All of my pages in my application (wicket 1.5.3) are rendered with a bookmarkable url. It doesn't matter if I call the page with setResponsePage(new Page()) or setResponsePage(Page.class).
My classes just have a standard non-arg constructor.
Following these documentation:
Non-bookmarkable pages have default constructors and constructors with the PageParameters argument hidden (protected/private), or none at all. It could have any other constructor, like MyPage(FooClass bar) etc. The net effect of your page being non-bookmarkable is that there is no way a user can directly access your page. So, by making a page non-bookmarkable, you make it a 'safe' page.
my pages should not be bookmarkable.
See org.apache.wicket.settings.ISecuritySettings#setEnforceMounts(boolean).
Are you mounting any of your pages in your WebApplication class?
Related
We have implemented login functionality like geometrixx site in our existing website(with close to 700+ pages).
We want to show protected pages only to logged in user, every user who is registered gets assigned a group/ CUG lets say "listed users".
now in page hierarchy I have products page and under product page I have 8 products pages.somewhere On homepage I have a nav bar component which fetches all product children pages and shows a left nav bar with 8 entries.
If I enable CUG in a way that only "listed users" should have access to 2 out of 8 product pages, any access to direct links are redirected to login page. Which is fine.
But the nav bar component which earlier used to show all 8 product pages now shows only 6 pages.
The main idea behind putting pages behind login is lead generation.So if non logged in users dont see the link itself where would they click to get redirected to login page and subsequently feel like registering with our site.
Requirement is that my existing nav bar should continue showing 8 links and on click of 2 protected page links, he should get login/ register option.
We are using most of things Out of the Box.
any pointers helping in how do we achieve this would be great help ? PS: i have given a nav bar as one such component affected in existing site like this there could be many more components fetching their content from site hierarchy and stand chance to get broken in such case.
There are two entities involved, JCR and Sling.By default any un-authenticated request is associated with a user called Anonymous, the JCR sessions will have ACL's associated with anonymous.
In JCR, if a user does not have access to nodes, that session will not see those nodes.We access the JCR via Sling ,by default if you don't have permission the request will result in a 404 error(because for underlying JCR session the resource does not exist). Sling can be explicitly instructed to request for authentication for specific paths.
The combination of these concepts are leveraged to create the CUG functionality. Sling is instructed to force for authentication for CUG enabled pages. The JCR is instructed to show these nodes only for users who have access.
When you directly request the product pages without login, it is sling that is redirecting you to login page. When your navigation component is looping over nodes to create the menu for anonymous users JCR is only showing it 6 pages as the other two are out of reach for anonymous.
The only* way to work around this is to make the Navigation component configurable. Instead of node iteration, the content author will have to configure the the url and page title so that the links show up for everyone.
You can ignore the session associated with the request and use a custom JCR session that has access to all the product pages, but that would be disregarding the ACLs and you don't want to do that .
The nav bar can pick up all child pages as per page structure. That should not restrict the page title display on the nav bar.
As for the pages the access can be controlled by template level page properties by adding the 'listed users' group over there. In the jsp you can give an initial check for the user if they are a member of 'listed users' else redirect to login page
Hope that helps
Thanks for all your suggestions
Below is how we ended up doing it.
- Protect the page you want to enable CUG with proper CUG.
- Hide the page in nav.
- Create a redirect page in same hierarchy with same title as the one you wanted to protect.redirect it to your protected page.
My application is mixed of wicket and jsp page . In my case i have to call wicket page from servlet with some value in request object . could someone please explain as how to achieve this. Thanks
What do you mean 'call a wicket page'? Do you mean load a wicket page to the user after he performs some action on the servlet-loaded page?
What exactly is your use case for this?
I think it would be better NOT to mix jsp and wicket, but given that you did:
BookmarkablePages provide a way to directly address a wicket page as it has a bookmarkable url (for instance, /home instead of /page?13). We use those to load a certain page with certain request parameters (ie, /student/1234/results shows the resultpage for student 1234).
Also, you could implement some kind of listener service that, based upon a certain call/payload, constructs a wicket page and returns the url for that page but that seems a bit overkill. In most cases I think bookmarkable pages a should suffice.
Have a look at http://wicket.apache.org/apidocs/1.5/org/apache/wicket/protocol/http/WebApplication.html#mountPage(java.lang.String, java.lang.Class)
or
http://wicketinaction.com/2011/07/wicket-1-5-mounting-pages/
we have a "static", non-wicket CMS website and we want to include a dynamic wicket page/component in one of the static pages. Our idea was to use jQuery's load() method to load the content. And include wickets ajax js files in the header.
This worked more or less. But to make it work, the base-url of the page had to be redirected to the ajax endpoint of the wicket server.
Our latest and best solution is to include the page in an iFrame.
Is there any more elegant way to do this?
We have a similar thing, but we have made it by using the exact opposite of you. We include html fragment of the static content via Wicket and render our component inside.
I think, including (rich dynamic) Wicket content via ajax call, from static page, can break native Wicket power, action flow in statefull pages.
Opposite strategy (from cedric.gatay) seems better.
My goal is that have a fb page app (only in one tab) and use it with linkable subpages inside it.
For example:
If I click on subpage link there would be a http or ajax request inside the iframe. Thats fine, i can do that.
BUT
in the solution I also want to implement these two features:
1.:
I want that page to be accessible directly from an url like:
http://facebook.com/pagename/app..blabla/subpage1
or
http://facebook.com/pagename/app..blabla&sk=535&subpage=1
or
http://facebook.com/pagename/app..blabla#subpage1
2.:
On subpage link click inside iframe I want the browser url to turn into something like mentioned in the 1. point. (even when using ajax - probably with a hash tag)
Is it possible?
If you look at the page tab tutorial http://developers.facebook.com/docs/appsonfacebook/pagetabs/ at the bottom of the page they describe how you can create the 'subpage' idea using the app_data parameter. So your links will look like http://www.facebook.com/YourPage?v=app_1234567890&app_data=any_string_here
For your second question, in the links on the page you would specify target="_top" in any links you have with the href being: http://www.facebook.com/YourPage?v=app_1234567890&app_data=subpage1. This will cause the entire page tab to load through Facebook and you'll get the signed_request and your app_data parameters.
You probably don't want your ajax to load through facebook, because you'll get the Facebook page back instead of json or whatever you are trying to load. Instead you'll just make ajax calls to your server and pass the parameters you need to, like app_data or whatever you want.
I have a page where users must initiate actions on multiple objects, but Facebooks design limits you to just one object per page using the required meta property tags.
Has anyone found a solution to this problem?
The Open Graph uses the URL as the object identifier, so its not possible to have several objects on one page, the page is the object.
Instead, you'll need a URL for each object, and that URL's HTML should contain the correct OG markup.
You can put multiple like buttons on one page, and make them point at each of your objects by specifying the 'href' parameter for each like button.
However, if you want the user to end up back at the SAME page when they click on the link to each of these objects, you can do this, but its a bit tricksy...
On your object pages, on your server, look at the incoming request useragent. If the useragent contains the string 'facebookexternalhit' then render the HTML and the OG markup - this is how the Facebook scraper sees your page. If the useragent does not contain this string, perform a 302 redirct to the page you want the user to see.
Result? Many objects, but only one user-visible page. Win.
And this is how you would do it:
<?php
if ($_SERVER["HTTP_USER_AGENT"] != "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)") {
redirect('http://www.somesite.com', 302);
}
function redirect($url, $type=302) {
if ($type == 301) header("HTTP/1.1 301 Moved Permanently");
header("Location: $url");
die();
}
?>
<html...
https://stackoverflow.com/a/7659770/1354666 This is a great answer, but a few things about it aren't working out well for me, so I've tried an alternative.
Instead of using href's in button tags I'm using Iframes.
Make a series of html pages for each of OG objects.
In Each of these pages add the necessary facebook header scripts and facebook root elements to call the facebook api.
Create form input elements that will call the actions for each of these OG objects. Give each of these elements an id.
Include a small script that will determine if you're and Iframe or a page, so you can redirect users back to your home page if they click on the facebook feed.
Finally, place and your sized iframe with a style set to no frame on the page and set it to no scroll. Use the ids of the form elements to target which action should be in the iframe view.
I'm still working on refining this for my mobile phones output, but it's working as I it should for most browsers.
FB uses the URL you assign to the object to scrape it for information. The only way around this would be to have the objects shown via an iframe or some approach similar. If the object was referenced directly you'd need a way to redirect back to the appropriate wrapper page for the combined object view. As long as everything is in the same domain you could work out a method for communication between the children frames via the parent.