Apache Wicket has been updated to version 10.2, following the major release of Wicket 10 earlier this year. The open source Java web framework is now built on top of Java 17, and has a new module tester to improve JPMS adoption. It also has HTTP2 support within the Wicket core module.

Wicket is a component-based web application framework for Java that is a rival to frameworks such as Tapestry. It has been in production for over 10 years, consists of Java code and HTML markup, and has Ajax functionality and a good selection of basic Ajax components.

Pages and Components in Wicket are real Java objects that support encapsulation, inheritance and events. Global JavaScript libraries and CSS styling mix properly with component local JavaScript and CSS resources. Developers can use custom component libraries that ship with default JavaScript behavior and CSS styling, without having to do anything extra.

Wicket comes with injection support, and provides integration with CDI, Spring and Guice. It also has Jakarta EE integration, and developers can use JPA, EJBs, Bean Validation and CDI.

The main change to Wicket 10 is its reworking to use Java 17. It is also compatible with Java 21. Wicket 10 comes with a migration tool based on OpenRewrite to speed up migration from Wicket 9. To improve JPMS (Java 9 Platform Module System) adoption, Apache Wicket 10.0 introduces a new module wicket-tester containing common classes for unit testing. Users of class WicketTester must now include this module as test dependency.

Apache Wicket has also added HTTP2 support within the wicket core module, and ByteBuddy has replaced CGLib for creating serializable proxies for classes.

This release has also added support for Content Security Policy (CSP). The CSP standard allows applications to declare approved origins of content such as JavaScript, CSS and images for the browser to load. The Wicket developers say that they have concentrated on protecting against unwanted inline scripts, so-called 'unsafe-inline' and the most common cause of cross-site scripting vulnerabilities. Wicket 10 comes with full support for CSP and does not need any unsafe directives. It will automatically add a nonce to every header contribution and whitelist this nonce, so enabling flexible loading of resources without the need for a complex CSP.

Wicket 10.2 has a number of minor improvements including improved accessibility of AutoCompleteBehavior. The new version is available now.

More Information

Wicket Website

Related Articles

Apache Isis Adds Non-Public Visibility

Isis Improves Value Types

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Comments

Make a Comment or View Existing Comments Using Disqus

or email your comment to: comments@i-programmer.info