You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by mg...@apache.org on 2014/11/11 14:59:46 UTC
wicket git commit: WICKET-5327 write warning to stderr for insecure
default crypt key
Repository: wicket
Updated Branches:
refs/heads/5756-improve-crypt f0554d06e -> b5307cc09
WICKET-5327 write warning to stderr for insecure default crypt key
(cherry picked from commit d7b13f72f418bb7f300bbc3ac14fdb6e094f20a6)
Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/b5307cc0
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/b5307cc0
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/b5307cc0
Branch: refs/heads/5756-improve-crypt
Commit: b5307cc09f8ee4238b8e3d3b1f54a729ee88c740
Parents: f0554d0
Author: svenmeier <sv...@meiers.net>
Authored: Thu Nov 28 20:25:40 2013 +0100
Committer: Martin Tzvetanov Grigorov <mg...@apache.org>
Committed: Tue Nov 11 15:59:32 2014 +0200
----------------------------------------------------------------------
.../wicket/settings/def/SecuritySettings.java | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/wicket/blob/b5307cc0/wicket-core/src/main/java/org/apache/wicket/settings/def/SecuritySettings.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/main/java/org/apache/wicket/settings/def/SecuritySettings.java b/wicket-core/src/main/java/org/apache/wicket/settings/def/SecuritySettings.java
index 5e4aa10..8f1a79c 100644
--- a/wicket-core/src/main/java/org/apache/wicket/settings/def/SecuritySettings.java
+++ b/wicket-core/src/main/java/org/apache/wicket/settings/def/SecuritySettings.java
@@ -81,12 +81,26 @@ public class SecuritySettings implements ISecuritySettings
return authorizationStrategy;
}
+ /**
+ * Note: Prints a warning to stderr if no factory was set and {@link #DEFAULT_ENCRYPTION_KEY} is
+ * used instead.
+ *
+ * @return crypt factory used to generate crypt objects
+ */
@Override
public synchronized ICryptFactory getCryptFactory()
{
if (cryptFactory == null)
{
- cryptFactory = new CachingSunJceCryptFactory(ISecuritySettings.DEFAULT_ENCRYPTION_KEY);
+ System.err
+ .print("********************************************************************\n"
+ + "*** WARNING: Wicket is using a DEFAULT_ENCRYPTION_KEY ***\n"
+ + "*** ^^^^^^^^^^^^^^^^^^^^^^ ***\n"
+ + "*** Do NOT deploy to your live server(s) without changing this. ***\n"
+ + "*** See SecuritySettings#setCryptFactory() for more information. ***\n"
+ + "********************************************************************\n");
+
+ cryptFactory = new CachingSunJceCryptFactory(DEFAULT_ENCRYPTION_KEY);
}
return cryptFactory;
}