & Best regards
>>>> Arthur
>>>>
>>>>
>>>>
>>>> ________________________________
>>>> Von: Arthur Leigh Allen <ar...@yahoo.de>
>>>> An: users@wicket.apache.org
>>>> Gesendet: Dienstag, den 21. Juli 2009, 19:18:18 Uhr
>>>> Betreff: AW: SSL - ajax login
>>>>
>>>> Hello Igor,
>>>>
>>>> thanks for your early reply.
>>>> Yes, my login form is submitted via ajax.
>>>>
>>>> public class BasePage {
>>>>
>>>> public void switchViaAjax(...) { ... }
>>>> public void navigateViaAjax(...) { ... }
>>>>
>>>> }
>>>>
>>>> @RequireHttps
>>>> public class SSLForm extends Form { ... }
>>>>
>>>> public class LoginPanel {
>>>>
>>>> public LoginPanel() { ... }
>>>>
>>>> public create() {
>>>> SSLForm form = new SSLForm("loginForm");
>>>> form.add(username);
>>>> form.add(password);
>>>>
>>>> AjaxFallbackButton loginButton = new AjaxFallbackButton("loginButton", form) {
>>>> protected void onSubmit(AjaxRequestTarget target, Form form) {
>>>> // perform login => login is done via http
>>>> }
>>>> }
>>>> }
>>>> }
>>>>
>>>> As you said @RequireSSL is for pages.
>>>> Do you have any idea how I can remove @RequireHttps from the top of my BasePage and switch to https on login?
>>>> Currently I think the only way to provide a ssl ajax call is to show the base page via ssl as a starting basis.
>>>>
>>>> Therefore I have to use @RequireSSL on the BasePage but that means every communication is done via ssl
>>>> and that means more server ballast and a slower page refresh.
>>>>
>>>> Greetings
>>>> Arthur
>>>>
>>>>
>>>>
>>>> ________________________________
>>>> Von: Igor Vaynberg <ig...@gmail.com>
>>>> An: users@wicket.apache.org
>>>> Gesendet: Dienstag, den 21. Juli 2009, 18:08:48 Uhr
>>>> Betreff: Re: SSL - ajax login
>>>>
>>>> @RequreHttps is meant to be a page-level feature, so it doesnt fit your usecase.
>>>>
>>>> is your login form submitted via ajax?
>>>>
>>>> show us the code to sslform, your login form - making sure to include
>>>> the code to the component that submits it.
>>>>
>>>> -igor
>>>>
>>>> On Tue, Jul 21, 2009 at 8:34 AM, Arthur Leigh
>>>> Allen<ar...@yahoo.de> wrote:
>>>>> Hello folks,
>>>>>
>>>>> I'm using wicket 1.4 RC7 now and I have a question regarding the usage of ssl.
>>>>> I use the HttpsRequestCycleProcessor with the annotation @RequireHttps.
>>>>>
>>>>> Imagine the following case like it is realized on different sites like web.de or gmx.de as well as xing.com.
>>>>> The first call will result in a http url. If you enter your login name and your password and submit the form,
>>>>> then the form will be send via https.
>>>>>
>>>>> I only have one page. Everything on my page is exchanged via ajax. The login is also done via ajax.
>>>>> Currently I use the annotation above for my BasePage but from the first call, the whole communication
>>>>> is done with ssl.
>>>>>
>>>>> What I would like to realize is: Using the @RequireHttps annotation on forms or submit buttons.
>>>>> I implemented an own SSLForm class extending the wicket form class with the annotation.
>>>>> But when I use the SSLForm for my login, the communication is done without ssl.
>>>>> I would like to use my page via http, but the ajax login should be done with ssl.
>>>>>
>>>>> The only thing I can do now is:
>>>>> -page completely with ssl
>>>>> -page completely without ssl
>>>>>
>>>>> I would appreciate any help.
>>>>>
>>>>> Best regards,
>>>>> Arthur
>>>>>
>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: AW: SSL - ajax login
Posted by Igor Vaynberg <ig...@gmail.com>.
whatever url you see when hovering over the link is not the url used
for ajax - not necessarily. you should inspect the onclick handlers.
-igor
On Fri, Jul 24, 2009 at 12:20 PM, Arthur Leigh
Allen<ar...@yahoo.de> wrote:
> no, sorry... the url is not changing to http://locahost:8080/projectname/# but when I hold the mouse pointer over the link, I see the url in the status bar. When I hold the mouse pointer over other links, I see very long urls a la http://localhost:8080/projectname/;jsessionid=....wicket:interface.....
>
> But as you suggested, I'll debug the javascript to see the url modifications.
> Thank you for your support Igor!
>
> Have a nice weekend.
> Greetz, Arthur
>
>
>
> ________________________________
> Von: Igor Vaynberg <ig...@gmail.com>
> An: users@wicket.apache.org
> Gesendet: Freitag, den 24. Juli 2009, 17:30:27 Uhr
> Betreff: Re: AW: SSL - ajax login
>
> no, i havent tried it myself. i never had to do an ajax login.
>
> the url in the browser changes to http://locahost:8080/projectname/# ?
> thats fine. the main part is what the actual ajax url is used - you
> wont see that in the browser's bar. i suggest you use firebug or
> something similar to walk the javascript and see why your *ajax* url
> is being mangled.
>
> obviously if you return just "https://localhost:8443/projectname" that
> will not work because that doesnt have the listener interface target
> that will hit the behavior in your button.
>
> -igor
>
>
> On Fri, Jul 24, 2009 at 2:19 AM, Arthur Leigh
> Allen<ar...@yahoo.de> wrote:
>> Hi Igor,
>>
>> I tried to do it as simple as possible so I returned https://localhost:8443/projectname in the overridden method getCallbackUrl of AjaxFormSubmitBehavior. The result was the same. The link pointed to the url http://locahost:8080/projectname/#. It seems to me that only relative pathes can be returned, else the standard url will be used.
>>
>> I wanted to understand how the given url is used in wicket. I found the method wicketAjaxGet in wicket-ajax.js. There the url is passed to Wicket.Ajax.Call(...). I couldn't trace the call deeper because I couldn't find Call() in any javascript file.
>>
>> Have you tried it yourself Igor? Does it work?
>> I'm using wicket 1.3.5. Does it depend on the version I use?
>>
>> Is there a different entry point to manipulate the url for ajax calls?
>>
>> Thx again
>> Arthur
>>
>>
>>
>> ________________________________
>> Von: Igor Vaynberg <ig...@gmail.com>
>> An: users@wicket.apache.org
>> Gesendet: Donnerstag, den 23. Juli 2009, 16:37:22 Uhr
>> Betreff: Re: AW: SSL - ajax login
>>
>> javascript invokes the url you give it, so it looked like it should
>> work. you might have to trace deeper to see whats going on.
>>
>> -igor
>>
>> On Thu, Jul 23, 2009 at 4:41 AM, Arthur Leigh
>> Allen<ar...@yahoo.de> wrote:
>>> Hi Igor,
>>>
>>> I did it as you said.
>>> I took the code from AjaxFallbackButton and I copied it to an own class.
>>> In the constructor I overwrite the getCallbackUrl() method of the AjaxFormSubmitBehavior.
>>> I added the value https://localhost:8443/projectname/ as a prefix to super.getCallbackUrl().
>>> By the way: getCallbackUrl() returns a long relative url beginning with ";sessionid".
>>> So my url is https://localhost:8443/projectname/;sessionid...
>>>
>>> When starting tomcat and accessing the website, the url wasn't applied.
>>> When clicking the link, the url http://localhost:8080/projectname/# was called.
>>> I believe it's the wrong place to manipulate the url. Maybe it is expected to return a relative path
>>> beginning with ";sessionid". That url is maybe manipulated at a different place, so in my case the
>>> end result would be http://localhost:8080/projectname/https://localhost:8443/projectname/;sessionid.
>>> That would result in an error and maybe http://localhost:8080/projectname/# is used therefore.
>>>
>>> Am I wrong?
>>>
>>> Thx
>>> Arthur
>>>
>>>
>>>
>>>
>>> ________________________________
>>> Von: Igor Vaynberg <ig...@gmail.com>
>>> An: users@wicket.apache.org
>>> Gesendet: Mittwoch, den 22. Juli 2009, 18:31:27 Uhr
>>> Betreff: Re: AW: SSL - ajax login
>>>
>>> ah, i thought i replied already because i looked into this yesterday.
>>>
>>> you will have to roll your own button. i would recommend looking at
>>> the sourcecode of the default button. when you add the
>>> formsubmitbehavior in your button you can override getcallbackurl()
>>> and append https to it.
>>>
>>> -igor
>>>
>>> On Wed, Jul 22, 2009 at 2:37 AM, Arthur Leigh
>>> Allen<ar...@yahoo.de> wrote:
>>>> Hi again,
>>>>
>>>> I need to know if it's possible to switch to SSL via button or form.
>>>> Otherwise I have to switch back to wicket 1.3.5. I'm in hurry because
>>>> we will go online within the next 10-14 days.
>>>>
>>>> Can anyone give me a prompt answer please?
>>>>
>>>> Thx & Best regards
>>>> Arthur
>>>>
>>>>
>>>>
>>>> ________________________________
>>>> Von: Arthur Leigh Allen <ar...@yahoo.de>
>>>> An: users@wicket.apache.org
>>>> Gesendet: Dienstag, den 21. Juli 2009, 19:18:18 Uhr
>>>> Betreff: AW: SSL - ajax login
>>>>
>>>> Hello Igor,
>>>>
>>>> thanks for your early reply.
>>>> Yes, my login form is submitted via ajax.
>>>>
>>>> public class BasePage {
>>>>
>>>> public void switchViaAjax(...) { ... }
>>>> public void navigateViaAjax(...) { ... }
>>>>
>>>> }
>>>>
>>>> @RequireHttps
>>>> public class SSLForm extends Form { ... }
>>>>
>>>> public class LoginPanel {
>>>>
>>>> public LoginPanel() { ... }
>>>>
>>>> public create() {
>>>> SSLForm form = new SSLForm("loginForm");
>>>> form.add(username);
>>>> form.add(password);
>>>>
>>>> AjaxFallbackButton loginButton = new AjaxFallbackButton("loginButton", form) {
>>>> protected void onSubmit(AjaxRequestTarget target, Form form) {
>>>> // perform login => login is done via http
>>>> }
>>>> }
>>>> }
>>>> }
>>>>
>>>> As you said @RequireSSL is for pages.
>>>> Do you have any idea how I can remove @RequireHttps from the top of my BasePage and switch to https on login?
>>>> Currently I think the only way to provide a ssl ajax call is to show the base page via ssl as a starting basis.
>>>>
>>>> Therefore I have to use @RequireSSL on the BasePage but that means every communication is done via ssl
>>>> and that means more server ballast and a slower page refresh.
>>>>
>>>> Greetings
>>>> Arthur
>>>>
>>>>
>>>>
>>>> ________________________________
>>>> Von: Igor Vaynberg <ig...@gmail.com>
>>>> An: users@wicket.apache.org
>>>> Gesendet: Dienstag, den 21. Juli 2009, 18:08:48 Uhr
>>>> Betreff: Re: SSL - ajax login
>>>>
>>>> @RequreHttps is meant to be a page-level feature, so it doesnt fit your usecase.
>>>>
>>>> is your login form submitted via ajax?
>>>>
>>>> show us the code to sslform, your login form - making sure to include
>>>> the code to the component that submits it.
>>>>
>>>> -igor
>>>>
>>>> On Tue, Jul 21, 2009 at 8:34 AM, Arthur Leigh
>>>> Allen<ar...@yahoo.de> wrote:
>>>>> Hello folks,
>>>>>
>>>>> I'm using wicket 1.4 RC7 now and I have a question regarding the usage of ssl.
>>>>> I use the HttpsRequestCycleProcessor with the annotation @RequireHttps.
>>>>>
>>>>> Imagine the following case like it is realized on different sites like web.de or gmx.de as well as xing.com.
>>>>> The first call will result in a http url. If you enter your login name and your password and submit the form,
>>>>> then the form will be send via https.
>>>>>
>>>>> I only have one page. Everything on my page is exchanged via ajax. The login is also done via ajax.
>>>>> Currently I use the annotation above for my BasePage but from the first call, the whole communication
>>>>> is done with ssl.
>>>>>
>>>>> What I would like to realize is: Using the @RequireHttps annotation on forms or submit buttons.
>>>>> I implemented an own SSLForm class extending the wicket form class with the annotation.
>>>>> But when I use the SSLForm for my login, the communication is done without ssl.
>>>>> I would like to use my page via http, but the ajax login should be done with ssl.
>>>>>
>>>>> The only thing I can do now is:
>>>>> -page completely with ssl
>>>>> -page completely without ssl
>>>>>
>>>>> I would appreciate any help.
>>>>>
>>>>> Best regards,
>>>>> Arthur
>>>>>
>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
AW: AW: SSL - ajax login
Posted by Arthur Leigh Allen <ar...@yahoo.de>.
no, sorry... the url is not changing to http://locahost:8080/projectname/# but when I hold the mouse pointer over the link, I see the url in the status bar. When I hold the mouse pointer over other links, I see very long urls a la http://localhost:8080/projectname/;jsessionid=....wicket:interface.....
But as you suggested, I'll debug the javascript to see the url modifications.
Thank you for your support Igor!
Have a nice weekend.
Greetz, Arthur
________________________________
Von: Igor Vaynberg <ig...@gmail.com>
An: users@wicket.apache.org
Gesendet: Freitag, den 24. Juli 2009, 17:30:27 Uhr
Betreff: Re: AW: SSL - ajax login
no, i havent tried it myself. i never had to do an ajax login.
the url in the browser changes to http://locahost:8080/projectname/# ?
thats fine. the main part is what the actual ajax url is used - you
wont see that in the browser's bar. i suggest you use firebug or
something similar to walk the javascript and see why your *ajax* url
is being mangled.
obviously if you return just "https://localhost:8443/projectname" that
will not work because that doesnt have the listener interface target
that will hit the behavior in your button.
-igor
On Fri, Jul 24, 2009 at 2:19 AM, Arthur Leigh
Allen<ar...@yahoo.de> wrote:
> Hi Igor,
>
> I tried to do it as simple as possible so I returned https://localhost:8443/projectname in the overridden method getCallbackUrl of AjaxFormSubmitBehavior. The result was the same. The link pointed to the url http://locahost:8080/projectname/#. It seems to me that only relative pathes can be returned, else the standard url will be used.
>
> I wanted to understand how the given url is used in wicket. I found the method wicketAjaxGet in wicket-ajax.js. There the url is passed to Wicket.Ajax.Call(...). I couldn't trace the call deeper because I couldn't find Call() in any javascript file.
>
> Have you tried it yourself Igor? Does it work?
> I'm using wicket 1.3.5. Does it depend on the version I use?
>
> Is there a different entry point to manipulate the url for ajax calls?
>
> Thx again
> Arthur
>
>
>
> ________________________________
> Von: Igor Vaynberg <ig...@gmail.com>
> An: users@wicket.apache.org
> Gesendet: Donnerstag, den 23. Juli 2009, 16:37:22 Uhr
> Betreff: Re: AW: SSL - ajax login
>
> javascript invokes the url you give it, so it looked like it should
> work. you might have to trace deeper to see whats going on.
>
> -igor
>
> On Thu, Jul 23, 2009 at 4:41 AM, Arthur Leigh
> Allen<ar...@yahoo.de> wrote:
>> Hi Igor,
>>
>> I did it as you said.
>> I took the code from AjaxFallbackButton and I copied it to an own class.
>> In the constructor I overwrite the getCallbackUrl() method of the AjaxFormSubmitBehavior.
>> I added the value https://localhost:8443/projectname/ as a prefix to super.getCallbackUrl().
>> By the way: getCallbackUrl() returns a long relative url beginning with ";sessionid".
>> So my url is https://localhost:8443/projectname/;sessionid...
>>
>> When starting tomcat and accessing the website, the url wasn't applied.
>> When clicking the link, the url http://localhost:8080/projectname/# was called.
>> I believe it's the wrong place to manipulate the url. Maybe it is expected to return a relative path
>> beginning with ";sessionid". That url is maybe manipulated at a different place, so in my case the
>> end result would be http://localhost:8080/projectname/https://localhost:8443/projectname/;sessionid.
>> That would result in an error and maybe http://localhost:8080/projectname/# is used therefore.
>>
>> Am I wrong?
>>
>> Thx
>> Arthur
>>
>>
>>
>>
>> ________________________________
>> Von: Igor Vaynberg <ig...@gmail.com>
>> An: users@wicket.apache.org
>> Gesendet: Mittwoch, den 22. Juli 2009, 18:31:27 Uhr
>> Betreff: Re: AW: SSL - ajax login
>>
>> ah, i thought i replied already because i looked into this yesterday.
>>
>> you will have to roll your own button. i would recommend looking at
>> the sourcecode of the default button. when you add the
>> formsubmitbehavior in your button you can override getcallbackurl()
>> and append https to it.
>>
>> -igor
>>
>> On Wed, Jul 22, 2009 at 2:37 AM, Arthur Leigh
>> Allen<ar...@yahoo.de> wrote:
>>> Hi again,
>>>
>>> I need to know if it's possible to switch to SSL via button or form.
>>> Otherwise I have to switch back to wicket 1.3.5. I'm in hurry because
>>> we will go online within the next 10-14 days.
>>>
>>> Can anyone give me a prompt answer please?
>>>
>>> Thx & Best regards
>>> Arthur
>>>
>>>
>>>
>>> ________________________________
>>> Von: Arthur Leigh Allen <ar...@yahoo.de>
>>> An: users@wicket.apache.org
>>> Gesendet: Dienstag, den 21. Juli 2009, 19:18:18 Uhr
>>> Betreff: AW: SSL - ajax login
>>>
>>> Hello Igor,
>>>
>>> thanks for your early reply.
>>> Yes, my login form is submitted via ajax.
>>>
>>> public class BasePage {
>>>
>>> public void switchViaAjax(...) { ... }
>>> public void navigateViaAjax(...) { ... }
>>>
>>> }
>>>
>>> @RequireHttps
>>> public class SSLForm extends Form { ... }
>>>
>>> public class LoginPanel {
>>>
>>> public LoginPanel() { ... }
>>>
>>> public create() {
>>> SSLForm form = new SSLForm("loginForm");
>>> form.add(username);
>>> form.add(password);
>>>
>>> AjaxFallbackButton loginButton = new AjaxFallbackButton("loginButton", form) {
>>> protected void onSubmit(AjaxRequestTarget target, Form form) {
>>> // perform login => login is done via http
>>> }
>>> }
>>> }
>>> }
>>>
>>> As you said @RequireSSL is for pages.
>>> Do you have any idea how I can remove @RequireHttps from the top of my BasePage and switch to https on login?
>>> Currently I think the only way to provide a ssl ajax call is to show the base page via ssl as a starting basis.
>>>
>>> Therefore I have to use @RequireSSL on the BasePage but that means every communication is done via ssl
>>> and that means more server ballast and a slower page refresh.
>>>
>>> Greetings
>>> Arthur
>>>
>>>
>>>
>>> ________________________________
>>> Von: Igor Vaynberg <ig...@gmail.com>
>>> An: users@wicket.apache.org
>>> Gesendet: Dienstag, den 21. Juli 2009, 18:08:48 Uhr
>>> Betreff: Re: SSL - ajax login
>>>
>>> @RequreHttps is meant to be a page-level feature, so it doesnt fit your usecase.
>>>
>>> is your login form submitted via ajax?
>>>
>>> show us the code to sslform, your login form - making sure to include
>>> the code to the component that submits it.
>>>
>>> -igor
>>>
>>> On Tue, Jul 21, 2009 at 8:34 AM, Arthur Leigh
>>> Allen<ar...@yahoo.de> wrote:
>>>> Hello folks,
>>>>
>>>> I'm using wicket 1.4 RC7 now and I have a question regarding the usage of ssl.
>>>> I use the HttpsRequestCycleProcessor with the annotation @RequireHttps.
>>>>
>>>> Imagine the following case like it is realized on different sites like web.de or gmx.de as well as xing.com.
>>>> The first call will result in a http url. If you enter your login name and your password and submit the form,
>>>> then the form will be send via https.
>>>>
>>>> I only have one page. Everything on my page is exchanged via ajax. The login is also done via ajax.
>>>> Currently I use the annotation above for my BasePage but from the first call, the whole communication
>>>> is done with ssl.
>>>>
>>>> What I would like to realize is: Using the @RequireHttps annotation on forms or submit buttons.
>>>> I implemented an own SSLForm class extending the wicket form class with the annotation.
>>>> But when I use the SSLForm for my login, the communication is done without ssl.
>>>> I would like to use my page via http, but the ajax login should be done with ssl.
>>>>
>>>> The only thing I can do now is:
>>>> -page completely with ssl
>>>> -page completely without ssl
>>>>
>>>> I would appreciate any help.
>>>>
>>>> Best regards,
>>>> Arthur
>>>>
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: AW: SSL - ajax login
Posted by Igor Vaynberg <ig...@gmail.com>.
no, i havent tried it myself. i never had to do an ajax login.
the url in the browser changes to http://locahost:8080/projectname/# ?
thats fine. the main part is what the actual ajax url is used - you
wont see that in the browser's bar. i suggest you use firebug or
something similar to walk the javascript and see why your *ajax* url
is being mangled.
obviously if you return just "https://localhost:8443/projectname" that
will not work because that doesnt have the listener interface target
that will hit the behavior in your button.
-igor
On Fri, Jul 24, 2009 at 2:19 AM, Arthur Leigh
Allen<ar...@yahoo.de> wrote:
> Hi Igor,
>
> I tried to do it as simple as possible so I returned https://localhost:8443/projectname in the overridden method getCallbackUrl of AjaxFormSubmitBehavior. The result was the same. The link pointed to the url http://locahost:8080/projectname/#. It seems to me that only relative pathes can be returned, else the standard url will be used.
>
> I wanted to understand how the given url is used in wicket. I found the method wicketAjaxGet in wicket-ajax.js. There the url is passed to Wicket.Ajax.Call(...). I couldn't trace the call deeper because I couldn't find Call() in any javascript file.
>
> Have you tried it yourself Igor? Does it work?
> I'm using wicket 1.3.5. Does it depend on the version I use?
>
> Is there a different entry point to manipulate the url for ajax calls?
>
> Thx again
> Arthur
>
>
>
> ________________________________
> Von: Igor Vaynberg <ig...@gmail.com>
> An: users@wicket.apache.org
> Gesendet: Donnerstag, den 23. Juli 2009, 16:37:22 Uhr
> Betreff: Re: AW: SSL - ajax login
>
> javascript invokes the url you give it, so it looked like it should
> work. you might have to trace deeper to see whats going on.
>
> -igor
>
> On Thu, Jul 23, 2009 at 4:41 AM, Arthur Leigh
> Allen<ar...@yahoo.de> wrote:
>> Hi Igor,
>>
>> I did it as you said.
>> I took the code from AjaxFallbackButton and I copied it to an own class.
>> In the constructor I overwrite the getCallbackUrl() method of the AjaxFormSubmitBehavior.
>> I added the value https://localhost:8443/projectname/ as a prefix to super.getCallbackUrl().
>> By the way: getCallbackUrl() returns a long relative url beginning with ";sessionid".
>> So my url is https://localhost:8443/projectname/;sessionid...
>>
>> When starting tomcat and accessing the website, the url wasn't applied.
>> When clicking the link, the url http://localhost:8080/projectname/# was called.
>> I believe it's the wrong place to manipulate the url. Maybe it is expected to return a relative path
>> beginning with ";sessionid". That url is maybe manipulated at a different place, so in my case the
>> end result would be http://localhost:8080/projectname/https://localhost:8443/projectname/;sessionid.
>> That would result in an error and maybe http://localhost:8080/projectname/# is used therefore.
>>
>> Am I wrong?
>>
>> Thx
>> Arthur
>>
>>
>>
>>
>> ________________________________
>> Von: Igor Vaynberg <ig...@gmail.com>
>> An: users@wicket.apache.org
>> Gesendet: Mittwoch, den 22. Juli 2009, 18:31:27 Uhr
>> Betreff: Re: AW: SSL - ajax login
>>
>> ah, i thought i replied already because i looked into this yesterday.
>>
>> you will have to roll your own button. i would recommend looking at
>> the sourcecode of the default button. when you add the
>> formsubmitbehavior in your button you can override getcallbackurl()
>> and append https to it.
>>
>> -igor
>>
>> On Wed, Jul 22, 2009 at 2:37 AM, Arthur Leigh
>> Allen<ar...@yahoo.de> wrote:
>>> Hi again,
>>>
>>> I need to know if it's possible to switch to SSL via button or form.
>>> Otherwise I have to switch back to wicket 1.3.5. I'm in hurry because
>>> we will go online within the next 10-14 days.
>>>
>>> Can anyone give me a prompt answer please?
>>>
>>> Thx & Best regards
>>> Arthur
>>>
>>>
>>>
>>> ________________________________
>>> Von: Arthur Leigh Allen <ar...@yahoo.de>
>>> An: users@wicket.apache.org
>>> Gesendet: Dienstag, den 21. Juli 2009, 19:18:18 Uhr
>>> Betreff: AW: SSL - ajax login
>>>
>>> Hello Igor,
>>>
>>> thanks for your early reply.
>>> Yes, my login form is submitted via ajax.
>>>
>>> public class BasePage {
>>>
>>> public void switchViaAjax(...) { ... }
>>> public void navigateViaAjax(...) { ... }
>>>
>>> }
>>>
>>> @RequireHttps
>>> public class SSLForm extends Form { ... }
>>>
>>> public class LoginPanel {
>>>
>>> public LoginPanel() { ... }
>>>
>>> public create() {
>>> SSLForm form = new SSLForm("loginForm");
>>> form.add(username);
>>> form.add(password);
>>>
>>> AjaxFallbackButton loginButton = new AjaxFallbackButton("loginButton", form) {
>>> protected void onSubmit(AjaxRequestTarget target, Form form) {
>>> // perform login => login is done via http
>>> }
>>> }
>>> }
>>> }
>>>
>>> As you said @RequireSSL is for pages.
>>> Do you have any idea how I can remove @RequireHttps from the top of my BasePage and switch to https on login?
>>> Currently I think the only way to provide a ssl ajax call is to show the base page via ssl as a starting basis.
>>>
>>> Therefore I have to use @RequireSSL on the BasePage but that means every communication is done via ssl
>>> and that means more server ballast and a slower page refresh.
>>>
>>> Greetings
>>> Arthur
>>>
>>>
>>>
>>> ________________________________
>>> Von: Igor Vaynberg <ig...@gmail.com>
>>> An: users@wicket.apache.org
>>> Gesendet: Dienstag, den 21. Juli 2009, 18:08:48 Uhr
>>> Betreff: Re: SSL - ajax login
>>>
>>> @RequreHttps is meant to be a page-level feature, so it doesnt fit your usecase.
>>>
>>> is your login form submitted via ajax?
>>>
>>> show us the code to sslform, your login form - making sure to include
>>> the code to the component that submits it.
>>>
>>> -igor
>>>
>>> On Tue, Jul 21, 2009 at 8:34 AM, Arthur Leigh
>>> Allen<ar...@yahoo.de> wrote:
>>>> Hello folks,
>>>>
>>>> I'm using wicket 1.4 RC7 now and I have a question regarding the usage of ssl.
>>>> I use the HttpsRequestCycleProcessor with the annotation @RequireHttps.
>>>>
>>>> Imagine the following case like it is realized on different sites like web.de or gmx.de as well as xing.com.
>>>> The first call will result in a http url. If you enter your login name and your password and submit the form,
>>>> then the form will be send via https.
>>>>
>>>> I only have one page. Everything on my page is exchanged via ajax. The login is also done via ajax.
>>>> Currently I use the annotation above for my BasePage but from the first call, the whole communication
>>>> is done with ssl.
>>>>
>>>> What I would like to realize is: Using the @RequireHttps annotation on forms or submit buttons.
>>>> I implemented an own SSLForm class extending the wicket form class with the annotation.
>>>> But when I use the SSLForm for my login, the communication is done without ssl.
>>>> I would like to use my page via http, but the ajax login should be done with ssl.
>>>>
>>>> The only thing I can do now is:
>>>> -page completely with ssl
>>>> -page completely without ssl
>>>>
>>>> I would appreciate any help.
>>>>
>>>> Best regards,
>>>> Arthur
>>>>
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
AW: AW: AW: SSL - ajax login
Posted by Arthur Leigh Allen <ar...@yahoo.de>.
"I wanted to understand how the given url is used in wicket. I found the method wicketAjaxGet in wicket-ajax.js. There the url is passed to Wicket.Ajax.Call(...). I couldn't trace the call deeper because I couldn't find Call() in any javascript file."
Sorry I was blind yesterday, I found it today
However I would appreciate a response to the other questions.
Thx
Arthur
________________________________
Von: Arthur Leigh Allen <ar...@yahoo.de>
An: users@wicket.apache.org
Gesendet: Freitag, den 24. Juli 2009, 11:19:23 Uhr
Betreff: AW: AW: SSL - ajax login
Hi Igor,
I tried to do it as simple as possible so I returned https://localhost:8443/projectname in the overridden method getCallbackUrl of AjaxFormSubmitBehavior. The result was the same. The link pointed to the url http://locahost:8080/projectname/#. It seems to me that only relative pathes can be returned, else the standard url will be used.
I wanted to understand how the given url is used in wicket. I found the method wicketAjaxGet in wicket-ajax.js. There the url is passed to Wicket.Ajax.Call(...). I couldn't trace the call deeper because I couldn't find Call() in any javascript file.
Have you tried it yourself Igor? Does it work?
I'm using wicket 1.3.5. Does it depend on the version I use?
Is there a different entry point to manipulate the url for ajax calls?
Thx again
Arthur
________________________________
Von: Igor Vaynberg <ig...@gmail.com>
An: users@wicket.apache.org
Gesendet: Donnerstag, den 23. Juli 2009, 16:37:22 Uhr
Betreff: Re: AW: SSL - ajax login
javascript invokes the url you give it, so it looked like it should
work. you might have to trace deeper to see whats going on.
-igor
On Thu, Jul 23, 2009 at 4:41 AM, Arthur Leigh
Allen<ar...@yahoo.de> wrote:
> Hi Igor,
>
> I did it as you said.
> I took the code from AjaxFallbackButton and I copied it to an own class.
> In the constructor I overwrite the getCallbackUrl() method of the AjaxFormSubmitBehavior.
> I added the value https://localhost:8443/projectname/ as a prefix to super.getCallbackUrl().
> By the way: getCallbackUrl() returns a long relative url beginning with ";sessionid".
> So my url is https://localhost:8443/projectname/;sessionid...
>
> When starting tomcat and accessing the website, the url wasn't applied.
> When clicking the link, the url http://localhost:8080/projectname/# was called.
> I believe it's the wrong place to manipulate the url. Maybe it is expected to return a relative path
> beginning with ";sessionid". That url is maybe manipulated at a different place, so in my case the
> end result would be http://localhost:8080/projectname/https://localhost:8443/projectname/;sessionid.
> That would result in an error and maybe http://localhost:8080/projectname/# is used therefore.
>
> Am I wrong?
>
> Thx
> Arthur
>
>
>
>
> ________________________________
> Von: Igor Vaynberg <ig...@gmail.com>
> An: users@wicket.apache.org
> Gesendet: Mittwoch, den 22. Juli 2009, 18:31:27 Uhr
> Betreff: Re: AW: SSL - ajax login
>
> ah, i thought i replied already because i looked into this yesterday.
>
> you will have to roll your own button. i would recommend looking at
> the sourcecode of the default button. when you add the
> formsubmitbehavior in your button you can override getcallbackurl()
> and append https to it.
>
> -igor
>
> On Wed, Jul 22, 2009 at 2:37 AM, Arthur Leigh
> Allen<ar...@yahoo.de> wrote:
>> Hi again,
>>
>> I need to know if it's possible to switch to SSL via button or form.
>> Otherwise I have to switch back to wicket 1.3.5. I'm in hurry because
>> we will go online within the next 10-14 days.
>>
>> Can anyone give me a prompt answer please?
>>
>> Thx & Best regards
>> Arthur
>>
>>
>>
>> ________________________________
>> Von: Arthur Leigh Allen <ar...@yahoo.de>
>> An: users@wicket.apache.org
>> Gesendet: Dienstag, den 21. Juli 2009, 19:18:18 Uhr
>> Betreff: AW: SSL - ajax login
>>
>> Hello Igor,
>>
>> thanks for your early reply.
>> Yes, my login form is submitted via ajax.
>>
>> public class BasePage {
>>
>> public void switchViaAjax(...) { ... }
>> public void navigateViaAjax(...) { ... }
>>
>> }
>>
>> @RequireHttps
>> public class SSLForm extends Form { ... }
>>
>> public class LoginPanel {
>>
>> public LoginPanel() { ... }
>>
>> public create() {
>> SSLForm form = new SSLForm("loginForm");
>> form.add(username);
>> form.add(password);
>>
>> AjaxFallbackButton loginButton = new AjaxFallbackButton("loginButton", form) {
>> protected void onSubmit(AjaxRequestTarget target, Form form) {
>> // perform login => login is done via http
>> }
>> }
>> }
>> }
>>
>> As you said @RequireSSL is for pages.
>> Do you have any idea how I can remove @RequireHttps from the top of my BasePage and switch to https on login?
>> Currently I think the only way to provide a ssl ajax call is to show the base page via ssl as a starting basis.
>>
>> Therefore I have to use @RequireSSL on the BasePage but that means every communication is done via ssl
>> and that means more server ballast and a slower page refresh.
>>
>> Greetings
>> Arthur
>>
>>
>>
>> ________________________________
>> Von: Igor Vaynberg <ig...@gmail.com>
>> An: users@wicket.apache.org
>> Gesendet: Dienstag, den 21. Juli 2009, 18:08:48 Uhr
>> Betreff: Re: SSL - ajax login
>>
>> @RequreHttps is meant to be a page-level feature, so it doesnt fit your usecase.
>>
>> is your login form submitted via ajax?
>>
>> show us the code to sslform, your login form - making sure to include
>> the code to the component that submits it.
>>
>> -igor
>>
>> On Tue, Jul 21, 2009 at 8:34 AM, Arthur Leigh
>> Allen<ar...@yahoo.de> wrote:
>>> Hello folks,
>>>
>>> I'm using wicket 1.4 RC7 now and I have a question regarding the usage of ssl.
>>> I use the HttpsRequestCycleProcessor with the annotation @RequireHttps.
>>>
>>> Imagine the following case like it is realized on different sites like web.de or gmx.de as well as xing.com.
>>> The first call will result in a http url. If you enter your login name and your password and submit the form,
>>> then the form will be send via https.
>>>
>>> I only have one page. Everything on my page is exchanged via ajax. The login is also done via ajax.
>>> Currently I use the annotation above for my BasePage but from the first call, the whole communication
>>> is done with ssl.
>>>
>>> What I would like to realize is: Using the @RequireHttps annotation on forms or submit buttons.
>>> I implemented an own SSLForm class extending the wicket form class with the annotation.
>>> But when I use the SSLForm for my login, the communication is done without ssl.
>>> I would like to use my page via http, but the ajax login should be done with ssl.
>>>
>>> The only thing I can do now is:
>>> -page completely with ssl
>>> -page completely without ssl
>>>
>>> I would appreciate any help.
>>>
>>> Best regards,
>>> Arthur
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
AW: AW: SSL - ajax login
Posted by Arthur Leigh Allen <ar...@yahoo.de>.
Hi Igor,
I tried to do it as simple as possible so I returned https://localhost:8443/projectname in the overridden method getCallbackUrl of AjaxFormSubmitBehavior. The result was the same. The link pointed to the url http://locahost:8080/projectname/#. It seems to me that only relative pathes can be returned, else the standard url will be used.
I wanted to understand how the given url is used in wicket. I found the method wicketAjaxGet in wicket-ajax.js. There the url is passed to Wicket.Ajax.Call(...). I couldn't trace the call deeper because I couldn't find Call() in any javascript file.
Have you tried it yourself Igor? Does it work?
I'm using wicket 1.3.5. Does it depend on the version I use?
Is there a different entry point to manipulate the url for ajax calls?
Thx again
Arthur
________________________________
Von: Igor Vaynberg <ig...@gmail.com>
An: users@wicket.apache.org
Gesendet: Donnerstag, den 23. Juli 2009, 16:37:22 Uhr
Betreff: Re: AW: SSL - ajax login
javascript invokes the url you give it, so it looked like it should
work. you might have to trace deeper to see whats going on.
-igor
On Thu, Jul 23, 2009 at 4:41 AM, Arthur Leigh
Allen<ar...@yahoo.de> wrote:
> Hi Igor,
>
> I did it as you said.
> I took the code from AjaxFallbackButton and I copied it to an own class.
> In the constructor I overwrite the getCallbackUrl() method of the AjaxFormSubmitBehavior.
> I added the value https://localhost:8443/projectname/ as a prefix to super.getCallbackUrl().
> By the way: getCallbackUrl() returns a long relative url beginning with ";sessionid".
> So my url is https://localhost:8443/projectname/;sessionid...
>
> When starting tomcat and accessing the website, the url wasn't applied.
> When clicking the link, the url http://localhost:8080/projectname/# was called.
> I believe it's the wrong place to manipulate the url. Maybe it is expected to return a relative path
> beginning with ";sessionid". That url is maybe manipulated at a different place, so in my case the
> end result would be http://localhost:8080/projectname/https://localhost:8443/projectname/;sessionid.
> That would result in an error and maybe http://localhost:8080/projectname/# is used therefore.
>
> Am I wrong?
>
> Thx
> Arthur
>
>
>
>
> ________________________________
> Von: Igor Vaynberg <ig...@gmail.com>
> An: users@wicket.apache.org
> Gesendet: Mittwoch, den 22. Juli 2009, 18:31:27 Uhr
> Betreff: Re: AW: SSL - ajax login
>
> ah, i thought i replied already because i looked into this yesterday.
>
> you will have to roll your own button. i would recommend looking at
> the sourcecode of the default button. when you add the
> formsubmitbehavior in your button you can override getcallbackurl()
> and append https to it.
>
> -igor
>
> On Wed, Jul 22, 2009 at 2:37 AM, Arthur Leigh
> Allen<ar...@yahoo.de> wrote:
>> Hi again,
>>
>> I need to know if it's possible to switch to SSL via button or form.
>> Otherwise I have to switch back to wicket 1.3.5. I'm in hurry because
>> we will go online within the next 10-14 days.
>>
>> Can anyone give me a prompt answer please?
>>
>> Thx & Best regards
>> Arthur
>>
>>
>>
>> ________________________________
>> Von: Arthur Leigh Allen <ar...@yahoo.de>
>> An: users@wicket.apache.org
>> Gesendet: Dienstag, den 21. Juli 2009, 19:18:18 Uhr
>> Betreff: AW: SSL - ajax login
>>
>> Hello Igor,
>>
>> thanks for your early reply.
>> Yes, my login form is submitted via ajax.
>>
>> public class BasePage {
>>
>> public void switchViaAjax(...) { ... }
>> public void navigateViaAjax(...) { ... }
>>
>> }
>>
>> @RequireHttps
>> public class SSLForm extends Form { ... }
>>
>> public class LoginPanel {
>>
>> public LoginPanel() { ... }
>>
>> public create() {
>> SSLForm form = new SSLForm("loginForm");
>> form.add(username);
>> form.add(password);
>>
>> AjaxFallbackButton loginButton = new AjaxFallbackButton("loginButton", form) {
>> protected void onSubmit(AjaxRequestTarget target, Form form) {
>> // perform login => login is done via http
>> }
>> }
>> }
>> }
>>
>> As you said @RequireSSL is for pages.
>> Do you have any idea how I can remove @RequireHttps from the top of my BasePage and switch to https on login?
>> Currently I think the only way to provide a ssl ajax call is to show the base page via ssl as a starting basis.
>>
>> Therefore I have to use @RequireSSL on the BasePage but that means every communication is done via ssl
>> and that means more server ballast and a slower page refresh.
>>
>> Greetings
>> Arthur
>>
>>
>>
>> ________________________________
>> Von: Igor Vaynberg <ig...@gmail.com>
>> An: users@wicket.apache.org
>> Gesendet: Dienstag, den 21. Juli 2009, 18:08:48 Uhr
>> Betreff: Re: SSL - ajax login
>>
>> @RequreHttps is meant to be a page-level feature, so it doesnt fit your usecase.
>>
>> is your login form submitted via ajax?
>>
>> show us the code to sslform, your login form - making sure to include
>> the code to the component that submits it.
>>
>> -igor
>>
>> On Tue, Jul 21, 2009 at 8:34 AM, Arthur Leigh
>> Allen<ar...@yahoo.de> wrote:
>>> Hello folks,
>>>
>>> I'm using wicket 1.4 RC7 now and I have a question regarding the usage of ssl.
>>> I use the HttpsRequestCycleProcessor with the annotation @RequireHttps.
>>>
>>> Imagine the following case like it is realized on different sites like web.de or gmx.de as well as xing.com.
>>> The first call will result in a http url. If you enter your login name and your password and submit the form,
>>> then the form will be send via https.
>>>
>>> I only have one page. Everything on my page is exchanged via ajax. The login is also done via ajax.
>>> Currently I use the annotation above for my BasePage but from the first call, the whole communication
>>> is done with ssl.
>>>
>>> What I would like to realize is: Using the @RequireHttps annotation on forms or submit buttons.
>>> I implemented an own SSLForm class extending the wicket form class with the annotation.
>>> But when I use the SSLForm for my login, the communication is done without ssl.
>>> I would like to use my page via http, but the ajax login should be done with ssl.
>>>
>>> The only thing I can do now is:
>>> -page completely with ssl
>>> -page completely without ssl
>>>
>>> I would appreciate any help.
>>>
>>> Best regards,
>>> Arthur
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: AW: SSL - ajax login
Posted by Igor Vaynberg <ig...@gmail.com>.
javascript invokes the url you give it, so it looked like it should
work. you might have to trace deeper to see whats going on.
-igor
On Thu, Jul 23, 2009 at 4:41 AM, Arthur Leigh
Allen<ar...@yahoo.de> wrote:
> Hi Igor,
>
> I did it as you said.
> I took the code from AjaxFallbackButton and I copied it to an own class.
> In the constructor I overwrite the getCallbackUrl() method of the AjaxFormSubmitBehavior.
> I added the value https://localhost:8443/projectname/ as a prefix to super.getCallbackUrl().
> By the way: getCallbackUrl() returns a long relative url beginning with ";sessionid".
> So my url is https://localhost:8443/projectname/;sessionid...
>
> When starting tomcat and accessing the website, the url wasn't applied.
> When clicking the link, the url http://localhost:8080/projectname/# was called.
> I believe it's the wrong place to manipulate the url. Maybe it is expected to return a relative path
> beginning with ";sessionid". That url is maybe manipulated at a different place, so in my case the
> end result would be http://localhost:8080/projectname/https://localhost:8443/projectname/;sessionid.
> That would result in an error and maybe http://localhost:8080/projectname/# is used therefore.
>
> Am I wrong?
>
> Thx
> Arthur
>
>
>
>
> ________________________________
> Von: Igor Vaynberg <ig...@gmail.com>
> An: users@wicket.apache.org
> Gesendet: Mittwoch, den 22. Juli 2009, 18:31:27 Uhr
> Betreff: Re: AW: SSL - ajax login
>
> ah, i thought i replied already because i looked into this yesterday.
>
> you will have to roll your own button. i would recommend looking at
> the sourcecode of the default button. when you add the
> formsubmitbehavior in your button you can override getcallbackurl()
> and append https to it.
>
> -igor
>
> On Wed, Jul 22, 2009 at 2:37 AM, Arthur Leigh
> Allen<ar...@yahoo.de> wrote:
>> Hi again,
>>
>> I need to know if it's possible to switch to SSL via button or form.
>> Otherwise I have to switch back to wicket 1.3.5. I'm in hurry because
>> we will go online within the next 10-14 days.
>>
>> Can anyone give me a prompt answer please?
>>
>> Thx & Best regards
>> Arthur
>>
>>
>>
>> ________________________________
>> Von: Arthur Leigh Allen <ar...@yahoo.de>
>> An: users@wicket.apache.org
>> Gesendet: Dienstag, den 21. Juli 2009, 19:18:18 Uhr
>> Betreff: AW: SSL - ajax login
>>
>> Hello Igor,
>>
>> thanks for your early reply.
>> Yes, my login form is submitted via ajax.
>>
>> public class BasePage {
>>
>> public void switchViaAjax(...) { ... }
>> public void navigateViaAjax(...) { ... }
>>
>> }
>>
>> @RequireHttps
>> public class SSLForm extends Form { ... }
>>
>> public class LoginPanel {
>>
>> public LoginPanel() { ... }
>>
>> public create() {
>> SSLForm form = new SSLForm("loginForm");
>> form.add(username);
>> form.add(password);
>>
>> AjaxFallbackButton loginButton = new AjaxFallbackButton("loginButton", form) {
>> protected void onSubmit(AjaxRequestTarget target, Form form) {
>> // perform login => login is done via http
>> }
>> }
>> }
>> }
>>
>> As you said @RequireSSL is for pages.
>> Do you have any idea how I can remove @RequireHttps from the top of my BasePage and switch to https on login?
>> Currently I think the only way to provide a ssl ajax call is to show the base page via ssl as a starting basis.
>>
>> Therefore I have to use @RequireSSL on the BasePage but that means every communication is done via ssl
>> and that means more server ballast and a slower page refresh.
>>
>> Greetings
>> Arthur
>>
>>
>>
>> ________________________________
>> Von: Igor Vaynberg <ig...@gmail.com>
>> An: users@wicket.apache.org
>> Gesendet: Dienstag, den 21. Juli 2009, 18:08:48 Uhr
>> Betreff: Re: SSL - ajax login
>>
>> @RequreHttps is meant to be a page-level feature, so it doesnt fit your usecase.
>>
>> is your login form submitted via ajax?
>>
>> show us the code to sslform, your login form - making sure to include
>> the code to the component that submits it.
>>
>> -igor
>>
>> On Tue, Jul 21, 2009 at 8:34 AM, Arthur Leigh
>> Allen<ar...@yahoo.de> wrote:
>>> Hello folks,
>>>
>>> I'm using wicket 1.4 RC7 now and I have a question regarding the usage of ssl.
>>> I use the HttpsRequestCycleProcessor with the annotation @RequireHttps.
>>>
>>> Imagine the following case like it is realized on different sites like web.de or gmx.de as well as xing.com.
>>> The first call will result in a http url. If you enter your login name and your password and submit the form,
>>> then the form will be send via https.
>>>
>>> I only have one page. Everything on my page is exchanged via ajax. The login is also done via ajax.
>>> Currently I use the annotation above for my BasePage but from the first call, the whole communication
>>> is done with ssl.
>>>
>>> What I would like to realize is: Using the @RequireHttps annotation on forms or submit buttons.
>>> I implemented an own SSLForm class extending the wicket form class with the annotation.
>>> But when I use the SSLForm for my login, the communication is done without ssl.
>>> I would like to use my page via http, but the ajax login should be done with ssl.
>>>
>>> The only thing I can do now is:
>>> -page completely with ssl
>>> -page completely without ssl
>>>
>>> I would appreciate any help.
>>>
>>> Best regards,
>>> Arthur
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
AW: AW: SSL - ajax login
Posted by Arthur Leigh Allen <ar...@yahoo.de>.
Hi Igor,
I did it as you said.
I took the code from AjaxFallbackButton and I copied it to an own class.
In the constructor I overwrite the getCallbackUrl() method of the AjaxFormSubmitBehavior.
I added the value https://localhost:8443/projectname/ as a prefix to super.getCallbackUrl().
By the way: getCallbackUrl() returns a long relative url beginning with ";sessionid".
So my url is https://localhost:8443/projectname/;sessionid...
When starting tomcat and accessing the website, the url wasn't applied.
When clicking the link, the url http://localhost:8080/projectname/# was called.
I believe it's the wrong place to manipulate the url. Maybe it is expected to return a relative path
beginning with ";sessionid". That url is maybe manipulated at a different place, so in my case the
end result would be http://localhost:8080/projectname/https://localhost:8443/projectname/;sessionid.
That would result in an error and maybe http://localhost:8080/projectname/# is used therefore.
Am I wrong?
Thx
Arthur
________________________________
Von: Igor Vaynberg <ig...@gmail.com>
An: users@wicket.apache.org
Gesendet: Mittwoch, den 22. Juli 2009, 18:31:27 Uhr
Betreff: Re: AW: SSL - ajax login
ah, i thought i replied already because i looked into this yesterday.
you will have to roll your own button. i would recommend looking at
the sourcecode of the default button. when you add the
formsubmitbehavior in your button you can override getcallbackurl()
and append https to it.
-igor
On Wed, Jul 22, 2009 at 2:37 AM, Arthur Leigh
Allen<ar...@yahoo.de> wrote:
> Hi again,
>
> I need to know if it's possible to switch to SSL via button or form.
> Otherwise I have to switch back to wicket 1.3.5. I'm in hurry because
> we will go online within the next 10-14 days.
>
> Can anyone give me a prompt answer please?
>
> Thx & Best regards
> Arthur
>
>
>
> ________________________________
> Von: Arthur Leigh Allen <ar...@yahoo.de>
> An: users@wicket.apache.org
> Gesendet: Dienstag, den 21. Juli 2009, 19:18:18 Uhr
> Betreff: AW: SSL - ajax login
>
> Hello Igor,
>
> thanks for your early reply.
> Yes, my login form is submitted via ajax.
>
> public class BasePage {
>
> public void switchViaAjax(...) { ... }
> public void navigateViaAjax(...) { ... }
>
> }
>
> @RequireHttps
> public class SSLForm extends Form { ... }
>
> public class LoginPanel {
>
> public LoginPanel() { ... }
>
> public create() {
> SSLForm form = new SSLForm("loginForm");
> form.add(username);
> form.add(password);
>
> AjaxFallbackButton loginButton = new AjaxFallbackButton("loginButton", form) {
> protected void onSubmit(AjaxRequestTarget target, Form form) {
> // perform login => login is done via http
> }
> }
> }
> }
>
> As you said @RequireSSL is for pages.
> Do you have any idea how I can remove @RequireHttps from the top of my BasePage and switch to https on login?
> Currently I think the only way to provide a ssl ajax call is to show the base page via ssl as a starting basis.
>
> Therefore I have to use @RequireSSL on the BasePage but that means every communication is done via ssl
> and that means more server ballast and a slower page refresh.
>
> Greetings
> Arthur
>
>
>
> ________________________________
> Von: Igor Vaynberg <ig...@gmail.com>
> An: users@wicket.apache.org
> Gesendet: Dienstag, den 21. Juli 2009, 18:08:48 Uhr
> Betreff: Re: SSL - ajax login
>
> @RequreHttps is meant to be a page-level feature, so it doesnt fit your usecase.
>
> is your login form submitted via ajax?
>
> show us the code to sslform, your login form - making sure to include
> the code to the component that submits it.
>
> -igor
>
> On Tue, Jul 21, 2009 at 8:34 AM, Arthur Leigh
> Allen<ar...@yahoo.de> wrote:
>> Hello folks,
>>
>> I'm using wicket 1.4 RC7 now and I have a question regarding the usage of ssl.
>> I use the HttpsRequestCycleProcessor with the annotation @RequireHttps.
>>
>> Imagine the following case like it is realized on different sites like web.de or gmx.de as well as xing.com.
>> The first call will result in a http url. If you enter your login name and your password and submit the form,
>> then the form will be send via https.
>>
>> I only have one page. Everything on my page is exchanged via ajax. The login is also done via ajax.
>> Currently I use the annotation above for my BasePage but from the first call, the whole communication
>> is done with ssl.
>>
>> What I would like to realize is: Using the @RequireHttps annotation on forms or submit buttons.
>> I implemented an own SSLForm class extending the wicket form class with the annotation.
>> But when I use the SSLForm for my login, the communication is done without ssl.
>> I would like to use my page via http, but the ajax login should be done with ssl.
>>
>> The only thing I can do now is:
>> -page completely with ssl
>> -page completely without ssl
>>
>> I would appreciate any help.
>>
>> Best regards,
>> Arthur
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
AW: AW: SSL - ajax login
Posted by Arthur Leigh Allen <ar...@yahoo.de>.
that's a good hint, thanks a lot
i already switched back to wicket 1.3.5 because there are too many changes and the time is too short to makes such changes now
i'll try your suggestion
________________________________
Von: Igor Vaynberg <ig...@gmail.com>
An: users@wicket.apache.org
Gesendet: Mittwoch, den 22. Juli 2009, 18:31:27 Uhr
Betreff: Re: AW: SSL - ajax login
ah, i thought i replied already because i looked into this yesterday.
you will have to roll your own button. i would recommend looking at
the sourcecode of the default button. when you add the
formsubmitbehavior in your button you can override getcallbackurl()
and append https to it.
-igor
On Wed, Jul 22, 2009 at 2:37 AM, Arthur Leigh
Allen<ar...@yahoo.de> wrote:
> Hi again,
>
> I need to know if it's possible to switch to SSL via button or form.
> Otherwise I have to switch back to wicket 1.3.5. I'm in hurry because
> we will go online within the next 10-14 days.
>
> Can anyone give me a prompt answer please?
>
> Thx & Best regards
> Arthur
>
>
>
> ________________________________
> Von: Arthur Leigh Allen <ar...@yahoo.de>
> An: users@wicket.apache.org
> Gesendet: Dienstag, den 21. Juli 2009, 19:18:18 Uhr
> Betreff: AW: SSL - ajax login
>
> Hello Igor,
>
> thanks for your early reply.
> Yes, my login form is submitted via ajax.
>
> public class BasePage {
>
> public void switchViaAjax(...) { ... }
> public void navigateViaAjax(...) { ... }
>
> }
>
> @RequireHttps
> public class SSLForm extends Form { ... }
>
> public class LoginPanel {
>
> public LoginPanel() { ... }
>
> public create() {
> SSLForm form = new SSLForm("loginForm");
> form.add(username);
> form.add(password);
>
> AjaxFallbackButton loginButton = new AjaxFallbackButton("loginButton", form) {
> protected void onSubmit(AjaxRequestTarget target, Form form) {
> // perform login => login is done via http
> }
> }
> }
> }
>
> As you said @RequireSSL is for pages.
> Do you have any idea how I can remove @RequireHttps from the top of my BasePage and switch to https on login?
> Currently I think the only way to provide a ssl ajax call is to show the base page via ssl as a starting basis.
>
> Therefore I have to use @RequireSSL on the BasePage but that means every communication is done via ssl
> and that means more server ballast and a slower page refresh.
>
> Greetings
> Arthur
>
>
>
> ________________________________
> Von: Igor Vaynberg <ig...@gmail.com>
> An: users@wicket.apache.org
> Gesendet: Dienstag, den 21. Juli 2009, 18:08:48 Uhr
> Betreff: Re: SSL - ajax login
>
> @RequreHttps is meant to be a page-level feature, so it doesnt fit your usecase.
>
> is your login form submitted via ajax?
>
> show us the code to sslform, your login form - making sure to include
> the code to the component that submits it.
>
> -igor
>
> On Tue, Jul 21, 2009 at 8:34 AM, Arthur Leigh
> Allen<ar...@yahoo.de> wrote:
>> Hello folks,
>>
>> I'm using wicket 1.4 RC7 now and I have a question regarding the usage of ssl.
>> I use the HttpsRequestCycleProcessor with the annotation @RequireHttps.
>>
>> Imagine the following case like it is realized on different sites like web.de or gmx.de as well as xing.com.
>> The first call will result in a http url. If you enter your login name and your password and submit the form,
>> then the form will be send via https.
>>
>> I only have one page. Everything on my page is exchanged via ajax. The login is also done via ajax.
>> Currently I use the annotation above for my BasePage but from the first call, the whole communication
>> is done with ssl.
>>
>> What I would like to realize is: Using the @RequireHttps annotation on forms or submit buttons.
>> I implemented an own SSLForm class extending the wicket form class with the annotation.
>> But when I use the SSLForm for my login, the communication is done without ssl.
>> I would like to use my page via http, but the ajax login should be done with ssl.
>>
>> The only thing I can do now is:
>> -page completely with ssl
>> -page completely without ssl
>>
>> I would appreciate any help.
>>
>> Best regards,
>> Arthur
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: AW: SSL - ajax login
Posted by Igor Vaynberg <ig...@gmail.com>.
ah, i thought i replied already because i looked into this yesterday.
you will have to roll your own button. i would recommend looking at
the sourcecode of the default button. when you add the
formsubmitbehavior in your button you can override getcallbackurl()
and append https to it.
-igor
On Wed, Jul 22, 2009 at 2:37 AM, Arthur Leigh
Allen<ar...@yahoo.de> wrote:
> Hi again,
>
> I need to know if it's possible to switch to SSL via button or form.
> Otherwise I have to switch back to wicket 1.3.5. I'm in hurry because
> we will go online within the next 10-14 days.
>
> Can anyone give me a prompt answer please?
>
> Thx & Best regards
> Arthur
>
>
>
> ________________________________
> Von: Arthur Leigh Allen <ar...@yahoo.de>
> An: users@wicket.apache.org
> Gesendet: Dienstag, den 21. Juli 2009, 19:18:18 Uhr
> Betreff: AW: SSL - ajax login
>
> Hello Igor,
>
> thanks for your early reply.
> Yes, my login form is submitted via ajax.
>
> public class BasePage {
>
> public void switchViaAjax(...) { ... }
> public void navigateViaAjax(...) { ... }
>
> }
>
> @RequireHttps
> public class SSLForm extends Form { ... }
>
> public class LoginPanel {
>
> public LoginPanel() { ... }
>
> public create() {
> SSLForm form = new SSLForm("loginForm");
> form.add(username);
> form.add(password);
>
> AjaxFallbackButton loginButton = new AjaxFallbackButton("loginButton", form) {
> protected void onSubmit(AjaxRequestTarget target, Form form) {
> // perform login => login is done via http
> }
> }
> }
> }
>
> As you said @RequireSSL is for pages.
> Do you have any idea how I can remove @RequireHttps from the top of my BasePage and switch to https on login?
> Currently I think the only way to provide a ssl ajax call is to show the base page via ssl as a starting basis.
>
> Therefore I have to use @RequireSSL on the BasePage but that means every communication is done via ssl
> and that means more server ballast and a slower page refresh.
>
> Greetings
> Arthur
>
>
>
> ________________________________
> Von: Igor Vaynberg <ig...@gmail.com>
> An: users@wicket.apache.org
> Gesendet: Dienstag, den 21. Juli 2009, 18:08:48 Uhr
> Betreff: Re: SSL - ajax login
>
> @RequreHttps is meant to be a page-level feature, so it doesnt fit your usecase.
>
> is your login form submitted via ajax?
>
> show us the code to sslform, your login form - making sure to include
> the code to the component that submits it.
>
> -igor
>
> On Tue, Jul 21, 2009 at 8:34 AM, Arthur Leigh
> Allen<ar...@yahoo.de> wrote:
>> Hello folks,
>>
>> I'm using wicket 1.4 RC7 now and I have a question regarding the usage of ssl.
>> I use the HttpsRequestCycleProcessor with the annotation @RequireHttps.
>>
>> Imagine the following case like it is realized on different sites like web.de or gmx.de as well as xing.com.
>> The first call will result in a http url. If you enter your login name and your password and submit the form,
>> then the form will be send via https.
>>
>> I only have one page. Everything on my page is exchanged via ajax. The login is also done via ajax.
>> Currently I use the annotation above for my BasePage but from the first call, the whole communication
>> is done with ssl.
>>
>> What I would like to realize is: Using the @RequireHttps annotation on forms or submit buttons.
>> I implemented an own SSLForm class extending the wicket form class with the annotation.
>> But when I use the SSLForm for my login, the communication is done without ssl.
>> I would like to use my page via http, but the ajax login should be done with ssl.
>>
>> The only thing I can do now is:
>> -page completely with ssl
>> -page completely without ssl
>>
>> I would appreciate any help.
>>
>> Best regards,
>> Arthur
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: AW: AW: SSL - ajax login
Posted by Peter Ertl <pe...@gmx.org>.
You can always use the current url and replace http:// with https://
then redirect to it...
WebRequest
and
WebRequest.getHttpServletRequest()
provides you with all you need.
if you do it in ajax you could use
window.location.href
to force the redirect from client side...
Am 22.07.2009 um 11:37 schrieb Arthur Leigh Allen:
> Hi again,
>
> I need to know if it's possible to switch to SSL via button or form.
> Otherwise I have to switch back to wicket 1.3.5. I'm in hurry because
> we will go online within the next 10-14 days.
>
> Can anyone give me a prompt answer please?
>
> Thx & Best regards
> Arthur
>
>
>
> ________________________________
> Von: Arthur Leigh Allen <ar...@yahoo.de>
> An: users@wicket.apache.org
> Gesendet: Dienstag, den 21. Juli 2009, 19:18:18 Uhr
> Betreff: AW: SSL - ajax login
>
> Hello Igor,
>
> thanks for your early reply.
> Yes, my login form is submitted via ajax.
>
> public class BasePage {
>
> public void switchViaAjax(...) { ... }
> public void navigateViaAjax(...) { ... }
>
> }
>
> @RequireHttps
> public class SSLForm extends Form { ... }
>
> public class LoginPanel {
>
> public LoginPanel() { ... }
>
> public create() {
> SSLForm form = new SSLForm("loginForm");
> form.add(username);
> form.add(password);
>
> AjaxFallbackButton loginButton = new
> AjaxFallbackButton("loginButton", form) {
> protected void onSubmit(AjaxRequestTarget target, Form
> form) {
> // perform login => login is done via http
> }
> }
> }
> }
>
> As you said @RequireSSL is for pages.
> Do you have any idea how I can remove @RequireHttps from the top of
> my BasePage and switch to https on login?
> Currently I think the only way to provide a ssl ajax call is to show
> the base page via ssl as a starting basis.
>
> Therefore I have to use @RequireSSL on the BasePage but that means
> every communication is done via ssl
> and that means more server ballast and a slower page refresh.
>
> Greetings
> Arthur
>
>
>
> ________________________________
> Von: Igor Vaynberg <ig...@gmail.com>
> An: users@wicket.apache.org
> Gesendet: Dienstag, den 21. Juli 2009, 18:08:48 Uhr
> Betreff: Re: SSL - ajax login
>
> @RequreHttps is meant to be a page-level feature, so it doesnt fit
> your usecase.
>
> is your login form submitted via ajax?
>
> show us the code to sslform, your login form - making sure to include
> the code to the component that submits it.
>
> -igor
>
> On Tue, Jul 21, 2009 at 8:34 AM, Arthur Leigh
> Allen<ar...@yahoo.de> wrote:
>> Hello folks,
>>
>> I'm using wicket 1.4 RC7 now and I have a question regarding the
>> usage of ssl.
>> I use the HttpsRequestCycleProcessor with the annotation
>> @RequireHttps.
>>
>> Imagine the following case like it is realized on different sites
>> like web.de or gmx.de as well as xing.com.
>> The first call will result in a http url. If you enter your login
>> name and your password and submit the form,
>> then the form will be send via https.
>>
>> I only have one page. Everything on my page is exchanged via ajax.
>> The login is also done via ajax.
>> Currently I use the annotation above for my BasePage but from the
>> first call, the whole communication
>> is done with ssl.
>>
>> What I would like to realize is: Using the @RequireHttps annotation
>> on forms or submit buttons.
>> I implemented an own SSLForm class extending the wicket form class
>> with the annotation.
>> But when I use the SSLForm for my login, the communication is done
>> without ssl.
>> I would like to use my page via http, but the ajax login should be
>> done with ssl.
>>
>> The only thing I can do now is:
>> -page completely with ssl
>> -page completely without ssl
>>
>> I would appreciate any help.
>>
>> Best regards,
>> Arthur
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
AW: AW: SSL - ajax login
Posted by Arthur Leigh Allen <ar...@yahoo.de>.
Hi again,
I need to know if it's possible to switch to SSL via button or form.
Otherwise I have to switch back to wicket 1.3.5. I'm in hurry because
we will go online within the next 10-14 days.
Can anyone give me a prompt answer please?
Thx & Best regards
Arthur
________________________________
Von: Arthur Leigh Allen <ar...@yahoo.de>
An: users@wicket.apache.org
Gesendet: Dienstag, den 21. Juli 2009, 19:18:18 Uhr
Betreff: AW: SSL - ajax login
Hello Igor,
thanks for your early reply.
Yes, my login form is submitted via ajax.
public class BasePage {
public void switchViaAjax(...) { ... }
public void navigateViaAjax(...) { ... }
}
@RequireHttps
public class SSLForm extends Form { ... }
public class LoginPanel {
public LoginPanel() { ... }
public create() {
SSLForm form = new SSLForm("loginForm");
form.add(username);
form.add(password);
AjaxFallbackButton loginButton = new AjaxFallbackButton("loginButton", form) {
protected void onSubmit(AjaxRequestTarget target, Form form) {
// perform login => login is done via http
}
}
}
}
As you said @RequireSSL is for pages.
Do you have any idea how I can remove @RequireHttps from the top of my BasePage and switch to https on login?
Currently I think the only way to provide a ssl ajax call is to show the base page via ssl as a starting basis.
Therefore I have to use @RequireSSL on the BasePage but that means every communication is done via ssl
and that means more server ballast and a slower page refresh.
Greetings
Arthur
________________________________
Von: Igor Vaynberg <ig...@gmail.com>
An: users@wicket.apache.org
Gesendet: Dienstag, den 21. Juli 2009, 18:08:48 Uhr
Betreff: Re: SSL - ajax login
@RequreHttps is meant to be a page-level feature, so it doesnt fit your usecase.
is your login form submitted via ajax?
show us the code to sslform, your login form - making sure to include
the code to the component that submits it.
-igor
On Tue, Jul 21, 2009 at 8:34 AM, Arthur Leigh
Allen<ar...@yahoo.de> wrote:
> Hello folks,
>
> I'm using wicket 1.4 RC7 now and I have a question regarding the usage of ssl.
> I use the HttpsRequestCycleProcessor with the annotation @RequireHttps.
>
> Imagine the following case like it is realized on different sites like web.de or gmx.de as well as xing.com.
> The first call will result in a http url. If you enter your login name and your password and submit the form,
> then the form will be send via https.
>
> I only have one page. Everything on my page is exchanged via ajax. The login is also done via ajax.
> Currently I use the annotation above for my BasePage but from the first call, the whole communication
> is done with ssl.
>
> What I would like to realize is: Using the @RequireHttps annotation on forms or submit buttons.
> I implemented an own SSLForm class extending the wicket form class with the annotation.
> But when I use the SSLForm for my login, the communication is done without ssl.
> I would like to use my page via http, but the ajax login should be done with ssl.
>
> The only thing I can do now is:
> -page completely with ssl
> -page completely without ssl
>
> I would appreciate any help.
>
> Best regards,
> Arthur
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
AW: SSL - ajax login
Posted by Arthur Leigh Allen <ar...@yahoo.de>.
Hello Igor,
thanks for your early reply.
Yes, my login form is submitted via ajax.
public class BasePage {
public void switchViaAjax(...) { ... }
public void navigateViaAjax(...) { ... }
}
@RequireHttps
public class SSLForm extends Form { ... }
public class LoginPanel {
public LoginPanel() { ... }
public create() {
SSLForm form = new SSLForm("loginForm");
form.add(username);
form.add(password);
AjaxFallbackButton loginButton = new AjaxFallbackButton("loginButton", form) {
protected void onSubmit(AjaxRequestTarget target, Form form) {
// perform login => login is done via http
}
}
}
}
As you said @RequireSSL is for pages.
Do you have any idea how I can remove @RequireHttps from the top of my BasePage and switch to https on login?
Currently I think the only way to provide a ssl ajax call is to show the base page via ssl as a starting basis.
Therefore I have to use @RequireSSL on the BasePage but that means every communication is done via ssl
and that means more server ballast and a slower page refresh.
Greetings
Arthur
________________________________
Von: Igor Vaynberg <ig...@gmail.com>
An: users@wicket.apache.org
Gesendet: Dienstag, den 21. Juli 2009, 18:08:48 Uhr
Betreff: Re: SSL - ajax login
@RequreHttps is meant to be a page-level feature, so it doesnt fit your usecase.
is your login form submitted via ajax?
show us the code to sslform, your login form - making sure to include
the code to the component that submits it.
-igor
On Tue, Jul 21, 2009 at 8:34 AM, Arthur Leigh
Allen<ar...@yahoo.de> wrote:
> Hello folks,
>
> I'm using wicket 1.4 RC7 now and I have a question regarding the usage of ssl.
> I use the HttpsRequestCycleProcessor with the annotation @RequireHttps.
>
> Imagine the following case like it is realized on different sites like web.de or gmx.de as well as xing.com.
> The first call will result in a http url. If you enter your login name and your password and submit the form,
> then the form will be send via https.
>
> I only have one page. Everything on my page is exchanged via ajax. The login is also done via ajax.
> Currently I use the annotation above for my BasePage but from the first call, the whole communication
> is done with ssl.
>
> What I would like to realize is: Using the @RequireHttps annotation on forms or submit buttons.
> I implemented an own SSLForm class extending the wicket form class with the annotation.
> But when I use the SSLForm for my login, the communication is done without ssl.
> I would like to use my page via http, but the ajax login should be done with ssl.
>
> The only thing I can do now is:
> -page completely with ssl
> -page completely without ssl
>
> I would appreciate any help.
>
> Best regards,
> Arthur
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: SSL - ajax login
Posted by Igor Vaynberg <ig...@gmail.com>.
@RequreHttps is meant to be a page-level feature, so it doesnt fit your usecase.
is your login form submitted via ajax?
show us the code to sslform, your login form - making sure to include
the code to the component that submits it.
-igor
On Tue, Jul 21, 2009 at 8:34 AM, Arthur Leigh
Allen<ar...@yahoo.de> wrote:
> Hello folks,
>
> I'm using wicket 1.4 RC7 now and I have a question regarding the usage of ssl.
> I use the HttpsRequestCycleProcessor with the annotation @RequireHttps.
>
> Imagine the following case like it is realized on different sites like web.de or gmx.de as well as xing.com.
> The first call will result in a http url. If you enter your login name and your password and submit the form,
> then the form will be send via https.
>
> I only have one page. Everything on my page is exchanged via ajax. The login is also done via ajax.
> Currently I use the annotation above for my BasePage but from the first call, the whole communication
> is done with ssl.
>
> What I would like to realize is: Using the @RequireHttps annotation on forms or submit buttons.
> I implemented an own SSLForm class extending the wicket form class with the annotation.
> But when I use the SSLForm for my login, the communication is done without ssl.
> I would like to use my page via http, but the ajax login should be done with ssl.
>
> The only thing I can do now is:
> -page completely with ssl
> -page completely without ssl
>
> I would appreciate any help.
>
> Best regards,
> Arthur
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org