Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
Description
I have a stateless login page for the application (using HybridUrlCodingStrategy):
url_1 = http://localhost/login
When I press the login button of the username + password form the form data will be sent using HTTP POST:
Unfortunately, if somebody bookmarks url_2 (which is stupid as we java dudes all know, but it will happen because average users don't know better) the form submit listener will be invoked using HTTP GET and having no form parameters. imho bookmarks should be possible in a professional application at all time.
This, of course, will result in an ugly error message and unexpected application behavior and empty form fields and stuff. That's btw why I declare this request a bug and not a feature / enhancement.
I think it would be cool to have Form#onInvalidSubmit() to handle this kind of stuff (it won't happen on stateful pages with redirect after post enabled). So, for example, the application could just reload to the login page.
detection is easy... here my suggestion:
------------------------------------------------------
class org.apache.wicket.markup.html.form.Form:
public final void onFormSubmitted() // line 746
{
final String method = ((WebRequest) getRequest()).getHttpServletRequest().getMethod();
if (method.equalsIgnoreCase(this.getMethod()) == false)
this.onInvalidSubmit();
// ...
}
// override (optional)
protected onInvalidSubmit() {}
------------------------------
in my case I would just do this:
@Override
protected onInvalidSubmit()
{
this.setRedirect(true);
throw new RestartResponseException(getPage().getClass());
}
This would probably be a good default behavior for StatelessForm....
I consider this change useful enough to be part of wicket core.
What you guys think?
Attachments
Issue Links
- is cloned by
-
-
- Closed
-