Hi, It has been fixed with https://issues.apache.org/jira/browse/WICKET-5326. Will be released with 6.18.0.
Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Fri, Oct 24, 2014 at 2:37 PM, tomask79 <[email protected]> wrote: > Hi guys, > > in order to protect our portal before CSRF attacks we were using > KeyInSessionSunJceCryptFactory as following: > > Application class: > . > . > > > Where PostUrlCryptMapper was just simple filter class ensuring that just > POST URLs will be encrypted: > > > > This was working perfectly in Wicket 1.5! > > But now we're migrating to Wicket 6.0 and this stopped working and I don't > see any note in migration guide about this. > > I was debugging it and ListenerInterfaceRequestHandler doesn't even > come into CryptoMapper which is why POST action URL still remains > uncrypted.... > > I even tried the following code in Application class: > > > Guys, the only URLs which wicket 6.0 is able to encrypt natively are the > Resource URLs, which is pointless in my case.... > > Yes, I can tweak POST URL's in onUrlMapped in RequestCycle Listener for > example, but I would rather prefer to stick with my previous solution.... > > Guys please, what is the prefered way of crypting URLs in Wicket 6.0???? In > order to prevent CSFR attacks... > > thanks in advance > > Tomas > > > > -- > View this message in context: > http://apache-wicket.1842946.n4.nabble.com/KeyInSessionSunJceCryptFactory-doesn-t-work-in-Wicket-6-0-tp4668070.html > Sent from the Users forum mailing list archive at Nabble.com. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
