Trying to understand Wick setResponsePage for iframe display

Multi tool use
Multi tool use












0















My first page has links to files that are stored in a database. Clicking a link opens my second page, which displays the document in an <iframe>. I have tried three ways of calling the second page. One way fails to work and the other two are not secure: logout following by clicking back re-opens the page.



Files from the database are copied to MyProject/web/ folder on the server.
The <iframe src=...> attribute is replaced with the file path by the overridden InlineFrame#onComponentTag(ComponentTag tag).



Method 1 fails to find the file. I would prefer to use this method as it is the most secure. First page



setResponsePage(DisplayResourcePage.class, params);


The second page should get the file from the database.



DisplayResourcePage(PageParameters parameters) {..}


Some diagnostics. The browser shows a 404 File Not Found error. I am not sure where it is looking for the file. src will be replaced. Can it be that the initial src still affects the location where the file is expected to be read from?



realPath: C:Usersjoeworkspace.metadata.pluginsorg.eclipse.wst.server.coretmp1wtpwebappsMyProject
src before ./com.mycompany.shared.DisplayResourcePage?4-1.ILinkListener-pdfframe


Method 2 finds the file but is not secure. First page



setResponsePage(new DisplayResourcePage(params));


The second page gets the file from the database using the same constructor.



DisplayResourcePage(PageParameters parameters) {..}


Some diagnostics. src is the initial <iframe src=...> attribute. It is replaced by the file path in all cases.



realPath: C:Usersjoeworkspace.metadata.pluginsorg.eclipse.wst.server.coretmp1wtpwebappsMyProject
src before ./page?7-1.ILinkListener-pdfframe


Method 3 finds the file but is not secure. First page



setResponsePage(new DisplayResourcePage(item.getModelObject()));


The second page gets the file from the database using a different constructor.



public DisplayResourcePage(EntityOtherResourceModel resourceModelItem) {..}


The diagnostics are the same as method 2.










share|improve this question



























    0















    My first page has links to files that are stored in a database. Clicking a link opens my second page, which displays the document in an <iframe>. I have tried three ways of calling the second page. One way fails to work and the other two are not secure: logout following by clicking back re-opens the page.



    Files from the database are copied to MyProject/web/ folder on the server.
    The <iframe src=...> attribute is replaced with the file path by the overridden InlineFrame#onComponentTag(ComponentTag tag).



    Method 1 fails to find the file. I would prefer to use this method as it is the most secure. First page



    setResponsePage(DisplayResourcePage.class, params);


    The second page should get the file from the database.



    DisplayResourcePage(PageParameters parameters) {..}


    Some diagnostics. The browser shows a 404 File Not Found error. I am not sure where it is looking for the file. src will be replaced. Can it be that the initial src still affects the location where the file is expected to be read from?



    realPath: C:Usersjoeworkspace.metadata.pluginsorg.eclipse.wst.server.coretmp1wtpwebappsMyProject
    src before ./com.mycompany.shared.DisplayResourcePage?4-1.ILinkListener-pdfframe


    Method 2 finds the file but is not secure. First page



    setResponsePage(new DisplayResourcePage(params));


    The second page gets the file from the database using the same constructor.



    DisplayResourcePage(PageParameters parameters) {..}


    Some diagnostics. src is the initial <iframe src=...> attribute. It is replaced by the file path in all cases.



    realPath: C:Usersjoeworkspace.metadata.pluginsorg.eclipse.wst.server.coretmp1wtpwebappsMyProject
    src before ./page?7-1.ILinkListener-pdfframe


    Method 3 finds the file but is not secure. First page



    setResponsePage(new DisplayResourcePage(item.getModelObject()));


    The second page gets the file from the database using a different constructor.



    public DisplayResourcePage(EntityOtherResourceModel resourceModelItem) {..}


    The diagnostics are the same as method 2.










    share|improve this question

























      0












      0








      0








      My first page has links to files that are stored in a database. Clicking a link opens my second page, which displays the document in an <iframe>. I have tried three ways of calling the second page. One way fails to work and the other two are not secure: logout following by clicking back re-opens the page.



      Files from the database are copied to MyProject/web/ folder on the server.
      The <iframe src=...> attribute is replaced with the file path by the overridden InlineFrame#onComponentTag(ComponentTag tag).



      Method 1 fails to find the file. I would prefer to use this method as it is the most secure. First page



      setResponsePage(DisplayResourcePage.class, params);


      The second page should get the file from the database.



      DisplayResourcePage(PageParameters parameters) {..}


      Some diagnostics. The browser shows a 404 File Not Found error. I am not sure where it is looking for the file. src will be replaced. Can it be that the initial src still affects the location where the file is expected to be read from?



      realPath: C:Usersjoeworkspace.metadata.pluginsorg.eclipse.wst.server.coretmp1wtpwebappsMyProject
      src before ./com.mycompany.shared.DisplayResourcePage?4-1.ILinkListener-pdfframe


      Method 2 finds the file but is not secure. First page



      setResponsePage(new DisplayResourcePage(params));


      The second page gets the file from the database using the same constructor.



      DisplayResourcePage(PageParameters parameters) {..}


      Some diagnostics. src is the initial <iframe src=...> attribute. It is replaced by the file path in all cases.



      realPath: C:Usersjoeworkspace.metadata.pluginsorg.eclipse.wst.server.coretmp1wtpwebappsMyProject
      src before ./page?7-1.ILinkListener-pdfframe


      Method 3 finds the file but is not secure. First page



      setResponsePage(new DisplayResourcePage(item.getModelObject()));


      The second page gets the file from the database using a different constructor.



      public DisplayResourcePage(EntityOtherResourceModel resourceModelItem) {..}


      The diagnostics are the same as method 2.










      share|improve this question














      My first page has links to files that are stored in a database. Clicking a link opens my second page, which displays the document in an <iframe>. I have tried three ways of calling the second page. One way fails to work and the other two are not secure: logout following by clicking back re-opens the page.



      Files from the database are copied to MyProject/web/ folder on the server.
      The <iframe src=...> attribute is replaced with the file path by the overridden InlineFrame#onComponentTag(ComponentTag tag).



      Method 1 fails to find the file. I would prefer to use this method as it is the most secure. First page



      setResponsePage(DisplayResourcePage.class, params);


      The second page should get the file from the database.



      DisplayResourcePage(PageParameters parameters) {..}


      Some diagnostics. The browser shows a 404 File Not Found error. I am not sure where it is looking for the file. src will be replaced. Can it be that the initial src still affects the location where the file is expected to be read from?



      realPath: C:Usersjoeworkspace.metadata.pluginsorg.eclipse.wst.server.coretmp1wtpwebappsMyProject
      src before ./com.mycompany.shared.DisplayResourcePage?4-1.ILinkListener-pdfframe


      Method 2 finds the file but is not secure. First page



      setResponsePage(new DisplayResourcePage(params));


      The second page gets the file from the database using the same constructor.



      DisplayResourcePage(PageParameters parameters) {..}


      Some diagnostics. src is the initial <iframe src=...> attribute. It is replaced by the file path in all cases.



      realPath: C:Usersjoeworkspace.metadata.pluginsorg.eclipse.wst.server.coretmp1wtpwebappsMyProject
      src before ./page?7-1.ILinkListener-pdfframe


      Method 3 finds the file but is not secure. First page



      setResponsePage(new DisplayResourcePage(item.getModelObject()));


      The second page gets the file from the database using a different constructor.



      public DisplayResourcePage(EntityOtherResourceModel resourceModelItem) {..}


      The diagnostics are the same as method 2.







      java iframe wicket






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Dec 28 '18 at 21:23









      JoeABJoeAB

      337




      337
























          1 Answer
          1






          active

          oldest

          votes


















          0














          MyPage(AnyObject) is usually more secure than MyPage(PageParameters) because it creates non-bookmarkable url.



          I think you should focus on why the page doesn't return error 403 (not authorized) after logout. To me you have some issue in the authentication logic of your application.



          Another option could be that the page is saved in the browser cache and that's why it is loading after logout but by default Wicket sets "no-store" pragma for pages.






          share|improve this answer


























          • setHeaders(WebResponse) was already overridden. It is called during construction but not after the back button is pressed. Where can I watch messages being exchanged?

            – JoeAB
            Dec 31 '18 at 17:05











          • When using MyPage(AnyObject), logout following by clicking the back button traps the page and show the SessionError page when Chrome Developer Tools are open but not when they are closed. I do not understand why.

            – JoeAB
            Dec 31 '18 at 17:10











          • I have managed to locate a specified file using Method 1. Unfortunately, the page gets re-loaded after clicking Logout and the back button.

            – JoeAB
            Jan 8 at 21:50











          • Is it loaded from the browser cache or a new HTTP call is made for it ? The correct behavior is to make a new call and the server to return error 401.

            – martin-g
            Jan 9 at 8:49











          • It is loaded from the browser cache, despite my efforts to prevent it. Developer Tools does not show any messages and my server code is not called.

            – JoeAB
            Jan 10 at 14:21











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53964426%2ftrying-to-understand-wick-setresponsepage-for-iframe-display%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          MyPage(AnyObject) is usually more secure than MyPage(PageParameters) because it creates non-bookmarkable url.



          I think you should focus on why the page doesn't return error 403 (not authorized) after logout. To me you have some issue in the authentication logic of your application.



          Another option could be that the page is saved in the browser cache and that's why it is loading after logout but by default Wicket sets "no-store" pragma for pages.






          share|improve this answer


























          • setHeaders(WebResponse) was already overridden. It is called during construction but not after the back button is pressed. Where can I watch messages being exchanged?

            – JoeAB
            Dec 31 '18 at 17:05











          • When using MyPage(AnyObject), logout following by clicking the back button traps the page and show the SessionError page when Chrome Developer Tools are open but not when they are closed. I do not understand why.

            – JoeAB
            Dec 31 '18 at 17:10











          • I have managed to locate a specified file using Method 1. Unfortunately, the page gets re-loaded after clicking Logout and the back button.

            – JoeAB
            Jan 8 at 21:50











          • Is it loaded from the browser cache or a new HTTP call is made for it ? The correct behavior is to make a new call and the server to return error 401.

            – martin-g
            Jan 9 at 8:49











          • It is loaded from the browser cache, despite my efforts to prevent it. Developer Tools does not show any messages and my server code is not called.

            – JoeAB
            Jan 10 at 14:21
















          0














          MyPage(AnyObject) is usually more secure than MyPage(PageParameters) because it creates non-bookmarkable url.



          I think you should focus on why the page doesn't return error 403 (not authorized) after logout. To me you have some issue in the authentication logic of your application.



          Another option could be that the page is saved in the browser cache and that's why it is loading after logout but by default Wicket sets "no-store" pragma for pages.






          share|improve this answer


























          • setHeaders(WebResponse) was already overridden. It is called during construction but not after the back button is pressed. Where can I watch messages being exchanged?

            – JoeAB
            Dec 31 '18 at 17:05











          • When using MyPage(AnyObject), logout following by clicking the back button traps the page and show the SessionError page when Chrome Developer Tools are open but not when they are closed. I do not understand why.

            – JoeAB
            Dec 31 '18 at 17:10











          • I have managed to locate a specified file using Method 1. Unfortunately, the page gets re-loaded after clicking Logout and the back button.

            – JoeAB
            Jan 8 at 21:50











          • Is it loaded from the browser cache or a new HTTP call is made for it ? The correct behavior is to make a new call and the server to return error 401.

            – martin-g
            Jan 9 at 8:49











          • It is loaded from the browser cache, despite my efforts to prevent it. Developer Tools does not show any messages and my server code is not called.

            – JoeAB
            Jan 10 at 14:21














          0












          0








          0







          MyPage(AnyObject) is usually more secure than MyPage(PageParameters) because it creates non-bookmarkable url.



          I think you should focus on why the page doesn't return error 403 (not authorized) after logout. To me you have some issue in the authentication logic of your application.



          Another option could be that the page is saved in the browser cache and that's why it is loading after logout but by default Wicket sets "no-store" pragma for pages.






          share|improve this answer















          MyPage(AnyObject) is usually more secure than MyPage(PageParameters) because it creates non-bookmarkable url.



          I think you should focus on why the page doesn't return error 403 (not authorized) after logout. To me you have some issue in the authentication logic of your application.



          Another option could be that the page is saved in the browser cache and that's why it is loading after logout but by default Wicket sets "no-store" pragma for pages.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Jan 9 at 8:48

























          answered Dec 29 '18 at 6:10









          martin-gmartin-g

          12.1k1826




          12.1k1826













          • setHeaders(WebResponse) was already overridden. It is called during construction but not after the back button is pressed. Where can I watch messages being exchanged?

            – JoeAB
            Dec 31 '18 at 17:05











          • When using MyPage(AnyObject), logout following by clicking the back button traps the page and show the SessionError page when Chrome Developer Tools are open but not when they are closed. I do not understand why.

            – JoeAB
            Dec 31 '18 at 17:10











          • I have managed to locate a specified file using Method 1. Unfortunately, the page gets re-loaded after clicking Logout and the back button.

            – JoeAB
            Jan 8 at 21:50











          • Is it loaded from the browser cache or a new HTTP call is made for it ? The correct behavior is to make a new call and the server to return error 401.

            – martin-g
            Jan 9 at 8:49











          • It is loaded from the browser cache, despite my efforts to prevent it. Developer Tools does not show any messages and my server code is not called.

            – JoeAB
            Jan 10 at 14:21



















          • setHeaders(WebResponse) was already overridden. It is called during construction but not after the back button is pressed. Where can I watch messages being exchanged?

            – JoeAB
            Dec 31 '18 at 17:05











          • When using MyPage(AnyObject), logout following by clicking the back button traps the page and show the SessionError page when Chrome Developer Tools are open but not when they are closed. I do not understand why.

            – JoeAB
            Dec 31 '18 at 17:10











          • I have managed to locate a specified file using Method 1. Unfortunately, the page gets re-loaded after clicking Logout and the back button.

            – JoeAB
            Jan 8 at 21:50











          • Is it loaded from the browser cache or a new HTTP call is made for it ? The correct behavior is to make a new call and the server to return error 401.

            – martin-g
            Jan 9 at 8:49











          • It is loaded from the browser cache, despite my efforts to prevent it. Developer Tools does not show any messages and my server code is not called.

            – JoeAB
            Jan 10 at 14:21

















          setHeaders(WebResponse) was already overridden. It is called during construction but not after the back button is pressed. Where can I watch messages being exchanged?

          – JoeAB
          Dec 31 '18 at 17:05





          setHeaders(WebResponse) was already overridden. It is called during construction but not after the back button is pressed. Where can I watch messages being exchanged?

          – JoeAB
          Dec 31 '18 at 17:05













          When using MyPage(AnyObject), logout following by clicking the back button traps the page and show the SessionError page when Chrome Developer Tools are open but not when they are closed. I do not understand why.

          – JoeAB
          Dec 31 '18 at 17:10





          When using MyPage(AnyObject), logout following by clicking the back button traps the page and show the SessionError page when Chrome Developer Tools are open but not when they are closed. I do not understand why.

          – JoeAB
          Dec 31 '18 at 17:10













          I have managed to locate a specified file using Method 1. Unfortunately, the page gets re-loaded after clicking Logout and the back button.

          – JoeAB
          Jan 8 at 21:50





          I have managed to locate a specified file using Method 1. Unfortunately, the page gets re-loaded after clicking Logout and the back button.

          – JoeAB
          Jan 8 at 21:50













          Is it loaded from the browser cache or a new HTTP call is made for it ? The correct behavior is to make a new call and the server to return error 401.

          – martin-g
          Jan 9 at 8:49





          Is it loaded from the browser cache or a new HTTP call is made for it ? The correct behavior is to make a new call and the server to return error 401.

          – martin-g
          Jan 9 at 8:49













          It is loaded from the browser cache, despite my efforts to prevent it. Developer Tools does not show any messages and my server code is not called.

          – JoeAB
          Jan 10 at 14:21





          It is loaded from the browser cache, despite my efforts to prevent it. Developer Tools does not show any messages and my server code is not called.

          – JoeAB
          Jan 10 at 14:21


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53964426%2ftrying-to-understand-wick-setresponsepage-for-iframe-display%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          OJ,EViyr18nbm4vx5OT,uouMS09hVKNyjdYI7 Im1N8w GVlaOrZjdTUbzbIcnZrg5
          Lq17I zMYyITQCndi T uu9vz0W,ufLgY4R58u3UshfDn p7Ts5kSQgbOqFMrxupZaB Ior0nAOv YtLQI 7HzfMx7M n

          Popular posts from this blog

          Monofisismo

          Angular Downloading a file using contenturl with Basic Authentication

          Olmecas