Hi guys, in order to protect our portal before CSRF attacks we were using KeyInSessionSunJceCryptFactory as following:
Application class: . . Where PostUrlCryptMapper was just simple filter class ensuring that just POST URLs will be encrypted: This was working perfectly in Wicket 1.5! But now we're migrating to Wicket 6.0 and this stopped working and I don't see any note in migration guide about this. I was debugging it and ListenerInterfaceRequestHandler doesn't even come into CryptoMapper which is why POST action URL still remains uncrypted.... I even tried the following code in Application class: Guys, the only URLs which wicket 6.0 is able to encrypt natively are the Resource URLs, which is pointless in my case.... Yes, I can tweak POST URL's in onUrlMapped in RequestCycle Listener for example, but I would rather prefer to stick with my previous solution.... Guys please, what is the prefered way of crypting URLs in Wicket 6.0???? In order to prevent CSFR attacks... thanks in advance Tomas -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/KeyInSessionSunJceCryptFactory-doesn-t-work-in-Wicket-6-0-tp4668070.html Sent from the Users forum mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
