Wicket
  1. Wicket
  2. WICKET-4140

Make CryptoMapper easier to extend

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.5.4
    • Component/s: wicket, wicket-extensions
    • Labels:
      None
    • Environment:
      Mac OSX 10.7.2
      java version "1.6.0_26"
      Java(TM) SE Runtime Environment (build 1.6.0_26-b03-383-11A511)
      Java HotSpot(TM) 64-Bit Server VM (build 20.1-b02-383, mixed mode)

      Description

      The links for changing tabs are not encoded by CryptoMapper when using an AjaxTabbedPanel (see attached QuickStart). Haven't tested this in other AJAX components yet.

      1. BookmarkableCryptoMapper.java
        4 kB
        Martin Grigorov
      2. QuickStart_Wicket_1_4_19.tgz
        5 kB
        Martin Grigorov
      3. QuickStart_Wicket_1_4_19.zip
        8 kB
        Tom Götz
      4. WICKET-4140.patch
        2 kB
        Martin Grigorov
      5. QuickStart.zip
        22 kB
        Tom Götz

        Issue Links

          Activity

          Hide
          Sven Meier added a comment -

          You've mounted the home page after setting the cryptomapper as root, thus sidestepping the crypting.

          Show
          Sven Meier added a comment - You've mounted the home page after setting the cryptomapper as root, thus sidestepping the crypting.
          Hide
          Tom Götz added a comment -

          CryptoMapper needs to be mounted before mounting pages, else all BookmarkablePages are not accessible at their mount point (because URL is encoded). You can try it my attached QuickStart: just flip the mounting of CrytoMapper and Homepage and try to open localhost:8080/Home ---> 404

          Show
          Tom Götz added a comment - CryptoMapper needs to be mounted before mounting pages, else all BookmarkablePages are not accessible at their mount point (because URL is encoded). You can try it my attached QuickStart: just flip the mounting of CrytoMapper and Homepage and try to open localhost:8080/Home ---> 404
          Hide
          Tom Götz added a comment -

          Ok, the problem seems to be that CryptoMapper - when mounted as last mapper - somehow "overwrites" the mapping of formerly mounted pages and throws an exception when trying to open them. I'll create a new ticket for that.

          Show
          Tom Götz added a comment - Ok, the problem seems to be that CryptoMapper - when mounted as last mapper - somehow "overwrites" the mapping of formerly mounted pages and throws an exception when trying to open them. I'll create a new ticket for that.
          Hide
          Martin Grigorov added a comment -

          Reopening the ticket for further investigation.

          Show
          Martin Grigorov added a comment - Reopening the ticket for further investigation.
          Hide
          Martin Grigorov added a comment -

          Attaching a patch that allows to preserve the mounted paths.
          TODO: apply encrypting for urls produced by PageInstanceMapper (i.e. starting with Application.getMapperContext().getorg.apache.wicket.request.mapper.IMapperContext.getNamespace()+getPageIdentifier())

          Show
          Martin Grigorov added a comment - Attaching a patch that allows to preserve the mounted paths. TODO: apply encrypting for urls produced by PageInstanceMapper (i.e. starting with Application.getMapperContext().getorg.apache.wicket.request.mapper.IMapperContext.getNamespace()+getPageIdentifier())
          Hide
          Martin Grigorov added a comment -

          @Thomas: can you attach a quickstart for 1.4.19 that shows that the scenario worked as you want it, i.e. the mounted paths are not encrypted.
          If you can provide such quickstart then this is a regression and we have to improve it.

          Show
          Martin Grigorov added a comment - @Thomas: can you attach a quickstart for 1.4.19 that shows that the scenario worked as you want it, i.e. the mounted paths are not encrypted. If you can provide such quickstart then this is a regression and we have to improve it.
          Hide
          Sven Meier added a comment -

          The CrytoMapper is supposed to encrypt urls, why should part of it be preserved? IMHO it would be easier to just redirect to crypted urls:

          setRootRequestMapper(new CryptoMapper(getRootRequestMapper(), this));

          RedirectRequestMapper redirectMapper = new RedirectRequestMapper();
          redirectMapper.redirect("foo", FooPage.class);
          redirectMapper.redirect("bar", BarPage.class);
          mount(redirectMapper);

          Show
          Sven Meier added a comment - The CrytoMapper is supposed to encrypt urls, why should part of it be preserved? IMHO it would be easier to just redirect to crypted urls: setRootRequestMapper(new CryptoMapper(getRootRequestMapper(), this)); RedirectRequestMapper redirectMapper = new RedirectRequestMapper(); redirectMapper.redirect("foo", FooPage.class); redirectMapper.redirect("bar", BarPage.class); mount(redirectMapper);
          Hide
          Martin Grigorov added a comment -

          Yes, this is also how I understand it - CryptoMapper encrypts everything. But Thomas said in IRC that the old impl in 1.4.x behaves as he wants it. So maybe we have a regression.

          Show
          Martin Grigorov added a comment - Yes, this is also how I understand it - CryptoMapper encrypts everything. But Thomas said in IRC that the old impl in 1.4.x behaves as he wants it. So maybe we have a regression.
          Hide
          Igor Vaynberg added a comment -

          i wouldnt necessarily consider it a regression...it doesnt have to work 1:1

          if you mount a page outside the crypto mapper then why should urls generated back to that page should be crypted?
          perhaps what we need is what sven suggested, something that exposes a bookmarkable url and redirects to a crypted version when its hit.

          Show
          Igor Vaynberg added a comment - i wouldnt necessarily consider it a regression...it doesnt have to work 1:1 if you mount a page outside the crypto mapper then why should urls generated back to that page should be crypted? perhaps what we need is what sven suggested, something that exposes a bookmarkable url and redirects to a crypted version when its hit.
          Hide
          Martin Grigorov added a comment -

          It is all about WICKET-4014...
          Thomas wants his mounted points visible, i.e. hitting "/Home" should work. But he also wants the Ajax links to be encrypted.
          Since WICKET-4014 the Ajax links use the mount point to be able to recreate an expired page and thus the Ajax urls are not encrypted.

          Show
          Martin Grigorov added a comment - It is all about WICKET-4014 ... Thomas wants his mounted points visible, i.e. hitting "/Home" should work. But he also wants the Ajax links to be encrypted. Since WICKET-4014 the Ajax links use the mount point to be able to recreate an expired page and thus the Ajax urls are not encrypted.
          Hide
          Tom Götz added a comment -

          Attached a Wicket 1.4.19 QuickStart, demonstrating the favoured behavior: mounted pages (accessible via their mount path) and encrypted ajax links.

          Show
          Tom Götz added a comment - Attached a Wicket 1.4.19 QuickStart, demonstrating the favoured behavior: mounted pages (accessible via their mount path) and encrypted ajax links.
          Hide
          Martin Grigorov added a comment - - edited

          Even with RedirectMapper the favoured behavior wont work.
          First request to "/Home" will be OK but then CryptoMapper will create encrypted urls for the BookmarkablePageLinks in the page and from there on the url in the address bar wont be bookmarkable anymore.

          Show
          Martin Grigorov added a comment - - edited Even with RedirectMapper the favoured behavior wont work. First request to "/Home" will be OK but then CryptoMapper will create encrypted urls for the BookmarkablePageLinks in the page and from there on the url in the address bar wont be bookmarkable anymore.
          Hide
          Martin Grigorov added a comment -

          Uploading a version of 1.4.19 that actually uses BookmarkablePageLink (QuickStart_Wicket_1_4_19.tgz).

          Show
          Martin Grigorov added a comment - Uploading a version of 1.4.19 that actually uses BookmarkablePageLink (QuickStart_Wicket_1_4_19.tgz).
          Hide
          Martin Grigorov added a comment -

          In 1.4.x it was working because the encrypted data was stored in the query string (x=dfhdhywgavsag) while now in 1.5.x the whole url is encrypted.

          Show
          Martin Grigorov added a comment - In 1.4.x it was working because the encrypted data was stored in the query string (x=dfhdhywgavsag) while now in 1.5.x the whole url is encrypted.
          Hide
          Martin Grigorov added a comment -

          Here is an example that by extending CryptoMapper you can preserve the mount paths.

          Show
          Martin Grigorov added a comment - Here is an example that by extending CryptoMapper you can preserve the mount paths.

            People

            • Assignee:
              Martin Grigorov
              Reporter:
              Tom Götz
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development