You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Igor Vaynberg (JIRA)" <ji...@apache.org> on 2010/08/26 23:56:55 UTC

[jira] Resolved: (WICKET-2842) cookies are not base64 encoded by default

     [ https://issues.apache.org/jira/browse/WICKET-2842?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Igor Vaynberg resolved WICKET-2842.
-----------------------------------

      Assignee: Igor Vaynberg
    Resolution: Won't Fix

cannot fix it in 1.4 because it would change existing functionality and apps already deployed into prod would not be able to read their current cookies.

you can fix this yourself by overriding form#getvaluepersister() and wrapper the one returned from super by one that will encode/decode into base64

in 1.5 there is nothing to fix because the support for value persisters has been removed.

> cookies are not base64 encoded by default
> -----------------------------------------
>
>                 Key: WICKET-2842
>                 URL: https://issues.apache.org/jira/browse/WICKET-2842
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket
>    Affects Versions: 1.4.7
>         Environment: Betriebsystemname	Microsoft Windows Server 2008 R2 Standard
> Version	6.1.7600 Build 7600
>            Reporter: Jan Treffkorn
>            Assignee: Igor Vaynberg
>
> The rememberMe cookie value can contain spezail chars like german umlauts (öäü..).  Use the default SignInPanel and try a username with umlauts. All cookies should stored base64 encoded by default.
> Stacktrace:
> Unexpected RuntimeException
> WicketMessage: Method onFormSubmitted of interface org.apache.wicket.markup.html.form.IFormSubmitListener targeted at component [MarkupContainer [Component id = signInForm]] threw an exception
> Root cause:
> java.lang.IllegalArgumentException: Control character in cookie value, consider BASE64 encoding your value
> at org.apache.tomcat.util.http.ServerCookie.maybeQuote2(ServerCookie.java:396)
> at org.apache.tomcat.util.http.ServerCookie.maybeQuote2(ServerCookie.java:389)
> at org.apache.tomcat.util.http.ServerCookie.appendCookieValue(ServerCookie.java:293)
> at org.apache.catalina.connector.Response.addCookieInternal(Response.java:1010)
> at org.apache.catalina.connector.Response.addCookieInternal(Response.java:979)
> at org.apache.catalina.connector.Response.addCookie(Response.java:967)
> at org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:343)
> at org.apache.wicket.protocol.http.WebResponse.addCookie(WebResponse.java:87)
> at org.apache.wicket.markup.html.form.persistence.CookieValuePersister.save(CookieValuePersister.java:260)
> at org.apache.wicket.markup.html.form.persistence.CookieValuePersister.save(CookieValuePersister.java:131)
> at org.apache.wicket.markup.html.form.persistence.CookieValuePersister.save(CookieValuePersister.java:139)
> at org.apache.wicket.markup.html.form.Form$13.onFormComponent(Form.java:1445)
> at org.apache.wicket.markup.html.form.FormComponent$AbstractVisitor.formComponent(FormComponent.java:112)
> at org.apache.wicket.markup.html.form.FormComponent.visitFormComponentsPostOrderHelper(FormComponent.java:441)
> at org.apache.wicket.markup.html.form.FormComponent.visitFormComponentsPostOrderHelper(FormComponent.java:428)
> at org.apache.wicket.markup.html.form.FormComponent.visitFormComponentsPostOrder(FormComponent.java:400)
> at org.apache.wicket.markup.html.form.Form.visitFormComponentsPostOrder(Form.java:1209)
> at org.apache.wicket.markup.html.form.Form.persistFormComponentData(Form.java:1433)
> at org.apache.wicket.markup.html.form.Form.process(Form.java:1007)
> at org.apache.wicket.markup.html.form.StatelessForm.process(StatelessForm.java:63)
> at org.apache.wicket.markup.html.form.Form.process(Form.java:931)
> at org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form.java:896)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.wicket.RequestListenerInterface.invoke(RequestListenerInterface.java:182)
> at org.apache.wicket.request.target.component.BookmarkableListenerInterfaceRequestTarget.processEvents(BookmarkableListenerInterfaceRequestTarget.java:161)
> at org.apache.wicket.request.AbstractRequestCycleProcessor.processEvents(AbstractRequestCycleProcessor.java:92)
> at org.apache.wicket.RequestCycle.processEventsAndRespond(RequestCycle.java:1250)
> at org.apache.wicket.RequestCycle.step(RequestCycle.java:1329)
> at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1428)
> at org.apache.wicket.RequestCycle.request(RequestCycle.java:545)
> at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:479)
> at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:312)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at de.kbs.web.filter.SessionTimeoutFilter.doFilter(SessionTimeoutFilter.java:53)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113)
> at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> at java.lang.Thread.run(Thread.java:619)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.