how to get https port number in Wicket 1.5

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

how to get https port number in Wicket 1.5

armhold
Assuming that the http/https port number have been set in WicketApplication with the following:

        setRootRequestMapper(new HttpsMapper(getRootRequestMapper(), new HttpsConfig(8080, 8443)));

... is there any way to get access to the port numbers from components?  One obvious solution is something like:

        public class WicketApplication {
             public int getHttpPort() { return 8080; }
             public int getHttpsPort() { return 8443; }

             public void init () {
                      // ...
                      setRootRequestMapper(new HttpsMapper(getRootRequestMapper(), new HttpsConfig(getHttpPort(), getHttpsPort())));
             }
            }

And then in my components:

          ((WicketApplication) getApplication()).getHttpsPort();

But I am wondering if there is a cleaner way to get this information, perhaps from the RequestCycle.

Why am I asking? I'd like to create a Form subclass that always uses https.

Thanks
Reply | Threaded
Open this post in threaded view
|

Re: how to get https port number in Wicket 1.5

Per Newgro
Stupid question. Is @RequireHttps at Form class working?

Cheers
Per

Am 14.01.2012 17:44, schrieb armhold:

> Assuming that the http/https port number have been set in WicketApplication
> with the following:
>
>          setRootRequestMapper(new HttpsMapper(getRootRequestMapper(), new
> HttpsConfig(8080, 8443)));
>
> ... is there any way to get access to the port numbers from components?  One
> obvious solution is something like:
>
>          public class WicketApplication {
>               public int getHttpPort() { return 8080; }
>               public int getHttpsPort() { return 8443; }
>
>               public void init () {
>                        // ...
>                        setRootRequestMapper(new
> HttpsMapper(getRootRequestMapper(), new HttpsConfig(getHttpPort(),
> getHttpsPort())));
>               }
>              }
>
> And then in my components:
>
>            ((WicketApplication) getApplication()).getHttpsPort();
>
> But I am wondering if there is a cleaner way to get this information,
> perhaps from the RequestCycle.
>
> Why am I asking? I'd like to create a Form subclass that always uses https.
>
> Thanks
>
>
> --
> View this message in context: http://apache-wicket.1842946.n4.nabble.com/how-to-get-https-port-number-in-Wicket-1-5-tp4295139p4295139.html
> Sent from the Users forum mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: how to get https port number in Wicket 1.5

Per Newgro
Stupid = my question not yours :-). Only for clearify it :-)

Am 14.01.2012 19:05, schrieb Per Newgro:

> Stupid question. Is @RequireHttps at Form class working?
>
> Cheers
> Per
>
> Am 14.01.2012 17:44, schrieb armhold:
>> Assuming that the http/https port number have been set in
>> WicketApplication
>> with the following:
>>
>>          setRootRequestMapper(new HttpsMapper(getRootRequestMapper(),
>> new
>> HttpsConfig(8080, 8443)));
>>
>> ... is there any way to get access to the port numbers from
>> components?  One
>> obvious solution is something like:
>>
>>          public class WicketApplication {
>>               public int getHttpPort() { return 8080; }
>>               public int getHttpsPort() { return 8443; }
>>
>>               public void init () {
>>                        // ...
>>                        setRootRequestMapper(new
>> HttpsMapper(getRootRequestMapper(), new HttpsConfig(getHttpPort(),
>> getHttpsPort())));
>>               }
>>              }
>>
>> And then in my components:
>>
>>            ((WicketApplication) getApplication()).getHttpsPort();
>>
>> But I am wondering if there is a cleaner way to get this information,
>> perhaps from the RequestCycle.
>>
>> Why am I asking? I'd like to create a Form subclass that always uses
>> https.
>>
>> Thanks
>>
>>
>> --
>> View this message in context:
>> http://apache-wicket.1842946.n4.nabble.com/how-to-get-https-port-number-in-Wicket-1-5-tp4295139p4295139.html
>> Sent from the Users forum mailing list archive at Nabble.com.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: how to get https port number in Wicket 1.5

armhold
In reply to this post by Per Newgro
Hi Per,

The documentation for @RequireHttps implies that it only works for pages, not components, and my (limited) testing shows that to be the case. Is there a way to use it with components on otherwise insecure pages?

My use case is to secure a form on non-https pages, specifically to secure that very nice username/password field at the top of Twitter Bootstrap pages.

Thanks
Reply | Threaded
Open this post in threaded view
|

Re: how to get https port number in Wicket 1.5

Per Newgro
Thanks for testing this out. I wasn't aware of that.

I didn't understand the usecase exactly. You want to set the page /
request secure
if you've added the login form? Or do you want to secure the form only.
For the later a possible answer is this
http://stackoverflow.com/questions/96164/partial-site-ssl-using-asp-net-login-control
It's a .net answer but the issue seems to be the same.

Per

Am 15.01.2012 01:41, schrieb armhold:

> Hi Per,
>
> The documentation for @RequireHttps implies that it only works for pages,
> not components, and my (limited) testing shows that to be the case. Is there
> a way to use it with components on otherwise insecure pages?
>
> My use case is to secure a form on non-https pages, specifically to secure
> that very nice username/password field at the top of Twitter Bootstrap
> pages.
>
> Thanks
>
>
> --
> View this message in context: http://apache-wicket.1842946.n4.nabble.com/how-to-get-https-port-number-in-Wicket-1-5-tp4295139p4296003.html
> Sent from the Users forum mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: how to get https port number in Wicket 1.5

Martin Grigorov-4
See http://www.petrikainulainen.net/programming/tips-and-tricks/wicket-https-tutorial-part-three-creating-a-secure-form-submit-from-a-non-secure-page/

On Sun, Jan 15, 2012 at 10:51 AM, Per Newgro <[hidden email]> wrote:

> Thanks for testing this out. I wasn't aware of that.
>
> I didn't understand the usecase exactly. You want to set the page / request
> secure
> if you've added the login form? Or do you want to secure the form only.
> For the later a possible answer is this
> http://stackoverflow.com/questions/96164/partial-site-ssl-using-asp-net-login-control
> It's a .net answer but the issue seems to be the same.
>
> Per
>
> Am 15.01.2012 01:41, schrieb armhold:
>
>> Hi Per,
>>
>> The documentation for @RequireHttps implies that it only works for pages,
>> not components, and my (limited) testing shows that to be the case. Is
>> there
>> a way to use it with components on otherwise insecure pages?
>>
>> My use case is to secure a form on non-https pages, specifically to secure
>> that very nice username/password field at the top of Twitter Bootstrap
>> pages.
>>
>> Thanks
>>
>>
>> --
>> View this message in context:
>> http://apache-wicket.1842946.n4.nabble.com/how-to-get-https-port-number-in-Wicket-1-5-tp4295139p4296003.html
>> Sent from the Users forum mailing list archive at Nabble.com.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>



--
Martin Grigorov
jWeekend
Training, Consulting, Development
http://jWeekend.com

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: how to get https port number in Wicket 1.5

armhold
Hi Martin, thanks.

I've already got a solution (from Igor's book mostly, but updated for 1.5) on how to submit a form over https when the page hosting the form is http. I was just looking for a way to determine the https port without hard-coding a reference to WicketApplication. I guess it's not that bad, but was hoping to get it from the RequestCycle or something. Since we can set the value via setRootRequestMapper(), it seems like there ought to be a way to read it back. Not a big deal really.

BTW the approach mentioned on the page you linked (extending a StatelessForm, which I tried independently) didn't work for me. It's because StatelessForm aborts if the protocol does not match, so your form just fails to submit (Perhaps this is new behavior for 1.5?) If you extend a regular Form but then override getStatelessHint() to return true, it works fine.

Here's the Form code in case anyone else finds it useful.

public class HttpsForm<T> extends Form<T>
{
    public HttpsForm(String id)
    {
        super(id);
    }

    public HttpsForm(String id, IModel<T> tiModel)
    {
        super(id, tiModel);
    }

    @Override
    protected void onComponentTag(ComponentTag tag)
    {
        super.onComponentTag(tag);
        String action = tag.getAttribute("action");
        String absolute = getRequestCycle().getUrlRenderer().renderFullUrl(Url.parse(action));
        absolute = absolute.replaceFirst("http://", "https://");
        absolute = absolute.replace(":" + getHttpPort(), ":" + getHttpsPort());
        tag.put("action", absolute);
    }
   
    protected int getHttpPort()
    {
        //provide this method in your WicketApplication
        return ((WicketApplication) getApplication()).getHttpPort();
    }

    protected int getHttpsPort()
    {
        //provide this method in your WicketApplication
        return ((WicketApplication) getApplication()).getHttpsPort();
    }

}


Reply | Threaded
Open this post in threaded view
|

Re: how to get https port number in Wicket 1.5

armhold
Hmm, I spoke too soon.

It seems that the reason I was running into the *method* mismatch (not *protocol* mismatch) with the StatelessForm is due to having installed an HttpsMapper in my WicketApplication. If you try to post a form over https from an http page, the HttpsMapper apparently discards the https POST, and instead directs the browser to reload the page over http (expected behavior I guess, since it's not @RequireHttps). This ends up defeating the form submission.

The page Martin pointed me to does indeed work around this issue, but with one small problem- the LoginHandlerPage needs to process the POST params manually from the HttpServletRequest, as they are not present in the PageParameters (at least not with 1.5). It's simple enough to pull them out of the request though.

Let me know if you think this is correct behavior, or if it sounds like a bug. If the latter, I'm happy to create a JIRA+Quickstart for it.

Thanks everyone.
Reply | Threaded
Open this post in threaded view
|

Re: how to get https port number in Wicket 1.5

Martin Grigorov-4
Looking at the impls of
org.apache.wicket.request.mapper.parameter.IPageParametersEncoder#decodePageParameters
we can see that only QueryParameters are read.
I personally don't know what is the reason for that.

File a ticket and if no one says that this is the intended behavior
then we will fix it.
Or if you want you can do it yourself and attach the patch. Use
org.apache.wicket.request.Request#getRequestParameters to get all
parameters and put them in the PageParameters

On Mon, Jan 16, 2012 at 7:44 PM, armhold <[hidden email]> wrote:

> Hmm, I spoke too soon.
>
> It seems that the reason I was running into the *method* mismatch (not
> *protocol* mismatch) with the StatelessForm is due to having installed an
> HttpsMapper in my WicketApplication. If you try to post a form over https
> from an http page, the HttpsMapper apparently discards the https POST, and
> instead directs the browser to reload the page over http (expected behavior
> I guess, since it's not @RequireHttps). This ends up defeating the form
> submission.
>
> The page Martin pointed me to does indeed work around this issue, but with
> one small problem- the LoginHandlerPage needs to process the POST params
> manually from the HttpServletRequest, as they are not present in the
> PageParameters (at least not with 1.5). It's simple enough to pull them out
> of the request though.
>
> Let me know if you think this is correct behavior, or if it sounds like a
> bug. If the latter, I'm happy to create a JIRA+Quickstart for it.
>
> Thanks everyone.
>
>
> --
> View this message in context: http://apache-wicket.1842946.n4.nabble.com/how-to-get-https-port-number-in-Wicket-1-5-tp4295139p4301011.html
> Sent from the Users forum mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>



--
Martin Grigorov
jWeekend
Training, Consulting, Development
http://jWeekend.com

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: how to get https port number in Wicket 1.5

armhold