You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Douglas Ferguson <do...@douglasferguson.us> on 2009/04/17 16:48:52 UTC
@SSLRequired
I'm implement an SSL scheme using annotations and I'm having some issues with redirecting properly.
The issue is when I have non-secured page that redirects to a secured page.
I'm doing the https/http redirecting inside of a WebRequestCycleProcessor, which works well unless there is a redirect prior to the ssl redirect. If this happens then I redirect back to the top of the chain, because I'm using the HttpServletRequest to build the url, which returns url info based on the orginal request. I've been looking all around and I can't find any way of building a url that represents the last redirect. I've tried
Application.get().getRequestCycleProcessor().getRequestCodingStrategy().pathForTarget(requestTarget);
and
RequestCycle.get().urlFor(requestTarget)
Here's my current impl for The RequestCycleProcessor.
WebRequest webRequest = (WebRequest) requestCycle .getRequest();
WebResponse webResponse = (WebResponse) requestCycle .getResponse();
HttpServletRequest httpServletRequest = webRequest.getHttpServletRequest();
StringBuffer url = new StringBuffer(protocol);
url.append(httpServletRequest.getServerName());
if(defaultPort != port){
url.append(":" + port);
}
url.append(webRequest.getHttpServletRequest().getContextPath());
url.append(webRequest.getServletPath());
String queryString = webRequest.getHttpServletRequest().getQueryString();
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: @SSLRequired
Posted by Igor Vaynberg <ig...@gmail.com>.
there are a couple of api-breaking refactors coming though, like the
generics thing for listview.
-igor
On Fri, Apr 17, 2009 at 12:08 PM, Jeremy Thomerson
<je...@wickettraining.com> wrote:
> Yes - 1.4 is stable enough for production. It is getting very near a final
> release. Many are already using it in production (I am on numerous apps)
> and have been for some time now.
>
> --
> Jeremy Thomerson
> http://www.wickettraining.com
>
>
>
> On Fri, Apr 17, 2009 at 1:40 PM, Douglas Ferguson <
> douglas@douglasferguson.us> wrote:
>
>> Is 1.4 ready for prime-time?
>>
>> If not, is there anything I could cull from that code for 1.3.5? Or any
>> other thoughts that might help?
>>
>>
>> Douglas
>>
>> -----Original Message-----
>> From: Igor Vaynberg [mailto:igor.vaynberg@gmail.com]
>> Sent: Friday, April 17, 2009 12:38 PM
>> To: users@wicket.apache.org
>> Subject: Re: @SSLRequired
>>
>> i just checked in org.apache.wicekt.protocol.https package that should
>> help with this. its in 1.4 only.
>>
>> -igor
>>
>> On Fri, Apr 17, 2009 at 8:52 AM, Ryan Gravener <ry...@ryangravener.com>
>> wrote:
>> > How about just having apache httpd rewrite the http(s) for the pages you
>> > need? I haven't yet did our ssl implementation, but I know that I don't
>> > want the logic in wicket.
>> >
>> > Ryan Gravener
>> > http://ryangravener.com/flex | http://twitter.com/ryangravener
>> >
>> >
>> > On Fri, Apr 17, 2009 at 11:27 AM, Douglas Ferguson <
>> > douglas@douglasferguson.us> wrote:
>> >
>> >> That's where I got my code..
>> >>
>> >> I'm hitting 2 issues
>> >>
>> >> 1) The ssl detection/redirect isn't happening till the end of the chain
>> and
>> >> when it redirects it redirects back to the top.
>> >> Ie. Page 1 is not secure, Page 2 is secure. Page one redirects to
>> >> Page 2.
>> >> If you go to page 1 then it attempts to redirect to page2 and then
>> >> wicket redirects to Page 1 with https..
>> >> I would prefer to go directly to Page 2, but I can't figure out how
>> to
>> >> build that url..
>> >> 2) My other issues is this:
>> >> else if (requestTarget instanceof IPageRequestTarget) {
>> >> targetClass = ((IPageRequestTarget)
>> >> requestTarget).getPage()
>> >> .getClass();
>> >> }
>> >> This means that if you redirect to a Page object which you have
>> >> constructed with special state, then this throws that object away and
>> wicket
>> >> will use default constructor.
>> >>
>> >> -----Original Message-----
>> >> From: snooplsm@gmail.com [mailto:snooplsm@gmail.com] On Behalf Of Ryan
>> >> Gravener
>> >> Sent: Friday, April 17, 2009 10:00 AM
>> >> To: users@wicket.apache.org
>> >> Subject: Re: @SSLRequired
>> >>
>> >> maybe this is of use:
>> >> http://cwiki.apache.org/WICKET/how-to-switch-to-ssl-mode.html
>> >>
>> >> Ryan Gravener
>> >> http://ryangravener.com/flex | http://twitter.com/ryangravener
>> >>
>> >>
>> >> On Fri, Apr 17, 2009 at 10:48 AM, Douglas Ferguson <
>> >> douglas@douglasferguson.us> wrote:
>> >>
>> >> > I'm implement an SSL scheme using annotations and I'm having some
>> issues
>> >> > with redirecting properly.
>> >> >
>> >> > The issue is when I have non-secured page that redirects to a secured
>> >> page.
>> >> >
>> >> > I'm doing the https/http redirecting inside of a
>> >> WebRequestCycleProcessor,
>> >> > which works well unless there is a redirect prior to the ssl redirect.
>> If
>> >> > this happens then I redirect back to the top of the chain, because I'm
>> >> using
>> >> > the HttpServletRequest to build the url, which returns url info based
>> on
>> >> the
>> >> > orginal request. I've been looking all around and I can't find any way
>> of
>> >> > building a url that represents the last redirect. I've tried
>> >> >
>> >> >
>> >> >
>> >>
>> Application.get().getRequestCycleProcessor().getRequestCodingStrategy().pathForTarget(requestTarget);
>> >> > and
>> >> > RequestCycle.get().urlFor(requestTarget)
>> >> >
>> >> > Here's my current impl for The RequestCycleProcessor.
>> >> >
>> >> >
>> >> > WebRequest webRequest = (WebRequest) requestCycle
>> .getRequest();
>> >> > WebResponse webResponse = (WebResponse) requestCycle
>> >> .getResponse();
>> >> > HttpServletRequest httpServletRequest =
>> >> > webRequest.getHttpServletRequest();
>> >> > StringBuffer url = new StringBuffer(protocol);
>> >> > url.append(httpServletRequest.getServerName());
>> >> > if(defaultPort != port){
>> >> > url.append(":" + port);
>> >> > }
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > url.append(webRequest.getHttpServletRequest().getContextPath());
>> >> > url.append(webRequest.getServletPath());
>> >> > String queryString =
>> >> > webRequest.getHttpServletRequest().getQueryString();
>> >> >
>> >> > ---------------------------------------------------------------------
>> >> > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> >> > For additional commands, e-mail: users-help@wicket.apache.org
>> >> >
>> >> >
>> >>
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: @SSLRequired
Posted by Igor Vaynberg <ig...@gmail.com>.
huh?
if you call setresponsepage(new page2()) this will not create a
bookmarkable page request target, if it did then these kinds of links
wouldnt work regardless of http or https.
-igor
On Fri, Apr 17, 2009 at 3:35 PM, Douglas Ferguson
<do...@douglasferguson.us> wrote:
> Ok.. I had a chance to look at the code.
>
> It will have the same problem as my code.
>
> 1) Page1 (doesn't require https)
> Page2 (requires https)
> I load Page1 and it detects a situation that requires it to load Page2.
> The redirect is done inside wicket using setResponsePage(page2)
> The requestCyledProcessor will intercept this after the internarl redirect
> at which point it sees Page2 on the target and realizes it needs to redirect to https
> When it redirects it uses the httpservlet request to build a new url and changing the protocol.
> Since the orginal request was made for Page1, wicket will request Page1 (this constructing another object), when then we redirect to Page2 again, if loading these pages causing side effects, these side effects will happen twice!
> 2) Page1 (doesn't required https)
> Page2 (required https)
> Page1 does a redirect to Pages using setResponsePage(new Page2(..specialParameters..))
> The internal redirect will trigger a protocol change, which triggers this code
> else if (target instanceof IBookmarkablePageRequestTarget)
> {
> return ((IBookmarkablePageRequestTarget)target).getPageClass();
> }
> Which means that the instantiated Page2 that you expecting to redirect to will be thrown away
> and wicket will do a new instance on the Page2.getClass()
>
>
>
>
> -----Original Message-----
> From: Jeremy Thomerson [mailto:jeremy@wickettraining.com]
> Sent: Friday, April 17, 2009 2:55 PM
> To: users@wicket.apache.org
> Subject: Re: @SSLRequired
>
> Go to wicket.apache.org - in the left bar near the bottom there are links to
> the source repo and to the fisheye view.
>
> --
> Jeremy Thomerson
> http://www.wickettraining.com
>
>
>
> On Fri, Apr 17, 2009 at 2:30 PM, Douglas Ferguson <
> douglas@douglasferguson.us> wrote:
>
>> Where cab I view it online I don't see it in the javadoc
>>
>> Douglas Ferguson
>> 512-293-7279
>> Sent from my iPhone
>>
>> On Apr 17, 2009, at 1:52 PM, "Igor Vaynberg" <ig...@gmail.com>
>> wrote:
>>
>> > see org.apache.wicket.protocol.https package
>> >
>> > -igor
>> >
>> > On Fri, Apr 17, 2009 at 11:40 AM, Douglas Ferguson
>> > <do...@douglasferguson.us> wrote:
>> >> Is 1.4 ready for prime-time?
>> >>
>> >> If not, is there anything I could cull from that code for 1.3.5? Or
>> >> any other thoughts that might help?
>> >>
>> >>
>> >> Douglas
>> >>
>> >> -----Original Message-----
>> >> From: Igor Vaynberg [mailto:igor.vaynberg@gmail.com]
>> >> Sent: Friday, April 17, 2009 12:38 PM
>> >> To: users@wicket.apache.org
>> >> Subject: Re: @SSLRequired
>> >>
>> >> i just checked in org.apache.wicekt.protocol.https package that
>> >> should
>> >> help with this. its in 1.4 only.
>> >>
>> >> -igor
>> >>
>> >> On Fri, Apr 17, 2009 at 8:52 AM, Ryan Gravener
>> >> <ry...@ryangravener.com> wrote:
>> >>> How about just having apache httpd rewrite the http(s) for the
>> >>> pages you
>> >>> need? I haven't yet did our ssl implementation, but I know that I
>> >>> don't
>> >>> want the logic in wicket.
>> >>>
>> >>> Ryan Gravener
>> >>> http://ryangravener.com/flex | http://twitter.com/ryangravener
>> >>>
>> >>>
>> >>> On Fri, Apr 17, 2009 at 11:27 AM, Douglas Ferguson <
>> >>> douglas@douglasferguson.us> wrote:
>> >>>
>> >>>> That's where I got my code..
>> >>>>
>> >>>> I'm hitting 2 issues
>> >>>>
>> >>>> 1) The ssl detection/redirect isn't happening till the end of the
>> >>>> chain and
>> >>>> when it redirects it redirects back to the top.
>> >>>> Ie. Page 1 is not secure, Page 2 is secure. Page one
>> >>>> redirects to
>> >>>> Page 2.
>> >>>> If you go to page 1 then it attempts to redirect to page2
>> >>>> and then
>> >>>> wicket redirects to Page 1 with https..
>> >>>> I would prefer to go directly to Page 2, but I can't figure
>> >>>> out how to
>> >>>> build that url..
>> >>>> 2) My other issues is this:
>> >>>> else if (requestTarget instanceof IPageRequestTarget) {
>> >>>> targetClass = ((IPageRequestTarget)
>> >>>> requestTarget).getPage()
>> >>>> .getClass();
>> >>>> }
>> >>>> This means that if you redirect to a Page object which you have
>> >>>> constructed with special state, then this throws that object away
>> >>>> and wicket
>> >>>> will use default constructor.
>> >>>>
>> >>>> -----Original Message-----
>> >>>> From: snooplsm@gmail.com [mailto:snooplsm@gmail.com] On Behalf Of
>> >>>> Ryan
>> >>>> Gravener
>> >>>> Sent: Friday, April 17, 2009 10:00 AM
>> >>>> To: users@wicket.apache.org
>> >>>> Subject: Re: @SSLRequired
>> >>>>
>> >>>> maybe this is of use:
>> >>>> http://cwiki.apache.org/WICKET/how-to-switch-to-ssl-mode.html
>> >>>>
>> >>>> Ryan Gravener
>> >>>> http://ryangravener.com/flex | http://twitter.com/ryangravener
>> >>>>
>> >>>>
>> >>>> On Fri, Apr 17, 2009 at 10:48 AM, Douglas Ferguson <
>> >>>> douglas@douglasferguson.us> wrote:
>> >>>>
>> >>>>> I'm implement an SSL scheme using annotations and I'm having
>> >>>>> some issues
>> >>>>> with redirecting properly.
>> >>>>>
>> >>>>> The issue is when I have non-secured page that redirects to a
>> >>>>> secured
>> >>>> page.
>> >>>>>
>> >>>>> I'm doing the https/http redirecting inside of a
>> >>>> WebRequestCycleProcessor,
>> >>>>> which works well unless there is a redirect prior to the ssl
>> >>>>> redirect. If
>> >>>>> this happens then I redirect back to the top of the chain,
>> >>>>> because I'm
>> >>>> using
>> >>>>> the HttpServletRequest to build the url, which returns url info
>> >>>>> based on
>> >>>> the
>> >>>>> orginal request. I've been looking all around and I can't find
>> >>>>> any way of
>> >>>>> building a url that represents the last redirect. I've tried
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>> Application.
>> >>>> get(
>> >>>> ).g
>> >>>> etRequestCycleProcessor(
>> >>>> ).getRequestCodingStrategy().pathForTarget(requestTarget);
>> >>>>> and
>> >>>>> RequestCycle.get().urlFor(requestTarget)
>> >>>>>
>> >>>>> Here's my current impl for The RequestCycleProcessor.
>> >>>>>
>> >>>>>
>> >>>>> WebRequest webRequest = (WebRequest)
>> >>>>> requestCycle .getRequest();
>> >>>>> WebResponse webResponse = (WebResponse) requestCycle
>> >>>> .getResponse();
>> >>>>> HttpServletRequest httpServletRequest =
>> >>>>> webRequest.getHttpServletRequest();
>> >>>>> StringBuffer url = new StringBuffer(protocol);
>> >>>>> url.append(httpServletRequest.getServerName());
>> >>>>> if(defaultPort != port){
>> >>>>> url.append(":" + port);
>> >>>>> }
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>> url.append(webRequest.getHttpServletRequest().getContextPath());
>> >>>>> url.append(webRequest.getServletPath());
>> >>>>> String queryString =
>> >>>>> webRequest.getHttpServletRequest().getQueryString();
>> >>>>>
>> >>>>> ---
>> >>>>> ------------------------------------------------------------------
>> >>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> >>>>> For additional commands, e-mail: users-help@wicket.apache.org
>> >>>>>
>> >>>>>
>> >>>>
>> >>>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> >> For additional commands, e-mail: users-help@wicket.apache.org
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> >> For additional commands, e-mail: users-help@wicket.apache.org
>> >>
>> >>
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> > For additional commands, e-mail: users-help@wicket.apache.org
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
RE: @SSLRequired
Posted by Douglas Ferguson <do...@douglasferguson.us>.
Ok.. I had a chance to look at the code.
It will have the same problem as my code.
1) Page1 (doesn't require https)
Page2 (requires https)
I load Page1 and it detects a situation that requires it to load Page2.
The redirect is done inside wicket using setResponsePage(page2)
The requestCyledProcessor will intercept this after the internarl redirect
at which point it sees Page2 on the target and realizes it needs to redirect to https
When it redirects it uses the httpservlet request to build a new url and changing the protocol.
Since the orginal request was made for Page1, wicket will request Page1 (this constructing another object), when then we redirect to Page2 again, if loading these pages causing side effects, these side effects will happen twice!
2) Page1 (doesn't required https)
Page2 (required https)
Page1 does a redirect to Pages using setResponsePage(new Page2(..specialParameters..))
The internal redirect will trigger a protocol change, which triggers this code
else if (target instanceof IBookmarkablePageRequestTarget)
{
return ((IBookmarkablePageRequestTarget)target).getPageClass();
}
Which means that the instantiated Page2 that you expecting to redirect to will be thrown away
and wicket will do a new instance on the Page2.getClass()
-----Original Message-----
From: Jeremy Thomerson [mailto:jeremy@wickettraining.com]
Sent: Friday, April 17, 2009 2:55 PM
To: users@wicket.apache.org
Subject: Re: @SSLRequired
Go to wicket.apache.org - in the left bar near the bottom there are links to
the source repo and to the fisheye view.
--
Jeremy Thomerson
http://www.wickettraining.com
On Fri, Apr 17, 2009 at 2:30 PM, Douglas Ferguson <
douglas@douglasferguson.us> wrote:
> Where cab I view it online I don't see it in the javadoc
>
> Douglas Ferguson
> 512-293-7279
> Sent from my iPhone
>
> On Apr 17, 2009, at 1:52 PM, "Igor Vaynberg" <ig...@gmail.com>
> wrote:
>
> > see org.apache.wicket.protocol.https package
> >
> > -igor
> >
> > On Fri, Apr 17, 2009 at 11:40 AM, Douglas Ferguson
> > <do...@douglasferguson.us> wrote:
> >> Is 1.4 ready for prime-time?
> >>
> >> If not, is there anything I could cull from that code for 1.3.5? Or
> >> any other thoughts that might help?
> >>
> >>
> >> Douglas
> >>
> >> -----Original Message-----
> >> From: Igor Vaynberg [mailto:igor.vaynberg@gmail.com]
> >> Sent: Friday, April 17, 2009 12:38 PM
> >> To: users@wicket.apache.org
> >> Subject: Re: @SSLRequired
> >>
> >> i just checked in org.apache.wicekt.protocol.https package that
> >> should
> >> help with this. its in 1.4 only.
> >>
> >> -igor
> >>
> >> On Fri, Apr 17, 2009 at 8:52 AM, Ryan Gravener
> >> <ry...@ryangravener.com> wrote:
> >>> How about just having apache httpd rewrite the http(s) for the
> >>> pages you
> >>> need? I haven't yet did our ssl implementation, but I know that I
> >>> don't
> >>> want the logic in wicket.
> >>>
> >>> Ryan Gravener
> >>> http://ryangravener.com/flex | http://twitter.com/ryangravener
> >>>
> >>>
> >>> On Fri, Apr 17, 2009 at 11:27 AM, Douglas Ferguson <
> >>> douglas@douglasferguson.us> wrote:
> >>>
> >>>> That's where I got my code..
> >>>>
> >>>> I'm hitting 2 issues
> >>>>
> >>>> 1) The ssl detection/redirect isn't happening till the end of the
> >>>> chain and
> >>>> when it redirects it redirects back to the top.
> >>>> Ie. Page 1 is not secure, Page 2 is secure. Page one
> >>>> redirects to
> >>>> Page 2.
> >>>> If you go to page 1 then it attempts to redirect to page2
> >>>> and then
> >>>> wicket redirects to Page 1 with https..
> >>>> I would prefer to go directly to Page 2, but I can't figure
> >>>> out how to
> >>>> build that url..
> >>>> 2) My other issues is this:
> >>>> else if (requestTarget instanceof IPageRequestTarget) {
> >>>> targetClass = ((IPageRequestTarget)
> >>>> requestTarget).getPage()
> >>>> .getClass();
> >>>> }
> >>>> This means that if you redirect to a Page object which you have
> >>>> constructed with special state, then this throws that object away
> >>>> and wicket
> >>>> will use default constructor.
> >>>>
> >>>> -----Original Message-----
> >>>> From: snooplsm@gmail.com [mailto:snooplsm@gmail.com] On Behalf Of
> >>>> Ryan
> >>>> Gravener
> >>>> Sent: Friday, April 17, 2009 10:00 AM
> >>>> To: users@wicket.apache.org
> >>>> Subject: Re: @SSLRequired
> >>>>
> >>>> maybe this is of use:
> >>>> http://cwiki.apache.org/WICKET/how-to-switch-to-ssl-mode.html
> >>>>
> >>>> Ryan Gravener
> >>>> http://ryangravener.com/flex | http://twitter.com/ryangravener
> >>>>
> >>>>
> >>>> On Fri, Apr 17, 2009 at 10:48 AM, Douglas Ferguson <
> >>>> douglas@douglasferguson.us> wrote:
> >>>>
> >>>>> I'm implement an SSL scheme using annotations and I'm having
> >>>>> some issues
> >>>>> with redirecting properly.
> >>>>>
> >>>>> The issue is when I have non-secured page that redirects to a
> >>>>> secured
> >>>> page.
> >>>>>
> >>>>> I'm doing the https/http redirecting inside of a
> >>>> WebRequestCycleProcessor,
> >>>>> which works well unless there is a redirect prior to the ssl
> >>>>> redirect. If
> >>>>> this happens then I redirect back to the top of the chain,
> >>>>> because I'm
> >>>> using
> >>>>> the HttpServletRequest to build the url, which returns url info
> >>>>> based on
> >>>> the
> >>>>> orginal request. I've been looking all around and I can't find
> >>>>> any way of
> >>>>> building a url that represents the last redirect. I've tried
> >>>>>
> >>>>>
> >>>>>
> >>>> Application.
> >>>> get(
> >>>> ).g
> >>>> etRequestCycleProcessor(
> >>>> ).getRequestCodingStrategy().pathForTarget(requestTarget);
> >>>>> and
> >>>>> RequestCycle.get().urlFor(requestTarget)
> >>>>>
> >>>>> Here's my current impl for The RequestCycleProcessor.
> >>>>>
> >>>>>
> >>>>> WebRequest webRequest = (WebRequest)
> >>>>> requestCycle .getRequest();
> >>>>> WebResponse webResponse = (WebResponse) requestCycle
> >>>> .getResponse();
> >>>>> HttpServletRequest httpServletRequest =
> >>>>> webRequest.getHttpServletRequest();
> >>>>> StringBuffer url = new StringBuffer(protocol);
> >>>>> url.append(httpServletRequest.getServerName());
> >>>>> if(defaultPort != port){
> >>>>> url.append(":" + port);
> >>>>> }
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> url.append(webRequest.getHttpServletRequest().getContextPath());
> >>>>> url.append(webRequest.getServletPath());
> >>>>> String queryString =
> >>>>> webRequest.getHttpServletRequest().getQueryString();
> >>>>>
> >>>>> ---
> >>>>> ------------------------------------------------------------------
> >>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> >>>>> For additional commands, e-mail: users-help@wicket.apache.org
> >>>>>
> >>>>>
> >>>>
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> >> For additional commands, e-mail: users-help@wicket.apache.org
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> >> For additional commands, e-mail: users-help@wicket.apache.org
> >>
> >>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> > For additional commands, e-mail: users-help@wicket.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: @SSLRequired
Posted by Jeremy Thomerson <je...@wickettraining.com>.
Go to wicket.apache.org - in the left bar near the bottom there are links to
the source repo and to the fisheye view.
--
Jeremy Thomerson
http://www.wickettraining.com
On Fri, Apr 17, 2009 at 2:30 PM, Douglas Ferguson <
douglas@douglasferguson.us> wrote:
> Where cab I view it online I don't see it in the javadoc
>
> Douglas Ferguson
> 512-293-7279
> Sent from my iPhone
>
> On Apr 17, 2009, at 1:52 PM, "Igor Vaynberg" <ig...@gmail.com>
> wrote:
>
> > see org.apache.wicket.protocol.https package
> >
> > -igor
> >
> > On Fri, Apr 17, 2009 at 11:40 AM, Douglas Ferguson
> > <do...@douglasferguson.us> wrote:
> >> Is 1.4 ready for prime-time?
> >>
> >> If not, is there anything I could cull from that code for 1.3.5? Or
> >> any other thoughts that might help?
> >>
> >>
> >> Douglas
> >>
> >> -----Original Message-----
> >> From: Igor Vaynberg [mailto:igor.vaynberg@gmail.com]
> >> Sent: Friday, April 17, 2009 12:38 PM
> >> To: users@wicket.apache.org
> >> Subject: Re: @SSLRequired
> >>
> >> i just checked in org.apache.wicekt.protocol.https package that
> >> should
> >> help with this. its in 1.4 only.
> >>
> >> -igor
> >>
> >> On Fri, Apr 17, 2009 at 8:52 AM, Ryan Gravener
> >> <ry...@ryangravener.com> wrote:
> >>> How about just having apache httpd rewrite the http(s) for the
> >>> pages you
> >>> need? I haven't yet did our ssl implementation, but I know that I
> >>> don't
> >>> want the logic in wicket.
> >>>
> >>> Ryan Gravener
> >>> http://ryangravener.com/flex | http://twitter.com/ryangravener
> >>>
> >>>
> >>> On Fri, Apr 17, 2009 at 11:27 AM, Douglas Ferguson <
> >>> douglas@douglasferguson.us> wrote:
> >>>
> >>>> That's where I got my code..
> >>>>
> >>>> I'm hitting 2 issues
> >>>>
> >>>> 1) The ssl detection/redirect isn't happening till the end of the
> >>>> chain and
> >>>> when it redirects it redirects back to the top.
> >>>> Ie. Page 1 is not secure, Page 2 is secure. Page one
> >>>> redirects to
> >>>> Page 2.
> >>>> If you go to page 1 then it attempts to redirect to page2
> >>>> and then
> >>>> wicket redirects to Page 1 with https..
> >>>> I would prefer to go directly to Page 2, but I can't figure
> >>>> out how to
> >>>> build that url..
> >>>> 2) My other issues is this:
> >>>> else if (requestTarget instanceof IPageRequestTarget) {
> >>>> targetClass = ((IPageRequestTarget)
> >>>> requestTarget).getPage()
> >>>> .getClass();
> >>>> }
> >>>> This means that if you redirect to a Page object which you have
> >>>> constructed with special state, then this throws that object away
> >>>> and wicket
> >>>> will use default constructor.
> >>>>
> >>>> -----Original Message-----
> >>>> From: snooplsm@gmail.com [mailto:snooplsm@gmail.com] On Behalf Of
> >>>> Ryan
> >>>> Gravener
> >>>> Sent: Friday, April 17, 2009 10:00 AM
> >>>> To: users@wicket.apache.org
> >>>> Subject: Re: @SSLRequired
> >>>>
> >>>> maybe this is of use:
> >>>> http://cwiki.apache.org/WICKET/how-to-switch-to-ssl-mode.html
> >>>>
> >>>> Ryan Gravener
> >>>> http://ryangravener.com/flex | http://twitter.com/ryangravener
> >>>>
> >>>>
> >>>> On Fri, Apr 17, 2009 at 10:48 AM, Douglas Ferguson <
> >>>> douglas@douglasferguson.us> wrote:
> >>>>
> >>>>> I'm implement an SSL scheme using annotations and I'm having
> >>>>> some issues
> >>>>> with redirecting properly.
> >>>>>
> >>>>> The issue is when I have non-secured page that redirects to a
> >>>>> secured
> >>>> page.
> >>>>>
> >>>>> I'm doing the https/http redirecting inside of a
> >>>> WebRequestCycleProcessor,
> >>>>> which works well unless there is a redirect prior to the ssl
> >>>>> redirect. If
> >>>>> this happens then I redirect back to the top of the chain,
> >>>>> because I'm
> >>>> using
> >>>>> the HttpServletRequest to build the url, which returns url info
> >>>>> based on
> >>>> the
> >>>>> orginal request. I've been looking all around and I can't find
> >>>>> any way of
> >>>>> building a url that represents the last redirect. I've tried
> >>>>>
> >>>>>
> >>>>>
> >>>> Application.
> >>>> get(
> >>>> ).g
> >>>> etRequestCycleProcessor(
> >>>> ).getRequestCodingStrategy().pathForTarget(requestTarget);
> >>>>> and
> >>>>> RequestCycle.get().urlFor(requestTarget)
> >>>>>
> >>>>> Here's my current impl for The RequestCycleProcessor.
> >>>>>
> >>>>>
> >>>>> WebRequest webRequest = (WebRequest)
> >>>>> requestCycle .getRequest();
> >>>>> WebResponse webResponse = (WebResponse) requestCycle
> >>>> .getResponse();
> >>>>> HttpServletRequest httpServletRequest =
> >>>>> webRequest.getHttpServletRequest();
> >>>>> StringBuffer url = new StringBuffer(protocol);
> >>>>> url.append(httpServletRequest.getServerName());
> >>>>> if(defaultPort != port){
> >>>>> url.append(":" + port);
> >>>>> }
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> url.append(webRequest.getHttpServletRequest().getContextPath());
> >>>>> url.append(webRequest.getServletPath());
> >>>>> String queryString =
> >>>>> webRequest.getHttpServletRequest().getQueryString();
> >>>>>
> >>>>> ---
> >>>>> ------------------------------------------------------------------
> >>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> >>>>> For additional commands, e-mail: users-help@wicket.apache.org
> >>>>>
> >>>>>
> >>>>
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> >> For additional commands, e-mail: users-help@wicket.apache.org
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> >> For additional commands, e-mail: users-help@wicket.apache.org
> >>
> >>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> > For additional commands, e-mail: users-help@wicket.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
Re: @SSLRequired
Posted by Douglas Ferguson <do...@douglasferguson.us>.
Where cab I view it online I don't see it in the javadoc
Douglas Ferguson
512-293-7279
Sent from my iPhone
On Apr 17, 2009, at 1:52 PM, "Igor Vaynberg" <ig...@gmail.com>
wrote:
> see org.apache.wicket.protocol.https package
>
> -igor
>
> On Fri, Apr 17, 2009 at 11:40 AM, Douglas Ferguson
> <do...@douglasferguson.us> wrote:
>> Is 1.4 ready for prime-time?
>>
>> If not, is there anything I could cull from that code for 1.3.5? Or
>> any other thoughts that might help?
>>
>>
>> Douglas
>>
>> -----Original Message-----
>> From: Igor Vaynberg [mailto:igor.vaynberg@gmail.com]
>> Sent: Friday, April 17, 2009 12:38 PM
>> To: users@wicket.apache.org
>> Subject: Re: @SSLRequired
>>
>> i just checked in org.apache.wicekt.protocol.https package that
>> should
>> help with this. its in 1.4 only.
>>
>> -igor
>>
>> On Fri, Apr 17, 2009 at 8:52 AM, Ryan Gravener
>> <ry...@ryangravener.com> wrote:
>>> How about just having apache httpd rewrite the http(s) for the
>>> pages you
>>> need? I haven't yet did our ssl implementation, but I know that I
>>> don't
>>> want the logic in wicket.
>>>
>>> Ryan Gravener
>>> http://ryangravener.com/flex | http://twitter.com/ryangravener
>>>
>>>
>>> On Fri, Apr 17, 2009 at 11:27 AM, Douglas Ferguson <
>>> douglas@douglasferguson.us> wrote:
>>>
>>>> That's where I got my code..
>>>>
>>>> I'm hitting 2 issues
>>>>
>>>> 1) The ssl detection/redirect isn't happening till the end of the
>>>> chain and
>>>> when it redirects it redirects back to the top.
>>>> Ie. Page 1 is not secure, Page 2 is secure. Page one
>>>> redirects to
>>>> Page 2.
>>>> If you go to page 1 then it attempts to redirect to page2
>>>> and then
>>>> wicket redirects to Page 1 with https..
>>>> I would prefer to go directly to Page 2, but I can't figure
>>>> out how to
>>>> build that url..
>>>> 2) My other issues is this:
>>>> else if (requestTarget instanceof IPageRequestTarget) {
>>>> targetClass = ((IPageRequestTarget)
>>>> requestTarget).getPage()
>>>> .getClass();
>>>> }
>>>> This means that if you redirect to a Page object which you have
>>>> constructed with special state, then this throws that object away
>>>> and wicket
>>>> will use default constructor.
>>>>
>>>> -----Original Message-----
>>>> From: snooplsm@gmail.com [mailto:snooplsm@gmail.com] On Behalf Of
>>>> Ryan
>>>> Gravener
>>>> Sent: Friday, April 17, 2009 10:00 AM
>>>> To: users@wicket.apache.org
>>>> Subject: Re: @SSLRequired
>>>>
>>>> maybe this is of use:
>>>> http://cwiki.apache.org/WICKET/how-to-switch-to-ssl-mode.html
>>>>
>>>> Ryan Gravener
>>>> http://ryangravener.com/flex | http://twitter.com/ryangravener
>>>>
>>>>
>>>> On Fri, Apr 17, 2009 at 10:48 AM, Douglas Ferguson <
>>>> douglas@douglasferguson.us> wrote:
>>>>
>>>>> I'm implement an SSL scheme using annotations and I'm having
>>>>> some issues
>>>>> with redirecting properly.
>>>>>
>>>>> The issue is when I have non-secured page that redirects to a
>>>>> secured
>>>> page.
>>>>>
>>>>> I'm doing the https/http redirecting inside of a
>>>> WebRequestCycleProcessor,
>>>>> which works well unless there is a redirect prior to the ssl
>>>>> redirect. If
>>>>> this happens then I redirect back to the top of the chain,
>>>>> because I'm
>>>> using
>>>>> the HttpServletRequest to build the url, which returns url info
>>>>> based on
>>>> the
>>>>> orginal request. I've been looking all around and I can't find
>>>>> any way of
>>>>> building a url that represents the last redirect. I've tried
>>>>>
>>>>>
>>>>>
>>>> Application.
>>>> get(
>>>> ).g
>>>> etRequestCycleProcessor(
>>>> ).getRequestCodingStrategy().pathForTarget(requestTarget);
>>>>> and
>>>>> RequestCycle.get().urlFor(requestTarget)
>>>>>
>>>>> Here's my current impl for The RequestCycleProcessor.
>>>>>
>>>>>
>>>>> WebRequest webRequest = (WebRequest)
>>>>> requestCycle .getRequest();
>>>>> WebResponse webResponse = (WebResponse) requestCycle
>>>> .getResponse();
>>>>> HttpServletRequest httpServletRequest =
>>>>> webRequest.getHttpServletRequest();
>>>>> StringBuffer url = new StringBuffer(protocol);
>>>>> url.append(httpServletRequest.getServerName());
>>>>> if(defaultPort != port){
>>>>> url.append(":" + port);
>>>>> }
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> url.append(webRequest.getHttpServletRequest().getContextPath());
>>>>> url.append(webRequest.getServletPath());
>>>>> String queryString =
>>>>> webRequest.getHttpServletRequest().getQueryString();
>>>>>
>>>>> ---
>>>>> ------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>
>>>>>
>>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: @SSLRequired
Posted by Igor Vaynberg <ig...@gmail.com>.
see org.apache.wicket.protocol.https package
-igor
On Fri, Apr 17, 2009 at 11:40 AM, Douglas Ferguson
<do...@douglasferguson.us> wrote:
> Is 1.4 ready for prime-time?
>
> If not, is there anything I could cull from that code for 1.3.5? Or any other thoughts that might help?
>
>
> Douglas
>
> -----Original Message-----
> From: Igor Vaynberg [mailto:igor.vaynberg@gmail.com]
> Sent: Friday, April 17, 2009 12:38 PM
> To: users@wicket.apache.org
> Subject: Re: @SSLRequired
>
> i just checked in org.apache.wicekt.protocol.https package that should
> help with this. its in 1.4 only.
>
> -igor
>
> On Fri, Apr 17, 2009 at 8:52 AM, Ryan Gravener <ry...@ryangravener.com> wrote:
>> How about just having apache httpd rewrite the http(s) for the pages you
>> need? I haven't yet did our ssl implementation, but I know that I don't
>> want the logic in wicket.
>>
>> Ryan Gravener
>> http://ryangravener.com/flex | http://twitter.com/ryangravener
>>
>>
>> On Fri, Apr 17, 2009 at 11:27 AM, Douglas Ferguson <
>> douglas@douglasferguson.us> wrote:
>>
>>> That's where I got my code..
>>>
>>> I'm hitting 2 issues
>>>
>>> 1) The ssl detection/redirect isn't happening till the end of the chain and
>>> when it redirects it redirects back to the top.
>>> Ie. Page 1 is not secure, Page 2 is secure. Page one redirects to
>>> Page 2.
>>> If you go to page 1 then it attempts to redirect to page2 and then
>>> wicket redirects to Page 1 with https..
>>> I would prefer to go directly to Page 2, but I can't figure out how to
>>> build that url..
>>> 2) My other issues is this:
>>> else if (requestTarget instanceof IPageRequestTarget) {
>>> targetClass = ((IPageRequestTarget)
>>> requestTarget).getPage()
>>> .getClass();
>>> }
>>> This means that if you redirect to a Page object which you have
>>> constructed with special state, then this throws that object away and wicket
>>> will use default constructor.
>>>
>>> -----Original Message-----
>>> From: snooplsm@gmail.com [mailto:snooplsm@gmail.com] On Behalf Of Ryan
>>> Gravener
>>> Sent: Friday, April 17, 2009 10:00 AM
>>> To: users@wicket.apache.org
>>> Subject: Re: @SSLRequired
>>>
>>> maybe this is of use:
>>> http://cwiki.apache.org/WICKET/how-to-switch-to-ssl-mode.html
>>>
>>> Ryan Gravener
>>> http://ryangravener.com/flex | http://twitter.com/ryangravener
>>>
>>>
>>> On Fri, Apr 17, 2009 at 10:48 AM, Douglas Ferguson <
>>> douglas@douglasferguson.us> wrote:
>>>
>>> > I'm implement an SSL scheme using annotations and I'm having some issues
>>> > with redirecting properly.
>>> >
>>> > The issue is when I have non-secured page that redirects to a secured
>>> page.
>>> >
>>> > I'm doing the https/http redirecting inside of a
>>> WebRequestCycleProcessor,
>>> > which works well unless there is a redirect prior to the ssl redirect. If
>>> > this happens then I redirect back to the top of the chain, because I'm
>>> using
>>> > the HttpServletRequest to build the url, which returns url info based on
>>> the
>>> > orginal request. I've been looking all around and I can't find any way of
>>> > building a url that represents the last redirect. I've tried
>>> >
>>> >
>>> >
>>> Application.get().getRequestCycleProcessor().getRequestCodingStrategy().pathForTarget(requestTarget);
>>> > and
>>> > RequestCycle.get().urlFor(requestTarget)
>>> >
>>> > Here's my current impl for The RequestCycleProcessor.
>>> >
>>> >
>>> > WebRequest webRequest = (WebRequest) requestCycle .getRequest();
>>> > WebResponse webResponse = (WebResponse) requestCycle
>>> .getResponse();
>>> > HttpServletRequest httpServletRequest =
>>> > webRequest.getHttpServletRequest();
>>> > StringBuffer url = new StringBuffer(protocol);
>>> > url.append(httpServletRequest.getServerName());
>>> > if(defaultPort != port){
>>> > url.append(":" + port);
>>> > }
>>> >
>>> >
>>> >
>>> >
>>> > url.append(webRequest.getHttpServletRequest().getContextPath());
>>> > url.append(webRequest.getServletPath());
>>> > String queryString =
>>> > webRequest.getHttpServletRequest().getQueryString();
>>> >
>>> > ---------------------------------------------------------------------
>>> > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> > For additional commands, e-mail: users-help@wicket.apache.org
>>> >
>>> >
>>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: @SSLRequired
Posted by Jeremy Thomerson <je...@wickettraining.com>.
Yes - 1.4 is stable enough for production. It is getting very near a final
release. Many are already using it in production (I am on numerous apps)
and have been for some time now.
--
Jeremy Thomerson
http://www.wickettraining.com
On Fri, Apr 17, 2009 at 1:40 PM, Douglas Ferguson <
douglas@douglasferguson.us> wrote:
> Is 1.4 ready for prime-time?
>
> If not, is there anything I could cull from that code for 1.3.5? Or any
> other thoughts that might help?
>
>
> Douglas
>
> -----Original Message-----
> From: Igor Vaynberg [mailto:igor.vaynberg@gmail.com]
> Sent: Friday, April 17, 2009 12:38 PM
> To: users@wicket.apache.org
> Subject: Re: @SSLRequired
>
> i just checked in org.apache.wicekt.protocol.https package that should
> help with this. its in 1.4 only.
>
> -igor
>
> On Fri, Apr 17, 2009 at 8:52 AM, Ryan Gravener <ry...@ryangravener.com>
> wrote:
> > How about just having apache httpd rewrite the http(s) for the pages you
> > need? I haven't yet did our ssl implementation, but I know that I don't
> > want the logic in wicket.
> >
> > Ryan Gravener
> > http://ryangravener.com/flex | http://twitter.com/ryangravener
> >
> >
> > On Fri, Apr 17, 2009 at 11:27 AM, Douglas Ferguson <
> > douglas@douglasferguson.us> wrote:
> >
> >> That's where I got my code..
> >>
> >> I'm hitting 2 issues
> >>
> >> 1) The ssl detection/redirect isn't happening till the end of the chain
> and
> >> when it redirects it redirects back to the top.
> >> Ie. Page 1 is not secure, Page 2 is secure. Page one redirects to
> >> Page 2.
> >> If you go to page 1 then it attempts to redirect to page2 and then
> >> wicket redirects to Page 1 with https..
> >> I would prefer to go directly to Page 2, but I can't figure out how
> to
> >> build that url..
> >> 2) My other issues is this:
> >> else if (requestTarget instanceof IPageRequestTarget) {
> >> targetClass = ((IPageRequestTarget)
> >> requestTarget).getPage()
> >> .getClass();
> >> }
> >> This means that if you redirect to a Page object which you have
> >> constructed with special state, then this throws that object away and
> wicket
> >> will use default constructor.
> >>
> >> -----Original Message-----
> >> From: snooplsm@gmail.com [mailto:snooplsm@gmail.com] On Behalf Of Ryan
> >> Gravener
> >> Sent: Friday, April 17, 2009 10:00 AM
> >> To: users@wicket.apache.org
> >> Subject: Re: @SSLRequired
> >>
> >> maybe this is of use:
> >> http://cwiki.apache.org/WICKET/how-to-switch-to-ssl-mode.html
> >>
> >> Ryan Gravener
> >> http://ryangravener.com/flex | http://twitter.com/ryangravener
> >>
> >>
> >> On Fri, Apr 17, 2009 at 10:48 AM, Douglas Ferguson <
> >> douglas@douglasferguson.us> wrote:
> >>
> >> > I'm implement an SSL scheme using annotations and I'm having some
> issues
> >> > with redirecting properly.
> >> >
> >> > The issue is when I have non-secured page that redirects to a secured
> >> page.
> >> >
> >> > I'm doing the https/http redirecting inside of a
> >> WebRequestCycleProcessor,
> >> > which works well unless there is a redirect prior to the ssl redirect.
> If
> >> > this happens then I redirect back to the top of the chain, because I'm
> >> using
> >> > the HttpServletRequest to build the url, which returns url info based
> on
> >> the
> >> > orginal request. I've been looking all around and I can't find any way
> of
> >> > building a url that represents the last redirect. I've tried
> >> >
> >> >
> >> >
> >>
> Application.get().getRequestCycleProcessor().getRequestCodingStrategy().pathForTarget(requestTarget);
> >> > and
> >> > RequestCycle.get().urlFor(requestTarget)
> >> >
> >> > Here's my current impl for The RequestCycleProcessor.
> >> >
> >> >
> >> > WebRequest webRequest = (WebRequest) requestCycle
> .getRequest();
> >> > WebResponse webResponse = (WebResponse) requestCycle
> >> .getResponse();
> >> > HttpServletRequest httpServletRequest =
> >> > webRequest.getHttpServletRequest();
> >> > StringBuffer url = new StringBuffer(protocol);
> >> > url.append(httpServletRequest.getServerName());
> >> > if(defaultPort != port){
> >> > url.append(":" + port);
> >> > }
> >> >
> >> >
> >> >
> >> >
> >> > url.append(webRequest.getHttpServletRequest().getContextPath());
> >> > url.append(webRequest.getServletPath());
> >> > String queryString =
> >> > webRequest.getHttpServletRequest().getQueryString();
> >> >
> >> > ---------------------------------------------------------------------
> >> > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> >> > For additional commands, e-mail: users-help@wicket.apache.org
> >> >
> >> >
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
RE: @SSLRequired
Posted by Douglas Ferguson <do...@douglasferguson.us>.
Is 1.4 ready for prime-time?
If not, is there anything I could cull from that code for 1.3.5? Or any other thoughts that might help?
Douglas
-----Original Message-----
From: Igor Vaynberg [mailto:igor.vaynberg@gmail.com]
Sent: Friday, April 17, 2009 12:38 PM
To: users@wicket.apache.org
Subject: Re: @SSLRequired
i just checked in org.apache.wicekt.protocol.https package that should
help with this. its in 1.4 only.
-igor
On Fri, Apr 17, 2009 at 8:52 AM, Ryan Gravener <ry...@ryangravener.com> wrote:
> How about just having apache httpd rewrite the http(s) for the pages you
> need? I haven't yet did our ssl implementation, but I know that I don't
> want the logic in wicket.
>
> Ryan Gravener
> http://ryangravener.com/flex | http://twitter.com/ryangravener
>
>
> On Fri, Apr 17, 2009 at 11:27 AM, Douglas Ferguson <
> douglas@douglasferguson.us> wrote:
>
>> That's where I got my code..
>>
>> I'm hitting 2 issues
>>
>> 1) The ssl detection/redirect isn't happening till the end of the chain and
>> when it redirects it redirects back to the top.
>> Ie. Page 1 is not secure, Page 2 is secure. Page one redirects to
>> Page 2.
>> If you go to page 1 then it attempts to redirect to page2 and then
>> wicket redirects to Page 1 with https..
>> I would prefer to go directly to Page 2, but I can't figure out how to
>> build that url..
>> 2) My other issues is this:
>> else if (requestTarget instanceof IPageRequestTarget) {
>> targetClass = ((IPageRequestTarget)
>> requestTarget).getPage()
>> .getClass();
>> }
>> This means that if you redirect to a Page object which you have
>> constructed with special state, then this throws that object away and wicket
>> will use default constructor.
>>
>> -----Original Message-----
>> From: snooplsm@gmail.com [mailto:snooplsm@gmail.com] On Behalf Of Ryan
>> Gravener
>> Sent: Friday, April 17, 2009 10:00 AM
>> To: users@wicket.apache.org
>> Subject: Re: @SSLRequired
>>
>> maybe this is of use:
>> http://cwiki.apache.org/WICKET/how-to-switch-to-ssl-mode.html
>>
>> Ryan Gravener
>> http://ryangravener.com/flex | http://twitter.com/ryangravener
>>
>>
>> On Fri, Apr 17, 2009 at 10:48 AM, Douglas Ferguson <
>> douglas@douglasferguson.us> wrote:
>>
>> > I'm implement an SSL scheme using annotations and I'm having some issues
>> > with redirecting properly.
>> >
>> > The issue is when I have non-secured page that redirects to a secured
>> page.
>> >
>> > I'm doing the https/http redirecting inside of a
>> WebRequestCycleProcessor,
>> > which works well unless there is a redirect prior to the ssl redirect. If
>> > this happens then I redirect back to the top of the chain, because I'm
>> using
>> > the HttpServletRequest to build the url, which returns url info based on
>> the
>> > orginal request. I've been looking all around and I can't find any way of
>> > building a url that represents the last redirect. I've tried
>> >
>> >
>> >
>> Application.get().getRequestCycleProcessor().getRequestCodingStrategy().pathForTarget(requestTarget);
>> > and
>> > RequestCycle.get().urlFor(requestTarget)
>> >
>> > Here's my current impl for The RequestCycleProcessor.
>> >
>> >
>> > WebRequest webRequest = (WebRequest) requestCycle .getRequest();
>> > WebResponse webResponse = (WebResponse) requestCycle
>> .getResponse();
>> > HttpServletRequest httpServletRequest =
>> > webRequest.getHttpServletRequest();
>> > StringBuffer url = new StringBuffer(protocol);
>> > url.append(httpServletRequest.getServerName());
>> > if(defaultPort != port){
>> > url.append(":" + port);
>> > }
>> >
>> >
>> >
>> >
>> > url.append(webRequest.getHttpServletRequest().getContextPath());
>> > url.append(webRequest.getServletPath());
>> > String queryString =
>> > webRequest.getHttpServletRequest().getQueryString();
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> > For additional commands, e-mail: users-help@wicket.apache.org
>> >
>> >
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: @SSLRequired
Posted by Igor Vaynberg <ig...@gmail.com>.
i just checked in org.apache.wicekt.protocol.https package that should
help with this. its in 1.4 only.
-igor
On Fri, Apr 17, 2009 at 8:52 AM, Ryan Gravener <ry...@ryangravener.com> wrote:
> How about just having apache httpd rewrite the http(s) for the pages you
> need? I haven't yet did our ssl implementation, but I know that I don't
> want the logic in wicket.
>
> Ryan Gravener
> http://ryangravener.com/flex | http://twitter.com/ryangravener
>
>
> On Fri, Apr 17, 2009 at 11:27 AM, Douglas Ferguson <
> douglas@douglasferguson.us> wrote:
>
>> That's where I got my code..
>>
>> I'm hitting 2 issues
>>
>> 1) The ssl detection/redirect isn't happening till the end of the chain and
>> when it redirects it redirects back to the top.
>> Ie. Page 1 is not secure, Page 2 is secure. Page one redirects to
>> Page 2.
>> If you go to page 1 then it attempts to redirect to page2 and then
>> wicket redirects to Page 1 with https..
>> I would prefer to go directly to Page 2, but I can't figure out how to
>> build that url..
>> 2) My other issues is this:
>> else if (requestTarget instanceof IPageRequestTarget) {
>> targetClass = ((IPageRequestTarget)
>> requestTarget).getPage()
>> .getClass();
>> }
>> This means that if you redirect to a Page object which you have
>> constructed with special state, then this throws that object away and wicket
>> will use default constructor.
>>
>> -----Original Message-----
>> From: snooplsm@gmail.com [mailto:snooplsm@gmail.com] On Behalf Of Ryan
>> Gravener
>> Sent: Friday, April 17, 2009 10:00 AM
>> To: users@wicket.apache.org
>> Subject: Re: @SSLRequired
>>
>> maybe this is of use:
>> http://cwiki.apache.org/WICKET/how-to-switch-to-ssl-mode.html
>>
>> Ryan Gravener
>> http://ryangravener.com/flex | http://twitter.com/ryangravener
>>
>>
>> On Fri, Apr 17, 2009 at 10:48 AM, Douglas Ferguson <
>> douglas@douglasferguson.us> wrote:
>>
>> > I'm implement an SSL scheme using annotations and I'm having some issues
>> > with redirecting properly.
>> >
>> > The issue is when I have non-secured page that redirects to a secured
>> page.
>> >
>> > I'm doing the https/http redirecting inside of a
>> WebRequestCycleProcessor,
>> > which works well unless there is a redirect prior to the ssl redirect. If
>> > this happens then I redirect back to the top of the chain, because I'm
>> using
>> > the HttpServletRequest to build the url, which returns url info based on
>> the
>> > orginal request. I've been looking all around and I can't find any way of
>> > building a url that represents the last redirect. I've tried
>> >
>> >
>> >
>> Application.get().getRequestCycleProcessor().getRequestCodingStrategy().pathForTarget(requestTarget);
>> > and
>> > RequestCycle.get().urlFor(requestTarget)
>> >
>> > Here's my current impl for The RequestCycleProcessor.
>> >
>> >
>> > WebRequest webRequest = (WebRequest) requestCycle .getRequest();
>> > WebResponse webResponse = (WebResponse) requestCycle
>> .getResponse();
>> > HttpServletRequest httpServletRequest =
>> > webRequest.getHttpServletRequest();
>> > StringBuffer url = new StringBuffer(protocol);
>> > url.append(httpServletRequest.getServerName());
>> > if(defaultPort != port){
>> > url.append(":" + port);
>> > }
>> >
>> >
>> >
>> >
>> > url.append(webRequest.getHttpServletRequest().getContextPath());
>> > url.append(webRequest.getServletPath());
>> > String queryString =
>> > webRequest.getHttpServletRequest().getQueryString();
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> > For additional commands, e-mail: users-help@wicket.apache.org
>> >
>> >
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
RE: @SSLRequired
Posted by Douglas Ferguson <do...@douglasferguson.us>.
Would rewrite work with the wicket's ability to forward to a instantiated Page?
Douglas
-----Original Message-----
From: snooplsm@gmail.com [mailto:snooplsm@gmail.com] On Behalf Of Ryan Gravener
Sent: Friday, April 17, 2009 10:52 AM
To: users@wicket.apache.org
Subject: Re: @SSLRequired
How about just having apache httpd rewrite the http(s) for the pages you
need? I haven't yet did our ssl implementation, but I know that I don't
want the logic in wicket.
Ryan Gravener
http://ryangravener.com/flex | http://twitter.com/ryangravener
On Fri, Apr 17, 2009 at 11:27 AM, Douglas Ferguson <
douglas@douglasferguson.us> wrote:
> That's where I got my code..
>
> I'm hitting 2 issues
>
> 1) The ssl detection/redirect isn't happening till the end of the chain and
> when it redirects it redirects back to the top.
> Ie. Page 1 is not secure, Page 2 is secure. Page one redirects to
> Page 2.
> If you go to page 1 then it attempts to redirect to page2 and then
> wicket redirects to Page 1 with https..
> I would prefer to go directly to Page 2, but I can't figure out how to
> build that url..
> 2) My other issues is this:
> else if (requestTarget instanceof IPageRequestTarget) {
> targetClass = ((IPageRequestTarget)
> requestTarget).getPage()
> .getClass();
> }
> This means that if you redirect to a Page object which you have
> constructed with special state, then this throws that object away and wicket
> will use default constructor.
>
> -----Original Message-----
> From: snooplsm@gmail.com [mailto:snooplsm@gmail.com] On Behalf Of Ryan
> Gravener
> Sent: Friday, April 17, 2009 10:00 AM
> To: users@wicket.apache.org
> Subject: Re: @SSLRequired
>
> maybe this is of use:
> http://cwiki.apache.org/WICKET/how-to-switch-to-ssl-mode.html
>
> Ryan Gravener
> http://ryangravener.com/flex | http://twitter.com/ryangravener
>
>
> On Fri, Apr 17, 2009 at 10:48 AM, Douglas Ferguson <
> douglas@douglasferguson.us> wrote:
>
> > I'm implement an SSL scheme using annotations and I'm having some issues
> > with redirecting properly.
> >
> > The issue is when I have non-secured page that redirects to a secured
> page.
> >
> > I'm doing the https/http redirecting inside of a
> WebRequestCycleProcessor,
> > which works well unless there is a redirect prior to the ssl redirect. If
> > this happens then I redirect back to the top of the chain, because I'm
> using
> > the HttpServletRequest to build the url, which returns url info based on
> the
> > orginal request. I've been looking all around and I can't find any way of
> > building a url that represents the last redirect. I've tried
> >
> >
> >
> Application.get().getRequestCycleProcessor().getRequestCodingStrategy().pathForTarget(requestTarget);
> > and
> > RequestCycle.get().urlFor(requestTarget)
> >
> > Here's my current impl for The RequestCycleProcessor.
> >
> >
> > WebRequest webRequest = (WebRequest) requestCycle .getRequest();
> > WebResponse webResponse = (WebResponse) requestCycle
> .getResponse();
> > HttpServletRequest httpServletRequest =
> > webRequest.getHttpServletRequest();
> > StringBuffer url = new StringBuffer(protocol);
> > url.append(httpServletRequest.getServerName());
> > if(defaultPort != port){
> > url.append(":" + port);
> > }
> >
> >
> >
> >
> > url.append(webRequest.getHttpServletRequest().getContextPath());
> > url.append(webRequest.getServletPath());
> > String queryString =
> > webRequest.getHttpServletRequest().getQueryString();
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> > For additional commands, e-mail: users-help@wicket.apache.org
> >
> >
>
Re: @SSLRequired
Posted by Ryan Gravener <ry...@ryangravener.com>.
How about just having apache httpd rewrite the http(s) for the pages you
need? I haven't yet did our ssl implementation, but I know that I don't
want the logic in wicket.
Ryan Gravener
http://ryangravener.com/flex | http://twitter.com/ryangravener
On Fri, Apr 17, 2009 at 11:27 AM, Douglas Ferguson <
douglas@douglasferguson.us> wrote:
> That's where I got my code..
>
> I'm hitting 2 issues
>
> 1) The ssl detection/redirect isn't happening till the end of the chain and
> when it redirects it redirects back to the top.
> Ie. Page 1 is not secure, Page 2 is secure. Page one redirects to
> Page 2.
> If you go to page 1 then it attempts to redirect to page2 and then
> wicket redirects to Page 1 with https..
> I would prefer to go directly to Page 2, but I can't figure out how to
> build that url..
> 2) My other issues is this:
> else if (requestTarget instanceof IPageRequestTarget) {
> targetClass = ((IPageRequestTarget)
> requestTarget).getPage()
> .getClass();
> }
> This means that if you redirect to a Page object which you have
> constructed with special state, then this throws that object away and wicket
> will use default constructor.
>
> -----Original Message-----
> From: snooplsm@gmail.com [mailto:snooplsm@gmail.com] On Behalf Of Ryan
> Gravener
> Sent: Friday, April 17, 2009 10:00 AM
> To: users@wicket.apache.org
> Subject: Re: @SSLRequired
>
> maybe this is of use:
> http://cwiki.apache.org/WICKET/how-to-switch-to-ssl-mode.html
>
> Ryan Gravener
> http://ryangravener.com/flex | http://twitter.com/ryangravener
>
>
> On Fri, Apr 17, 2009 at 10:48 AM, Douglas Ferguson <
> douglas@douglasferguson.us> wrote:
>
> > I'm implement an SSL scheme using annotations and I'm having some issues
> > with redirecting properly.
> >
> > The issue is when I have non-secured page that redirects to a secured
> page.
> >
> > I'm doing the https/http redirecting inside of a
> WebRequestCycleProcessor,
> > which works well unless there is a redirect prior to the ssl redirect. If
> > this happens then I redirect back to the top of the chain, because I'm
> using
> > the HttpServletRequest to build the url, which returns url info based on
> the
> > orginal request. I've been looking all around and I can't find any way of
> > building a url that represents the last redirect. I've tried
> >
> >
> >
> Application.get().getRequestCycleProcessor().getRequestCodingStrategy().pathForTarget(requestTarget);
> > and
> > RequestCycle.get().urlFor(requestTarget)
> >
> > Here's my current impl for The RequestCycleProcessor.
> >
> >
> > WebRequest webRequest = (WebRequest) requestCycle .getRequest();
> > WebResponse webResponse = (WebResponse) requestCycle
> .getResponse();
> > HttpServletRequest httpServletRequest =
> > webRequest.getHttpServletRequest();
> > StringBuffer url = new StringBuffer(protocol);
> > url.append(httpServletRequest.getServerName());
> > if(defaultPort != port){
> > url.append(":" + port);
> > }
> >
> >
> >
> >
> > url.append(webRequest.getHttpServletRequest().getContextPath());
> > url.append(webRequest.getServletPath());
> > String queryString =
> > webRequest.getHttpServletRequest().getQueryString();
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> > For additional commands, e-mail: users-help@wicket.apache.org
> >
> >
>
RE: @SSLRequired
Posted by Douglas Ferguson <do...@douglasferguson.us>.
That's where I got my code..
I'm hitting 2 issues
1) The ssl detection/redirect isn't happening till the end of the chain and when it redirects it redirects back to the top.
Ie. Page 1 is not secure, Page 2 is secure. Page one redirects to Page 2.
If you go to page 1 then it attempts to redirect to page2 and then wicket redirects to Page 1 with https..
I would prefer to go directly to Page 2, but I can't figure out how to build that url..
2) My other issues is this:
else if (requestTarget instanceof IPageRequestTarget) {
targetClass = ((IPageRequestTarget) requestTarget).getPage()
.getClass();
}
This means that if you redirect to a Page object which you have constructed with special state, then this throws that object away and wicket will use default constructor.
-----Original Message-----
From: snooplsm@gmail.com [mailto:snooplsm@gmail.com] On Behalf Of Ryan Gravener
Sent: Friday, April 17, 2009 10:00 AM
To: users@wicket.apache.org
Subject: Re: @SSLRequired
maybe this is of use:
http://cwiki.apache.org/WICKET/how-to-switch-to-ssl-mode.html
Ryan Gravener
http://ryangravener.com/flex | http://twitter.com/ryangravener
On Fri, Apr 17, 2009 at 10:48 AM, Douglas Ferguson <
douglas@douglasferguson.us> wrote:
> I'm implement an SSL scheme using annotations and I'm having some issues
> with redirecting properly.
>
> The issue is when I have non-secured page that redirects to a secured page.
>
> I'm doing the https/http redirecting inside of a WebRequestCycleProcessor,
> which works well unless there is a redirect prior to the ssl redirect. If
> this happens then I redirect back to the top of the chain, because I'm using
> the HttpServletRequest to build the url, which returns url info based on the
> orginal request. I've been looking all around and I can't find any way of
> building a url that represents the last redirect. I've tried
>
>
> Application.get().getRequestCycleProcessor().getRequestCodingStrategy().pathForTarget(requestTarget);
> and
> RequestCycle.get().urlFor(requestTarget)
>
> Here's my current impl for The RequestCycleProcessor.
>
>
> WebRequest webRequest = (WebRequest) requestCycle .getRequest();
> WebResponse webResponse = (WebResponse) requestCycle .getResponse();
> HttpServletRequest httpServletRequest =
> webRequest.getHttpServletRequest();
> StringBuffer url = new StringBuffer(protocol);
> url.append(httpServletRequest.getServerName());
> if(defaultPort != port){
> url.append(":" + port);
> }
>
>
>
>
> url.append(webRequest.getHttpServletRequest().getContextPath());
> url.append(webRequest.getServletPath());
> String queryString =
> webRequest.getHttpServletRequest().getQueryString();
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
Re: @SSLRequired
Posted by Ryan Gravener <ry...@ryangravener.com>.
maybe this is of use:
http://cwiki.apache.org/WICKET/how-to-switch-to-ssl-mode.html
Ryan Gravener
http://ryangravener.com/flex | http://twitter.com/ryangravener
On Fri, Apr 17, 2009 at 10:48 AM, Douglas Ferguson <
douglas@douglasferguson.us> wrote:
> I'm implement an SSL scheme using annotations and I'm having some issues
> with redirecting properly.
>
> The issue is when I have non-secured page that redirects to a secured page.
>
> I'm doing the https/http redirecting inside of a WebRequestCycleProcessor,
> which works well unless there is a redirect prior to the ssl redirect. If
> this happens then I redirect back to the top of the chain, because I'm using
> the HttpServletRequest to build the url, which returns url info based on the
> orginal request. I've been looking all around and I can't find any way of
> building a url that represents the last redirect. I've tried
>
>
> Application.get().getRequestCycleProcessor().getRequestCodingStrategy().pathForTarget(requestTarget);
> and
> RequestCycle.get().urlFor(requestTarget)
>
> Here's my current impl for The RequestCycleProcessor.
>
>
> WebRequest webRequest = (WebRequest) requestCycle .getRequest();
> WebResponse webResponse = (WebResponse) requestCycle .getResponse();
> HttpServletRequest httpServletRequest =
> webRequest.getHttpServletRequest();
> StringBuffer url = new StringBuffer(protocol);
> url.append(httpServletRequest.getServerName());
> if(defaultPort != port){
> url.append(":" + port);
> }
>
>
>
>
> url.append(webRequest.getHttpServletRequest().getContextPath());
> url.append(webRequest.getServletPath());
> String queryString =
> webRequest.getHttpServletRequest().getQueryString();
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>