You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by mg...@apache.org on 2015/03/30 21:05:27 UTC

[1/2] wicket git commit: WICKET-5855 RememberMe functionality seems to be broken after the change of the default crypt factory

Repository: wicket
Updated Branches:
  refs/heads/master a1d0df298 -> d606f2a5f


WICKET-5855 RememberMe functionality seems to be broken after the change of the default crypt factory


Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/d606f2a5
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/d606f2a5
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/d606f2a5

Branch: refs/heads/master
Commit: d606f2a5f981e2f20510b2b40c09f17fc81b6b77
Parents: c682e71
Author: Martin Tzvetanov Grigorov <mg...@apache.org>
Authored: Fri Mar 27 22:34:38 2015 +0200
Committer: Martin Tzvetanov Grigorov <mg...@apache.org>
Committed: Mon Mar 30 22:03:01 2015 +0300

----------------------------------------------------------------------
 .../strategy/DefaultAuthenticationStrategy.java | 26 ++++++++++++++------
 1 file changed, 18 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/wicket/blob/d606f2a5/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java b/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java
index d30e997..d51efbc 100644
--- a/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java
+++ b/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java
@@ -40,6 +40,9 @@ public class DefaultAuthenticationStrategy implements IAuthenticationStrategy
 	/** The cookie name to store the username and password */
 	protected final String cookieKey;
 
+	/** The key to use for encrypting/decrypting the cookie value  */
+	protected final String encryptionKey;
+
 	/** The separator used to concatenate the username and password */
 	protected final String VALUE_SEPARATOR = "-sep-";
 
@@ -49,7 +52,6 @@ public class DefaultAuthenticationStrategy implements IAuthenticationStrategy
 	/** Use to encrypt cookie values for username and password. */
 	private ICrypt crypt;
 
-
 	/**
 	 * Constructor
 	 * 
@@ -58,7 +60,22 @@ public class DefaultAuthenticationStrategy implements IAuthenticationStrategy
 	 */
 	public DefaultAuthenticationStrategy(final String cookieKey)
 	{
+		this(cookieKey, defaultEncryptionKey(cookieKey));
+	}
+
+	private static String defaultEncryptionKey(String cookieKey)
+	{
+		if (Application.exists())
+		{
+			return Application.get().getName();
+		}
+		return cookieKey;
+	}
+
+	public DefaultAuthenticationStrategy(final String cookieKey, final String encryptionKey)
+	{
 		this.cookieKey = Args.notEmpty(cookieKey, "cookieKey");
+		this.encryptionKey = Args.notEmpty(encryptionKey, "encryptionKey");
 	}
 
 	/**
@@ -84,13 +101,6 @@ public class DefaultAuthenticationStrategy implements IAuthenticationStrategy
 	{
 		if (crypt == null)
 		{
-			String encryptionKey;
-			if (Application.exists())
-			{
-				encryptionKey = Application.get().getName();
-			} else {
-				encryptionKey = "LoggedIn";
-			}
 			CachingSunJceCryptFactory cryptFactory = new CachingSunJceCryptFactory(encryptionKey);
 			crypt = cryptFactory.newCrypt();
 		}

[2/2] wicket git commit: WICKET-5855 RememberMe functionality seems to be broken after the change of the default crypt factory

Posted by mg...@apache.org.

WICKET-5855 RememberMe functionality seems to be broken after the change of the default crypt factory


Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/c682e712
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/c682e712
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/c682e712

Branch: refs/heads/master
Commit: c682e71225f10e1cbcf359f667406077a55d6019
Parents: a1d0df2
Author: Martin Tzvetanov Grigorov <mg...@apache.org>
Authored: Fri Mar 27 22:20:44 2015 +0200
Committer: Martin Tzvetanov Grigorov <mg...@apache.org>
Committed: Mon Mar 30 22:03:01 2015 +0300

----------------------------------------------------------------------
 .../strategy/DefaultAuthenticationStrategy.java | 26 +++++++++++---------
 1 file changed, 14 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/wicket/blob/c682e712/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java b/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java
index 59bb484..d30e997 100644
--- a/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java
+++ b/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java
@@ -18,7 +18,9 @@ package org.apache.wicket.authentication.strategy;
 
 import org.apache.wicket.Application;
 import org.apache.wicket.authentication.IAuthenticationStrategy;
+import org.apache.wicket.util.cookies.CookieDefaults;
 import org.apache.wicket.util.cookies.CookieUtils;
+import org.apache.wicket.util.crypt.CachingSunJceCryptFactory;
 import org.apache.wicket.util.crypt.ICrypt;
 import org.apache.wicket.util.lang.Args;
 import org.apache.wicket.util.string.Strings;
@@ -68,7 +70,9 @@ public class DefaultAuthenticationStrategy implements IAuthenticationStrategy
 	{
 		if (cookieUtils == null)
 		{
-			cookieUtils = new CookieUtils();
+			CookieDefaults settings = new CookieDefaults();
+			settings.setHttpOnly(true);
+			cookieUtils = new CookieUtils(settings);
 		}
 		return cookieUtils;
 	}
@@ -80,14 +84,19 @@ public class DefaultAuthenticationStrategy implements IAuthenticationStrategy
 	{
 		if (crypt == null)
 		{
-			crypt = Application.get().getSecuritySettings().getCryptFactory().newCrypt();
+			String encryptionKey;
+			if (Application.exists())
+			{
+				encryptionKey = Application.get().getName();
+			} else {
+				encryptionKey = "LoggedIn";
+			}
+			CachingSunJceCryptFactory cryptFactory = new CachingSunJceCryptFactory(encryptionKey);
+			crypt = cryptFactory.newCrypt();
 		}
 		return crypt;
 	}
 
-	/**
-	 * @see org.apache.wicket.authentication.IAuthenticationStrategy#load()
-	 */
 	@Override
 	public String[] load()
 	{
@@ -139,10 +148,6 @@ public class DefaultAuthenticationStrategy implements IAuthenticationStrategy
 		return null;
 	}
 
-	/**
-	 * @see org.apache.wicket.authentication.IAuthenticationStrategy#save(java.lang.String,
-	 *      java.lang.String...)
-	 */
 	@Override
 	public void save(final String credential, final String... extraCredentials)
 	{
@@ -171,9 +176,6 @@ public class DefaultAuthenticationStrategy implements IAuthenticationStrategy
 		return value.toString();
 	}
 
-	/**
-	 * @see org.apache.wicket.authentication.IAuthenticationStrategy#remove()
-	 */
 	@Override
 	public void remove()
 	{