Apache Wicket - Component-based Java web framework

Overview

What is Apache Wicket?

Apache Wicket is an open source, java, component based, web application framework. With proper mark-up/logic separation, a POJO data model, and a refreshing lack of XML, Apache Wicket makes developing web-apps simple and enjoyable again. Swap the boilerplate, complex debugging and brittle code for powerful, reusable components written with plain Java and HTML.

Apache Wicket can be found at: http://wicket.apache.org and is licensed under the Apache Software Foundation license, version 2.0.

Getting started

The Wicket project has several resources and projects where you can learn from, and get started quickly:

What is in this package

The archive you just downloaded and unpacked contains the source code and the jars of the core projects of Wicket. If you are just starting out, you probably only need to include wicket-util-x.jar, wicket-request-x.jar and wicket-core-x.jar, where x stands for the version. As a rule, use just the jars you need.

You will find the source code here:

|-- apidocs
|   |-- org
|   `-- resources
|-- lib
|-- licenses
`-- src
    |-- archetypes
    |-- testing
    |-- wicket
    |-- wicket-auth-roles
    |-- wicket-bean-validation
    |-- wicket-cdi
    |-- wicket-core
    |-- wicket-devutils
    |-- wicket-eclipse-settings
    |-- wicket-examples
    |-- wicket-experimental
    |   |-- wicket-metrics
    |   |-- wicket-http2
    |-- wicket-extensions
    |-- wicket-guice
    |-- wicket-ioc
    |-- wicket-jmx
    |-- wicket-native-websocket
    |-- wicket-objectssizeof-agent
    |-- wicket-request
    |-- wicket-spring
    |-- wicket-util
    |-- wicket-user-guide
    `-- wicket-velocity

Here is a list of projects in this distribution and what they do.

  • wicket: the core project, includes the framework and basic components;
  • wicket-extensions: contains utilities and more specialized components;
  • wicket-auth-roles: a basic authorization package based on roles;
  • wicket-jmx: registers JMX beans for managing things like your Wicket configuration and markup cache;
  • wicket-objectssizeof-agent: utility for making better estimates of object sizes in the JVM - most people probably never need this;
  • wicket-ioc: base project for IoC (aka DI) implementations such as Spring and Guice;
  • wicket-spring: support project for using Spring with Wicket and including Spring managed dependencies through using @SpringBean annotations;
  • wicket-guice: support project for using Google Guice with Wicket;
  • wicket-velocity: contains special components for rendering Velocity templates using Wicket components - most people probably don't need this, but it can be neat when you want to do CMS-like things;
  • wicket-examples: contains a basic component reference and many examples of how to use Wicket and Wicket components, including examples for sub projects such as wicket-spring, wicket-velocity and wicket-auth-roles.
  • wicket-devutils: provides small utilities which can help in development phase
  • wicket-bean-validation: validates beans with annotation based on javax.validation;
  • wicket-cdi: the context and dependency injection of the jee standard for wicket;
  • wicket-devutils: some utils to help debugging wicket;
  • wicket-experimental: experimental implementations for wicket;
  • wicket-native-websocket: wicket's native web sockets integration for several servers;
  • wicket-request: lightweight project which contains all classes dealing with request handlers and so on;
  • wicket-util: the util project for wicket;
  • wicket-eclipse-settings: specifies Eclipse settings for a uniform development environment. Most notably the formatting rules;
  • wicket-user-guide: the user guide of wicket
  • wicket-metrics: collects data of a running wicket application
  • wicket-http2: http/2 push support

Dependencies

The easiest way of getting the dependencies of your Wicket based projects right is to use Apache Maven (http://maven.apache.org) with your projects and include the wicket dependencies you want is outlined in the wicket-quickstart. Maven will then take care of including the appropriate dependencies.

If you do not want to use maven, here is a break down of the dependencies you need. For the complete and precise reference see the wicket-parent pom.xml in the src/ folder.

  • wicket and wicket-extensions:

    You only need to include the Servlet API (3.1, just for compiling), SLF4J API and the SLF4J logging implementation you want. You cannot use Wicket without adding a SLF4J logging implementation to your classpath. Most people use log4j. If you do, just include slf4j-log4j12.jar on your classpath to get Wicket to use log4j too. If you want to use commons-logging or JDK14 logging or something else, please see the SLF4J site (http://www.slf4j.org/) for more information.

    As the following projects all depend on wicket, they inherit these dependencies.

  • wicket-velocity:

    Apache Velocity 1.7 (http://velocity.apache.org/) and it's dependencies (it ships a velocity-deps jar for convenience)

  • wicket-ioc:

    cglib 3.1 (http://cglib.sourceforge.net/) and asm-util 5.0.3 (http://asm.objectweb.org/)

  • wicket-spring:

    wicket-ioc and Spring (http://www.springframework.org/) and it's dependencies

  • wicket-guice:

    Google Guice (https://github.com/google/guice)

  • wicket-cdi: Component Dependency Injection 2.0 (http://cdi-spec.org/)

  • wicket-examples:

    All of the above.

Building Wicket from source

The Wicket distribution contains the final Wicket jar. You can use this directly in your applications. The Wicket project also uploads the source and JavaDoc jars as well as the final jar to the Maven repository used by the Maven build tool. So there is actually no specific need to build Wicket yourself from the distribution.

Building using Maven 2 or 3, change the working directory to src and either do:

  • mvn package

    creates wicket-x.y.z.jar in target/ subdirectory.

  • mvn install

    creates wicket-x.y.z.jar in target/ subdirectory and installs the file into your local Maven repository for use in other projects.

Migrating from 8.x

This file is a copy of the migration guide from available on our Wiki:

https://cwiki.apache.org/confluence/display/WICKET/Migration+to+Wicket+9.0

Getting help

  • Read the online documentation available on our website (http://wicket.apache.org)

  • Read the migration guide (migration-to-wicket-60.html)

  • Read the mailing archives available on Nabble, GMane and Apache

  • Send a complete message containing your problem, stacktrace and problem you're trying to solve to the user list ([email protected])

  • Ask a question on IRC at freenode.net, channel ##wicket

License

Wicket is distributed under the terms of the Apache Software Foundation license, version 2.0. The text is included in the file LICENSE in the root of the project.

Java/Application server requirements

Wicket 9 requires at least Java 11. The application server for running your web application should adhere to the servlet specification version 3.1 or newer.

Cryptographic Software Notice

This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See http://www.wassenaar.org for more information.

The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this Apache Software Foundation distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.

The following provides more details on the included cryptographic software:

For encoding HTTP URL data (see org.apache.wicket.core.request.mapper.CryptoMapper) Wicket requires the Java Cryptography extensions (http://java.sun.com/javase/technologies/security/). Wicket does not include these libraries itself, but is designed to use them.

Comments
  • WICKET-6727: Configurable Content-Security-Policy

    WICKET-6727: Configurable Content-Security-Policy

    I'm opening this PR to get some feedback on the suggested changes. The structure of the code is what I have in mind for this. I do know the documentation is still lacking a bit, but I plan on updating that when the code is ready to be merged.

    The most important notes are:

    • CSP is now enabled by default, but still with the unsafeEval() profile. I've clicked through several examples, and they worked fine. It does complain about a font css that cannot be loaded.
    • CSP is part of WebApplication and configured via getCSP(). The header response decorator is automatically registered and will add nonces when required. The previous header decorator is removed.
    • The CSP is rendered as HTTP header on every Page request, rather than in the markup. The nonce is changed on every request.
    • websocket-core is broken, because setHeader throws an UnsupportedOperationException. I'm not yet sure on how to fix this, suggestions are welcome.
    opened by papegaaij 33
  • wicket-metrics

    wicket-metrics

    Just a PR to make the review easier.

    The implementation was one of the ideas mentioned in the confluence page: https://cwiki.apache.org/confluence/display/WICKET/Ideas+for+Wicket+8.0

    Ticket has to be created

    @martin-g - Is there a ticket for the metrics topic already?

    opened by klopfdreh 28
  • Wicket 6786: Add Fetch Metadata support

    Wicket 6786: Add Fetch Metadata support

    Hello Wicket devs,

    This PR builds Fetch Metadata support on top of Wicket's existing CSRF protection, namely:

    • If a request has Sec-Fetch-* headers (i.e. comes from a modern browser), Fetch Metadata will be preferred. Otherwise, we will fall back to using the existing cross-request checks.
    • One default Resource Isolation Policy is provided based on https://web.dev/fetch-metadata/, which prevents all major cross-site request forgery attacks.
    • If the Origin or Referer headers are present, Fetch Metadata will apply the same exemptions as the existing Origin-based protection, i.e. allowing cross-origin requests from exempted origins.
    • The Vary header has been added to responses through onEndRequest to ensure that any cached responses include Fetch Metadata headers in their key. This is an added layer of security against cache poisoning.
    opened by salcho 22
  • WICKET-6688 add RFC support (to avoid unsafe eval)

    WICKET-6688 add RFC support (to avoid unsafe eval)

    Initial commit addressing https://issues.apache.org/jira/browse/WICKET-6688.

    Please have a look if it makes sense. If it is I can add documentation and do a cleanup.

    opened by andruhon 22
  • [WICKET-6999] Update bundle plugin to support slf4j [1.7,3)

    [WICKET-6999] Update bundle plugin to support slf4j [1.7,3)

    • [x] Initial PR for review
    • [x] Add a Karaf feature file to help with installs (and future itests)
    • [x] Add bundle headers to wicket-websocket, etc
    • [x] Fix OsgiClashingPackagesTest.collectProjectPackages() unit test
    • [x] ~~Finalize Require-Capability header yes|no, version various on branches?~~
    • [x] Uncomment _noee = true to disable Require-Capability header
    opened by mattrpav 18
  • [WICKET-6805] Add Cross-Origin Opener Policy and Cross-Origin Embedder Policy support

    [WICKET-6805] Add Cross-Origin Opener Policy and Cross-Origin Embedder Policy support

    Hello Wicket devs!

    This PR adds Cross-Origin Opener Policy and Cross-Origin Embedder Policy support for Wicket.

    COOP is a security mitigation that lets developers isolate their resources against side-channel attacks and information leaks. COEP prevents a document from loading any non-same-origin resources which don't explicitly grant the document permission to be loaded. COOP and COEP are independent mechanisms and they can be enabled, tested and deployed separately. Using COEP and COOP together allows developers to safely use powerful features such as SharedArrayBuffer, performance.measureMemory(), and the JS Self-Profiling API. Both COOP and COEP require adding headers to the response. COOP and COEP are now supported by all major browsers. See https://web.dev/why-coop-coep/ for reference.

    Here's a summary of all the changes:

    • We have added 2 new request cycle listeners, the CoopRequestCycleListener and CoepRequestCycleListener to handle adding the headers for the respective security mitigations.

    • The listeners can be configured using the CoopConfiguration and CoepConfiguration classes that use the builder pattern for ease of use by Wicket users.

    • Using CoopConfiguration Wicket users will be able to specify the policy they want for COOP (same-origin, same-origin-allow-popups or unsafe-none) and add exempted paths to specify the endpoints for which COOP will not be enabled.

    • Similarly using CoepConfiguration Wicket users will be able to add exempted paths for which COEP will be disabled and specify if they want COEP to be enforcing (header set as Cross-Origin-Embedder-Policy) or reporting (header set as Cross-Origin-Embedder-Policy-Report-Only)

    • We have added 2 new methods to the WebApplication class to make it convenient for users to enableCoop and enableCoep.

    Here are sample uses of enabling these mechnisms, in the init() method of the WebApplication:

    //enabling Cross-Origin Opener Policy
    enableCoop(new CoopConfiguration.Builder()
    			.withMode(CoopMode.SAME_ORIGIN).withExemptions("<exemptions>").build());
    //enabling Cross-Origin Embedder Policy
    enableCoep(new CoepConfiguration.Builder()
    			.withMode(CoepMode.ENFORCING).withExemptions("<exemptions>").build());
    
    opened by eozmen410 17
  • Changing o.a.w/wicket to a bundle and removing -core, -util and -request

    Changing o.a.w/wicket to a bundle and removing -core, -util and -request

    Changing o.a.w/wicket to a bundle and removing -core, -util and -request from deploying

    I'll start a full discussion about this on the dev mailing list that all can profit of it

    opened by anpieber 16
  • WICKET-6703 replace eval with jQuery.globalEval; add suspend/notify

    WICKET-6703 replace eval with jQuery.globalEval; add suspend/notify

    https://issues.apache.org/jira/browse/WICKET-6703

    Replaced window.eval with jQuery.globalEval, which allows to implement CSP policy without unsafe-eval

    opened by andruhon 15
  • WICKET-5926 - Arquillian Java EE 6 Support with Container ServletContext in BaseWicketTester/WicketTester.

    WICKET-5926 - Arquillian Java EE 6 Support with Container ServletContext in BaseWicketTester/WicketTester.

    I'm using Wildfly example from https://github.com/wildfly/quickstart/tree/master/wicket-war Made some modifications and added an Arquillian Test configured and running, everything passing, and has some LOG to help to understand. To run for the first time just type: mvn install Then mvn test. Import to Eclipse (or any IDE), and run the example inside, to debug, has to run the test normally and connect as remote. Not necessary to download any Application Server, the maven plugin already do this for you (It's managed).

    Signed-off-by: Felipe C Almeida [email protected]

    opened by phlbrz 15
  • Cdi 1.1 experimental 0.3-SNAPSHOT

    Cdi 1.1 experimental 0.3-SNAPSHOT

    Major changes to internals. Now supports @Conversational(auto,propagation) annotation to allow pages to override global configuration. Added WicketCdiFilter to allow the Cdi functionality to be set before the apps are loaded. This allows for configuration of global settings in web.xml and for Injection at Application initialization. One can now put @Inject in the WebApplication class and use the variable in the init function or anywhere else. Added several tests for ConversationPropagation use cases. Reintroduced the original Configuration option as deprecated methods to allow easier transition from cdi 1.0 implementation. The Propagation and Auto can be programmatically changed at runtime if the calling code is in a non-transient conversation. Any changes to the global defaults are stored in a ConversationManager which is ConversationScoped. Adding the test helped to weed out many potential problems.

    opened by jsarman 15
  • [WICKET-6876] add an AJAX behavior to transfer client side file infor…

    [WICKET-6876] add an AJAX behavior to transfer client side file infor…

    [WICKET-6876] add an AJAX behavior to transfer client side file information to server side (when a file is selected for upload at client side).

    This PR replaces

    https://github.com/apache/wicket/pull/466

    I have included comments/remarks provided there. Now also submit buttons will be disabled is chosen file is bigger than allowed

    image

    and enabled in case file is Ok

    image

    Thus this illustrates how AJAX behavior can be used to do on the spot "minimum validation" without need to submit file.

    opened by reiern70 14
  • Bump ejs from 3.1.6 to 3.1.8 in /testing/wicket-js-tests

    Bump ejs from 3.1.6 to 3.1.8 in /testing/wicket-js-tests

    Bumps ejs from 3.1.6 to 3.1.8.

    Release notes

    Sourced from ejs's releases.

    v3.1.8

    Version 3.1.8

    v3.1.7

    Version 3.1.7

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • [WICKET-6954] implement server side heart-beat + client reconnection in case of inactivity

    [WICKET-6954] implement server side heart-beat + client reconnection in case of inactivity

    @martin-g

    I have tried to use ping-pong approach but I don't know how to implement client side reconnect using it: it seems there is no any "onping" at client side. I have added a second approach were server send some small binary message as "ping" and client side use it as heartbeat to determine server is still there. In case of "disconnection", client will try to reconnect.

    There still might be quite a bit of work to do in this PR or maybe use a different approach?

    opened by reiern70 1
  • WICKET-6823: Add a container to AbstractTransformerBehavior to support multiple instances per component.

    WICKET-6823: Add a container to AbstractTransformerBehavior to support multiple instances per component.

    The current implementation of AbstractTransformerBehavior replaces responses and doesn't properly take into account use cases in which multiple instances doing the same are assigned to the same component. This adds a container for those use cases to combine all those transformers into one dealing with replacing the responses instead. While that container needs to be used explicitly, it's the easiest implementation to workaround the current limitations.

    The container is embedded into AbstractTransformerBehavior, because it's small overall, can easily be spotted this way by users and I wasn't too sure about a good alternative name anyway. There would be many possibilities like [Abstract]TransformerBehaviors, [Abstract]TransformerBehavior[Container|Multi], MultiAbstractTransformerBehavior etc..

    This PR is based on wicket-8.x instead of master, because that is what I'm using currently and the only thing I'm able to test and build right now.

    opened by ams-tschoening 0
  • WICKET-6774: rework of component state

    WICKET-6774: rework of component state

    State of a component is no longer stored as an array but using instances of ComponentState. These have a smaller memory footprint in most cases, are more efficient and the code is easier to read (I hope).

    Note that a small change in behavior is introduced: behavior ids are only maintained for statefull behaviors. Ids can change for other behaviors, also when combined on the same component.

    ComponentState still needs documentation, but first let's agree on this approach.

    opened by papegaaij 0
Owner
The Apache Software Foundation
The Apache Software Foundation
A web MVC action-based framework, on top of CDI, for fast and maintainable Java development.

A web MVC action-based framework, on top of CDI, for fast and maintainable Java development. Downloading For a quick start, you can use this snippet i

Caelum 347 Nov 15, 2022
Ultimate Component Suite for JavaServer Faces

PrimeFaces This is an overview page, please visit PrimeFaces.org for more information. Overview PrimeFaces is one of the most popular UI libraries in

PrimeFaces 1.5k Jan 3, 2023
An evolving set of open source web components for building mobile and desktop web applications in modern browsers.

Vaadin components Vaadin components is an evolving set of high-quality user interface web components commonly needed in modern mobile and desktop busi

Vaadin 519 Dec 31, 2022
Vaadin 6, 7, 8 is a Java framework for modern Java web applications.

Vaadin Framework Vaadin allows you to build modern web apps efficiently in plain Java, without touching low level web technologies. This repository co

Vaadin 1.7k Jan 5, 2023
Ninja is a full stack web framework for Java. Rock solid, fast and super productive.

_______ .___ _______ ____. _____ \ \ | |\ \ | | / _ \ / | \| |/ | \ | |/ /_\ \ / | \

Ninja Web Framework 1.9k Jan 5, 2023
The modular web framework for Java and Kotlin

∞ do more, more easily Jooby is a modern, performant and easy to use web framework for Java and Kotlin built on top of your favorite web server. Java:

jooby 1.5k Dec 16, 2022
Micro Java Web Framework

Micro Java Web Framework It's an open source (Apache License) micro web framework in Java, with minimal dependencies and a quick learning curve. The g

Pippo 769 Dec 19, 2022
True Object-Oriented Java Web Framework

Project architect: @paulodamaso Takes is a true object-oriented and immutable Java8 web development framework. Its key benefits, comparing to all othe

Yegor Bugayenko 748 Dec 23, 2022
ZK is a highly productive Java framework for building amazing enterprise web and mobile applications

ZK ZK is a highly productive Java framework for building amazing enterprise web and mobile applications. Resources Documentation Tutorial ZK Essential

ZK 375 Dec 23, 2022
An Intuitive, Lightweight, High Performance Full Stack Java Web Framework.

mangoo I/O mangoo I/O is a Modern, Intuitive, Lightweight, High Performance Full Stack Java Web Framework. It is a classic MVC-Framework. The foundati

Sven Kubiak 52 Oct 31, 2022
A simple expressive web framework for java. Spark has a kotlin DSL https://github.com/perwendel/spark-kotlin

Spark - a tiny web framework for Java 8 Spark 2.9.3 is out!! Changeset <dependency> <groupId>com.sparkjava</groupId> <artifactId>spark-core</a

Per Wendel 9.4k Dec 29, 2022
A server-state reactive Java web framework for building real-time user interfaces and UI components.

RSP About Maven Code examples HTTP requests routing HTML markup Java DSL Page state model Single-page application Navigation bar URL path UI Component

Vadim Vashkevich 33 Jul 13, 2022
Javalin - A simple web framework for Java and Kotlin

Javalin is a very lightweight web framework for Kotlin and Java which supports WebSockets, HTTP2 and async requests. Javalin’s main goals are simplicity, a great developer experience, and first class interoperability between Kotlin and Java.

David (javalin.io) 6.2k Jan 6, 2023
The Grails Web Application Framework

Build Status Slack Signup Slack Signup Grails Grails is a framework used to build web applications with the Groovy programming language. The core fram

grails 2.7k Jan 5, 2023
jetbrick web mvc framework

jetbrick-webmvc Web MVC framework for jetbrick. Documentation http://subchen.github.io/jetbrick-webmvc/ Dependency <dependency> <groupId>com.githu

Guoqiang Chen 25 Nov 15, 2022
🚀 The best rbac web framework. base on Spring Boot 2.4、 Spring Cloud 2020、 OAuth2 . Thx Give a star

?? The best rbac web framework. base on Spring Boot 2.4、 Spring Cloud 2020、 OAuth2 . Thx Give a star

pig-mesh 4.3k Jan 8, 2023
Java Web Toolkit

What is JWt ? JWt is a Java library for developing web applications. It provides a pure Java component-driven approach to building web applications, a

null 48 Jul 16, 2022
RESTEasy is a JBoss project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications

RESTEasy RESTEasy is a JBoss.org project aimed at providing productivity frameworks for developing client and server RESTful applications and services

RESTEasy 1k Dec 23, 2022
This is a Playwright Java Framework written in POM

Playwright Java Framework Main Objective of this Framework is to Build an Automation Framework that can be scalable, Easily Configurable and Ready to

AutoInfra 11 Oct 17, 2022