wicket-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jesse Long <...@unknown.za.net>
Subject Re: Wicket CryptoMapper loses RequestParameters for HomePage (1.5-SNAPSHOT)
Date Tue, 06 Nov 2012 14:32:20 GMT
On 05/11/2012 22:50, matmar wrote:
> Hi!
>
> We have a problem with using CryptoMapper, and a proposed fix. I'd like some
> comments from this community regarding both the bug and the fix.
>
> When CryptoMapper is used, query parameters are only found via
> PageParameters, and not via RequestParameters, as expected.
>
> Code to repro:
> ------code-----
> HomePage.java
>   
>      public HomePage(final PageParameters parameters) {
>                add(new Label("version",
> getApplication().getFrameworkSettings().getVersion()));
>                add(new Label("fooFromPageParameters",
> parameters.get("foo").toString("NOT_FOUND_FROM_PAGE_PARAMETERS")));
>                add(new Label("fooFromRequestParameters",
> getRequest().getRequestParameters().getParameterValue("foo").toString("NOT_FOUND_FROM_REQUEST_PARAMETERS")));
>      }
>   
> HomePage.html
>   
>                <div id="bd">
>                       
> Congratulations!
>
>                       <p>Wicket version: <wicket:container
> wicket:id="version">1.5-SNAPSHOT</wicket:container></p>
>                       <p>Foo from Page parameters: <wicket:container
> wicket:id="fooFromPageParameters">fooFromPageParametes</wicket:container></p>
>                       <p>Foo from request parameters: <wicket:container
> wicket:id="fooFromRequestParameters">fooFromRequestParameters</wicket:container></p>
>                </div>
>   
> WicketApplication.java
>   
>         public void init()
>         {
>                super.init();
>                //comment to get both parameters working
>                setRootRequestMapper(new CryptoMapper(getRootRequestMapper(),
> this));
>               
>         }
>   
> When called with url http://localhost:8080/?foo=bar, and CryptoMapper is
> enabled, the value for foo is not found via requestParameters.
>
> ----code-------
>
> And then the proposed fix:
> http://pastebin.com/dWdPhcLD
>
>

Hi matmar,

The problem is this: The request comes in with an unencrypted url, like: 
/?foo=bar. Then, the CryptoMapper encrypts this to something like: 
/kjhskfdjhfksd and redirects to this URL. Then, after the redirect, the 
request returned by Component.getRequest() is the Request containing the 
encrypted URL. Request.getRequestParameters() returns an adapter which 
works directly on the URL, and so does getQueryParamaters(). These are 
actually doing their jobs correctly, the problem is that the wrong 
Request is being returned by RequestCycle.get().getRequest().

This code should solve that:

CryptoMapper.java:
@Override
public IRequestHandler mapRequest(final Request request)
{
     Url url = decryptUrl(request, request.getUrl());

     if (url == null){
         return wrappedMapper.mapRequest(request);
     }

     Request decryptedRequest = request.cloneWithUrl(url);

     IRequestHandler requestHandler = 
wrappedMapper.mapRequest(decryptedRequest);

     if (requestHandler == null){
         return null;
     }
     /* we must not simply set the correct request here, because we are 
not sure
      * that a potential parent request mapper may select another, 
higher scoring,
      * request handler. */
     return new RequestSettingRequestHandler(decryptedRequest, 
requestHandler);
}

private static class RequestSettingRequestHandler
     implements IRequestHandler
{
     private Request request;
     private final IRequestHandler wrappedHandler;

     public RequestSettingRequestHandler(Request request, 
IRequestHandler wrappedHandler)
     {
         this.request = request;
         this.wrappedHandler = wrappedHandler;
     }

     public void respond(IRequestCycle requestCycle)
     {
         RequestCycle.get().setRequest(request);
         wrappedHandler.respond(requestCycle);
     }

     public void detach(IRequestCycle requestCycle)
     {
         wrappedHandler.detach(requestCycle);
     }
}


Having said all that, we should not be encrypting the URL for the home 
page, so we could simply change the beginning of 
CryptoMapper.encryptUrl() from:

         /* this is probably a bug, mea culpa */
         if (url.getSegments().isEmpty() && 
url.getQueryParameters().isEmpty())
         {
             return url;
         }

to:

         if (url.getSegments().isEmpty())
         {
             return url;
         }

Cheers,
Jesse

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org


Mime
View raw message