These examples show how to serve files (or more generally data
streams) by reusing the powerful Wicket concepts like
IResourceStream, IRequestTarget and
IRequestTargetUrlCodingStrategy.
Static pages are stateless pages that do not make use of
Wicket Components, in fact those pages can be also considered
dynamic if you take the example of an XSLT transform.
Here is an overview of the relevant classes:
- URIRequestTargetUrlCodingStrategy: Request coding strategy
that uses a simple URI, and allows for beautiful URLs. This is
configured in the application's init method using
Application.mount().
- XSLTResourceStream: IResourceStream that applies XSLT on an
IResourceStream
- WebExternalResourceStream: An IResourceStream that reads
data from a file in the web application
- PackageResourceStream: An IResourceStream that reads data
from a resource in the classpath
- FileResourceStream: if you serve files directly, be careful
to check that the requested file is below a given base directory
comparing the File.getCanonicalPath() of the requested file and
the base directory, otherwise your application will give read access to
the whole disk, and it can be easily exploited by malicious users who
forge the URL.
- And all this made possible thanks to
ResourceStreamRequestTarget that is returned in
IRequestTargetUrlCodingStrategy.decode()
NOTE: it is possible to serve any kind of content using this method, not
only HTML files.