OFFTOPIC: can I propose code change to avoid copy/tasting while extending DefaultAuthenticationStrategy?
On Wed, Jan 28, 2015 at 2:07 PM, Maxim Solodovnik <[email protected]> wrote: > So it is expected behavior all users need to re-login after Tomcat restart? > > On Wed, Jan 28, 2015 at 2:05 PM, Martin Grigorov <[email protected]> > wrote: > >> Again I don't see the exception caught at >> >> try { >> value = getCrypt().decryptUrlSafe(value); >> } catch (RuntimeException e) { >> >> to be logged in your version of the class. >> As I said failing at decryption is something to be expected. I think the >> logged message should be DEBUG, not INFO. >> >> There are changes in Wicket related to better security that will lead to >> forced logout after upgrading to 6.19.0: >> >> [WICKET-5775] - Replace the session upon successful signin for better >> support for Session Fixation >> [WICKET-5756] - Allow to use custom ciphers when using SunJceCrypt class >> >> >> Martin Grigorov >> Wicket Training and Consulting >> https://twitter.com/mtgrigorov >> >> On Wed, Jan 28, 2015 at 9:57 AM, Maxim Solodovnik <[email protected]> >> wrote: >> >> > Hello Martin! >> > >> > Actually I'm using modified AuthStrategy (to be able to handle >> additional >> > parameter) [1] >> > It was copied from DefaultAuthenticationStrategy >> > >> > I'll check the code ant will try to find what was changed (maybe my >> code is >> > bad) >> > >> > [1] >> > >> > >> https://svn.apache.org/repos/asf/openmeetings/branches/3.0.x/src/web/java/org/apache/openmeetings/web/app/OmAuthenticationStrategy.java >> > >> > On Wed, Jan 28, 2015 at 1:49 PM, Martin Grigorov <[email protected]> >> > wrote: >> > >> > > Hi Maxim, >> > > >> > > I wasn't able to reproduce the problem. >> > > Additionally I think it is a normal use >> > > case. >> > > >> > >> org.apache.wicket.authentication.strategy.DefaultAuthenticationStrategy#load() >> > > [1] catches RuntimeException, logs an INFO message explaining why it >> may >> > > happen and removes the cookie. I am not sure why you see this >> exception >> > > stack trace. It is not logged by Wicket, or at least I don't see >> where. >> > > >> > > 1. >> > > >> > > >> > >> https://github.com/apache/wicket/blob/wicket-6.x/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java#L101 >> > > >> > > Martin Grigorov >> > > Wicket Training and Consulting >> > > https://twitter.com/mtgrigorov >> > > >> > > On Tue, Jan 27, 2015 at 6:52 PM, Maxim Solodovnik < >> [email protected]> >> > > wrote: >> > > >> > > > Hello Martijn, >> > > > >> > > > It seems like "Remember log in" feature is not working anymore. >> > > > >> > > > Steps: >> > > > 1) Save login/password in cookies >> > > > 2) delete JSESSIONID cookie >> > > > 3) reload page >> > > > Result: no login prompt >> > > > >> > > > 1) stop tomcat >> > > > 2) start tomcat >> > > > 3) reload page >> > > > Result: exception [1] in the logs + login prompt >> > > > >> > > > it was working in 6.18.0 .... did I miss to update some >> dependencies or >> > > > something broken? >> > > > >> > > > >> > > > [1] java.lang.RuntimeException: Unable to decrypt the text '�� >> �!��@ �� >> > > > {�� ��y4 ��x�MJ� ������}]' >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:154) >> > > > ~[wicket-util-6.19.0.jar:6.19.0] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:66) >> > > > ~[wicket-util-6.19.0.jar:6.19.0] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.openmeetings.web.app.OmAuthenticationStrategy.load(OmAuthenticationStrategy.java:50) >> > > > [openmeetings-web-3.0.4-SNAPSHOT.jar:na] >> > > > at >> > > > >> > > >> > >> org.apache.openmeetings.web.app.WebSession.isSignedIn(WebSession.java:174) >> > > > [openmeetings-web-3.0.4-SNAPSHOT.jar:na] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.openmeetings.web.pages.auth.SignInDialog$SignInForm.<init>(SignInDialog.java:219) >> > > > [openmeetings-web-3.0.4-SNAPSHOT.jar:na] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.openmeetings.web.pages.auth.SignInDialog.<init>(SignInDialog.java:92) >> > > > [openmeetings-web-3.0.4-SNAPSHOT.jar:na] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.openmeetings.web.pages.auth.SignInPage.<init>(SignInPage.java:127) >> > > > [openmeetings-web-3.0.4-SNAPSHOT.jar:na] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.openmeetings.web.pages.auth.SignInPage.<init>(SignInPage.java:136) >> > > > [openmeetings-web-3.0.4-SNAPSHOT.jar:na] >> > > > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native >> > Method) >> > > > [na:1.7.0_76] >> > > > at >> > > > >> > > > >> > > >> > >> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) >> > > > [na:1.7.0_76] >> > > > at >> > > > >> > > > >> > > >> > >> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) >> > > > [na:1.7.0_76] >> > > > at java.lang.reflect.Constructor.newInstance(Constructor.java:526) >> > > > [na:1.7.0_76] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:175) >> > > > [wicket-core-6.19.0.jar:6.19.0] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:67) >> > > > [wicket-core-6.19.0.jar:6.19.0] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.wicket.DefaultMapperContext.newPageInstance(DefaultMapperContext.java:133) >> > > > [wicket-core-6.19.0.jar:6.19.0] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.wicket.core.request.handler.PageProvider.resolvePageInstance(PageProvider.java:268) >> > > > [wicket-core-6.19.0.jar:6.19.0] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.wicket.core.request.handler.PageProvider.getPageInstance(PageProvider.java:166) >> > > > [wicket-core-6.19.0.jar:6.19.0] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.wicket.request.handler.render.PageRenderer.getPage(PageRenderer.java:78) >> > > > [wicket-core-6.19.0.jar:6.19.0] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:279) >> > > > [wicket-core-6.19.0.jar:6.19.0] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.wicket.core.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:175) >> > > > [wicket-core-6.19.0.jar:6.19.0] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:890) >> > > > [wicket-core-6.19.0.jar:6.19.0] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64) >> > > > [wicket-request-6.19.0.jar:6.19.0] >> > > > at >> > > > >> > > >> > >> org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:261) >> > > > [wicket-core-6.19.0.jar:6.19.0] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:218) >> > > > [wicket-core-6.19.0.jar:6.19.0] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:289) >> > > > [wicket-core-6.19.0.jar:6.19.0] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processRequestCycle(AbstractUpgradeFilter.java:59) >> > > > [wicket-native-websocket-core-6.19.0.jar:6.19.0] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:201) >> > > > [wicket-core-6.19.0.jar:6.19.0] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282) >> > > > [wicket-core-6.19.0.jar:6.19.0] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >> > > > [tomcat-embed-core.jar:7.0.57] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >> > > > [tomcat-embed-core.jar:7.0.57] >> > > > at >> > > > >> > > >> > >> org.red5.logging.LoggerContextFilter.doFilter(LoggerContextFilter.java:77) >> > > > [red5-server.jar:1.0.4-RELEASE] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >> > > > [tomcat-embed-core.jar:7.0.57] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >> > > > [tomcat-embed-core.jar:7.0.57] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) >> > > > [tomcat-embed-core.jar:7.0.57] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) >> > > > [tomcat-embed-core.jar:7.0.57] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:503) >> > > > [tomcat-embed-core.jar:7.0.57] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) >> > > > [tomcat-embed-core.jar:7.0.57] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) >> > > > [tomcat-embed-core.jar:7.0.57] >> > > > at >> > > > >> > >> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) >> > > > [tomcat-embed-core.jar:7.0.57] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) >> > > > [tomcat-embed-core.jar:7.0.57] >> > > > at >> > > > >> > > >> > >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421) >> > > > [tomcat-embed-core.jar:7.0.57] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070) >> > > > [tomcat-embed-core.jar:7.0.57] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) >> > > > [tomcat-embed-core.jar:7.0.57] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1736) >> > > > [tomcat-embed-core.jar:7.0.57] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1695) >> > > > [tomcat-embed-core.jar:7.0.57] >> > > > at >> > > > >> > > > >> > > >> > >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >> > > > [na:1.7.0_76] >> > > > at >> > > > >> > > > >> > > >> > >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >> > > > [na:1.7.0_76] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >> > > > [tomcat-embed-core.jar:7.0.57] >> > > > at java.lang.Thread.run(Thread.java:745) [na:1.7.0_76] >> > > > Caused by: javax.crypto.BadPaddingException: Given final block not >> > > properly >> > > > padded >> > > > at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811) >> > > > ~[sunjce_provider.jar:1.7.0_80] >> > > > at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676) >> > > > ~[sunjce_provider.jar:1.7.0_80] >> > > > at >> > com.sun.crypto.provider.PBECipherCore.doFinal(PBECipherCore.java:422) >> > > > ~[sunjce_provider.jar:1.7.0_80] >> > > > at >> > > > >> > > > >> > > >> > >> com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316) >> > > > ~[sunjce_provider.jar:1.7.0_80] >> > > > at javax.crypto.Cipher.doFinal(Cipher.java:2087) ~[na:1.7.0_71] >> > > > at >> org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:115) >> > > > ~[wicket-util-6.19.0.jar:6.19.0] >> > > > at >> > > > >> > > > >> > > >> > >> org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:150) >> > > > ~[wicket-util-6.19.0.jar:6.19.0] >> > > > ... 48 common frames omitted >> > > > >> > > > >> > > > On Mon, Jan 26, 2015 at 6:37 PM, Tobias Soloschenko < >> > > > [email protected]> wrote: >> > > > >> > > > > [+] Yes, release Apache Wicket 6.19.0 >> > > > > >> > > > > kind regards >> > > > > >> > > > > Tobias >> > > > > >> > > > > > Am 26.01.2015 um 10:39 schrieb Martijn Dashorst < >> > > > > [email protected]>: >> > > > > > >> > > > > > This is a vote to release Apache Wicket 6.19.0 >> > > > > > >> > > > > > Please download the source distributions found in our staging >> area >> > > > > > linked below. >> > > > > > >> > > > > > I have included the signatures for both the source archives. >> This >> > > vote >> > > > > > lasts for 72 hours minimum. >> > > > > > >> > > > > > [ ] Yes, release Apache Wicket 6.19.0 >> > > > > > [ ] No, don't release Apache Wicket 6.19.0, because ... >> > > > > > >> > > > > > Distributions, changelog, keys and signatures can be found at: >> > > > > > >> > > > > > https://dist.apache.org/repos/dist/dev/wicket/6.19.0 >> > > > > > >> > > > > > Staging repository: >> > > > > > >> > > > > > >> > > > > >> > > >> https://repository.apache.org/content/repositories/orgapachewicket-1033/ >> > > > > > >> > > > > > The binaries are available in the above link, as are a staging >> > > > > > repository for Maven. Typically the vote is on the source, but >> > should >> > > > > > you find a problem with one of the binaries, please let me >> know, I >> > > can >> > > > > > re-roll them some way or the other. >> > > > > > >> > > > > > >> > > > > > >> > > > >> > ======================================================================== >> > > > > > >> > > > > > The signatures for the source release artefacts: >> > > > > > >> > > > > > >> > > > > > Signature for apache-wicket-6.19.0.zip: >> > > > > > >> > > > > > -----BEGIN PGP SIGNATURE----- >> > > > > > Version: GnuPG/MacGPG2 v2.0.22 (Darwin) >> > > > > > Comment: GPGTools - https://gpgtools.org >> > > > > > >> > > > > > iEYEABECAAYFAlTGCcIACgkQJBX8W/xy/UWvZACfWKgij/ptCo0iEnzpR/e0j9Nz >> > > > > > mAsAn0NfQNOWEBtVMsQuCnwG+L6kqO28 >> > > > > > =tEEj >> > > > > > -----END PGP SIGNATURE----- >> > > > > > >> > > > > > Signature for apache-wicket-6.19.0.tar.gz: >> > > > > > >> > > > > > -----BEGIN PGP SIGNATURE----- >> > > > > > Version: GnuPG/MacGPG2 v2.0.22 (Darwin) >> > > > > > Comment: GPGTools - https://gpgtools.org >> > > > > > >> > > > > > iEYEABECAAYFAlTGCcIACgkQJBX8W/xy/UWqKwCgt9wLbuSjvAGwuO4E67KbXPhc >> > > > > > /WAAnR1ZWxjr077abSwK2b77WM3nuwO4 >> > > > > > =9HPf >> > > > > > -----END PGP SIGNATURE----- >> > > > > > >> > > > > > >> > > > >> > ======================================================================== >> > > > > > >> > > > > > CHANGELOG for 6.19.0: >> > > > > > >> > > > > > >> > > > > > ** Bug >> > > > > > >> > > > > > * [WICKET-5747] - Wicket Ajax Click handling gets requeued in >> > > > > > OnDomReady so fire out of order >> > > > > > * [WICKET-5752] - ReplacementResourceBundleReference should >> > return >> > > > > > the dependencies for the replacing resource ref >> > > > > > * [WICKET-5755] - Restoring focus after Ajax replace no >> longer >> > > works >> > > > > in IE8 >> > > > > > * [WICKET-5759] - AjaxRequestAttributes extra parameters >> aren't >> > > > > > properly handled in getCallbackFunction() >> > > > > > * [WICKET-5770] - PageParametersEncoder should not decode >> > > > > > parameters with no name >> > > > > > * [WICKET-5782] - Missing escaping in >> MultiFileUploadField.js - >> > > sort >> > > > > of XSS >> > > > > > * [WICKET-5783] - Multiple events in AjaxEventBehavior with >> > prefix >> > > > > 'on' >> > > > > > * [WICKET-5784] - arraycopy with bad length in >> > > > > AbstractRequestLogger:172 >> > > > > > * [WICKET-5793] - Request for static resource creating a >> session >> > > in >> > > > > 6.13.0+ >> > > > > > * [WICKET-5809] - URL IPv6 parsing >> > > > > > * [WICKET-5811] - Infinite loop issue in >> > > > > > >> > PropertyValidator#createUnresolvablePropertyMessage(FormComponent<>) >> > > > > > * [WICKET-5812] - AtmosphereBehavior wrongly sets Ajax base >> url >> > to >> > > > '.' >> > > > > > >> > > > > > ** Improvement >> > > > > > >> > > > > > * [WICKET-4703] - StringResourceModel should provide an >> > > > > > overridable getString(Component) method >> > > > > > * [WICKET-5746] - Fire an event once all JS event listeners >> are >> > > > > registered >> > > > > > * [WICKET-5753] - It is impossible to determine the form >> > > > > > submitting component's inputName when AjaxFormSubmitBehavior is >> > used >> > > > > > * [WICKET-5754] - (String)ResourceModel's defaultValue could >> be >> > an >> > > > > > IModel<String> >> > > > > > * [WICKET-5756] - Allow to use custom ciphers when using >> > > SunJceCrypt >> > > > > class >> > > > > > * [WICKET-5758] - Portuguese translation >> > > > > > * [WICKET-5760] - Add constructor (String, Serializable, >> String) >> > > > > > to AttributeAppender >> > > > > > * [WICKET-5775] - Replace the session upon successful signin >> for >> > > > > > better support for Session Fixation >> > > > > > * [WICKET-5776] - Add information about the component when it >> > fail >> > > > > > in detach phase >> > > > > > * [WICKET-5778] - Pass the IModifiable to the >> IChangeListener in >> > > > > > ModificationWatcher >> > > > > > * [WICKET-5780] - Add a resource reference for >> > > > ContextRelativeResource >> > > > > > * [WICKET-5794] - Make DefaultExceptionMapper extensible >> > > > > > * [WICKET-5797] - Convenience method to call setResponsePage >> > with >> > > > > > forward option >> > > > > > * [WICKET-5799] - Add rel=prev/next in PagingNavigator.html >> > > > > > * [WICKET-5802] - HTML Import >> > > > > > * [WICKET-5806] - Wicket.Log should log (at least errors) in >> the >> > > > > > browser console even when Wicket Ajax Debug window is disabled >> > > > > > >> > > > > > ** New Feature >> > > > > > >> > > > > > * [WICKET-5771] - Ability to escape resource bundle messages >> > added >> > > > > > with wicket:message >> > > > > > >> > > > > > ** Task >> > > > > > >> > > > > > * [WICKET-5791] - Update JQuery to 1.11.2 and 2.1.3 >> > > > > >> > > > >> > > > >> > > > >> > > > -- >> > > > WBR >> > > > Maxim aka solomax >> > > > >> > > >> > >> > >> > >> > -- >> > WBR >> > Maxim aka solomax >> > >> > > > > -- > WBR > Maxim aka solomax > -- WBR Maxim aka solomax
