Hello,
We're running in to a situation where we are using Spring Security in
conjunction with CryptoMapper, as a result of this, all of the Wicket resource
URLs ('/wicket/resource') are being encrypted and I have no consistent path to
use to prevent Spring from securing those endpoints.
This causes two issues:
1.
Once I successfully authenticate, my security context is re-fetched for
resource endpoints
2.
Mounted bookmarkable pages which don't require authentication (i.e. access
denied, internal error) cannot pull resources
Is there a recommended way to deal with this? The only solution we have at this
point is to configure a custom CryptoMapper will not encrypt requests which are
instances of ResourceReferenceRequestHandler or ResourceStreamRequestHandler.
Does this sound like a good approach or is there something we're missing? Any
information would be appreciated and thank you for your time.
Thank you,
Jonathan Babie
Notice: This communication, including any attachments, is intended solely for
the use of the individual or entity to which it is addressed. This
communication may contain information that is protected from disclosure under
State and/or Federal law. Please notify the sender immediately if you have
received this communication in error and delete this email from your system. If
you are not the intended recipient, you are requested not to disclose, copy,
distribute or take any action in reliance on the contents of this information.
