Using Jasypt for URL encryption not working (Wicket 1.5.7)

[Michael M <ge...@gmail.com>]

Hi, short question: I'm trying to use Jasypt to encrypt my non-mounted
URLs. However, it doesn't seem to work, I get exceptions.

After adding the dependency (jasypt-wicket15) I set up the Jasypt Crypt
Factory as in the example on their site: http://www.jasypt.org/wicket.html

(...)
getSecuritySettings().setCryptFactory(jasyptCryptFactory);


The 'Configuring URL encryption' section seems to be outdated though, as
far as I know this has to be done now by setting putting this in my
application init-method, instead of using the RequestCycleProcessor:

setRootRequestMapper(new CryptoMapper(getRootRequestMapper(), this));


If I use this line alone (without Jasypt) it works using the built-in
encryption. However with the Jasypt factory I get the rolling errors, and
my site doesn't work properly anymore:

CryptoMapper: Error decrypting URL
org.jasypt.exceptions.EncryptionOperationNotPossibleException: null

(See the full exception here: http://pastebin.com/5HgYD2hx)

Am I doing something wrong with the new *setRootRequestMapper*, or is
Jasypt just not working anymore with 1.5.7? Thanks!

Re: Using Jasypt for URL encryption not working (Wicket 1.5.7)

[Michael M <ge...@gmail.com>]

Hi,

I tried that, however I'm not familiar enough with the URL encryption
procedure to find the error. Also, the Jasypt exception is very general due
to security reasons. Here's a link to the FAQ:
http://www.jasypt.org/faq.html#i-keep-on-receiving-encryption-operation-not-possible

I've uploaded a quick start: http://d.pr/f/vZzv

On start you should already see the exceptions, and an error when clicking
on the link for the second page. I guess more people will run into this,
because Wicket documentation points to Jasypt for a more secure URL
encryption, and I followed their directions. Maybe someone is more capable
than me in finding the error. It might be a Jasypt problem after all
because of the newest 1.5.7 Wicket version, I don't know. But then maybe
Wicket shouldn't link to Jasypt for this anymore?

Thanks, if anyone finds the time to look into it. :)

2012/8/12 Martin Grigorov <mg...@apache.org>

> Hi,
>
> Put breakpoints in CryptoMapper's methods for encrypting and
> decrypting and see what's wrong.
>
> On Sat, Aug 11, 2012 at 11:41 AM, Michael M <ge...@gmail.com> wrote:
> > Hi, short question: I'm trying to use Jasypt to encrypt my non-mounted
> > URLs. However, it doesn't seem to work, I get exceptions.
> >
> > After adding the dependency (jasypt-wicket15) I set up the Jasypt Crypt
> > Factory as in the example on their site:
> http://www.jasypt.org/wicket.html
> >
> > (...)
> > getSecuritySettings().setCryptFactory(jasyptCryptFactory);
> >
> >
> > The 'Configuring URL encryption' section seems to be outdated though, as
> > far as I know this has to be done now by setting putting this in my
> > application init-method, instead of using the RequestCycleProcessor:
> >
> > setRootRequestMapper(new CryptoMapper(getRootRequestMapper(), this));
> >
> >
> > If I use this line alone (without Jasypt) it works using the built-in
> > encryption. However with the Jasypt factory I get the rolling errors, and
> > my site doesn't work properly anymore:
> >
> > CryptoMapper: Error decrypting URL
> > org.jasypt.exceptions.EncryptionOperationNotPossibleException: null
> >
> > (See the full exception here: http://pastebin.com/5HgYD2hx)
> >
> > Am I doing something wrong with the new *setRootRequestMapper*, or is
> > Jasypt just not working anymore with 1.5.7? Thanks!
>
>
>
> --
> Martin Grigorov
> jWeekend
> Training, Consulting, Development
> http://jWeekend.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>

Re: Using Jasypt for URL encryption not working (Wicket 1.5.7)

[Martin Grigorov <mg...@apache.org>]

Hi,

Put breakpoints in CryptoMapper's methods for encrypting and
decrypting and see what's wrong.

On Sat, Aug 11, 2012 at 11:41 AM, Michael M <ge...@gmail.com> wrote:
> Hi, short question: I'm trying to use Jasypt to encrypt my non-mounted
> URLs. However, it doesn't seem to work, I get exceptions.
>
> After adding the dependency (jasypt-wicket15) I set up the Jasypt Crypt
> Factory as in the example on their site: http://www.jasypt.org/wicket.html
>
> (...)
> getSecuritySettings().setCryptFactory(jasyptCryptFactory);
>
>
> The 'Configuring URL encryption' section seems to be outdated though, as
> far as I know this has to be done now by setting putting this in my
> application init-method, instead of using the RequestCycleProcessor:
>
> setRootRequestMapper(new CryptoMapper(getRootRequestMapper(), this));
>
>
> If I use this line alone (without Jasypt) it works using the built-in
> encryption. However with the Jasypt factory I get the rolling errors, and
> my site doesn't work properly anymore:
>
> CryptoMapper: Error decrypting URL
> org.jasypt.exceptions.EncryptionOperationNotPossibleException: null
>
> (See the full exception here: http://pastebin.com/5HgYD2hx)
>
> Am I doing something wrong with the new *setRootRequestMapper*, or is
> Jasypt just not working anymore with 1.5.7? Thanks!



-- 
Martin Grigorov
jWeekend
Training, Consulting, Development
http://jWeekend.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org