Re: Problem with Crypted URL
Actually I should say, that it is not force re-directing even on using the recommended approach. It still stays in the same current page. Am I doing something wrong here? I tried to remove the finally block {Session.get().invalidate(); } and moved that code to detach(), still no success. Please let me know if there is some thing wrong being done here. Thanks in Advance. Kuga -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp1875435p2243721.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Problem with Crypted URL
Thanks for the response, I am trying to implement your recommended solution, however, It goes into the respond method and I did the following public void respond(RequestCycle requestCycle) { PageParameters param = new PageParameters(); param.add(error, errorMessage); //$NON-NLS-1$ try { ((WebResponse)requestCycle.getResponse()).getHttpServletResponse(). sendRedirect(requestCycle.urlFor(pageClass, param).toString()); Session.get().invalidate(); } catch (IOException e) { log.error(Error while redirecting to global error page, e); //$NON-NLS-1$ } } Please let me know if the above is correct. However, I am seeing the following issue: 1. When the session expires, the session expiry page appears, and when click on Browser back button, it takes me to previous page, but doesnt complete rendering, as there are decode exceptions, but this time it does not render the SessionExpiry page. 2. We also have a Global error page, when the application gets an RunTime exception, we report it to global error page, I tried to use the same concept there, but for this case, it does not redirect to the Global error page, rather, just stays in the current page, as though it has consumed the click. Please let me know if you have any thoughts. Thanks in advance Kuga -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp1875435p2242335.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Problem with Crypted URL
Can anybody help me with this question? -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp1875435p2240647.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Problem with Crypted URL
maybe because you are invalidating the session, which happens after the page is rendered. i would instead invalidate the session and reditect to a bookmarkable url that points to the sessionexpiry page -igor On Wed, Jun 2, 2010 at 12:03 PM, kugaprakash kvisagam...@infoblox.com wrote: Can anybody help me with this question? -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp1875435p2240647.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
RE: Problem with Crypted URL
Hi, Thanks much and appreciate your response. Yes, like I mentioned in the code snippet above, in the WebRequestCycleRequestProcesser.respond(), I override this method and handle the page expiration exception in the following way: if(e instanceof PageExpiredException || e instanceof HackAttackException){ Session.get().invalidate(); throw new RestartResponseException(SessionExpiryPage.class); } Which I believe will result in a bookmarkable page request target. Do you mean to say that I should not invalidate the session at above line, rather invalidate it in the SessionExpiryPage.onAfterRender() If the above is not what it is, can you please let me know with a little code sample? Thanks Kuga From: Igor Vaynberg-2 [via Apache Wicket] [mailto:ml-node+2240861-1232253215-230...@n4.nabble.com] Sent: Wednesday, June 02, 2010 2:30 PM To: Kugaprakash Visagamani Subject: Re: Problem with Crypted URL maybe because you are invalidating the session, which happens after the page is rendered. i would instead invalidate the session and reditect to a bookmarkable url that points to the sessionexpiry page -igor On Wed, Jun 2, 2010 at 12:03 PM, kugaprakash [hidden email] wrote: Can anybody help me with this question? -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp18 75435p2240647.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [hidden email] For additional commands, e-mail: [hidden email] - To unsubscribe, e-mail: [hidden email] For additional commands, e-mail: [hidden email] View message @ http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp18 75435p2240861.html To unsubscribe from Re: Problem with Crypted URL, click here http://apache-wicket.1842946.n4.nabble.com/subscriptions/Unsubscribe.jt p?code=a3Zpc2FnYW1hbmlAaW5mb2Jsb3guY29tfDIyNDA2NDd8NTcwMDE4MzI5 . -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp1875435p2240905.html Sent from the Wicket - User mailing list archive at Nabble.com.
Re: Problem with Crypted URL
RestartResponseException will render the page. since you invalidate the session *after* rendering the page (session is invalidated at the end of the request) that means any stateful urls constructed while rendering the page will no longer be accessible what you want to do is someting like this instead of restartresponseexception: requestcycle.get().setrequesttarget(new irequesttarget() { respond(rc) { rc.sendredirect(rc.urlfor(sessionexpirtypage.class)); } this will force a redirect before rendering the page -igor On Wed, Jun 2, 2010 at 2:58 PM, kugaprakash kvisagam...@infoblox.com wrote: Hi, Thanks much and appreciate your response. Yes, like I mentioned in the code snippet above, in the WebRequestCycleRequestProcesser.respond(), I override this method and handle the page expiration exception in the following way: if(e instanceof PageExpiredException || e instanceof HackAttackException){ Session.get().invalidate(); throw new RestartResponseException(SessionExpiryPage.class); } Which I believe will result in a bookmarkable page request target. Do you mean to say that I should not invalidate the session at above line, rather invalidate it in the SessionExpiryPage.onAfterRender() If the above is not what it is, can you please let me know with a little code sample? Thanks Kuga From: Igor Vaynberg-2 [via Apache Wicket] [mailto:ml-node+2240861-1232253215-230...@n4.nabble.com] Sent: Wednesday, June 02, 2010 2:30 PM To: Kugaprakash Visagamani Subject: Re: Problem with Crypted URL maybe because you are invalidating the session, which happens after the page is rendered. i would instead invalidate the session and reditect to a bookmarkable url that points to the sessionexpiry page -igor On Wed, Jun 2, 2010 at 12:03 PM, kugaprakash [hidden email] wrote: Can anybody help me with this question? -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp18 75435p2240647.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [hidden email] For additional commands, e-mail: [hidden email] - To unsubscribe, e-mail: [hidden email] For additional commands, e-mail: [hidden email] View message @ http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp18 75435p2240861.html To unsubscribe from Re: Problem with Crypted URL, click here http://apache-wicket.1842946.n4.nabble.com/subscriptions/Unsubscribe.jt p?code=a3Zpc2FnYW1hbmlAaW5mb2Jsb3guY29tfDIyNDA2NDd8NTcwMDE4MzI5 . -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp1875435p2240905.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Problem with Crypted URL
We are using Wicket 1.3.5 (Unable to upgrade to latest Wicket release, due to a CSRF fix needed for a previous release build) and I am doing the following: protected IRequestCodingStrategy newRequestCodingStrategy(){ return new CryptedUrlWebRequestCodingStrategy(new WebRequestCodingStrategy()){ @Override protected String onError(final Exception ex) { throw new WicketRuntimeException(Session Expired, new PageExpiredException(Session Expired)); } } Still does not work, In our WebRequestCycleProcessor, we override the respond method and do the following: if(e instanceof PageExpiredException || e instanceof HackAttackException){ Session.get().invalidate(); throw new RestartResponseException(new SessionExpiryPage()); } In SessionExpiryPage.html - we have CSS Logo resources, which is not getting rendered. If you happened to resolve this, please let me know. Any help is much appreciated Thanks in advance. Kuga -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp1875435p2232645.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Problem with Crypted URL
*..) at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..) at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13*..) at javax.crypto.Cipher.doFinal(DashoA13*..) at org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:101) at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:141) ... 27 more ERROR 2008-11-23 13:52:17,966 [http-8080-Processor25] Invalid URL Invalid URL at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:279) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:286) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:265) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99) at org.apache.wicket.Request.getRequestParameters(Request.java:172) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366) at org.apache.wicket.RequestCycle.request(RequestCycle.java:498) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444) at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) could it be a bug? ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA doesn't seem to be modified be someone else than wicket. wdyt? thanks francisco On Mon, Nov 17, 2008 at 4:59 PM, Johan Compagner [EMAIL PROTECTED] wrote: I already changed the handling of that in trunk so that now a page expired is thrown when that happens. johan when did you exactly change that? does it also impact my issue? dont know exactly but it is in M1 and the current trunk of 1.3 You dont have it yet if you are on august code it doesnt really affect, because if you dont use crypted you would get a page expired because if an encrypted url cant be decrypted because of a new session then the page cant be found either when it was not encrypted Except maybe the stateless forms.. i think we need to look at that a bit johan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Problem-with-Crypted-URL-tp20533640p20747634.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem with Crypted URL
We are also getting this when sessions expire. No big deal but would still like a fix. Will it be fixed in the 1.3.x branch also? Pls make it :) br, Marcus On Mon, Nov 24, 2008 at 7:30 PM, francisco treacy [EMAIL PROTECTED] wrote: johan, i'm not sure i understand correctly. you mean that it should have been in 1.4-rc1 but it is not? so i could expect this to be fixed in 1.4-rc2 or 1.4 final? francisco On Mon, Nov 24, 2008 at 5:22 PM, Johan Compagner [EMAIL PROTECTED] wrote: hmm weird, wasnt merged yet with 4.1 thought i did that with the big merge. On Mon, Nov 24, 2008 at 10:57 AM, francisco treacy [EMAIL PROTECTED] wrote: i updated to rc1 i'm still getting stacktraces in logs with CryptedUrlWebRequestCodingStrategy ERROR 2008-11-23 13:52:17,964 [http-8080-Processor25] Invalid URL: ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA org.apache.wicket.WicketRuntimeException: Unable to decrypt the text '??G?K???^D?O???^G^W!^E??I?^C$'Dc5^N8^P^L' at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145) at org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:256) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99) at org.apache.wicket.Request.getRequestParameters(Request.java:172) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366) at org.apache.wicket.RequestCycle.request(RequestCycle.java:498) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444) at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:111) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689) at java.lang.Thread.run(Thread.java:619) Caused by: javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..) at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13*..) at javax.crypto.Cipher.doFinal(DashoA13*..) at org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:101) at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:141) ... 27 more ERROR 2008-11-23 13:52:17,966 [http-8080-Processor25] Invalid URL Invalid URL at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:279) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:286) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:265) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99) at
Re: Problem with Crypted URL
yup, i suppose this happens when sessions expire. we've been having an increasing number of visitors and logs are really hard to read when you try to find an (important) exception. so i guess i'm still up for the fix :) francisco On Fri, Nov 28, 2008 at 6:35 PM, Marcus Mattila [EMAIL PROTECTED] wrote: We are also getting this when sessions expire. No big deal but would still like a fix. Will it be fixed in the 1.3.x branch also? Pls make it :) br, Marcus On Mon, Nov 24, 2008 at 7:30 PM, francisco treacy [EMAIL PROTECTED] wrote: johan, i'm not sure i understand correctly. you mean that it should have been in 1.4-rc1 but it is not? so i could expect this to be fixed in 1.4-rc2 or 1.4 final? francisco On Mon, Nov 24, 2008 at 5:22 PM, Johan Compagner [EMAIL PROTECTED] wrote: hmm weird, wasnt merged yet with 4.1 thought i did that with the big merge. On Mon, Nov 24, 2008 at 10:57 AM, francisco treacy [EMAIL PROTECTED] wrote: i updated to rc1 i'm still getting stacktraces in logs with CryptedUrlWebRequestCodingStrategy ERROR 2008-11-23 13:52:17,964 [http-8080-Processor25] Invalid URL: ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA org.apache.wicket.WicketRuntimeException: Unable to decrypt the text '??G?K???^D?O???^G^W!^E??I?^C$'Dc5^N8^P^L' at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145) at org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:256) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99) at org.apache.wicket.Request.getRequestParameters(Request.java:172) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366) at org.apache.wicket.RequestCycle.request(RequestCycle.java:498) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444) at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:111) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689) at java.lang.Thread.run(Thread.java:619) Caused by: javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..) at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13*..) at javax.crypto.Cipher.doFinal(DashoA13*..) at org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:101) at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:141) ... 27 more ERROR 2008-11-23 13:52:17,966 [http-8080-Processor25] Invalid URL Invalid URL at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:279) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:286) at
Re: Problem with Crypted URL
Both branches have now the latest code, i guess both have to be released first On 28/11/2008, francisco treacy [EMAIL PROTECTED] wrote: yup, i suppose this happens when sessions expire. we've been having an increasing number of visitors and logs are really hard to read when you try to find an (important) exception. so i guess i'm still up for the fix :) francisco On Fri, Nov 28, 2008 at 6:35 PM, Marcus Mattila [EMAIL PROTECTED] wrote: We are also getting this when sessions expire. No big deal but would still like a fix. Will it be fixed in the 1.3.x branch also? Pls make it :) br, Marcus On Mon, Nov 24, 2008 at 7:30 PM, francisco treacy [EMAIL PROTECTED] wrote: johan, i'm not sure i understand correctly. you mean that it should have been in 1.4-rc1 but it is not? so i could expect this to be fixed in 1.4-rc2 or 1.4 final? francisco On Mon, Nov 24, 2008 at 5:22 PM, Johan Compagner [EMAIL PROTECTED] wrote: hmm weird, wasnt merged yet with 4.1 thought i did that with the big merge. On Mon, Nov 24, 2008 at 10:57 AM, francisco treacy [EMAIL PROTECTED] wrote: i updated to rc1 i'm still getting stacktraces in logs with CryptedUrlWebRequestCodingStrategy ERROR 2008-11-23 13:52:17,964 [http-8080-Processor25] Invalid URL: ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA org.apache.wicket.WicketRuntimeException: Unable to decrypt the text '??G?K???^D?O???^G^W!^E??I?^C$'Dc5^N8^P^L' at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145) at org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:256) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99) at org.apache.wicket.Request.getRequestParameters(Request.java:172) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366) at org.apache.wicket.RequestCycle.request(RequestCycle.java:498) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444) at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:111) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689) at java.lang.Thread.run(Thread.java:619) Caused by: javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..) at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13*..) at javax.crypto.Cipher.doFinal(DashoA13*..) at org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:101) at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:141) ... 27 more ERROR 2008-11-23 13:52:17,966 [http-8080-Processor25] Invalid URL Invalid URL at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:279)
Re: Problem with Crypted URL
i updated to rc1 i'm still getting stacktraces in logs with CryptedUrlWebRequestCodingStrategy ERROR 2008-11-23 13:52:17,964 [http-8080-Processor25] Invalid URL: ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA org.apache.wicket.WicketRuntimeException: Unable to decrypt the text '??G?K???^D?O???^G^W!^E??I?^C$'Dc5^N8^P^L' at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145) at org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:256) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99) at org.apache.wicket.Request.getRequestParameters(Request.java:172) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366) at org.apache.wicket.RequestCycle.request(RequestCycle.java:498) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444) at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:111) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689) at java.lang.Thread.run(Thread.java:619) Caused by: javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..) at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13*..) at javax.crypto.Cipher.doFinal(DashoA13*..) at org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:101) at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:141) ... 27 more ERROR 2008-11-23 13:52:17,966 [http-8080-Processor25] Invalid URL Invalid URL at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:279) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:286) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:265) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99) at org.apache.wicket.Request.getRequestParameters(Request.java:172) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366) at org.apache.wicket.RequestCycle.request(RequestCycle.java:498) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444) at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) could it be a bug? ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA doesn't seem to be modified be someone else than
Re: Problem with Crypted URL
hmm weird, wasnt merged yet with 4.1 thought i did that with the big merge. On Mon, Nov 24, 2008 at 10:57 AM, francisco treacy [EMAIL PROTECTED] wrote: i updated to rc1 i'm still getting stacktraces in logs with CryptedUrlWebRequestCodingStrategy ERROR 2008-11-23 13:52:17,964 [http-8080-Processor25] Invalid URL: ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA org.apache.wicket.WicketRuntimeException: Unable to decrypt the text '??G?K???^D?O???^G^W!^E??I?^C$'Dc5^N8^P^L' at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145) at org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:256) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99) at org.apache.wicket.Request.getRequestParameters(Request.java:172) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366) at org.apache.wicket.RequestCycle.request(RequestCycle.java:498) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444) at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:111) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689) at java.lang.Thread.run(Thread.java:619) Caused by: javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..) at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13*..) at javax.crypto.Cipher.doFinal(DashoA13*..) at org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:101) at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:141) ... 27 more ERROR 2008-11-23 13:52:17,966 [http-8080-Processor25] Invalid URL Invalid URL at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:279) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:286) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:265) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99) at org.apache.wicket.Request.getRequestParameters(Request.java:172) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366) at org.apache.wicket.RequestCycle.request(RequestCycle.java:498) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444) at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282) at
Re: Problem with Crypted URL
johan, i'm not sure i understand correctly. you mean that it should have been in 1.4-rc1 but it is not? so i could expect this to be fixed in 1.4-rc2 or 1.4 final? francisco On Mon, Nov 24, 2008 at 5:22 PM, Johan Compagner [EMAIL PROTECTED] wrote: hmm weird, wasnt merged yet with 4.1 thought i did that with the big merge. On Mon, Nov 24, 2008 at 10:57 AM, francisco treacy [EMAIL PROTECTED] wrote: i updated to rc1 i'm still getting stacktraces in logs with CryptedUrlWebRequestCodingStrategy ERROR 2008-11-23 13:52:17,964 [http-8080-Processor25] Invalid URL: ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA org.apache.wicket.WicketRuntimeException: Unable to decrypt the text '??G?K???^D?O???^G^W!^E??I?^C$'Dc5^N8^P^L' at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145) at org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:256) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99) at org.apache.wicket.Request.getRequestParameters(Request.java:172) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366) at org.apache.wicket.RequestCycle.request(RequestCycle.java:498) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444) at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:111) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689) at java.lang.Thread.run(Thread.java:619) Caused by: javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..) at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13*..) at javax.crypto.Cipher.doFinal(DashoA13*..) at org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:101) at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:141) ... 27 more ERROR 2008-11-23 13:52:17,966 [http-8080-Processor25] Invalid URL Invalid URL at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:279) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:286) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:265) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99) at org.apache.wicket.Request.getRequestParameters(Request.java:172) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366) at
Re: Problem with Crypted URL
i guess this is because we now use sessionid as the seed for the encryption of the urls So when a session times out and that user makes another request to it we cant decrypt it anymore because another seed is used. I already changed the handling of that in trunk so that now a page expired is thrown when that happens. On Mon, Nov 17, 2008 at 5:21 AM, Andrew Berman [EMAIL PROTECTED] wrote: I upgraded from 1.3.4 to 1.3.5 and now I am seeing this error all over the place in my log files.. [ERROR] 21:44:24 CryptedUrlWebRequestCodingStrategy - Invalid URL: foo/?x=kSQEmQImbZiH47lvkBIVh0gnXDVDx7-UQqHufLUVx5IVu10xEJYI8UXQ2B0gQCTDdAzJ7rUByXI org.apache.wicket.WicketRuntimeException: Unable to decrypt the text '�$^D�^Bm���o�^R^U�H'\5Cǿ�B��|�^Uǒ^U�]1^P�^H�E��^] @$�t^L��^A�r' at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145) at org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:250) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:98) at org.apache.wicket.Request.getRequestParameters(Request.java:171) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1233) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1353) at org.apache.wicket.RequestCycle.request(RequestCycle.java:493) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:355) at org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:124) Anyone have any ideas what in the world is causing the jibberish? I am using JDK 6 and Wicket 1.3.5. Thanks, Andrew
Re: Problem with Crypted URL
something _similar_ happens in my logs. ERROR 2008-11-17 14:16:49,170 [http-8080-Processor17] Invalid URL org.apache.wicket.WicketRuntimeException: Unable to decrypt the text '[EMAIL PROTECTED]' at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145) at org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:256) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:98) at org.apache.wicket.Request.getRequestParameters(Request.java:172) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1227) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1347) at org.apache.wicket.RequestCycle.request(RequestCycle.java:497) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:420) (...) Caused by: javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..) at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13*..) at javax.crypto.Cipher.doFinal(DashoA13*..) at org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:101) at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:141) ... 27 more but apparently doesn't cause any trouble in the app (eg. no visible stacktrace or expired page). so i'm just curious. in this app wicket is 1.4-SNAPSHOT (august 26) (because of a dependency). will try to switch to rc1 see what i get. I already changed the handling of that in trunk so that now a page expired is thrown when that happens. johan when did you exactly change that? does it also impact my issue? thanks francisco On Mon, Nov 17, 2008 at 10:39 AM, Johan Compagner [EMAIL PROTECTED] wrote: i guess this is because we now use sessionid as the seed for the encryption of the urls So when a session times out and that user makes another request to it we cant decrypt it anymore because another seed is used. I already changed the handling of that in trunk so that now a page expired is thrown when that happens. On Mon, Nov 17, 2008 at 5:21 AM, Andrew Berman [EMAIL PROTECTED] wrote: I upgraded from 1.3.4 to 1.3.5 and now I am seeing this error all over the place in my log files.. [ERROR] 21:44:24 CryptedUrlWebRequestCodingStrategy - Invalid URL: foo/?x=kSQEmQImbZiH47lvkBIVh0gnXDVDx7-UQqHufLUVx5IVu10xEJYI8UXQ2B0gQCTDdAzJ7rUByXI org.apache.wicket.WicketRuntimeException: Unable to decrypt the text '�$^D�^Bm���o�^R^U�H'\5Cǿ�B��|�^Uǒ^U�]1^P�^H�E��^] @$�t^L��^A�r' at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145) at org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:250) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:98) at org.apache.wicket.Request.getRequestParameters(Request.java:171) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1233) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1353) at org.apache.wicket.RequestCycle.request(RequestCycle.java:493) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:355) at org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:124) Anyone have any ideas what in the world is causing the jibberish? I am using JDK 6 and Wicket 1.3.5. Thanks, Andrew
Re: Problem with Crypted URL
I already changed the handling of that in trunk so that now a page expired is thrown when that happens. johan when did you exactly change that? does it also impact my issue? dont know exactly but it is in M1 and the current trunk of 1.3 You dont have it yet if you are on august code it doesnt really affect, because if you dont use crypted you would get a page expired because if an encrypted url cant be decrypted because of a new session then the page cant be found either when it was not encrypted Except maybe the stateless forms.. i think we need to look at that a bit johan
Problem with Crypted URL
I upgraded from 1.3.4 to 1.3.5 and now I am seeing this error all over the place in my log files.. [ERROR] 21:44:24 CryptedUrlWebRequestCodingStrategy - Invalid URL: foo/?x=kSQEmQImbZiH47lvkBIVh0gnXDVDx7-UQqHufLUVx5IVu10xEJYI8UXQ2B0gQCTDdAzJ7rUByXI org.apache.wicket.WicketRuntimeException: Unable to decrypt the text '�$^D�^Bm���o�^R^U�H'\5Cǿ�B��|�^Uǒ^U�]1^P�^H�E��^] @$�t^L��^A�r' at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145) at org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:250) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:98) at org.apache.wicket.Request.getRequestParameters(Request.java:171) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1233) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1353) at org.apache.wicket.RequestCycle.request(RequestCycle.java:493) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:355) at org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:124) Anyone have any ideas what in the world is causing the jibberish? I am using JDK 6 and Wicket 1.3.5. Thanks, Andrew