Re: javax.crypto.BadPaddingException on expired sessions using CryptedUrlWebRequestCodingStrategy
fatefree wrote: > > Re: javax.crypto.BadPaddingException on expired sessions using > CryptedUrlWebRequestCodingStrategy > As it turned out this was not caused by the cryptedurl coding strategy as I thought, but rather my custom request cycle was overriding onRuntimeException and returning its own error page, thus overriding the PageExpired page. This strategy worked fine when I removed my code. -- View this message in context: http://old.nabble.com/javax.crypto.BadPaddingException-on-expired-sessions-using--CryptedUrlWebRequestCodingStrategy-tp26190032p26484296.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: javax.crypto.BadPaddingException on expired sessions using CryptedUrlWebRequestCodingStrategy
fatefree wrote:
>
> Is there any plans to fix this, or anything I can do to prevent it while
> maintaining crypted urls?
>
I tried to use the fix suggested in the previous thread, but it was just
throwing a different exception and not really helping the situation. A
temporary solution is the web application class is this:
@Override
protected IRequestCycleProcessor newRequestCycleProcessor() {
return new WebRequestCycleProcessor() {
@Override
protected IRequestCodingStrategy newRequestCodingStrategy() {
return new CryptedUrlWebRequestCodingStrategy(new
WebRequestCodingStrategy()) {
@Override
protected String onError(final
Exception ex, String url) {
return onError(ex);
}
@Override
protected String onError(final
Exception ex) {
return null;
}
};
}
};
}
With this code no exception is thrown, but on the user end nothing happens.
So the link fails, there is no indication of anything happening, and a
strange "random" parameter and a long value is appended to the url. Its
better than the app failing I suppose, but not the best usability. It would
be manageable if I could leave a session level message but I don't have any
reference to a session at this point.
I'm curious if anyone else is having this problem currently, it was
indicated that it was fixed in the past.
--
View this message in context:
http://old.nabble.com/javax.crypto.BadPaddingException-on-expired-sessions-using--CryptedUrlWebRequestCodingStrategy-tp26190032p26206434.html
Sent from the Wicket - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
javax.crypto.BadPaddingException on expired sessions using CryptedUrlWebRequestCodingStrategy
I am getting a WicketRuntimeException whenever a user clicks a session based url after the session has expired. I noticed there was a previous thread about this here: http://old.nabble.com/Problem-with-Crypted-URL-to20533640.html#a20542221. I was hoping since I upgraded my application to use the latest 1.4.3 that this problem was solved, but I see that it is still occurring (You can recreate it by opening a browser and starting a new session, restarting your server, and then clicking a link - or just wait half an hour and try to click a session link). For my application this is a pretty common scenario since users may read bookmarkable urls leisurely and then click a modal window link later, and instead of redirecting to the homepage with a nice expiration message they get a hard error which clogs the logs up pretty bad. Is there any plans to fix this, or anything I can do to prevent it while maintaining crypted urls?
