Re: javax.crypto.BadPaddingException on expired sessions using CryptedUrlWebRequestCodingStrategy
fatefree wrote: > > Re: javax.crypto.BadPaddingException on expired sessions using > CryptedUrlWebRequestCodingStrategy > As it turned out this was not caused by the cryptedurl coding strategy as I thought, but rather my custom request cycle was overriding onRuntimeException and returning its own error page, thus overriding the PageExpired page. This strategy worked fine when I removed my code. -- View this message in context: http://old.nabble.com/javax.crypto.BadPaddingException-on-expired-sessions-using--CryptedUrlWebRequestCodingStrategy-tp26190032p26484296.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: javax.crypto.BadPaddingException on expired sessions using CryptedUrlWebRequestCodingStrategy
fatefree wrote: > > Is there any plans to fix this, or anything I can do to prevent it while > maintaining crypted urls? > I tried to use the fix suggested in the previous thread, but it was just throwing a different exception and not really helping the situation. A temporary solution is the web application class is this: @Override protected IRequestCycleProcessor newRequestCycleProcessor() { return new WebRequestCycleProcessor() { @Override protected IRequestCodingStrategy newRequestCodingStrategy() { return new CryptedUrlWebRequestCodingStrategy(new WebRequestCodingStrategy()) { @Override protected String onError(final Exception ex, String url) { return onError(ex); } @Override protected String onError(final Exception ex) { return null; } }; } }; } With this code no exception is thrown, but on the user end nothing happens. So the link fails, there is no indication of anything happening, and a strange "random" parameter and a long value is appended to the url. Its better than the app failing I suppose, but not the best usability. It would be manageable if I could leave a session level message but I don't have any reference to a session at this point. I'm curious if anyone else is having this problem currently, it was indicated that it was fixed in the past. -- View this message in context: http://old.nabble.com/javax.crypto.BadPaddingException-on-expired-sessions-using--CryptedUrlWebRequestCodingStrategy-tp26190032p26206434.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
javax.crypto.BadPaddingException on expired sessions using CryptedUrlWebRequestCodingStrategy
I am getting a WicketRuntimeException whenever a user clicks a session based url after the session has expired. I noticed there was a previous thread about this here: http://old.nabble.com/Problem-with-Crypted-URL-to20533640.html#a20542221. I was hoping since I upgraded my application to use the latest 1.4.3 that this problem was solved, but I see that it is still occurring (You can recreate it by opening a browser and starting a new session, restarting your server, and then clicking a link - or just wait half an hour and try to click a session link). For my application this is a pretty common scenario since users may read bookmarkable urls leisurely and then click a modal window link later, and instead of redirecting to the homepage with a nice expiration message they get a hard error which clogs the logs up pretty bad. Is there any plans to fix this, or anything I can do to prevent it while maintaining crypted urls?