On Wed, Jan 28, 2015 at 10:08 AM, Maxim Solodovnik <[email protected]> wrote:
> OFFTOPIC: can I propose code change to avoid copy/tasting while > extending DefaultAuthenticationStrategy? > Yes. In JIRA. > > On Wed, Jan 28, 2015 at 2:07 PM, Maxim Solodovnik <[email protected]> > wrote: > > > So it is expected behavior all users need to re-login after Tomcat > restart? > > > > On Wed, Jan 28, 2015 at 2:05 PM, Martin Grigorov <[email protected]> > > wrote: > > > >> Again I don't see the exception caught at > >> > >> try { > >> value = > getCrypt().decryptUrlSafe(value); > >> } catch (RuntimeException e) { > >> > >> to be logged in your version of the class. > >> As I said failing at decryption is something to be expected. I think the > >> logged message should be DEBUG, not INFO. > >> > >> There are changes in Wicket related to better security that will lead to > >> forced logout after upgrading to 6.19.0: > >> > >> [WICKET-5775] - Replace the session upon successful signin for better > >> support for Session Fixation > >> [WICKET-5756] - Allow to use custom ciphers when using SunJceCrypt class > >> > >> > >> Martin Grigorov > >> Wicket Training and Consulting > >> https://twitter.com/mtgrigorov > >> > >> On Wed, Jan 28, 2015 at 9:57 AM, Maxim Solodovnik <[email protected] > > > >> wrote: > >> > >> > Hello Martin! > >> > > >> > Actually I'm using modified AuthStrategy (to be able to handle > >> additional > >> > parameter) [1] > >> > It was copied from DefaultAuthenticationStrategy > >> > > >> > I'll check the code ant will try to find what was changed (maybe my > >> code is > >> > bad) > >> > > >> > [1] > >> > > >> > > >> > https://svn.apache.org/repos/asf/openmeetings/branches/3.0.x/src/web/java/org/apache/openmeetings/web/app/OmAuthenticationStrategy.java > >> > > >> > On Wed, Jan 28, 2015 at 1:49 PM, Martin Grigorov < > [email protected]> > >> > wrote: > >> > > >> > > Hi Maxim, > >> > > > >> > > I wasn't able to reproduce the problem. > >> > > Additionally I think it is a normal use > >> > > case. > >> > > > >> > > >> > org.apache.wicket.authentication.strategy.DefaultAuthenticationStrategy#load() > >> > > [1] catches RuntimeException, logs an INFO message explaining why it > >> may > >> > > happen and removes the cookie. I am not sure why you see this > >> exception > >> > > stack trace. It is not logged by Wicket, or at least I don't see > >> where. > >> > > > >> > > 1. > >> > > > >> > > > >> > > >> > https://github.com/apache/wicket/blob/wicket-6.x/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java#L101 > >> > > > >> > > Martin Grigorov > >> > > Wicket Training and Consulting > >> > > https://twitter.com/mtgrigorov > >> > > > >> > > On Tue, Jan 27, 2015 at 6:52 PM, Maxim Solodovnik < > >> [email protected]> > >> > > wrote: > >> > > > >> > > > Hello Martijn, > >> > > > > >> > > > It seems like "Remember log in" feature is not working anymore. > >> > > > > >> > > > Steps: > >> > > > 1) Save login/password in cookies > >> > > > 2) delete JSESSIONID cookie > >> > > > 3) reload page > >> > > > Result: no login prompt > >> > > > > >> > > > 1) stop tomcat > >> > > > 2) start tomcat > >> > > > 3) reload page > >> > > > Result: exception [1] in the logs + login prompt > >> > > > > >> > > > it was working in 6.18.0 .... did I miss to update some > >> dependencies or > >> > > > something broken? > >> > > > > >> > > > > >> > > > [1] java.lang.RuntimeException: Unable to decrypt the text '�� > >> �!��@ �� > >> > > > {�� ��y4 ��x�MJ� ������}]' > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:154) > >> > > > ~[wicket-util-6.19.0.jar:6.19.0] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:66) > >> > > > ~[wicket-util-6.19.0.jar:6.19.0] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.openmeetings.web.app.OmAuthenticationStrategy.load(OmAuthenticationStrategy.java:50) > >> > > > [openmeetings-web-3.0.4-SNAPSHOT.jar:na] > >> > > > at > >> > > > > >> > > > >> > > >> > org.apache.openmeetings.web.app.WebSession.isSignedIn(WebSession.java:174) > >> > > > [openmeetings-web-3.0.4-SNAPSHOT.jar:na] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.openmeetings.web.pages.auth.SignInDialog$SignInForm.<init>(SignInDialog.java:219) > >> > > > [openmeetings-web-3.0.4-SNAPSHOT.jar:na] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.openmeetings.web.pages.auth.SignInDialog.<init>(SignInDialog.java:92) > >> > > > [openmeetings-web-3.0.4-SNAPSHOT.jar:na] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.openmeetings.web.pages.auth.SignInPage.<init>(SignInPage.java:127) > >> > > > [openmeetings-web-3.0.4-SNAPSHOT.jar:na] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.openmeetings.web.pages.auth.SignInPage.<init>(SignInPage.java:136) > >> > > > [openmeetings-web-3.0.4-SNAPSHOT.jar:na] > >> > > > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native > >> > Method) > >> > > > [na:1.7.0_76] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) > >> > > > [na:1.7.0_76] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) > >> > > > [na:1.7.0_76] > >> > > > at java.lang.reflect.Constructor.newInstance(Constructor.java:526) > >> > > > [na:1.7.0_76] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:175) > >> > > > [wicket-core-6.19.0.jar:6.19.0] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:67) > >> > > > [wicket-core-6.19.0.jar:6.19.0] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.wicket.DefaultMapperContext.newPageInstance(DefaultMapperContext.java:133) > >> > > > [wicket-core-6.19.0.jar:6.19.0] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.wicket.core.request.handler.PageProvider.resolvePageInstance(PageProvider.java:268) > >> > > > [wicket-core-6.19.0.jar:6.19.0] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.wicket.core.request.handler.PageProvider.getPageInstance(PageProvider.java:166) > >> > > > [wicket-core-6.19.0.jar:6.19.0] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.wicket.request.handler.render.PageRenderer.getPage(PageRenderer.java:78) > >> > > > [wicket-core-6.19.0.jar:6.19.0] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:279) > >> > > > [wicket-core-6.19.0.jar:6.19.0] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.wicket.core.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:175) > >> > > > [wicket-core-6.19.0.jar:6.19.0] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:890) > >> > > > [wicket-core-6.19.0.jar:6.19.0] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64) > >> > > > [wicket-request-6.19.0.jar:6.19.0] > >> > > > at > >> > > > > >> > > > >> > > >> > org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:261) > >> > > > [wicket-core-6.19.0.jar:6.19.0] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:218) > >> > > > [wicket-core-6.19.0.jar:6.19.0] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:289) > >> > > > [wicket-core-6.19.0.jar:6.19.0] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processRequestCycle(AbstractUpgradeFilter.java:59) > >> > > > [wicket-native-websocket-core-6.19.0.jar:6.19.0] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:201) > >> > > > [wicket-core-6.19.0.jar:6.19.0] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282) > >> > > > [wicket-core-6.19.0.jar:6.19.0] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > >> > > > [tomcat-embed-core.jar:7.0.57] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > >> > > > [tomcat-embed-core.jar:7.0.57] > >> > > > at > >> > > > > >> > > > >> > > >> > org.red5.logging.LoggerContextFilter.doFilter(LoggerContextFilter.java:77) > >> > > > [red5-server.jar:1.0.4-RELEASE] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > >> > > > [tomcat-embed-core.jar:7.0.57] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > >> > > > [tomcat-embed-core.jar:7.0.57] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) > >> > > > [tomcat-embed-core.jar:7.0.57] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) > >> > > > [tomcat-embed-core.jar:7.0.57] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:503) > >> > > > [tomcat-embed-core.jar:7.0.57] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) > >> > > > [tomcat-embed-core.jar:7.0.57] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) > >> > > > [tomcat-embed-core.jar:7.0.57] > >> > > > at > >> > > > > >> > > >> > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) > >> > > > [tomcat-embed-core.jar:7.0.57] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) > >> > > > [tomcat-embed-core.jar:7.0.57] > >> > > > at > >> > > > > >> > > > >> > > >> > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421) > >> > > > [tomcat-embed-core.jar:7.0.57] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070) > >> > > > [tomcat-embed-core.jar:7.0.57] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) > >> > > > [tomcat-embed-core.jar:7.0.57] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1736) > >> > > > [tomcat-embed-core.jar:7.0.57] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1695) > >> > > > [tomcat-embed-core.jar:7.0.57] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > >> > > > [na:1.7.0_76] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > >> > > > [na:1.7.0_76] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > >> > > > [tomcat-embed-core.jar:7.0.57] > >> > > > at java.lang.Thread.run(Thread.java:745) [na:1.7.0_76] > >> > > > Caused by: javax.crypto.BadPaddingException: Given final block not > >> > > properly > >> > > > padded > >> > > > at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811) > >> > > > ~[sunjce_provider.jar:1.7.0_80] > >> > > > at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676) > >> > > > ~[sunjce_provider.jar:1.7.0_80] > >> > > > at > >> > com.sun.crypto.provider.PBECipherCore.doFinal(PBECipherCore.java:422) > >> > > > ~[sunjce_provider.jar:1.7.0_80] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316) > >> > > > ~[sunjce_provider.jar:1.7.0_80] > >> > > > at javax.crypto.Cipher.doFinal(Cipher.java:2087) ~[na:1.7.0_71] > >> > > > at > >> org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:115) > >> > > > ~[wicket-util-6.19.0.jar:6.19.0] > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:150) > >> > > > ~[wicket-util-6.19.0.jar:6.19.0] > >> > > > ... 48 common frames omitted > >> > > > > >> > > > > >> > > > On Mon, Jan 26, 2015 at 6:37 PM, Tobias Soloschenko < > >> > > > [email protected]> wrote: > >> > > > > >> > > > > [+] Yes, release Apache Wicket 6.19.0 > >> > > > > > >> > > > > kind regards > >> > > > > > >> > > > > Tobias > >> > > > > > >> > > > > > Am 26.01.2015 um 10:39 schrieb Martijn Dashorst < > >> > > > > [email protected]>: > >> > > > > > > >> > > > > > This is a vote to release Apache Wicket 6.19.0 > >> > > > > > > >> > > > > > Please download the source distributions found in our staging > >> area > >> > > > > > linked below. > >> > > > > > > >> > > > > > I have included the signatures for both the source archives. > >> This > >> > > vote > >> > > > > > lasts for 72 hours minimum. > >> > > > > > > >> > > > > > [ ] Yes, release Apache Wicket 6.19.0 > >> > > > > > [ ] No, don't release Apache Wicket 6.19.0, because ... > >> > > > > > > >> > > > > > Distributions, changelog, keys and signatures can be found at: > >> > > > > > > >> > > > > > https://dist.apache.org/repos/dist/dev/wicket/6.19.0 > >> > > > > > > >> > > > > > Staging repository: > >> > > > > > > >> > > > > > > >> > > > > > >> > > > >> > https://repository.apache.org/content/repositories/orgapachewicket-1033/ > >> > > > > > > >> > > > > > The binaries are available in the above link, as are a staging > >> > > > > > repository for Maven. Typically the vote is on the source, but > >> > should > >> > > > > > you find a problem with one of the binaries, please let me > >> know, I > >> > > can > >> > > > > > re-roll them some way or the other. > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > >> > > ======================================================================== > >> > > > > > > >> > > > > > The signatures for the source release artefacts: > >> > > > > > > >> > > > > > > >> > > > > > Signature for apache-wicket-6.19.0.zip: > >> > > > > > > >> > > > > > -----BEGIN PGP SIGNATURE----- > >> > > > > > Version: GnuPG/MacGPG2 v2.0.22 (Darwin) > >> > > > > > Comment: GPGTools - https://gpgtools.org > >> > > > > > > >> > > > > > > iEYEABECAAYFAlTGCcIACgkQJBX8W/xy/UWvZACfWKgij/ptCo0iEnzpR/e0j9Nz > >> > > > > > mAsAn0NfQNOWEBtVMsQuCnwG+L6kqO28 > >> > > > > > =tEEj > >> > > > > > -----END PGP SIGNATURE----- > >> > > > > > > >> > > > > > Signature for apache-wicket-6.19.0.tar.gz: > >> > > > > > > >> > > > > > -----BEGIN PGP SIGNATURE----- > >> > > > > > Version: GnuPG/MacGPG2 v2.0.22 (Darwin) > >> > > > > > Comment: GPGTools - https://gpgtools.org > >> > > > > > > >> > > > > > > iEYEABECAAYFAlTGCcIACgkQJBX8W/xy/UWqKwCgt9wLbuSjvAGwuO4E67KbXPhc > >> > > > > > /WAAnR1ZWxjr077abSwK2b77WM3nuwO4 > >> > > > > > =9HPf > >> > > > > > -----END PGP SIGNATURE----- > >> > > > > > > >> > > > > > > >> > > > > >> > > ======================================================================== > >> > > > > > > >> > > > > > CHANGELOG for 6.19.0: > >> > > > > > > >> > > > > > > >> > > > > > ** Bug > >> > > > > > > >> > > > > > * [WICKET-5747] - Wicket Ajax Click handling gets requeued > in > >> > > > > > OnDomReady so fire out of order > >> > > > > > * [WICKET-5752] - ReplacementResourceBundleReference should > >> > return > >> > > > > > the dependencies for the replacing resource ref > >> > > > > > * [WICKET-5755] - Restoring focus after Ajax replace no > >> longer > >> > > works > >> > > > > in IE8 > >> > > > > > * [WICKET-5759] - AjaxRequestAttributes extra parameters > >> aren't > >> > > > > > properly handled in getCallbackFunction() > >> > > > > > * [WICKET-5770] - PageParametersEncoder should not decode > >> > > > > > parameters with no name > >> > > > > > * [WICKET-5782] - Missing escaping in > >> MultiFileUploadField.js - > >> > > sort > >> > > > > of XSS > >> > > > > > * [WICKET-5783] - Multiple events in AjaxEventBehavior with > >> > prefix > >> > > > > 'on' > >> > > > > > * [WICKET-5784] - arraycopy with bad length in > >> > > > > AbstractRequestLogger:172 > >> > > > > > * [WICKET-5793] - Request for static resource creating a > >> session > >> > > in > >> > > > > 6.13.0+ > >> > > > > > * [WICKET-5809] - URL IPv6 parsing > >> > > > > > * [WICKET-5811] - Infinite loop issue in > >> > > > > > > >> > PropertyValidator#createUnresolvablePropertyMessage(FormComponent<>) > >> > > > > > * [WICKET-5812] - AtmosphereBehavior wrongly sets Ajax base > >> url > >> > to > >> > > > '.' > >> > > > > > > >> > > > > > ** Improvement > >> > > > > > > >> > > > > > * [WICKET-4703] - StringResourceModel should provide an > >> > > > > > overridable getString(Component) method > >> > > > > > * [WICKET-5746] - Fire an event once all JS event listeners > >> are > >> > > > > registered > >> > > > > > * [WICKET-5753] - It is impossible to determine the form > >> > > > > > submitting component's inputName when AjaxFormSubmitBehavior > is > >> > used > >> > > > > > * [WICKET-5754] - (String)ResourceModel's defaultValue > could > >> be > >> > an > >> > > > > > IModel<String> > >> > > > > > * [WICKET-5756] - Allow to use custom ciphers when using > >> > > SunJceCrypt > >> > > > > class > >> > > > > > * [WICKET-5758] - Portuguese translation > >> > > > > > * [WICKET-5760] - Add constructor (String, Serializable, > >> String) > >> > > > > > to AttributeAppender > >> > > > > > * [WICKET-5775] - Replace the session upon successful > signin > >> for > >> > > > > > better support for Session Fixation > >> > > > > > * [WICKET-5776] - Add information about the component when > it > >> > fail > >> > > > > > in detach phase > >> > > > > > * [WICKET-5778] - Pass the IModifiable to the > >> IChangeListener in > >> > > > > > ModificationWatcher > >> > > > > > * [WICKET-5780] - Add a resource reference for > >> > > > ContextRelativeResource > >> > > > > > * [WICKET-5794] - Make DefaultExceptionMapper extensible > >> > > > > > * [WICKET-5797] - Convenience method to call > setResponsePage > >> > with > >> > > > > > forward option > >> > > > > > * [WICKET-5799] - Add rel=prev/next in PagingNavigator.html > >> > > > > > * [WICKET-5802] - HTML Import > >> > > > > > * [WICKET-5806] - Wicket.Log should log (at least errors) > in > >> the > >> > > > > > browser console even when Wicket Ajax Debug window is disabled > >> > > > > > > >> > > > > > ** New Feature > >> > > > > > > >> > > > > > * [WICKET-5771] - Ability to escape resource bundle > messages > >> > added > >> > > > > > with wicket:message > >> > > > > > > >> > > > > > ** Task > >> > > > > > > >> > > > > > * [WICKET-5791] - Update JQuery to 1.11.2 and 2.1.3 > >> > > > > > >> > > > > >> > > > > >> > > > > >> > > > -- > >> > > > WBR > >> > > > Maxim aka solomax > >> > > > > >> > > > >> > > >> > > >> > > >> > -- > >> > WBR > >> > Maxim aka solomax > >> > > >> > > > > > > > > -- > > WBR > > Maxim aka solomax > > > > > > -- > WBR > Maxim aka solomax >
