You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by mg...@apache.org on 2015/03/30 21:05:27 UTC
[1/2] wicket git commit: WICKET-5855 RememberMe functionality seems
to be broken after the change of the default crypt factory
Repository: wicket
Updated Branches:
refs/heads/master a1d0df298 -> d606f2a5f
WICKET-5855 RememberMe functionality seems to be broken after the change of the default crypt factory
Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/d606f2a5
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/d606f2a5
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/d606f2a5
Branch: refs/heads/master
Commit: d606f2a5f981e2f20510b2b40c09f17fc81b6b77
Parents: c682e71
Author: Martin Tzvetanov Grigorov <mg...@apache.org>
Authored: Fri Mar 27 22:34:38 2015 +0200
Committer: Martin Tzvetanov Grigorov <mg...@apache.org>
Committed: Mon Mar 30 22:03:01 2015 +0300
----------------------------------------------------------------------
.../strategy/DefaultAuthenticationStrategy.java | 26 ++++++++++++++------
1 file changed, 18 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/wicket/blob/d606f2a5/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java b/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java
index d30e997..d51efbc 100644
--- a/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java
+++ b/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java
@@ -40,6 +40,9 @@ public class DefaultAuthenticationStrategy implements IAuthenticationStrategy
/** The cookie name to store the username and password */
protected final String cookieKey;
+ /** The key to use for encrypting/decrypting the cookie value */
+ protected final String encryptionKey;
+
/** The separator used to concatenate the username and password */
protected final String VALUE_SEPARATOR = "-sep-";
@@ -49,7 +52,6 @@ public class DefaultAuthenticationStrategy implements IAuthenticationStrategy
/** Use to encrypt cookie values for username and password. */
private ICrypt crypt;
-
/**
* Constructor
*
@@ -58,7 +60,22 @@ public class DefaultAuthenticationStrategy implements IAuthenticationStrategy
*/
public DefaultAuthenticationStrategy(final String cookieKey)
{
+ this(cookieKey, defaultEncryptionKey(cookieKey));
+ }
+
+ private static String defaultEncryptionKey(String cookieKey)
+ {
+ if (Application.exists())
+ {
+ return Application.get().getName();
+ }
+ return cookieKey;
+ }
+
+ public DefaultAuthenticationStrategy(final String cookieKey, final String encryptionKey)
+ {
this.cookieKey = Args.notEmpty(cookieKey, "cookieKey");
+ this.encryptionKey = Args.notEmpty(encryptionKey, "encryptionKey");
}
/**
@@ -84,13 +101,6 @@ public class DefaultAuthenticationStrategy implements IAuthenticationStrategy
{
if (crypt == null)
{
- String encryptionKey;
- if (Application.exists())
- {
- encryptionKey = Application.get().getName();
- } else {
- encryptionKey = "LoggedIn";
- }
CachingSunJceCryptFactory cryptFactory = new CachingSunJceCryptFactory(encryptionKey);
crypt = cryptFactory.newCrypt();
}
[2/2] wicket git commit: WICKET-5855 RememberMe functionality seems
to be broken after the change of the default crypt factory
Posted by mg...@apache.org.
WICKET-5855 RememberMe functionality seems to be broken after the change of the default crypt factory
Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/c682e712
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/c682e712
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/c682e712
Branch: refs/heads/master
Commit: c682e71225f10e1cbcf359f667406077a55d6019
Parents: a1d0df2
Author: Martin Tzvetanov Grigorov <mg...@apache.org>
Authored: Fri Mar 27 22:20:44 2015 +0200
Committer: Martin Tzvetanov Grigorov <mg...@apache.org>
Committed: Mon Mar 30 22:03:01 2015 +0300
----------------------------------------------------------------------
.../strategy/DefaultAuthenticationStrategy.java | 26 +++++++++++---------
1 file changed, 14 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/wicket/blob/c682e712/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java b/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java
index 59bb484..d30e997 100644
--- a/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java
+++ b/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java
@@ -18,7 +18,9 @@ package org.apache.wicket.authentication.strategy;
import org.apache.wicket.Application;
import org.apache.wicket.authentication.IAuthenticationStrategy;
+import org.apache.wicket.util.cookies.CookieDefaults;
import org.apache.wicket.util.cookies.CookieUtils;
+import org.apache.wicket.util.crypt.CachingSunJceCryptFactory;
import org.apache.wicket.util.crypt.ICrypt;
import org.apache.wicket.util.lang.Args;
import org.apache.wicket.util.string.Strings;
@@ -68,7 +70,9 @@ public class DefaultAuthenticationStrategy implements IAuthenticationStrategy
{
if (cookieUtils == null)
{
- cookieUtils = new CookieUtils();
+ CookieDefaults settings = new CookieDefaults();
+ settings.setHttpOnly(true);
+ cookieUtils = new CookieUtils(settings);
}
return cookieUtils;
}
@@ -80,14 +84,19 @@ public class DefaultAuthenticationStrategy implements IAuthenticationStrategy
{
if (crypt == null)
{
- crypt = Application.get().getSecuritySettings().getCryptFactory().newCrypt();
+ String encryptionKey;
+ if (Application.exists())
+ {
+ encryptionKey = Application.get().getName();
+ } else {
+ encryptionKey = "LoggedIn";
+ }
+ CachingSunJceCryptFactory cryptFactory = new CachingSunJceCryptFactory(encryptionKey);
+ crypt = cryptFactory.newCrypt();
}
return crypt;
}
- /**
- * @see org.apache.wicket.authentication.IAuthenticationStrategy#load()
- */
@Override
public String[] load()
{
@@ -139,10 +148,6 @@ public class DefaultAuthenticationStrategy implements IAuthenticationStrategy
return null;
}
- /**
- * @see org.apache.wicket.authentication.IAuthenticationStrategy#save(java.lang.String,
- * java.lang.String...)
- */
@Override
public void save(final String credential, final String... extraCredentials)
{
@@ -171,9 +176,6 @@ public class DefaultAuthenticationStrategy implements IAuthenticationStrategy
return value.toString();
}
- /**
- * @see org.apache.wicket.authentication.IAuthenticationStrategy#remove()
- */
@Override
public void remove()
{