[
https://issues.apache.org/jira/browse/WICKET-5326?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jesse Long updated WICKET-5326:
-------------------------------
Attachment: QueryParameterCryptoMapper.java
Hi Eric, Walter, Andreas,
Please try QueryParameterCryptoMapper.java attached. You should use it in
combination with normal CryptoMapper, but this one after all mounted pages.
Like:
setRootRequestMapper(new CryptoMapper(...));
mountPage(....);
mountPage(...);
setRootRequestMapper(new QueryParameterCryptoMapper(...));
I just did this now, not sure if it works or not. Seems to work for the
quickstart and one of my apps.
Please update if there is any issues.
> Wicket doesn't encrypt links and Ajax URLs when CryptoMapper is used
> --------------------------------------------------------------------
>
> Key: WICKET-5326
> URL: https://issues.apache.org/jira/browse/WICKET-5326
> Project: Wicket
> Issue Type: Bug
> Affects Versions: 6.10.0
> Environment: Linux
> Reporter: Walter B. Rasmann
> Assignee: Martin Grigorov
> Labels: security
> Attachments: 5326.tar.gz, QueryParameterCryptoMapper.java
>
>
> URL encryption does not work in Wicket links and Ajax URLs.
> For links the URL appears unencrypted in the href attribute value and is only
> later forwarded to the encrypted URL using a 302 response.
> I am uploading a quickstart.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
