wicket git commit: WICKET-5327 write warning to stderr for insecure default crypt key

Tue, 11 Nov 2014 06:00:11 -0800 

Repository: wicket
Updated Branches:
  refs/heads/5756-improve-crypt f0554d06e -> b5307cc09


WICKET-5327 write warning to stderr for insecure default crypt key

(cherry picked from commit d7b13f72f418bb7f300bbc3ac14fdb6e094f20a6)


Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/b5307cc0
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/b5307cc0
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/b5307cc0

Branch: refs/heads/5756-improve-crypt
Commit: b5307cc09f8ee4238b8e3d3b1f54a729ee88c740
Parents: f0554d0
Author: svenmeier <[email protected]>
Authored: Thu Nov 28 20:25:40 2013 +0100
Committer: Martin Tzvetanov Grigorov <[email protected]>
Committed: Tue Nov 11 15:59:32 2014 +0200

----------------------------------------------------------------------
 .../wicket/settings/def/SecuritySettings.java       | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/wicket/blob/b5307cc0/wicket-core/src/main/java/org/apache/wicket/settings/def/SecuritySettings.java
----------------------------------------------------------------------
diff --git 
a/wicket-core/src/main/java/org/apache/wicket/settings/def/SecuritySettings.java
 
b/wicket-core/src/main/java/org/apache/wicket/settings/def/SecuritySettings.java
index 5e4aa10..8f1a79c 100644
--- 
a/wicket-core/src/main/java/org/apache/wicket/settings/def/SecuritySettings.java
+++ 
b/wicket-core/src/main/java/org/apache/wicket/settings/def/SecuritySettings.java
@@ -81,12 +81,26 @@ public class SecuritySettings implements ISecuritySettings
                return authorizationStrategy;
        }
 
+       /**
+        * Note: Prints a warning to stderr if no factory was set and {@link 
#DEFAULT_ENCRYPTION_KEY} is
+        * used instead.
+        * 
+        * @return crypt factory used to generate crypt objects
+        */
        @Override
        public synchronized ICryptFactory getCryptFactory()
        {
                if (cryptFactory == null)
                {
-                       cryptFactory = new 
CachingSunJceCryptFactory(ISecuritySettings.DEFAULT_ENCRYPTION_KEY);
+                       System.err
+                               
.print("********************************************************************\n"
+                                       + "*** WARNING: Wicket is using a 
DEFAULT_ENCRYPTION_KEY            ***\n"
+                                       + "***                            
^^^^^^^^^^^^^^^^^^^^^^            ***\n"
+                                       + "*** Do NOT deploy to your live 
server(s) without changing this.  ***\n"
+                                       + "*** See 
SecuritySettings#setCryptFactory() for more information. ***\n"
+                                       + 
"********************************************************************\n");
+
+                       cryptFactory = new 
CachingSunJceCryptFactory(DEFAULT_ENCRYPTION_KEY);
                }
                return cryptFactory;
        }

Reply via email to