You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Calin Pavel <ca...@gmail.com> on 2019/03/06 15:02:36 UTC
Skip URL escape on redirect
Hello,
I'm doing a redirect from Wicket code like* throw new
RedirectToUrlException("http://mydomain/file(1).txt?Signature=JdfsuerJQEWQA2");
*and this should redirect user to this page which is accessible if
signature is valid (checks if URL did not changed).
But, when doing the redirect Wicket escapes the brackets - so browser
received in header
location=*http://mydomain/file%281%29.txt?Signature=JdfsuerJQEWQA2 *,
but the server does not accepts the request because signature does not
match this URL.
For this:
1. is there any other way to do the redirect without escaping URL?
2. is it a browser problem - it should unescape URL before doing
redirect? have some doubts, since all (Chrome, IE, Firefox) works the same
3. would it be the responsibility of the targeted server to decode /
unescape URL and then check for the signature?
Thank you,
Calin Pavel
*
*
Re: Skip URL escape on redirect
Posted by Maxim Solodovnik <so...@gmail.com>.
IMO better way would be to create hash for encoded URL
On Wed, 6 Mar 2019 at 22:02, Calin Pavel <ca...@gmail.com> wrote:
>
> Hello,
>
> I'm doing a redirect from Wicket code like* throw new
> RedirectToUrlException("http://mydomain/file(1).txt?Signature=JdfsuerJQEWQA2");
> *and this should redirect user to this page which is accessible if
> signature is valid (checks if URL did not changed).
>
> But, when doing the redirect Wicket escapes the brackets - so browser
> received in header
> location=*http://mydomain/file%281%29.txt?Signature=JdfsuerJQEWQA2 *,
> but the server does not accepts the request because signature does not
> match this URL.
>
> For this:
> 1. is there any other way to do the redirect without escaping URL?
>
> 2. is it a browser problem - it should unescape URL before doing
> redirect? have some doubts, since all (Chrome, IE, Firefox) works the same
> 3. would it be the responsibility of the targeted server to decode /
> unescape URL and then check for the signature?
>
> Thank you,
> Calin Pavel
> *
> *
--
WBR
Maxim aka solomax
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Integrate Wicket with Keycloak
Posted by Maxim Solodovnik <so...@gmail.com>.
Not sure this is related to Keycloak
But here is example how to restrict access to pages/components:
https://ci.apache.org/projects/wicket/guide/8.x/single.html#_using_roles_with_annotations
On Wed, 10 Apr 2019 at 21:43, Calin Pavel <ca...@gmail.com> wrote:
> Hi everybody,
>
> Did anybody integrated Wicket with Keycloak?
> Do you have any sample how this could be done - to restrict access to
> pages, to authenticate user ....
>
>
> Thank you,
> Calin Pavel
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
--
WBR
Maxim aka solomax
Re: Integrate Wicket with Keycloak
Posted by Martin Grigorov <mg...@apache.org>.
Thank you for sharing your knowledge, Jeroen!
On Tue, Apr 16, 2019 at 12:32 PM Jeroen Steenbeeke <
j.steenbeeke.ml@gmail.com> wrote:
> Hello David,
>
> Excellent idea! I went ahead and did just that:
> https://tech.jeroensteenbeeke.nl/2019/04/16/using-keycloak-with-wicket.html
>
> Hope it's helpful.
>
> Regards,
>
> Jeroen
>
> Op ma 15 apr. 2019 om 19:53 schreef David Beer <da...@gmail.com>:
>
> > Hi Jeroen
> >
> > This sounds good, I once tried to setup a link between Wicket and
> Keycloak,
> > would be good if you had a blog post, or posted this on the wicket site,
> > along with code examples on github. Just a thought.
> >
> > Thanks
> >
> > David
> >
> > On Thu, 11 Apr 2019 at 09:23, Jeroen Steenbeeke <
> j.steenbeeke.ml@gmail.com
> > >
> > wrote:
> >
> > > I've recently created an application that has a Wicket frontend (and
> > Spring
> > > backend) authenticated by Keycloak. It's a relatively simple
> integration
> > > really, all pages require a valid Keycloak session, so it uses the
> > default
> > > Keycloak servlet filter adapter:
> > >
> > >
> > >
> >
> https://search.maven.org/artifact/org.keycloak/keycloak-servlet-filter-adapter/5.0.0/jar
> > >
> > > In my setup I've mapped the Keycloak filter to all URLs (before the
> > Wicket
> > > filter). Using this filter is simply a matter of adding it to your
> > web.xml
> > > and making sure you have a keycloak.json file in your WEB-INF folder.
> > >
> > > In Wicket, you can then get the Keycloak context from the RequestCycle:
> > >
> > > ServletWebRequest request = (ServletWebRequest)
> > > RequestCycle.get().getRequest();
> > > HttpServletRequest containerRequest = request.getContainerRequest();
> > > KeycloakSecurityContext securityContext = (KeycloakSecurityContext)
> > > containerRequest.getAttribute(KeycloakSecurityContext.class.getName());
> > >
> > > Hope this helps.
> > >
> > > Sincerely,
> > >
> > > Jeroen
> > >
> > >
> > > Op wo 10 apr. 2019 om 16:43 schreef Calin Pavel <calin.pavel@gmail.com
> >:
> > >
> > > > Hi everybody,
> > > >
> > > > Did anybody integrated Wicket with Keycloak?
> > > > Do you have any sample how this could be done - to restrict access to
> > > > pages, to authenticate user ....
> > > >
> > > >
> > > > Thank you,
> > > > Calin Pavel
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> > > > For additional commands, e-mail: users-help@wicket.apache.org
> > > >
> > > >
> > >
> > > --
> > > Jeroen Steenbeeke
> > >
> >
>
>
> --
> Jeroen Steenbeeke
>
Re: Integrate Wicket with Keycloak
Posted by Jeroen Steenbeeke <j....@gmail.com>.
Hello David,
Excellent idea! I went ahead and did just that:
https://tech.jeroensteenbeeke.nl/2019/04/16/using-keycloak-with-wicket.html
Hope it's helpful.
Regards,
Jeroen
Op ma 15 apr. 2019 om 19:53 schreef David Beer <da...@gmail.com>:
> Hi Jeroen
>
> This sounds good, I once tried to setup a link between Wicket and Keycloak,
> would be good if you had a blog post, or posted this on the wicket site,
> along with code examples on github. Just a thought.
>
> Thanks
>
> David
>
> On Thu, 11 Apr 2019 at 09:23, Jeroen Steenbeeke <j.steenbeeke.ml@gmail.com
> >
> wrote:
>
> > I've recently created an application that has a Wicket frontend (and
> Spring
> > backend) authenticated by Keycloak. It's a relatively simple integration
> > really, all pages require a valid Keycloak session, so it uses the
> default
> > Keycloak servlet filter adapter:
> >
> >
> >
> https://search.maven.org/artifact/org.keycloak/keycloak-servlet-filter-adapter/5.0.0/jar
> >
> > In my setup I've mapped the Keycloak filter to all URLs (before the
> Wicket
> > filter). Using this filter is simply a matter of adding it to your
> web.xml
> > and making sure you have a keycloak.json file in your WEB-INF folder.
> >
> > In Wicket, you can then get the Keycloak context from the RequestCycle:
> >
> > ServletWebRequest request = (ServletWebRequest)
> > RequestCycle.get().getRequest();
> > HttpServletRequest containerRequest = request.getContainerRequest();
> > KeycloakSecurityContext securityContext = (KeycloakSecurityContext)
> > containerRequest.getAttribute(KeycloakSecurityContext.class.getName());
> >
> > Hope this helps.
> >
> > Sincerely,
> >
> > Jeroen
> >
> >
> > Op wo 10 apr. 2019 om 16:43 schreef Calin Pavel <ca...@gmail.com>:
> >
> > > Hi everybody,
> > >
> > > Did anybody integrated Wicket with Keycloak?
> > > Do you have any sample how this could be done - to restrict access to
> > > pages, to authenticate user ....
> > >
> > >
> > > Thank you,
> > > Calin Pavel
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> > > For additional commands, e-mail: users-help@wicket.apache.org
> > >
> > >
> >
> > --
> > Jeroen Steenbeeke
> >
>
--
Jeroen Steenbeeke
Re: Integrate Wicket with Keycloak
Posted by David Beer <da...@gmail.com>.
Hi Jeroen
This sounds good, I once tried to setup a link between Wicket and Keycloak,
would be good if you had a blog post, or posted this on the wicket site,
along with code examples on github. Just a thought.
Thanks
David
On Thu, 11 Apr 2019 at 09:23, Jeroen Steenbeeke <j....@gmail.com>
wrote:
> I've recently created an application that has a Wicket frontend (and Spring
> backend) authenticated by Keycloak. It's a relatively simple integration
> really, all pages require a valid Keycloak session, so it uses the default
> Keycloak servlet filter adapter:
>
>
> https://search.maven.org/artifact/org.keycloak/keycloak-servlet-filter-adapter/5.0.0/jar
>
> In my setup I've mapped the Keycloak filter to all URLs (before the Wicket
> filter). Using this filter is simply a matter of adding it to your web.xml
> and making sure you have a keycloak.json file in your WEB-INF folder.
>
> In Wicket, you can then get the Keycloak context from the RequestCycle:
>
> ServletWebRequest request = (ServletWebRequest)
> RequestCycle.get().getRequest();
> HttpServletRequest containerRequest = request.getContainerRequest();
> KeycloakSecurityContext securityContext = (KeycloakSecurityContext)
> containerRequest.getAttribute(KeycloakSecurityContext.class.getName());
>
> Hope this helps.
>
> Sincerely,
>
> Jeroen
>
>
> Op wo 10 apr. 2019 om 16:43 schreef Calin Pavel <ca...@gmail.com>:
>
> > Hi everybody,
> >
> > Did anybody integrated Wicket with Keycloak?
> > Do you have any sample how this could be done - to restrict access to
> > pages, to authenticate user ....
> >
> >
> > Thank you,
> > Calin Pavel
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> > For additional commands, e-mail: users-help@wicket.apache.org
> >
> >
>
> --
> Jeroen Steenbeeke
>
Re: Integrate Wicket with Keycloak
Posted by Jeroen Steenbeeke <j....@gmail.com>.
I've recently created an application that has a Wicket frontend (and Spring
backend) authenticated by Keycloak. It's a relatively simple integration
really, all pages require a valid Keycloak session, so it uses the default
Keycloak servlet filter adapter:
https://search.maven.org/artifact/org.keycloak/keycloak-servlet-filter-adapter/5.0.0/jar
In my setup I've mapped the Keycloak filter to all URLs (before the Wicket
filter). Using this filter is simply a matter of adding it to your web.xml
and making sure you have a keycloak.json file in your WEB-INF folder.
In Wicket, you can then get the Keycloak context from the RequestCycle:
ServletWebRequest request = (ServletWebRequest)
RequestCycle.get().getRequest();
HttpServletRequest containerRequest = request.getContainerRequest();
KeycloakSecurityContext securityContext = (KeycloakSecurityContext)
containerRequest.getAttribute(KeycloakSecurityContext.class.getName());
Hope this helps.
Sincerely,
Jeroen
Op wo 10 apr. 2019 om 16:43 schreef Calin Pavel <ca...@gmail.com>:
> Hi everybody,
>
> Did anybody integrated Wicket with Keycloak?
> Do you have any sample how this could be done - to restrict access to
> pages, to authenticate user ....
>
>
> Thank you,
> Calin Pavel
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
--
Jeroen Steenbeeke
Integrate Wicket with Keycloak
Posted by Calin Pavel <ca...@gmail.com>.
Hi everybody,
Did anybody integrated Wicket with Keycloak?
Do you have any sample how this could be done - to restrict access to
pages, to authenticate user ....
Thank you,
Calin Pavel
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Skip URL escape on redirect
Posted by Calin Pavel <ca...@gmail.com>.
Hi Martin,
It works fine if using this status code. Thank you for your help.
Calin Pavel
On 3/6/2019 5:47 PM, Martin Grigorov wrote:
> Hi,
>
> Use RedirectToUrlException(yourUrl, HttpServletResponse.SC_SEE_OTHER)
>
> See https://markmail.org/message/bis57nb2yecdgzqx for more details. It has
> been discussed last week.
>
> On Wed, Mar 6, 2019 at 5:02 PM Calin Pavel <ca...@gmail.com> wrote:
>
>> Hello,
>>
>> I'm doing a redirect from Wicket code like* throw new
>> RedirectToUrlException("
>> http://mydomain/file(1).txt?Signature=JdfsuerJQEWQA2");
>> *and this should redirect user to this page which is accessible if
>> signature is valid (checks if URL did not changed).
>>
>> But, when doing the redirect Wicket escapes the brackets - so browser
>> received in header
>> location=*http://mydomain/file%281%29.txt?Signature=JdfsuerJQEWQA2 *,
>> but the server does not accepts the request because signature does not
>> match this URL.
>>
>> For this:
>> 1. is there any other way to do the redirect without escaping URL?
>>
>> 2. is it a browser problem - it should unescape URL before doing
>> redirect? have some doubts, since all (Chrome, IE, Firefox) works the same
>> 3. would it be the responsibility of the targeted server to decode /
>> unescape URL and then check for the signature?
>>
>> Thank you,
>> Calin Pavel
>> *
>> *
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Skip URL escape on redirect
Posted by Martin Grigorov <mg...@apache.org>.
Hi,
Use RedirectToUrlException(yourUrl, HttpServletResponse.SC_SEE_OTHER)
See https://markmail.org/message/bis57nb2yecdgzqx for more details. It has
been discussed last week.
On Wed, Mar 6, 2019 at 5:02 PM Calin Pavel <ca...@gmail.com> wrote:
> Hello,
>
> I'm doing a redirect from Wicket code like* throw new
> RedirectToUrlException("
> http://mydomain/file(1).txt?Signature=JdfsuerJQEWQA2");
> *and this should redirect user to this page which is accessible if
> signature is valid (checks if URL did not changed).
>
> But, when doing the redirect Wicket escapes the brackets - so browser
> received in header
> location=*http://mydomain/file%281%29.txt?Signature=JdfsuerJQEWQA2 *,
> but the server does not accepts the request because signature does not
> match this URL.
>
> For this:
> 1. is there any other way to do the redirect without escaping URL?
>
> 2. is it a browser problem - it should unescape URL before doing
> redirect? have some doubts, since all (Chrome, IE, Firefox) works the same
> 3. would it be the responsibility of the targeted server to decode /
> unescape URL and then check for the signature?
>
> Thank you,
> Calin Pavel
> *
> *
>