[
https://issues.apache.org/jira/browse/WICKET-5326?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14137017#comment-14137017
]
Jesse Long commented on WICKET-5326:
------------------------------------
Satish,
Regarding issue #1:
The reason for the behavior is explained in my first comment, item 4.
Walter and others pointed out that item 2 in my first comment was not always
correct, as KeyInSessionSunJceCryptFactory solves that problem.
I have provided a solution - QueryParameterCryptoMapper. I have uploaded two
versions to this ticket. QueryParameterCryptoMapper2.java (needs to be renamed
on your side) only encrypts the PageComponentInfo query parameter, while
QueryParameterCryptoMapper.java encrypts all query parameters.
Please test one of the QueryParameterCryptoMapper classes as described above
and let us know if this meets the requirement.
Regarding issue #2.
This is a separate issue, and you will probably see the same behavior without
CryptoMapper. Please post this question to an appropriate forum, like the
wicket-users mailing list.
> Wicket doesn't encrypt links and Ajax URLs when CryptoMapper is used
> --------------------------------------------------------------------
>
> Key: WICKET-5326
> URL: https://issues.apache.org/jira/browse/WICKET-5326
> Project: Wicket
> Issue Type: Bug
> Affects Versions: 6.10.0
> Environment: Linux
> Reporter: Walter B. Rasmann
> Assignee: Martin Grigorov
> Labels: security
> Attachments: 5326.tar.gz, QueryParameterCryptoMapper.java,
> QueryParameterCryptoMapper2.java, Wicket_6_1_6_QuickStart.zip
>
>
> URL encryption does not work in Wicket links and Ajax URLs.
> For links the URL appears unencrypted in the href attribute value and is only
> later forwarded to the encrypted URL using a 302 response.
> I am uploading a quickstart.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
