Re: Problem with Crypted URL

[francisco treacy]

i updated to rc1 i'm still getting stacktraces in logs with
CryptedUrlWebRequestCodingStrategy


ERROR 2008-11-23 13:52:17,964 [http-8080-Processor25] Invalid URL:
?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA
org.apache.wicket.WicketRuntimeException: Unable to decrypt the text
'??G?????K???^D?O???^G^W!^E??I?^C$'Dc5^N8^P????^L'
        at 
org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145)
        at 
org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67)
        at 
org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:256)
        at 
org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99)
        at org.apache.wicket.Request.getRequestParameters(Request.java:172)
        at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246)
        at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366)
        at org.apache.wicket.RequestCycle.request(RequestCycle.java:498)
        at 
org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444)
        at 
org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at 
org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:111)
        at 
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
        at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
        at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
        at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
        at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
        at 
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874)
        at 
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
        at 
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
        at 
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
        at 
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
        at java.lang.Thread.run(Thread.java:619)
Caused by: javax.crypto.BadPaddingException: Given final block not
properly padded
        at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
        at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
        at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..)
        at 
com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13*..)
        at javax.crypto.Cipher.doFinal(DashoA13*..)
        at org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:101)
        at 
org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:141)
        ... 27 more
ERROR 2008-11-23 13:52:17,966 [http-8080-Processor25] Invalid URL
Invalid URL
        at 
org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:279)
        at 
org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:286)
        at 
org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:265)
        at 
org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99)
        at org.apache.wicket.Request.getRequestParameters(Request.java:172)
        at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246)
        at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366)
        at org.apache.wicket.RequestCycle.request(RequestCycle.java:498)
        at 
org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444)
        at 
org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)


could it be a bug?

 ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA  doesn't
seem to be modified be someone else than wicket. wdyt?

thanks

francisco



On Mon, Nov 17, 2008 at 4:59 PM, Johan Compagner <[EMAIL PROTECTED]> wrote:
>>
>>
>>
>> > I already changed the handling of that in trunk so that now a page
>> expired
>> > is thrown when that happens.
>>
>> johan when did you exactly change that?  does it also impact my issue?
>
>
> dont know exactly but it is in M1 and the current trunk of 1.3
>
>
> You dont have it yet if you are on august code
>
> it doesnt really affect, because if you dont use crypted you would get a
> page expired because if an encrypted
> url cant be decrypted because of a new session then the page cant be found
> either when it was not encrypted
>
> Except maybe the stateless forms.. i think we need to look at that a bit
>
>
> johan
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]