bgooren wrote: > > So I had a quick look at the source code of WebRequestCodingStrategy, and > I think it should be possible to create a solution for your problem quite > easily: >
Thanks to your idea, I played around with WebRequestCodingStrategy and below is what I came up with. It uses jasypt, but feel free to replace it with whatever you like more. package crypt.wicket; import java.util.Iterator; import java.util.Map; import java.util.Map.Entry; import java.util.concurrent.ConcurrentHashMap; import org.apache.wicket.Request; import org.apache.wicket.RequestCycle; import org.apache.wicket.protocol.http.request.WebRequestCodingStrategy; import org.apache.wicket.request.RequestParameters; import org.apache.wicket.request.target.resource.ISharedResourceRequestTarget; import org.apache.wicket.util.string.AppendingStringBuffer; import org.jasypt.encryption.pbe.StandardPBEStringEncryptor; import org.jasypt.salt.ZeroSaltGenerator; /** * Version of standard {...@link WebRequestCodingStrategy} that encrypts FQNs * (full qualified names of classes) in resource references. * * @author Sergey Olefir */ public class CryptWebRequestCodingStrategy extends WebRequestCodingStrategy { /** * Prefix for encrypted FQNs. */ public static final String ENCRYPTED_FQN_PREFIX = "---"; /** * Map of unencrypted -> encrypted strings. */ protected static final Map<String, String> toEncryptedMap = new ConcurrentHashMap<String, String>(); /** * Map of encrypted -> unencrypted strings. */ protected static final Map<String, String> toUnencryptedMap = new ConcurrentHashMap<String, String>(); /** * Encrypted used to encrypt FQNs. */ private static final StandardPBEStringEncryptor encryptor; static { encryptor = new StandardPBEStringEncryptor(); encryptor.setAlgorithm("PBEWithMD5AndDES"); encryptor.setSaltGenerator(new ZeroSaltGenerator()); // Need to use zero salt so that URLs are stable. encryptor.setStringOutputType("hexadecimal"); // To avoid slashes in the result (base64 can produce slashes). encryptor.setPassword("<your password here>"); } /* (non-Javadoc) * @see org.apache.wicket.protocol.http.request.WebRequestCodingStrategy#addResourceParameters(org.apache.wicket.Request, org.apache.wicket.request.RequestParameters) */ @Override protected void addResourceParameters(Request request, RequestParameters parameters) { String pathInfo = request.getPath(); if (pathInfo != null && pathInfo.startsWith(RESOURCES_PATH_PREFIX)) { int ix = RESOURCES_PATH_PREFIX.length(); if (pathInfo.length() > ix) { StringBuffer path = new StringBuffer(pathInfo.substring(ix)); int ixSemiColon = path.indexOf(";"); // strip off any jsession id if (ixSemiColon != -1) { int ixEnd = path.indexOf("?"); if (ixEnd == -1) { ixEnd = path.length(); } path.delete(ixSemiColon, ixEnd); } // Check if we need to decrypt FQN. String pathString = path.toString(); if (pathString.startsWith(ENCRYPTED_FQN_PREFIX)) { if (pathString.length() > ENCRYPTED_FQN_PREFIX.length()) { // Need to decrypt. pathString = pathString.substring(ENCRYPTED_FQN_PREFIX.length()); String head; String tail; int slash = pathString.indexOf('/'); if (slash < 0) { head = pathString; tail = ""; } else if (slash == 0) { head = ""; tail = pathString; } else { head = pathString.substring(0, slash); tail = pathString.substring(slash); } // Do decrypt. pathString = decrypt(head) + tail; } } parameters.setResourceKey(pathString); } } } /* (non-Javadoc) * @see org.apache.wicket.protocol.http.request.WebRequestCodingStrategy#encode(org.apache.wicket.RequestCycle, org.apache.wicket.request.target.resource.ISharedResourceRequestTarget) */ @SuppressWarnings("unchecked") @Override protected CharSequence encode(RequestCycle requestCycle, ISharedResourceRequestTarget requestTarget) { final String sharedResourceKey = requestTarget.getResourceKey(); if ((sharedResourceKey == null) || (sharedResourceKey.trim().length() == 0)) { return ""; } else { final AppendingStringBuffer buffer = new AppendingStringBuffer( sharedResourceKey.length() * 3); // Guesstimate as to how big encrypted string will be buffer.append(RESOURCES_PATH_PREFIX); // Split resource key and determine whether we need to encrypt it (whether it has FQN). String head; String tail; int slash = sharedResourceKey.indexOf('/'); if (slash < 0) { head = sharedResourceKey; tail = ""; } else if (slash == 0) { head = ""; tail = sharedResourceKey; } else { head = sharedResourceKey.substring(0, slash); tail = sharedResourceKey.substring(slash); } // Check if head looks like FQN. if (head.indexOf('.') >= 0) { // Think it's FQN... buffer.append(ENCRYPTED_FQN_PREFIX); buffer.append(encrypt(head)); } else { // Non-FQN buffer.append(head); } // Write out the tail. buffer.append(tail); Map map = requestTarget.getRequestParameters().getParameters(); if (map != null && map.size() > 0) { buffer.append('?'); Iterator<Entry<String, String[]>> it = map.entrySet().iterator(); while (it.hasNext()) { Map.Entry<String, String[]> entry = it.next(); buffer.append(entry.getKey()); buffer.append('='); buffer.append(entry.getValue()); if (it.hasNext()) { buffer.append('&'); } } } return buffer; } } /** * Encrypts string. */ public static String encrypt(String str) { String encrypted = toEncryptedMap.get(str); if (encrypted != null) return encrypted; encrypted = encryptor.encrypt(str); toEncryptedMap.put(str, encrypted); toUnencryptedMap.put(encrypted, str); return encrypted; } /** * Decrypts string. */ public static String decrypt(String encrypted) { String str = toUnencryptedMap.get(encrypted); if (str != null) return str; str = encryptor.decrypt(encrypted); toEncryptedMap.put(str, encrypted); toUnencryptedMap.put(encrypted, str); return str; } } -- View this message in context: http://old.nabble.com/How-to-encrypt-obfuscate-resource-reference--tp27744679p27757761.html Sent from the Wicket - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org