Re: Problem with Crypted URL
Actually I should say, that it is not force re-directing even on using the
recommended approach. It still stays in the same current page.
Am I doing something wrong here? I tried to remove the finally block
{Session.get().invalidate(); } and moved that code to detach(), still no
success.
Please let me know if there is some thing wrong being done here.
Thanks in Advance.
Kuga
--
View this message in context:
http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp1875435p2243721.html
Sent from the Wicket - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
Re: Problem with Crypted URL
Thanks for the response, I am trying to implement your recommended solution,
however, It goes into the respond method and I did the following
public void respond(RequestCycle requestCycle) {
PageParameters param = new PageParameters();
param.add(error, errorMessage); //$NON-NLS-1$
try {
((WebResponse)requestCycle.getResponse()).getHttpServletResponse().
sendRedirect(requestCycle.urlFor(pageClass, param).toString());
Session.get().invalidate();
} catch (IOException e) {
log.error(Error while redirecting to global
error page, e);
//$NON-NLS-1$
}
}
Please let me know if the above is correct.
However, I am seeing the following issue:
1. When the session expires, the session expiry page appears, and when click
on Browser back button, it takes me to previous page, but doesnt complete
rendering, as there are decode exceptions, but this time it does not render
the SessionExpiry page.
2. We also have a Global error page, when the application gets an RunTime
exception, we report it to global error page, I tried to use the same
concept there, but for this case, it does not redirect to the Global error
page, rather, just stays in the current page, as though it has consumed the
click.
Please let me know if you have any thoughts.
Thanks in advance
Kuga
--
View this message in context:
http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp1875435p2242335.html
Sent from the Wicket - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
Re: Problem with Crypted URL
Can anybody help me with this question? -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp1875435p2240647.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Problem with Crypted URL
maybe because you are invalidating the session, which happens after the page is rendered. i would instead invalidate the session and reditect to a bookmarkable url that points to the sessionexpiry page -igor On Wed, Jun 2, 2010 at 12:03 PM, kugaprakash kvisagam...@infoblox.com wrote: Can anybody help me with this question? -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp1875435p2240647.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
RE: Problem with Crypted URL
Hi,
Thanks much and appreciate your response.
Yes, like I mentioned in the code snippet above, in the
WebRequestCycleRequestProcesser.respond(), I override this method and
handle the page expiration exception in the following way:
if(e instanceof PageExpiredException || e instanceof
HackAttackException){
Session.get().invalidate();
throw new
RestartResponseException(SessionExpiryPage.class);
}
Which I believe will result in a bookmarkable page request target.
Do you mean to say that I should not invalidate the session at above
line, rather invalidate it in the SessionExpiryPage.onAfterRender()
If the above is not what it is, can you please let me know with a little
code sample?
Thanks
Kuga
From: Igor Vaynberg-2 [via Apache Wicket]
[mailto:ml-node+2240861-1232253215-230...@n4.nabble.com]
Sent: Wednesday, June 02, 2010 2:30 PM
To: Kugaprakash Visagamani
Subject: Re: Problem with Crypted URL
maybe because you are invalidating the session, which happens after
the page is rendered. i would instead invalidate the session and
reditect to a bookmarkable url that points to the sessionexpiry page
-igor
On Wed, Jun 2, 2010 at 12:03 PM, kugaprakash [hidden email] wrote:
Can anybody help me with this question?
--
View this message in context:
http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp18
75435p2240647.html
Sent from the Wicket - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]
-
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]
View message @
http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp18
75435p2240861.html
To unsubscribe from Re: Problem with Crypted URL, click here
http://apache-wicket.1842946.n4.nabble.com/subscriptions/Unsubscribe.jt
p?code=a3Zpc2FnYW1hbmlAaW5mb2Jsb3guY29tfDIyNDA2NDd8NTcwMDE4MzI5 .
--
View this message in context:
http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp1875435p2240905.html
Sent from the Wicket - User mailing list archive at Nabble.com.
Re: Problem with Crypted URL
RestartResponseException will render the page. since you invalidate
the session *after* rendering the page (session is invalidated at the
end of the request) that means any stateful urls constructed while
rendering the page will no longer be accessible
what you want to do is someting like this instead of restartresponseexception:
requestcycle.get().setrequesttarget(new irequesttarget() { respond(rc)
{ rc.sendredirect(rc.urlfor(sessionexpirtypage.class)); }
this will force a redirect before rendering the page
-igor
On Wed, Jun 2, 2010 at 2:58 PM, kugaprakash kvisagam...@infoblox.com wrote:
Hi,
Thanks much and appreciate your response.
Yes, like I mentioned in the code snippet above, in the
WebRequestCycleRequestProcesser.respond(), I override this method and
handle the page expiration exception in the following way:
if(e instanceof PageExpiredException || e instanceof
HackAttackException){
Session.get().invalidate();
throw new
RestartResponseException(SessionExpiryPage.class);
}
Which I believe will result in a bookmarkable page request target.
Do you mean to say that I should not invalidate the session at above
line, rather invalidate it in the SessionExpiryPage.onAfterRender()
If the above is not what it is, can you please let me know with a little
code sample?
Thanks
Kuga
From: Igor Vaynberg-2 [via Apache Wicket]
[mailto:ml-node+2240861-1232253215-230...@n4.nabble.com]
Sent: Wednesday, June 02, 2010 2:30 PM
To: Kugaprakash Visagamani
Subject: Re: Problem with Crypted URL
maybe because you are invalidating the session, which happens after
the page is rendered. i would instead invalidate the session and
reditect to a bookmarkable url that points to the sessionexpiry page
-igor
On Wed, Jun 2, 2010 at 12:03 PM, kugaprakash [hidden email] wrote:
Can anybody help me with this question?
--
View this message in context:
http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp18
75435p2240647.html
Sent from the Wicket - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]
-
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]
View message @
http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp18
75435p2240861.html
To unsubscribe from Re: Problem with Crypted URL, click here
http://apache-wicket.1842946.n4.nabble.com/subscriptions/Unsubscribe.jt
p?code=a3Zpc2FnYW1hbmlAaW5mb2Jsb3guY29tfDIyNDA2NDd8NTcwMDE4MzI5 .
--
View this message in context:
http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp1875435p2240905.html
Sent from the Wicket - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
Re: Problem with Crypted URL
We are using Wicket 1.3.5 (Unable to upgrade to latest Wicket release, due to
a CSRF fix needed for a previous release build) and I am doing the
following:
protected IRequestCodingStrategy newRequestCodingStrategy(){
return new CryptedUrlWebRequestCodingStrategy(new
WebRequestCodingStrategy()){
@Override
protected String onError(final Exception ex)
{
throw new WicketRuntimeException(Session Expired, new
PageExpiredException(Session Expired));
}
}
Still does not work,
In our WebRequestCycleProcessor, we override the respond method and do the
following:
if(e instanceof PageExpiredException || e instanceof HackAttackException){
Session.get().invalidate();
throw new RestartResponseException(new
SessionExpiryPage());
}
In SessionExpiryPage.html - we have CSS Logo resources, which is not
getting rendered.
If you happened to resolve this, please let me know.
Any help is much appreciated
Thanks in advance.
Kuga
--
View this message in context:
http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp1875435p2232645.html
Sent from the Wicket - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
Re: Problem with Crypted URL
*..) at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..) at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13*..) at javax.crypto.Cipher.doFinal(DashoA13*..) at org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:101) at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:141) ... 27 more ERROR 2008-11-23 13:52:17,966 [http-8080-Processor25] Invalid URL Invalid URL at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:279) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:286) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:265) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99) at org.apache.wicket.Request.getRequestParameters(Request.java:172) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366) at org.apache.wicket.RequestCycle.request(RequestCycle.java:498) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444) at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) could it be a bug? ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA doesn't seem to be modified be someone else than wicket. wdyt? thanks francisco On Mon, Nov 17, 2008 at 4:59 PM, Johan Compagner [EMAIL PROTECTED] wrote: I already changed the handling of that in trunk so that now a page expired is thrown when that happens. johan when did you exactly change that? does it also impact my issue? dont know exactly but it is in M1 and the current trunk of 1.3 You dont have it yet if you are on august code it doesnt really affect, because if you dont use crypted you would get a page expired because if an encrypted url cant be decrypted because of a new session then the page cant be found either when it was not encrypted Except maybe the stateless forms.. i think we need to look at that a bit johan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Problem-with-Crypted-URL-tp20533640p20747634.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem with Crypted URL
We are also getting this when sessions expire. No big deal but would still like a fix. Will it be fixed in the 1.3.x branch also? Pls make it :) br, Marcus On Mon, Nov 24, 2008 at 7:30 PM, francisco treacy [EMAIL PROTECTED] wrote: johan, i'm not sure i understand correctly. you mean that it should have been in 1.4-rc1 but it is not? so i could expect this to be fixed in 1.4-rc2 or 1.4 final? francisco On Mon, Nov 24, 2008 at 5:22 PM, Johan Compagner [EMAIL PROTECTED] wrote: hmm weird, wasnt merged yet with 4.1 thought i did that with the big merge. On Mon, Nov 24, 2008 at 10:57 AM, francisco treacy [EMAIL PROTECTED] wrote: i updated to rc1 i'm still getting stacktraces in logs with CryptedUrlWebRequestCodingStrategy ERROR 2008-11-23 13:52:17,964 [http-8080-Processor25] Invalid URL: ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA org.apache.wicket.WicketRuntimeException: Unable to decrypt the text '??G?K???^D?O???^G^W!^E??I?^C$'Dc5^N8^P^L' at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145) at org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:256) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99) at org.apache.wicket.Request.getRequestParameters(Request.java:172) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366) at org.apache.wicket.RequestCycle.request(RequestCycle.java:498) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444) at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:111) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689) at java.lang.Thread.run(Thread.java:619) Caused by: javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..) at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13*..) at javax.crypto.Cipher.doFinal(DashoA13*..) at org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:101) at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:141) ... 27 more ERROR 2008-11-23 13:52:17,966 [http-8080-Processor25] Invalid URL Invalid URL at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:279) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:286) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:265) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99) at
Re: Problem with Crypted URL
yup, i suppose this happens when sessions expire. we've been having an increasing number of visitors and logs are really hard to read when you try to find an (important) exception. so i guess i'm still up for the fix :) francisco On Fri, Nov 28, 2008 at 6:35 PM, Marcus Mattila [EMAIL PROTECTED] wrote: We are also getting this when sessions expire. No big deal but would still like a fix. Will it be fixed in the 1.3.x branch also? Pls make it :) br, Marcus On Mon, Nov 24, 2008 at 7:30 PM, francisco treacy [EMAIL PROTECTED] wrote: johan, i'm not sure i understand correctly. you mean that it should have been in 1.4-rc1 but it is not? so i could expect this to be fixed in 1.4-rc2 or 1.4 final? francisco On Mon, Nov 24, 2008 at 5:22 PM, Johan Compagner [EMAIL PROTECTED] wrote: hmm weird, wasnt merged yet with 4.1 thought i did that with the big merge. On Mon, Nov 24, 2008 at 10:57 AM, francisco treacy [EMAIL PROTECTED] wrote: i updated to rc1 i'm still getting stacktraces in logs with CryptedUrlWebRequestCodingStrategy ERROR 2008-11-23 13:52:17,964 [http-8080-Processor25] Invalid URL: ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA org.apache.wicket.WicketRuntimeException: Unable to decrypt the text '??G?K???^D?O???^G^W!^E??I?^C$'Dc5^N8^P^L' at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145) at org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:256) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99) at org.apache.wicket.Request.getRequestParameters(Request.java:172) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366) at org.apache.wicket.RequestCycle.request(RequestCycle.java:498) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444) at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:111) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689) at java.lang.Thread.run(Thread.java:619) Caused by: javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..) at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13*..) at javax.crypto.Cipher.doFinal(DashoA13*..) at org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:101) at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:141) ... 27 more ERROR 2008-11-23 13:52:17,966 [http-8080-Processor25] Invalid URL Invalid URL at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:279) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:286) at
Re: Problem with Crypted URL
Both branches have now the latest code, i guess both have to be released first On 28/11/2008, francisco treacy [EMAIL PROTECTED] wrote: yup, i suppose this happens when sessions expire. we've been having an increasing number of visitors and logs are really hard to read when you try to find an (important) exception. so i guess i'm still up for the fix :) francisco On Fri, Nov 28, 2008 at 6:35 PM, Marcus Mattila [EMAIL PROTECTED] wrote: We are also getting this when sessions expire. No big deal but would still like a fix. Will it be fixed in the 1.3.x branch also? Pls make it :) br, Marcus On Mon, Nov 24, 2008 at 7:30 PM, francisco treacy [EMAIL PROTECTED] wrote: johan, i'm not sure i understand correctly. you mean that it should have been in 1.4-rc1 but it is not? so i could expect this to be fixed in 1.4-rc2 or 1.4 final? francisco On Mon, Nov 24, 2008 at 5:22 PM, Johan Compagner [EMAIL PROTECTED] wrote: hmm weird, wasnt merged yet with 4.1 thought i did that with the big merge. On Mon, Nov 24, 2008 at 10:57 AM, francisco treacy [EMAIL PROTECTED] wrote: i updated to rc1 i'm still getting stacktraces in logs with CryptedUrlWebRequestCodingStrategy ERROR 2008-11-23 13:52:17,964 [http-8080-Processor25] Invalid URL: ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA org.apache.wicket.WicketRuntimeException: Unable to decrypt the text '??G?K???^D?O???^G^W!^E??I?^C$'Dc5^N8^P^L' at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145) at org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:256) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99) at org.apache.wicket.Request.getRequestParameters(Request.java:172) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366) at org.apache.wicket.RequestCycle.request(RequestCycle.java:498) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444) at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:111) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689) at java.lang.Thread.run(Thread.java:619) Caused by: javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..) at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13*..) at javax.crypto.Cipher.doFinal(DashoA13*..) at org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:101) at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:141) ... 27 more ERROR 2008-11-23 13:52:17,966 [http-8080-Processor25] Invalid URL Invalid URL at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:279)
Re: Problem with Crypted URL
i updated to rc1 i'm still getting stacktraces in logs with CryptedUrlWebRequestCodingStrategy ERROR 2008-11-23 13:52:17,964 [http-8080-Processor25] Invalid URL: ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA org.apache.wicket.WicketRuntimeException: Unable to decrypt the text '??G?K???^D?O???^G^W!^E??I?^C$'Dc5^N8^P^L' at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145) at org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:256) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99) at org.apache.wicket.Request.getRequestParameters(Request.java:172) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366) at org.apache.wicket.RequestCycle.request(RequestCycle.java:498) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444) at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:111) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689) at java.lang.Thread.run(Thread.java:619) Caused by: javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..) at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13*..) at javax.crypto.Cipher.doFinal(DashoA13*..) at org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:101) at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:141) ... 27 more ERROR 2008-11-23 13:52:17,966 [http-8080-Processor25] Invalid URL Invalid URL at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:279) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:286) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:265) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99) at org.apache.wicket.Request.getRequestParameters(Request.java:172) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366) at org.apache.wicket.RequestCycle.request(RequestCycle.java:498) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444) at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) could it be a bug? ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA doesn't seem to be modified be someone else than
Re: Problem with Crypted URL
hmm weird, wasnt merged yet with 4.1 thought i did that with the big merge. On Mon, Nov 24, 2008 at 10:57 AM, francisco treacy [EMAIL PROTECTED] wrote: i updated to rc1 i'm still getting stacktraces in logs with CryptedUrlWebRequestCodingStrategy ERROR 2008-11-23 13:52:17,964 [http-8080-Processor25] Invalid URL: ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA org.apache.wicket.WicketRuntimeException: Unable to decrypt the text '??G?K???^D?O???^G^W!^E??I?^C$'Dc5^N8^P^L' at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145) at org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:256) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99) at org.apache.wicket.Request.getRequestParameters(Request.java:172) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366) at org.apache.wicket.RequestCycle.request(RequestCycle.java:498) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444) at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:111) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689) at java.lang.Thread.run(Thread.java:619) Caused by: javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..) at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13*..) at javax.crypto.Cipher.doFinal(DashoA13*..) at org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:101) at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:141) ... 27 more ERROR 2008-11-23 13:52:17,966 [http-8080-Processor25] Invalid URL Invalid URL at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:279) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:286) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:265) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99) at org.apache.wicket.Request.getRequestParameters(Request.java:172) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366) at org.apache.wicket.RequestCycle.request(RequestCycle.java:498) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444) at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282) at
Re: Problem with Crypted URL
johan, i'm not sure i understand correctly. you mean that it should have been in 1.4-rc1 but it is not? so i could expect this to be fixed in 1.4-rc2 or 1.4 final? francisco On Mon, Nov 24, 2008 at 5:22 PM, Johan Compagner [EMAIL PROTECTED] wrote: hmm weird, wasnt merged yet with 4.1 thought i did that with the big merge. On Mon, Nov 24, 2008 at 10:57 AM, francisco treacy [EMAIL PROTECTED] wrote: i updated to rc1 i'm still getting stacktraces in logs with CryptedUrlWebRequestCodingStrategy ERROR 2008-11-23 13:52:17,964 [http-8080-Processor25] Invalid URL: ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA org.apache.wicket.WicketRuntimeException: Unable to decrypt the text '??G?K???^D?O???^G^W!^E??I?^C$'Dc5^N8^P^L' at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145) at org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:256) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99) at org.apache.wicket.Request.getRequestParameters(Request.java:172) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366) at org.apache.wicket.RequestCycle.request(RequestCycle.java:498) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444) at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:111) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689) at java.lang.Thread.run(Thread.java:619) Caused by: javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..) at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13*..) at javax.crypto.Cipher.doFinal(DashoA13*..) at org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:101) at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:141) ... 27 more ERROR 2008-11-23 13:52:17,966 [http-8080-Processor25] Invalid URL Invalid URL at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:279) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:286) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:265) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99) at org.apache.wicket.Request.getRequestParameters(Request.java:172) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366) at
Re: Problem with Crypted URL
i guess this is because we now use sessionid as the seed for the encryption of the urls So when a session times out and that user makes another request to it we cant decrypt it anymore because another seed is used. I already changed the handling of that in trunk so that now a page expired is thrown when that happens. On Mon, Nov 17, 2008 at 5:21 AM, Andrew Berman [EMAIL PROTECTED] wrote: I upgraded from 1.3.4 to 1.3.5 and now I am seeing this error all over the place in my log files.. [ERROR] 21:44:24 CryptedUrlWebRequestCodingStrategy - Invalid URL: foo/?x=kSQEmQImbZiH47lvkBIVh0gnXDVDx7-UQqHufLUVx5IVu10xEJYI8UXQ2B0gQCTDdAzJ7rUByXI org.apache.wicket.WicketRuntimeException: Unable to decrypt the text '�$^D�^Bm���o�^R^U�H'\5Cǿ�B��|�^Uǒ^U�]1^P�^H�E��^] @$�t^L��^A�r' at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145) at org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:250) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:98) at org.apache.wicket.Request.getRequestParameters(Request.java:171) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1233) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1353) at org.apache.wicket.RequestCycle.request(RequestCycle.java:493) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:355) at org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:124) Anyone have any ideas what in the world is causing the jibberish? I am using JDK 6 and Wicket 1.3.5. Thanks, Andrew
Re: Problem with Crypted URL
something _similar_ happens in my logs. ERROR 2008-11-17 14:16:49,170 [http-8080-Processor17] Invalid URL org.apache.wicket.WicketRuntimeException: Unable to decrypt the text '[EMAIL PROTECTED]' at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145) at org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:256) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:98) at org.apache.wicket.Request.getRequestParameters(Request.java:172) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1227) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1347) at org.apache.wicket.RequestCycle.request(RequestCycle.java:497) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:420) (...) Caused by: javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..) at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13*..) at javax.crypto.Cipher.doFinal(DashoA13*..) at org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:101) at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:141) ... 27 more but apparently doesn't cause any trouble in the app (eg. no visible stacktrace or expired page). so i'm just curious. in this app wicket is 1.4-SNAPSHOT (august 26) (because of a dependency). will try to switch to rc1 see what i get. I already changed the handling of that in trunk so that now a page expired is thrown when that happens. johan when did you exactly change that? does it also impact my issue? thanks francisco On Mon, Nov 17, 2008 at 10:39 AM, Johan Compagner [EMAIL PROTECTED] wrote: i guess this is because we now use sessionid as the seed for the encryption of the urls So when a session times out and that user makes another request to it we cant decrypt it anymore because another seed is used. I already changed the handling of that in trunk so that now a page expired is thrown when that happens. On Mon, Nov 17, 2008 at 5:21 AM, Andrew Berman [EMAIL PROTECTED] wrote: I upgraded from 1.3.4 to 1.3.5 and now I am seeing this error all over the place in my log files.. [ERROR] 21:44:24 CryptedUrlWebRequestCodingStrategy - Invalid URL: foo/?x=kSQEmQImbZiH47lvkBIVh0gnXDVDx7-UQqHufLUVx5IVu10xEJYI8UXQ2B0gQCTDdAzJ7rUByXI org.apache.wicket.WicketRuntimeException: Unable to decrypt the text '�$^D�^Bm���o�^R^U�H'\5Cǿ�B��|�^Uǒ^U�]1^P�^H�E��^] @$�t^L��^A�r' at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145) at org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:250) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:98) at org.apache.wicket.Request.getRequestParameters(Request.java:171) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1233) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1353) at org.apache.wicket.RequestCycle.request(RequestCycle.java:493) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:355) at org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:124) Anyone have any ideas what in the world is causing the jibberish? I am using JDK 6 and Wicket 1.3.5. Thanks, Andrew
Re: Problem with Crypted URL
I already changed the handling of that in trunk so that now a page expired is thrown when that happens. johan when did you exactly change that? does it also impact my issue? dont know exactly but it is in M1 and the current trunk of 1.3 You dont have it yet if you are on august code it doesnt really affect, because if you dont use crypted you would get a page expired because if an encrypted url cant be decrypted because of a new session then the page cant be found either when it was not encrypted Except maybe the stateless forms.. i think we need to look at that a bit johan
Problem with Crypted URL
I upgraded from 1.3.4 to 1.3.5 and now I am seeing this error all over the place in my log files.. [ERROR] 21:44:24 CryptedUrlWebRequestCodingStrategy - Invalid URL: foo/?x=kSQEmQImbZiH47lvkBIVh0gnXDVDx7-UQqHufLUVx5IVu10xEJYI8UXQ2B0gQCTDdAzJ7rUByXI org.apache.wicket.WicketRuntimeException: Unable to decrypt the text '�$^D�^Bm���o�^R^U�H'\5Cǿ�B��|�^Uǒ^U�]1^P�^H�E��^] @$�t^L��^A�r' at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145) at org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:250) at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:98) at org.apache.wicket.Request.getRequestParameters(Request.java:171) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1233) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1353) at org.apache.wicket.RequestCycle.request(RequestCycle.java:493) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:355) at org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:124) Anyone have any ideas what in the world is causing the jibberish? I am using JDK 6 and Wicket 1.3.5. Thanks, Andrew
