Hi, Another way is to extend CryptoMapper, override its #mapRequest(Url) method and do your logic there. This way you know that IllegalBlockSizeException or BadPaddingException is related to the page/resources' urls, and not to something else that uses the crypto classes.
Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Mon, Jul 24, 2017 at 12:38 PM, tomask79 <tomas.klou...@embedit.cz> wrote: > Hi guys, > > we use KeyInSessionSunJceCryptFactory to protected our app from CSRF, where > every user have it's own encryption key per session for URL crypting. > > Anyway,* I want to be able to detect when user uses URL from previous > session and to display some warning* or something like that. > > The only thing I can think of is to catch "IllegalBlockSizeException" in > org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe method and > rethrow > it as my ApplicationException and catch it in some RequestCycle listener... > > Is there a better way? > > Thanks in advance for your help > > regards > > Tomas > > -- > View this message in context: http://apache-wicket.1842946. > n4.nabble.com/When-using-KeyInSessionSunJceCryptFactory > -howto-detect-that-requested-URL-is-from-old-session-tp4678269.html > Sent from the Users forum mailing list archive at Nabble.com. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > >
