Author: jdonnerstag
Date: Sun Jan 25 15:43:38 2009
New Revision: 737525
URL: http://svn.apache.org/viewvc?rev=737525&view=rev
Log:
wicket-2042: CryptedUrlWebRequestCodingStrategy produces Sessions on stateless
pages
javadoc improvement
Modified:
wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/http/request/CryptedUrlWebRequestCodingStrategy.java
Modified:
wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/http/request/CryptedUrlWebRequestCodingStrategy.java
URL:
http://svn.apache.org/viewvc/wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/http/request/CryptedUrlWebRequestCodingStrategy.java?rev=737525&r1=737524&r2=737525&view=diff
==============================================================================
---
wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/http/request/CryptedUrlWebRequestCodingStrategy.java
(original)
+++
wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/http/request/CryptedUrlWebRequestCodingStrategy.java
Sun Jan 25 15:43:38 2009
@@ -67,6 +67,14 @@
* <b>Note:</b> When trying to hack urls in the browser an exception might be
caught while decoding
* the URL. By default, for safety reasons a very simple
WicketRuntimeException is thrown. The
* original stack trace is only logged.
+ * <p/>
+ * <b>Note:</b> by default Wicket uses
+ * {...@link org.apache.wicket.util.crypt.KeyInSessionSunJceCryptFactory} to
encrypt the query-string.
+ * KeyInSessionSunJceCryptFactory creates a unique encryption key per session
and and uses the
+ * session as persistence store. Hence stateless pages will create a session
as well and are no
+ * longer stateless. You may avoid that by implementing your own ICryptFactory
which e.g. uses an
+ * application wide encryption key and thus doesn't need a session. You can
register your own
+ * ICryptFactory via Application.getSecuritySettings().setCryptFactory().
*
* @author Juergen Donnerstag
*/
@@ -139,6 +147,10 @@
defaultStrategy.unmount(path);
}
+ /**
+ *
+ * @see
org.apache.wicket.request.IRequestTargetMounter#addIgnoreMountPath(java.lang.String)
+ */
public void addIgnoreMountPath(String path)
{
defaultStrategy.addIgnoreMountPath(path);
@@ -272,7 +284,7 @@
/**
* @param ex
*
- * @return decoded URL
+ * @return xxx
* @deprecated Use {...@link #onError(Exception, String)}
*/
@Deprecated
@@ -281,6 +293,12 @@
throw new PageExpiredException("Invalid URL");
}
+ /**
+ *
+ * @param ex
+ * @param url
+ * @return error text
+ */
protected String onError(final Exception ex, String url)
{
log.info("Invalid URL: " + url + ", message:" +
ex.getMessage());
@@ -359,6 +377,14 @@
}
/**
+ * @see
org.apache.wicket.request.IRequestCodingStrategy#rewriteStaticRelativeUrl(java.lang.String)
+ */
+ public String rewriteStaticRelativeUrl(String string)
+ {
+ return UrlUtils.rewriteToContextRelative(string,
RequestCycle.get().getRequest());
+ }
+
+ /**
* IRequestCodingStrategy.decode(Request) requires a Request parameter
and not a URL. Hence,
* based on the original URL and the decoded 'x' parameter a new
Request object must be created
* to serve the default coding strategy as input for analyzing the URL.
@@ -517,12 +543,18 @@
return request.getPath();
}
+ /**
+ * @see
org.apache.wicket.Request#getRelativePathPrefixToContextRoot()
+ */
@Override
public String getRelativePathPrefixToContextRoot()
{
return request.getRelativePathPrefixToContextRoot();
}
+ /**
+ * @see
org.apache.wicket.Request#getRelativePathPrefixToWicketHandler()
+ */
@Override
public String getRelativePathPrefixToWicketHandler()
{
@@ -538,6 +570,9 @@
return url;
}
+ /**
+ * @see org.apache.wicket.Request#getQueryString()
+ */
@Override
public String getQueryString()
{
@@ -584,10 +619,4 @@
return getMessage();
}
}
-
- /** {...@inheritdoc} */
- public String rewriteStaticRelativeUrl(String string)
- {
- return UrlUtils.rewriteToContextRelative(string,
RequestCycle.get().getRequest());
- }
}
