Author: ivaynberg
Date: Tue Mar 2 06:40:45 2010
New Revision: 917896
URL: http://svn.apache.org/viewvc?rev=917896&view=rev
Log:
reimplemented CryptUrlWebRequestCodingStrategy as CryptoMapper
Added:
wicket/trunk/wicket/src/main/java/org/apache/wicket/ng/request/mapper/CryptoMapper.java
(with props)
Removed:
wicket/trunk/wicket/src/test/java/org/apache/wicket/protocol/http/request/WicketApplication.java
Modified:
wicket/trunk/wicket-examples/src/main/java/org/apache/wicket/examples/library/LibraryApplication.java
wicket/trunk/wicket/src/main/java/org/apache/wicket/Application.java
wicket/trunk/wicket/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java
wicket/trunk/wicket/src/test/java/org/apache/wicket/protocol/http/request/CryptedUrlWebRequestCodingStrategyTest.java
Modified:
wicket/trunk/wicket-examples/src/main/java/org/apache/wicket/examples/library/LibraryApplication.java
URL:
http://svn.apache.org/viewvc/wicket/trunk/wicket-examples/src/main/java/org/apache/wicket/examples/library/LibraryApplication.java?rev=917896&r1=917895&r2=917896&view=diff
==============================================================================
---
wicket/trunk/wicket-examples/src/main/java/org/apache/wicket/examples/library/LibraryApplication.java
(original)
+++
wicket/trunk/wicket-examples/src/main/java/org/apache/wicket/examples/library/LibraryApplication.java
Tue Mar 2 06:40:45 2010
@@ -82,5 +82,11 @@
}
};
getSecuritySettings().setAuthorizationStrategy(authorizationStrategy);
+
+ // install crypto mapper to encrypt all application urls
+ // getSecuritySettings().setCryptFactory(new
KeyInSessionSunJceCryptFactory());
+ // ThreadsafeCompoundRequestMapper root = new
ThreadsafeCompoundRequestMapper();
+ // root.register(new CryptoMapper(getRootRequestMapper(),
this));
+ // setRootRequestMapper(root);
}
}
Modified: wicket/trunk/wicket/src/main/java/org/apache/wicket/Application.java
URL:
http://svn.apache.org/viewvc/wicket/trunk/wicket/src/main/java/org/apache/wicket/Application.java?rev=917896&r1=917895&r2=917896&view=diff
==============================================================================
--- wicket/trunk/wicket/src/main/java/org/apache/wicket/Application.java
(original)
+++ wicket/trunk/wicket/src/main/java/org/apache/wicket/Application.java Tue
Mar 2 06:40:45 2010
@@ -886,8 +886,8 @@
callDestroyers();
applicationKeyToApplication.remove(getApplicationKey());
- pageManager.destroy();
- sessionStore.destroy();
+ getPageManager().destroy();
+ getSessionStore().destroy();
RequestContext.unset();
}
Modified:
wicket/trunk/wicket/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java
URL:
http://svn.apache.org/viewvc/wicket/trunk/wicket/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java?rev=917896&r1=917895&r2=917896&view=diff
==============================================================================
---
wicket/trunk/wicket/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java
(original)
+++
wicket/trunk/wicket/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java
Tue Mar 2 06:40:45 2010
@@ -21,6 +21,8 @@
import org.apache.wicket.util.cookies.CookieUtils;
import org.apache.wicket.util.crypt.ICrypt;
import org.apache.wicket.util.string.Strings;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* Wicket's default implementation of an authentication strategy. It'll
concatenate username and
@@ -32,6 +34,8 @@
{
private static final long serialVersionUID = 1L;
+ private static final Logger logger =
LoggerFactory.getLogger(DefaultAuthenticationStrategy.class);
+
/** The cookie name to store the username and password */
private final String cookieKey;
@@ -44,6 +48,7 @@
/** Use to encrypt cookie values for username and password. */
private ICrypt crypt;
+
/**
* Constructor
*
@@ -93,7 +98,18 @@
String value = getCookieUtils().load(cookieKey);
if (Strings.isEmpty(value) == false)
{
- value = getCrypt().decryptUrlSafe(value);
+ try
+ {
+ value = getCrypt().decryptUrlSafe(value);
+ }
+ catch (RuntimeException e)
+ {
+ logger.info(
+ "Error decrypting login cookie: {}. The
cookie will be deleted. Possible cause is that a session-relative encryption
key was used to encrypt this cookie while this decryption attempt is happening
in a different session, eg user coming back to the application after session
expiration",
+ cookieKey);
+ getCookieUtils().remove(cookieKey);
+ value = null;
+ }
if (Strings.isEmpty(value) == false)
{
String username = null;
Added:
wicket/trunk/wicket/src/main/java/org/apache/wicket/ng/request/mapper/CryptoMapper.java
URL:
http://svn.apache.org/viewvc/wicket/trunk/wicket/src/main/java/org/apache/wicket/ng/request/mapper/CryptoMapper.java?rev=917896&view=auto
==============================================================================
---
wicket/trunk/wicket/src/main/java/org/apache/wicket/ng/request/mapper/CryptoMapper.java
(added)
+++
wicket/trunk/wicket/src/main/java/org/apache/wicket/ng/request/mapper/CryptoMapper.java
Tue Mar 2 06:40:45 2010
@@ -0,0 +1,138 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.wicket.ng.request.mapper;
+
+import org.apache.wicket.Application;
+import org.apache.wicket.IRequestHandler;
+import org.apache.wicket.Request;
+import org.apache.wicket.ng.request.IRequestMapper;
+import org.apache.wicket.ng.request.Url;
+import org.apache.wicket.util.IProvider;
+import org.apache.wicket.util.crypt.ICrypt;
+import org.apache.wicket.util.crypt.ICryptFactory;
+import org.apache.wicket.util.string.Strings;
+
+/**
+ * Request mapper that encrypts urls generated by another mapper.
+ *
+ * @author igor.vaynberg
+ */
+public class CryptoMapper implements IRequestMapper
+{
+ private final IRequestMapper wrappedMapper;
+ private final IProvider<ICrypt> cryptProvider;
+
+ public CryptoMapper(IRequestMapper wrappedMapper, Application
application)
+ {
+ this(wrappedMapper, new ApplicationCryptProvider(application));
+ }
+
+ public CryptoMapper(IRequestMapper wrappedMapper, IProvider<ICrypt>
cryptProvider)
+ {
+ this.wrappedMapper = wrappedMapper;
+ this.cryptProvider = cryptProvider;
+ }
+
+ public int getCompatibilityScore(Request request)
+ {
+ return 0;
+ }
+
+ public Url mapHandler(IRequestHandler requestHandler)
+ {
+ Url url = wrappedMapper.mapHandler(requestHandler);
+
+ if (url == null)
+ {
+ return null;
+ }
+
+ return encryptUrl(url);
+ }
+
+ public IRequestHandler mapRequest(Request request)
+ {
+ Url url = decryptUrl(request.getUrl());
+
+ if (url == null)
+ {
+ return null;
+ }
+
+ return wrappedMapper.mapRequest(request.requestWithUrl(url));
+ }
+
+ private ICrypt getCrypt()
+ {
+ ICryptFactory factory =
Application.get().getSecuritySettings().getCryptFactory();
+ return factory.newCrypt();
+ }
+
+ private Url encryptUrl(Url url)
+ {
+ Url encrypted = new Url();
+ String encryptedUrlString =
getCrypt().encryptUrlSafe(url.toString());
+ encrypted.addQueryParameter("x", encryptedUrlString);
+ return encrypted;
+ }
+
+ private Url decryptUrl(Url encryptedUrl)
+ {
+ if (encryptedUrl.getSegments().isEmpty() &&
encryptedUrl.getQueryParameters().isEmpty())
+ {
+ return encryptedUrl;
+ }
+
+ String encryptedUrlString =
encryptedUrl.getQueryParameterValue("x").toString();
+ if (Strings.isEmpty(encryptedUrlString))
+ {
+ return null;
+ }
+
+ Url url = null;
+ try
+ {
+ String urlString =
getCrypt().decryptUrlSafe(encryptedUrlString);
+ if (!Strings.isEmpty(urlString))
+ {
+ url = Url.parse(urlString);
+ }
+ }
+ catch (Exception e)
+ {
+ url = null;
+ }
+
+ return url;
+ }
+
+ private static class ApplicationCryptProvider implements
IProvider<ICrypt>
+ {
+ private final Application application;
+
+ public ApplicationCryptProvider(Application application)
+ {
+ this.application = application;
+ }
+
+ public ICrypt get()
+ {
+ return
application.getSecuritySettings().getCryptFactory().newCrypt();
+ }
+ }
+
+}
Propchange:
wicket/trunk/wicket/src/main/java/org/apache/wicket/ng/request/mapper/CryptoMapper.java
------------------------------------------------------------------------------
svn:executable = *
Modified:
wicket/trunk/wicket/src/test/java/org/apache/wicket/protocol/http/request/CryptedUrlWebRequestCodingStrategyTest.java
URL:
http://svn.apache.org/viewvc/wicket/trunk/wicket/src/test/java/org/apache/wicket/protocol/http/request/CryptedUrlWebRequestCodingStrategyTest.java?rev=917896&r1=917895&r2=917896&view=diff
==============================================================================
---
wicket/trunk/wicket/src/test/java/org/apache/wicket/protocol/http/request/CryptedUrlWebRequestCodingStrategyTest.java
(original)
+++
wicket/trunk/wicket/src/test/java/org/apache/wicket/protocol/http/request/CryptedUrlWebRequestCodingStrategyTest.java
Tue Mar 2 06:40:45 2010
@@ -20,7 +20,13 @@
import org.apache.wicket.markup.html.WebPage;
import org.apache.wicket.markup.html.basic.SimplePage;
-import org.apache.wicket.ng.mock.WicketTester;
+import org.apache.wicket.ng.mock.MockApplication;
+import org.apache.wicket.ng.request.mapper.CryptoMapper;
+import org.apache.wicket.ng.request.mapper.ThreadsafeCompoundRequestMapper;
+import org.apache.wicket.util.crypt.Base64;
+import org.apache.wicket.util.crypt.ICrypt;
+import org.apache.wicket.util.crypt.ICryptFactory;
+import org.apache.wicket.util.tester.WicketTester;
/**
* Simple test using the WicketTester
@@ -29,10 +35,23 @@
{
private WicketTester tester;
+
@Override
public void setUp()
{
- tester = new WicketTester(new WicketApplication());
+ tester = new WicketTester(new MockApplication()
+ {
+ @Override
+ protected void init()
+ {
+ super.init();
+ // install crypto mapper to encrypt all
application urls
+ getSecuritySettings().setCryptFactory(new
TestCryptFactory());
+ ThreadsafeCompoundRequestMapper root = new
ThreadsafeCompoundRequestMapper();
+ root.register(new
CryptoMapper(getRootRequestMapper(), this));
+ setRootRequestMapper(root);
+ }
+ });
}
/**
@@ -53,6 +72,7 @@
// POST
tester.submitForm("form1");
+ tester.assertRenderedPage(HomePage.class);
}
public void testRenderMyPageGet()
@@ -63,6 +83,38 @@
// POST
tester.submitForm("form2");
+ tester.assertRenderedPage(HomePage.class);
+ }
+
+ /**
+ * Simple obfuscation crypt for test purposes
+ *
+ * @author igor.vaynberg
+ */
+ private static class TestCryptFactory implements ICryptFactory
+ {
+
+ public ICrypt newCrypt()
+ {
+ return new ICrypt()
+ {
+
+ public String decryptUrlSafe(String text)
+ {
+ return new String(new
Base64(true).decode(text));
+ }
+
+ public String encryptUrlSafe(String plainText)
+ {
+ return new String(new
Base64(true).encode(plainText.getBytes()));
+ }
+
+ public void setKey(String key)
+ {
+ }
+
+ };
+ }
}
}
\ No newline at end of file
