You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Andrew Berman <at...@gmail.com> on 2008/11/17 05:21:10 UTC
Problem with Crypted URL
I upgraded from 1.3.4 to 1.3.5 and now I am seeing this error all over the
place in my log files..
[ERROR] 21:44:24 CryptedUrlWebRequestCodingStrategy - Invalid URL:
foo/?x=kSQEmQImbZiH47lvkBIVh0gnXDVDx7-UQqHufLUVx5IVu10xEJYI8UXQ2B0gQCTDdAzJ7rUByXI
org.apache.wicket.WicketRuntimeException: Unable to decrypt the text
'�$^D�^B&m���o�^R^U�H'\5Cǿ�B��|�^Uǒ^U�]1^P�^H�E��^] @$�t^L��^A�r'
at
org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145)
at
org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67)
at
org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:250)
at
org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:98)
at org.apache.wicket.Request.getRequestParameters(Request.java:171)
at org.apache.wicket.RequestCycle.step(RequestCycle.java:1233)
at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1353)
at org.apache.wicket.RequestCycle.request(RequestCycle.java:493)
at
org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:355)
at
org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:124)
Anyone have any ideas what in the world is causing the jibberish? I am
using JDK 6 and Wicket 1.3.5.
Thanks,
Andrew
Re: Problem with Crypted URL
Posted by Johan Compagner <jc...@gmail.com>.
Both branches have now the latest code, i guess both have to be released first
On 28/11/2008, francisco treacy <fr...@gmail.com> wrote:
> yup, i suppose this happens when sessions expire. we've been having an
> increasing number of visitors and logs are really hard to read when
> you try to find an (important) exception.
>
> so i guess i'm still up for the fix :)
>
> francisco
>
> On Fri, Nov 28, 2008 at 6:35 PM, Marcus Mattila
> <ma...@gmail.com> wrote:
>> We are also getting this when sessions expire. No big deal but would
>> still like a fix. Will it be fixed in the 1.3.x branch also? Pls make
>> it :)
>>
>> br,
>> Marcus
>>
>>
>> On Mon, Nov 24, 2008 at 7:30 PM, francisco treacy
>> <fr...@gmail.com> wrote:
>>> johan, i'm not sure i understand correctly.
>>>
>>> you mean that it should have been in 1.4-rc1 but it is not? so i
>>> could expect this to be fixed in 1.4-rc2 or 1.4 final?
>>>
>>> francisco
>>>
>>> On Mon, Nov 24, 2008 at 5:22 PM, Johan Compagner <jc...@gmail.com>
>>> wrote:
>>>> hmm weird, wasnt merged yet with 4.1
>>>> thought i did that with the big merge.
>>>>
>>>> On Mon, Nov 24, 2008 at 10:57 AM, francisco treacy <
>>>> francisco.treacy@gmail.com> wrote:
>>>>
>>>>> i updated to rc1 i'm still getting stacktraces in logs with
>>>>> CryptedUrlWebRequestCodingStrategy
>>>>>
>>>>>
>>>>> ERROR 2008-11-23 13:52:17,964 [http-8080-Processor25] Invalid URL:
>>>>> ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA
>>>>> org.apache.wicket.WicketRuntimeException: Unable to decrypt the text
>>>>> '??G?????K???^D?O???^G^W!^E??I?^C$'Dc5^N8^P????^L'
>>>>> at
>>>>> org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145)
>>>>> at
>>>>> org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67)
>>>>> at
>>>>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:256)
>>>>> at
>>>>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99)
>>>>> at
>>>>> org.apache.wicket.Request.getRequestParameters(Request.java:172)
>>>>> at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246)
>>>>> at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366)
>>>>> at org.apache.wicket.RequestCycle.request(RequestCycle.java:498)
>>>>> at
>>>>> org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444)
>>>>> at
>>>>> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
>>>>> at
>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
>>>>> at
>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>>>>> at
>>>>> org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:111)
>>>>> at
>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)
>>>>> at
>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
>>>>> at
>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>>>>> at
>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
>>>>> at
>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
>>>>> at
>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>>>>> at
>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
>>>>> at
>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
>>>>> at
>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
>>>>> at
>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874)
>>>>> at
>>>>> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
>>>>> at
>>>>> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
>>>>> at
>>>>> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
>>>>> at
>>>>> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
>>>>> at java.lang.Thread.run(Thread.java:619)
>>>>> Caused by: javax.crypto.BadPaddingException: Given final block not
>>>>> properly padded
>>>>> at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
>>>>> at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
>>>>> at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..)
>>>>> at
>>>>> com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13*..)
>>>>> at javax.crypto.Cipher.doFinal(DashoA13*..)
>>>>> at
>>>>> org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:101)
>>>>> at
>>>>> org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:141)
>>>>> ... 27 more
>>>>> ERROR 2008-11-23 13:52:17,966 [http-8080-Processor25] Invalid URL
>>>>> Invalid URL
>>>>> at
>>>>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:279)
>>>>> at
>>>>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:286)
>>>>> at
>>>>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:265)
>>>>> at
>>>>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99)
>>>>> at
>>>>> org.apache.wicket.Request.getRequestParameters(Request.java:172)
>>>>> at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246)
>>>>> at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366)
>>>>> at org.apache.wicket.RequestCycle.request(RequestCycle.java:498)
>>>>> at
>>>>> org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444)
>>>>> at
>>>>> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
>>>>> at
>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
>>>>>
>>>>>
>>>>> could it be a bug?
>>>>>
>>>>> ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA doesn't
>>>>> seem to be modified be someone else than wicket. wdyt?
>>>>>
>>>>> thanks
>>>>>
>>>>> francisco
>>>>>
>>>>>
>>>>>
>>>>> On Mon, Nov 17, 2008 at 4:59 PM, Johan Compagner <jc...@gmail.com>
>>>>> wrote:
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >> > I already changed the handling of that in trunk so that now a page
>>>>> >> expired
>>>>> >> > is thrown when that happens.
>>>>> >>
>>>>> >> johan when did you exactly change that? does it also impact my
>>>>> >> issue?
>>>>> >
>>>>> >
>>>>> > dont know exactly but it is in M1 and the current trunk of 1.3
>>>>> >
>>>>> >
>>>>> > You dont have it yet if you are on august code
>>>>> >
>>>>> > it doesnt really affect, because if you dont use crypted you would
>>>>> > get a
>>>>> > page expired because if an encrypted
>>>>> > url cant be decrypted because of a new session then the page cant be
>>>>> found
>>>>> > either when it was not encrypted
>>>>> >
>>>>> > Except maybe the stateless forms.. i think we need to look at that a
>>>>> > bit
>>>>> >
>>>>> >
>>>>> > johan
>>>>> >
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>
>>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Problem with Crypted URL
Posted by shumbola <sh...@yahoo.com>.
Following "fix" works for me until there will be new release:
In MyApplication:
protected IRequestCycleProcessor newRequestCycleProcessor() {
return new WebRequestCycleProcessor() {
protected IRequestCodingStrategy newRequestCodingStrategy() {
return new MyCryptedUrlWebRequestCodingStrategy(new
WebRequestCodingStrategy());
}
};
}
In MyCryptedUrlWebRequestCodingStrategy:
protected String onError(final Exception ex, String url)
{
//log.error("Invalid URL: " + url, ex);
return onError(ex);
}
protected String onError(final Exception ex)
{
throw new PageExpiredException("Invalid URL");
}
francisco treacy-2 wrote:
>
> yup, i suppose this happens when sessions expire. we've been having an
> increasing number of visitors and logs are really hard to read when
> you try to find an (important) exception.
>
> so i guess i'm still up for the fix :)
>
> francisco
>
> On Fri, Nov 28, 2008 at 6:35 PM, Marcus Mattila
> <ma...@gmail.com> wrote:
>> We are also getting this when sessions expire. No big deal but would
>> still like a fix. Will it be fixed in the 1.3.x branch also? Pls make
>> it :)
>>
>> br,
>> Marcus
>>
>>
>> On Mon, Nov 24, 2008 at 7:30 PM, francisco treacy
>> <fr...@gmail.com> wrote:
>>> johan, i'm not sure i understand correctly.
>>>
>>> you mean that it should have been in 1.4-rc1 but it is not? so i
>>> could expect this to be fixed in 1.4-rc2 or 1.4 final?
>>>
>>> francisco
>>>
>>> On Mon, Nov 24, 2008 at 5:22 PM, Johan Compagner <jc...@gmail.com>
>>> wrote:
>>>> hmm weird, wasnt merged yet with 4.1
>>>> thought i did that with the big merge.
>>>>
>>>> On Mon, Nov 24, 2008 at 10:57 AM, francisco treacy <
>>>> francisco.treacy@gmail.com> wrote:
>>>>
>>>>> i updated to rc1 i'm still getting stacktraces in logs with
>>>>> CryptedUrlWebRequestCodingStrategy
>>>>>
>>>>>
>>>>> ERROR 2008-11-23 13:52:17,964 [http-8080-Processor25] Invalid URL:
>>>>> ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA
>>>>> org.apache.wicket.WicketRuntimeException: Unable to decrypt the text
>>>>> '??G?????K???^D?O???^G^W!^E??I?^C$'Dc5^N8^P????^L'
>>>>> at
>>>>> org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145)
>>>>> at
>>>>> org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67)
>>>>> at
>>>>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:256)
>>>>> at
>>>>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99)
>>>>> at
>>>>> org.apache.wicket.Request.getRequestParameters(Request.java:172)
>>>>> at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246)
>>>>> at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366)
>>>>> at
>>>>> org.apache.wicket.RequestCycle.request(RequestCycle.java:498)
>>>>> at
>>>>> org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444)
>>>>> at
>>>>> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
>>>>> at
>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
>>>>> at
>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>>>>> at
>>>>> org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:111)
>>>>> at
>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)
>>>>> at
>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
>>>>> at
>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>>>>> at
>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
>>>>> at
>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
>>>>> at
>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>>>>> at
>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
>>>>> at
>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
>>>>> at
>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
>>>>> at
>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874)
>>>>> at
>>>>> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
>>>>> at
>>>>> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
>>>>> at
>>>>> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
>>>>> at
>>>>> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
>>>>> at java.lang.Thread.run(Thread.java:619)
>>>>> Caused by: javax.crypto.BadPaddingException: Given final block not
>>>>> properly padded
>>>>> at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
>>>>> at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
>>>>> at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..)
>>>>> at
>>>>> com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13*..)
>>>>> at javax.crypto.Cipher.doFinal(DashoA13*..)
>>>>> at
>>>>> org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:101)
>>>>> at
>>>>> org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:141)
>>>>> ... 27 more
>>>>> ERROR 2008-11-23 13:52:17,966 [http-8080-Processor25] Invalid URL
>>>>> Invalid URL
>>>>> at
>>>>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:279)
>>>>> at
>>>>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:286)
>>>>> at
>>>>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:265)
>>>>> at
>>>>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99)
>>>>> at
>>>>> org.apache.wicket.Request.getRequestParameters(Request.java:172)
>>>>> at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246)
>>>>> at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366)
>>>>> at
>>>>> org.apache.wicket.RequestCycle.request(RequestCycle.java:498)
>>>>> at
>>>>> org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444)
>>>>> at
>>>>> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
>>>>> at
>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
>>>>>
>>>>>
>>>>> could it be a bug?
>>>>>
>>>>> ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA doesn't
>>>>> seem to be modified be someone else than wicket. wdyt?
>>>>>
>>>>> thanks
>>>>>
>>>>> francisco
>>>>>
>>>>>
>>>>>
>>>>> On Mon, Nov 17, 2008 at 4:59 PM, Johan Compagner
>>>>> <jc...@gmail.com>
>>>>> wrote:
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >> > I already changed the handling of that in trunk so that now a
>>>>> page
>>>>> >> expired
>>>>> >> > is thrown when that happens.
>>>>> >>
>>>>> >> johan when did you exactly change that? does it also impact my
>>>>> issue?
>>>>> >
>>>>> >
>>>>> > dont know exactly but it is in M1 and the current trunk of 1.3
>>>>> >
>>>>> >
>>>>> > You dont have it yet if you are on august code
>>>>> >
>>>>> > it doesnt really affect, because if you dont use crypted you would
>>>>> get a
>>>>> > page expired because if an encrypted
>>>>> > url cant be decrypted because of a new session then the page cant be
>>>>> found
>>>>> > either when it was not encrypted
>>>>> >
>>>>> > Except maybe the stateless forms.. i think we need to look at that a
>>>>> bit
>>>>> >
>>>>> >
>>>>> > johan
>>>>> >
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>
>>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Problem-with-Crypted-URL-tp20533640p20747634.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Problem with Crypted URL
Posted by kugaprakash <kv...@infoblox.com>.
Actually I should say, that it is not force re-directing even on using the
recommended approach. It still stays in the same current page.
Am I doing something wrong here? I tried to remove the finally block
{Session.get().invalidate(); } and moved that code to detach(), still no
success.
Please let me know if there is some thing wrong being done here.
Thanks in Advance.
Kuga
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp1875435p2243721.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Problem with Crypted URL
Posted by kugaprakash <kv...@infoblox.com>.
Thanks for the response, I am trying to implement your recommended solution,
however, It goes into the respond method and I did the following
public void respond(RequestCycle requestCycle) {
PageParameters param = new PageParameters();
param.add("error", errorMessage); //$NON-NLS-1$
try {
((WebResponse)requestCycle.getResponse()).getHttpServletResponse().
sendRedirect(requestCycle.urlFor(pageClass, param).toString());
Session.get().invalidate();
} catch (IOException e) {
log.error("Error while redirecting to global error page", e);
//$NON-NLS-1$
}
}
Please let me know if the above is correct.
However, I am seeing the following issue:
1. When the session expires, the session expiry page appears, and when click
on Browser back button, it takes me to previous page, but doesnt complete
rendering, as there are decode exceptions, but this time it does not render
the SessionExpiry page.
2. We also have a Global error page, when the application gets an RunTime
exception, we report it to global error page, I tried to use the same
concept there, but for this case, it does not redirect to the Global error
page, rather, just stays in the current page, as though it has consumed the
click.
Please let me know if you have any thoughts.
Thanks in advance
Kuga
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp1875435p2242335.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Problem with Crypted URL
Posted by Igor Vaynberg <ig...@gmail.com>.
RestartResponseException will render the page. since you invalidate
the session *after* rendering the page (session is invalidated at the
end of the request) that means any stateful urls constructed while
rendering the page will no longer be accessible
what you want to do is someting like this instead of restartresponseexception:
requestcycle.get().setrequesttarget(new irequesttarget() { respond(rc)
{ rc.sendredirect(rc.urlfor(sessionexpirtypage.class)); }
this will force a redirect before rendering the page
-igor
On Wed, Jun 2, 2010 at 2:58 PM, kugaprakash <kv...@infoblox.com> wrote:
>
> Hi,
>
> Thanks much and appreciate your response.
>
> Yes, like I mentioned in the code snippet above, in the
> WebRequestCycleRequestProcesser.respond(), I override this method and
> handle the page expiration exception in the following way:
>
> if(e instanceof PageExpiredException || e instanceof
> HackAttackException){
>
> Session.get().invalidate();
>
> throw new
> RestartResponseException(SessionExpiryPage.class);
>
> }
>
>
>
> Which I believe will result in a bookmarkable page request target.
>
>
>
> Do you mean to say that I should not invalidate the session at above
> line, rather invalidate it in the SessionExpiryPage.onAfterRender()
>
>
>
> If the above is not what it is, can you please let me know with a little
> code sample?
>
> Thanks
>
> Kuga
>
> ________________________________
>
> From: Igor Vaynberg-2 [via Apache Wicket]
> [mailto:ml-node+2240861-1232253215-230809@n4.nabble.com]
> Sent: Wednesday, June 02, 2010 2:30 PM
> To: Kugaprakash Visagamani
> Subject: Re: Problem with Crypted URL
>
>
>
> maybe because you are invalidating the session, which happens after
> the page is rendered. i would instead invalidate the session and
> reditect to a bookmarkable url that points to the sessionexpiry page
>
> -igor
>
> On Wed, Jun 2, 2010 at 12:03 PM, kugaprakash <[hidden email]> wrote:
>
>
>>
>> Can anybody help me with this question?
>> --
>> View this message in context:
> http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp18
> 75435p2240647.html
>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
>
>
> ________________________________
>
> View message @
> http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp18
> 75435p2240861.html
> To unsubscribe from Re: Problem with Crypted URL, click here
> <http://apache-wicket.1842946.n4.nabble.com/subscriptions/Unsubscribe.jt
> p?code=a3Zpc2FnYW1hbmlAaW5mb2Jsb3guY29tfDIyNDA2NDd8NTcwMDE4MzI5> .
>
>
>
>
> --
> View this message in context: http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp1875435p2240905.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
RE: Problem with Crypted URL
Posted by kugaprakash <kv...@infoblox.com>.
Hi,
Thanks much and appreciate your response.
Yes, like I mentioned in the code snippet above, in the
WebRequestCycleRequestProcesser.respond(), I override this method and
handle the page expiration exception in the following way:
if(e instanceof PageExpiredException || e instanceof
HackAttackException){
Session.get().invalidate();
throw new
RestartResponseException(SessionExpiryPage.class);
}
Which I believe will result in a bookmarkable page request target.
Do you mean to say that I should not invalidate the session at above
line, rather invalidate it in the SessionExpiryPage.onAfterRender()
If the above is not what it is, can you please let me know with a little
code sample?
Thanks
Kuga
________________________________
From: Igor Vaynberg-2 [via Apache Wicket]
[mailto:ml-node+2240861-1232253215-230809@n4.nabble.com]
Sent: Wednesday, June 02, 2010 2:30 PM
To: Kugaprakash Visagamani
Subject: Re: Problem with Crypted URL
maybe because you are invalidating the session, which happens after
the page is rendered. i would instead invalidate the session and
reditect to a bookmarkable url that points to the sessionexpiry page
-igor
On Wed, Jun 2, 2010 at 12:03 PM, kugaprakash <[hidden email]> wrote:
>
> Can anybody help me with this question?
> --
> View this message in context:
http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp18
75435p2240647.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]
________________________________
View message @
http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp18
75435p2240861.html
To unsubscribe from Re: Problem with Crypted URL, click here
<http://apache-wicket.1842946.n4.nabble.com/subscriptions/Unsubscribe.jt
p?code=a3Zpc2FnYW1hbmlAaW5mb2Jsb3guY29tfDIyNDA2NDd8NTcwMDE4MzI5> .
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp1875435p2240905.html
Sent from the Wicket - User mailing list archive at Nabble.com.
Re: Problem with Crypted URL
Posted by Igor Vaynberg <ig...@gmail.com>.
maybe because you are invalidating the session, which happens after
the page is rendered. i would instead invalidate the session and
reditect to a bookmarkable url that points to the sessionexpiry page
-igor
On Wed, Jun 2, 2010 at 12:03 PM, kugaprakash <kv...@infoblox.com> wrote:
>
> Can anybody help me with this question?
> --
> View this message in context: http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp1875435p2240647.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Problem with Crypted URL
Posted by kugaprakash <kv...@infoblox.com>.
Can anybody help me with this question?
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp1875435p2240647.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Problem with Crypted URL
Posted by kugaprakash <kv...@infoblox.com>.
We are using Wicket 1.3.5 (Unable to upgrade to latest Wicket release, due to
a CSRF fix needed for a previous release build) and I am doing the
following:
protected IRequestCodingStrategy newRequestCodingStrategy(){
return new CryptedUrlWebRequestCodingStrategy(new
WebRequestCodingStrategy()){
@Override
protected String onError(final Exception ex)
{
throw new WicketRuntimeException("Session Expired", new
PageExpiredException("Session Expired"));
}
}
Still does not work,
In our WebRequestCycleProcessor, we override the respond method and do the
following:
if(e instanceof PageExpiredException || e instanceof HackAttackException){
Session.get().invalidate();
throw new RestartResponseException(new SessionExpiryPage());
}
In SessionExpiryPage.html - we have CSS & Logo resources, which is not
getting rendered.
If you happened to resolve this, please let me know.
Any help is much appreciated
Thanks in advance.
Kuga
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Problem-with-Crypted-URL-tp1875435p2232645.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Problem with Crypted URL
Posted by francisco treacy <fr...@gmail.com>.
yup, i suppose this happens when sessions expire. we've been having an
increasing number of visitors and logs are really hard to read when
you try to find an (important) exception.
so i guess i'm still up for the fix :)
francisco
On Fri, Nov 28, 2008 at 6:35 PM, Marcus Mattila
<ma...@gmail.com> wrote:
> We are also getting this when sessions expire. No big deal but would
> still like a fix. Will it be fixed in the 1.3.x branch also? Pls make
> it :)
>
> br,
> Marcus
>
>
> On Mon, Nov 24, 2008 at 7:30 PM, francisco treacy
> <fr...@gmail.com> wrote:
>> johan, i'm not sure i understand correctly.
>>
>> you mean that it should have been in 1.4-rc1 but it is not? so i
>> could expect this to be fixed in 1.4-rc2 or 1.4 final?
>>
>> francisco
>>
>> On Mon, Nov 24, 2008 at 5:22 PM, Johan Compagner <jc...@gmail.com> wrote:
>>> hmm weird, wasnt merged yet with 4.1
>>> thought i did that with the big merge.
>>>
>>> On Mon, Nov 24, 2008 at 10:57 AM, francisco treacy <
>>> francisco.treacy@gmail.com> wrote:
>>>
>>>> i updated to rc1 i'm still getting stacktraces in logs with
>>>> CryptedUrlWebRequestCodingStrategy
>>>>
>>>>
>>>> ERROR 2008-11-23 13:52:17,964 [http-8080-Processor25] Invalid URL:
>>>> ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA
>>>> org.apache.wicket.WicketRuntimeException: Unable to decrypt the text
>>>> '??G?????K???^D?O???^G^W!^E??I?^C$'Dc5^N8^P????^L'
>>>> at
>>>> org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145)
>>>> at
>>>> org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67)
>>>> at
>>>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:256)
>>>> at
>>>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99)
>>>> at org.apache.wicket.Request.getRequestParameters(Request.java:172)
>>>> at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246)
>>>> at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366)
>>>> at org.apache.wicket.RequestCycle.request(RequestCycle.java:498)
>>>> at
>>>> org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444)
>>>> at
>>>> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
>>>> at
>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
>>>> at
>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>>>> at
>>>> org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:111)
>>>> at
>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)
>>>> at
>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
>>>> at
>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>>>> at
>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
>>>> at
>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
>>>> at
>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>>>> at
>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
>>>> at
>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
>>>> at
>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
>>>> at
>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874)
>>>> at
>>>> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
>>>> at
>>>> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
>>>> at
>>>> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
>>>> at
>>>> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
>>>> at java.lang.Thread.run(Thread.java:619)
>>>> Caused by: javax.crypto.BadPaddingException: Given final block not
>>>> properly padded
>>>> at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
>>>> at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
>>>> at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..)
>>>> at
>>>> com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13*..)
>>>> at javax.crypto.Cipher.doFinal(DashoA13*..)
>>>> at
>>>> org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:101)
>>>> at
>>>> org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:141)
>>>> ... 27 more
>>>> ERROR 2008-11-23 13:52:17,966 [http-8080-Processor25] Invalid URL
>>>> Invalid URL
>>>> at
>>>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:279)
>>>> at
>>>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:286)
>>>> at
>>>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:265)
>>>> at
>>>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99)
>>>> at org.apache.wicket.Request.getRequestParameters(Request.java:172)
>>>> at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246)
>>>> at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366)
>>>> at org.apache.wicket.RequestCycle.request(RequestCycle.java:498)
>>>> at
>>>> org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444)
>>>> at
>>>> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
>>>> at
>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
>>>>
>>>>
>>>> could it be a bug?
>>>>
>>>> ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA doesn't
>>>> seem to be modified be someone else than wicket. wdyt?
>>>>
>>>> thanks
>>>>
>>>> francisco
>>>>
>>>>
>>>>
>>>> On Mon, Nov 17, 2008 at 4:59 PM, Johan Compagner <jc...@gmail.com>
>>>> wrote:
>>>> >>
>>>> >>
>>>> >>
>>>> >> > I already changed the handling of that in trunk so that now a page
>>>> >> expired
>>>> >> > is thrown when that happens.
>>>> >>
>>>> >> johan when did you exactly change that? does it also impact my issue?
>>>> >
>>>> >
>>>> > dont know exactly but it is in M1 and the current trunk of 1.3
>>>> >
>>>> >
>>>> > You dont have it yet if you are on august code
>>>> >
>>>> > it doesnt really affect, because if you dont use crypted you would get a
>>>> > page expired because if an encrypted
>>>> > url cant be decrypted because of a new session then the page cant be
>>>> found
>>>> > either when it was not encrypted
>>>> >
>>>> > Except maybe the stateless forms.. i think we need to look at that a bit
>>>> >
>>>> >
>>>> > johan
>>>> >
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>
>>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Problem with Crypted URL
Posted by Marcus Mattila <ma...@gmail.com>.
We are also getting this when sessions expire. No big deal but would
still like a fix. Will it be fixed in the 1.3.x branch also? Pls make
it :)
br,
Marcus
On Mon, Nov 24, 2008 at 7:30 PM, francisco treacy
<fr...@gmail.com> wrote:
> johan, i'm not sure i understand correctly.
>
> you mean that it should have been in 1.4-rc1 but it is not? so i
> could expect this to be fixed in 1.4-rc2 or 1.4 final?
>
> francisco
>
> On Mon, Nov 24, 2008 at 5:22 PM, Johan Compagner <jc...@gmail.com> wrote:
>> hmm weird, wasnt merged yet with 4.1
>> thought i did that with the big merge.
>>
>> On Mon, Nov 24, 2008 at 10:57 AM, francisco treacy <
>> francisco.treacy@gmail.com> wrote:
>>
>>> i updated to rc1 i'm still getting stacktraces in logs with
>>> CryptedUrlWebRequestCodingStrategy
>>>
>>>
>>> ERROR 2008-11-23 13:52:17,964 [http-8080-Processor25] Invalid URL:
>>> ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA
>>> org.apache.wicket.WicketRuntimeException: Unable to decrypt the text
>>> '??G?????K???^D?O???^G^W!^E??I?^C$'Dc5^N8^P????^L'
>>> at
>>> org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145)
>>> at
>>> org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67)
>>> at
>>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:256)
>>> at
>>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99)
>>> at org.apache.wicket.Request.getRequestParameters(Request.java:172)
>>> at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246)
>>> at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366)
>>> at org.apache.wicket.RequestCycle.request(RequestCycle.java:498)
>>> at
>>> org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444)
>>> at
>>> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>>> at
>>> org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:111)
>>> at
>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>>> at
>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
>>> at
>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
>>> at
>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>>> at
>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
>>> at
>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
>>> at
>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
>>> at
>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874)
>>> at
>>> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
>>> at
>>> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
>>> at
>>> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
>>> at
>>> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
>>> at java.lang.Thread.run(Thread.java:619)
>>> Caused by: javax.crypto.BadPaddingException: Given final block not
>>> properly padded
>>> at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
>>> at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
>>> at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..)
>>> at
>>> com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13*..)
>>> at javax.crypto.Cipher.doFinal(DashoA13*..)
>>> at
>>> org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:101)
>>> at
>>> org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:141)
>>> ... 27 more
>>> ERROR 2008-11-23 13:52:17,966 [http-8080-Processor25] Invalid URL
>>> Invalid URL
>>> at
>>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:279)
>>> at
>>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:286)
>>> at
>>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:265)
>>> at
>>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99)
>>> at org.apache.wicket.Request.getRequestParameters(Request.java:172)
>>> at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246)
>>> at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366)
>>> at org.apache.wicket.RequestCycle.request(RequestCycle.java:498)
>>> at
>>> org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444)
>>> at
>>> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
>>>
>>>
>>> could it be a bug?
>>>
>>> ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA doesn't
>>> seem to be modified be someone else than wicket. wdyt?
>>>
>>> thanks
>>>
>>> francisco
>>>
>>>
>>>
>>> On Mon, Nov 17, 2008 at 4:59 PM, Johan Compagner <jc...@gmail.com>
>>> wrote:
>>> >>
>>> >>
>>> >>
>>> >> > I already changed the handling of that in trunk so that now a page
>>> >> expired
>>> >> > is thrown when that happens.
>>> >>
>>> >> johan when did you exactly change that? does it also impact my issue?
>>> >
>>> >
>>> > dont know exactly but it is in M1 and the current trunk of 1.3
>>> >
>>> >
>>> > You dont have it yet if you are on august code
>>> >
>>> > it doesnt really affect, because if you dont use crypted you would get a
>>> > page expired because if an encrypted
>>> > url cant be decrypted because of a new session then the page cant be
>>> found
>>> > either when it was not encrypted
>>> >
>>> > Except maybe the stateless forms.. i think we need to look at that a bit
>>> >
>>> >
>>> > johan
>>> >
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Problem with Crypted URL
Posted by francisco treacy <fr...@gmail.com>.
johan, i'm not sure i understand correctly.
you mean that it should have been in 1.4-rc1 but it is not? so i
could expect this to be fixed in 1.4-rc2 or 1.4 final?
francisco
On Mon, Nov 24, 2008 at 5:22 PM, Johan Compagner <jc...@gmail.com> wrote:
> hmm weird, wasnt merged yet with 4.1
> thought i did that with the big merge.
>
> On Mon, Nov 24, 2008 at 10:57 AM, francisco treacy <
> francisco.treacy@gmail.com> wrote:
>
>> i updated to rc1 i'm still getting stacktraces in logs with
>> CryptedUrlWebRequestCodingStrategy
>>
>>
>> ERROR 2008-11-23 13:52:17,964 [http-8080-Processor25] Invalid URL:
>> ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA
>> org.apache.wicket.WicketRuntimeException: Unable to decrypt the text
>> '??G?????K???^D?O???^G^W!^E??I?^C$'Dc5^N8^P????^L'
>> at
>> org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145)
>> at
>> org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67)
>> at
>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:256)
>> at
>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99)
>> at org.apache.wicket.Request.getRequestParameters(Request.java:172)
>> at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246)
>> at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366)
>> at org.apache.wicket.RequestCycle.request(RequestCycle.java:498)
>> at
>> org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444)
>> at
>> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>> at
>> org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:111)
>> at
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>> at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
>> at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>> at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
>> at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
>> at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
>> at
>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874)
>> at
>> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
>> at
>> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
>> at
>> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
>> at
>> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
>> at java.lang.Thread.run(Thread.java:619)
>> Caused by: javax.crypto.BadPaddingException: Given final block not
>> properly padded
>> at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
>> at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
>> at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..)
>> at
>> com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13*..)
>> at javax.crypto.Cipher.doFinal(DashoA13*..)
>> at
>> org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:101)
>> at
>> org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:141)
>> ... 27 more
>> ERROR 2008-11-23 13:52:17,966 [http-8080-Processor25] Invalid URL
>> Invalid URL
>> at
>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:279)
>> at
>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:286)
>> at
>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:265)
>> at
>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99)
>> at org.apache.wicket.Request.getRequestParameters(Request.java:172)
>> at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246)
>> at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366)
>> at org.apache.wicket.RequestCycle.request(RequestCycle.java:498)
>> at
>> org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444)
>> at
>> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
>>
>>
>> could it be a bug?
>>
>> ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA doesn't
>> seem to be modified be someone else than wicket. wdyt?
>>
>> thanks
>>
>> francisco
>>
>>
>>
>> On Mon, Nov 17, 2008 at 4:59 PM, Johan Compagner <jc...@gmail.com>
>> wrote:
>> >>
>> >>
>> >>
>> >> > I already changed the handling of that in trunk so that now a page
>> >> expired
>> >> > is thrown when that happens.
>> >>
>> >> johan when did you exactly change that? does it also impact my issue?
>> >
>> >
>> > dont know exactly but it is in M1 and the current trunk of 1.3
>> >
>> >
>> > You dont have it yet if you are on august code
>> >
>> > it doesnt really affect, because if you dont use crypted you would get a
>> > page expired because if an encrypted
>> > url cant be decrypted because of a new session then the page cant be
>> found
>> > either when it was not encrypted
>> >
>> > Except maybe the stateless forms.. i think we need to look at that a bit
>> >
>> >
>> > johan
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Problem with Crypted URL
Posted by Johan Compagner <jc...@gmail.com>.
hmm weird, wasnt merged yet with 4.1
thought i did that with the big merge.
On Mon, Nov 24, 2008 at 10:57 AM, francisco treacy <
francisco.treacy@gmail.com> wrote:
> i updated to rc1 i'm still getting stacktraces in logs with
> CryptedUrlWebRequestCodingStrategy
>
>
> ERROR 2008-11-23 13:52:17,964 [http-8080-Processor25] Invalid URL:
> ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA
> org.apache.wicket.WicketRuntimeException: Unable to decrypt the text
> '??G?????K???^D?O???^G^W!^E??I?^C$'Dc5^N8^P????^L'
> at
> org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145)
> at
> org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67)
> at
> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:256)
> at
> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99)
> at org.apache.wicket.Request.getRequestParameters(Request.java:172)
> at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246)
> at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366)
> at org.apache.wicket.RequestCycle.request(RequestCycle.java:498)
> at
> org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444)
> at
> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> at
> org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:111)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874)
> at
> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
> at
> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
> at
> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
> at
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
> at java.lang.Thread.run(Thread.java:619)
> Caused by: javax.crypto.BadPaddingException: Given final block not
> properly padded
> at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
> at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
> at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..)
> at
> com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13*..)
> at javax.crypto.Cipher.doFinal(DashoA13*..)
> at
> org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:101)
> at
> org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:141)
> ... 27 more
> ERROR 2008-11-23 13:52:17,966 [http-8080-Processor25] Invalid URL
> Invalid URL
> at
> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:279)
> at
> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:286)
> at
> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:265)
> at
> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99)
> at org.apache.wicket.Request.getRequestParameters(Request.java:172)
> at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246)
> at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366)
> at org.apache.wicket.RequestCycle.request(RequestCycle.java:498)
> at
> org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444)
> at
> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
>
>
> could it be a bug?
>
> ?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA doesn't
> seem to be modified be someone else than wicket. wdyt?
>
> thanks
>
> francisco
>
>
>
> On Mon, Nov 17, 2008 at 4:59 PM, Johan Compagner <jc...@gmail.com>
> wrote:
> >>
> >>
> >>
> >> > I already changed the handling of that in trunk so that now a page
> >> expired
> >> > is thrown when that happens.
> >>
> >> johan when did you exactly change that? does it also impact my issue?
> >
> >
> > dont know exactly but it is in M1 and the current trunk of 1.3
> >
> >
> > You dont have it yet if you are on august code
> >
> > it doesnt really affect, because if you dont use crypted you would get a
> > page expired because if an encrypted
> > url cant be decrypted because of a new session then the page cant be
> found
> > either when it was not encrypted
> >
> > Except maybe the stateless forms.. i think we need to look at that a bit
> >
> >
> > johan
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
Re: Problem with Crypted URL
Posted by francisco treacy <fr...@gmail.com>.
i updated to rc1 i'm still getting stacktraces in logs with
CryptedUrlWebRequestCodingStrategy
ERROR 2008-11-23 13:52:17,964 [http-8080-Processor25] Invalid URL:
?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA
org.apache.wicket.WicketRuntimeException: Unable to decrypt the text
'??G?????K???^D?O???^G^W!^E??I?^C$'Dc5^N8^P????^L'
at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145)
at org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67)
at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:256)
at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99)
at org.apache.wicket.Request.getRequestParameters(Request.java:172)
at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246)
at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366)
at org.apache.wicket.RequestCycle.request(RequestCycle.java:498)
at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444)
at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:111)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.crypto.BadPaddingException: Given final block not
properly padded
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..)
at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13*..)
at javax.crypto.Cipher.doFinal(DashoA13*..)
at org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:101)
at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:141)
... 27 more
ERROR 2008-11-23 13:52:17,966 [http-8080-Processor25] Invalid URL
Invalid URL
at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:279)
at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.onError(CryptedUrlWebRequestCodingStrategy.java:286)
at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:265)
at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:99)
at org.apache.wicket.Request.getRequestParameters(Request.java:172)
at org.apache.wicket.RequestCycle.step(RequestCycle.java:1246)
at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1366)
at org.apache.wicket.RequestCycle.request(RequestCycle.java:498)
at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:444)
at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
could it be a bug?
?x=5M5HhZnN1b1LpMPMBO5Pmr*YBxchBZCmSdUDJCdEYzUOOBDF1Zr0DA doesn't
seem to be modified be someone else than wicket. wdyt?
thanks
francisco
On Mon, Nov 17, 2008 at 4:59 PM, Johan Compagner <jc...@gmail.com> wrote:
>>
>>
>>
>> > I already changed the handling of that in trunk so that now a page
>> expired
>> > is thrown when that happens.
>>
>> johan when did you exactly change that? does it also impact my issue?
>
>
> dont know exactly but it is in M1 and the current trunk of 1.3
>
>
> You dont have it yet if you are on august code
>
> it doesnt really affect, because if you dont use crypted you would get a
> page expired because if an encrypted
> url cant be decrypted because of a new session then the page cant be found
> either when it was not encrypted
>
> Except maybe the stateless forms.. i think we need to look at that a bit
>
>
> johan
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Problem with Crypted URL
Posted by Johan Compagner <jc...@gmail.com>.
>
>
>
> > I already changed the handling of that in trunk so that now a page
> expired
> > is thrown when that happens.
>
> johan when did you exactly change that? does it also impact my issue?
dont know exactly but it is in M1 and the current trunk of 1.3
You dont have it yet if you are on august code
it doesnt really affect, because if you dont use crypted you would get a
page expired because if an encrypted
url cant be decrypted because of a new session then the page cant be found
either when it was not encrypted
Except maybe the stateless forms.. i think we need to look at that a bit
johan
Re: Problem with Crypted URL
Posted by francisco treacy <fr...@gmail.com>.
something _similar_ happens in my logs.
ERROR 2008-11-17 14:16:49,170 [http-8080-Processor17] Invalid URL
org.apache.wicket.WicketRuntimeException: Unable to decrypt the text
'[B@1fc0ce6'
at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145)
at org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67)
at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:256)
at org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:98)
at org.apache.wicket.Request.getRequestParameters(Request.java:172)
at org.apache.wicket.RequestCycle.step(RequestCycle.java:1227)
at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1347)
at org.apache.wicket.RequestCycle.request(RequestCycle.java:497)
at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:420)
(...)
Caused by: javax.crypto.BadPaddingException: Given final block not
properly padded
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..)
at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13*..)
at javax.crypto.Cipher.doFinal(DashoA13*..)
at org.apache.wicket.util.crypt.SunJceCrypt.crypt(SunJceCrypt.java:101)
at org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:141)
... 27 more
but apparently doesn't cause any trouble in the app (eg. no visible
stacktrace or expired page). so i'm just curious.
in this app wicket is 1.4-SNAPSHOT (august 26) (because of a
dependency). will try to switch to rc1 see what i get.
> I already changed the handling of that in trunk so that now a page expired
> is thrown when that happens.
johan when did you exactly change that? does it also impact my issue?
thanks
francisco
On Mon, Nov 17, 2008 at 10:39 AM, Johan Compagner <jc...@gmail.com> wrote:
> i guess this is because we now use sessionid as the seed for the encryption
> of the urls
>
> So when a session times out and that user makes another request to it we
> cant decrypt it anymore because
> another seed is used.
>
> I already changed the handling of that in trunk so that now a page expired
> is thrown when that happens.
>
>
> On Mon, Nov 17, 2008 at 5:21 AM, Andrew Berman <at...@gmail.com> wrote:
>
>> I upgraded from 1.3.4 to 1.3.5 and now I am seeing this error all over the
>> place in my log files..
>>
>> [ERROR] 21:44:24 CryptedUrlWebRequestCodingStrategy - Invalid URL:
>>
>> foo/?x=kSQEmQImbZiH47lvkBIVh0gnXDVDx7-UQqHufLUVx5IVu10xEJYI8UXQ2B0gQCTDdAzJ7rUByXI
>> org.apache.wicket.WicketRuntimeException: Unable to decrypt the text
>> '�$^D�^B&m���o�^R^U�H'\5Cǿ�B��|�^Uǒ^U�]1^P�^H�E��^] @$�t^L��^A�r'
>> at
>>
>> org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145)
>> at
>>
>> org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67)
>> at
>>
>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:250)
>> at
>>
>> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:98)
>> at org.apache.wicket.Request.getRequestParameters(Request.java:171)
>> at org.apache.wicket.RequestCycle.step(RequestCycle.java:1233)
>> at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1353)
>> at org.apache.wicket.RequestCycle.request(RequestCycle.java:493)
>> at
>> org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:355)
>> at
>> org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:124)
>>
>> Anyone have any ideas what in the world is causing the jibberish? I am
>> using JDK 6 and Wicket 1.3.5.
>>
>> Thanks,
>>
>> Andrew
>>
>
Re: Problem with Crypted URL
Posted by Johan Compagner <jc...@gmail.com>.
i guess this is because we now use sessionid as the seed for the encryption
of the urls
So when a session times out and that user makes another request to it we
cant decrypt it anymore because
another seed is used.
I already changed the handling of that in trunk so that now a page expired
is thrown when that happens.
On Mon, Nov 17, 2008 at 5:21 AM, Andrew Berman <at...@gmail.com> wrote:
> I upgraded from 1.3.4 to 1.3.5 and now I am seeing this error all over the
> place in my log files..
>
> [ERROR] 21:44:24 CryptedUrlWebRequestCodingStrategy - Invalid URL:
>
> foo/?x=kSQEmQImbZiH47lvkBIVh0gnXDVDx7-UQqHufLUVx5IVu10xEJYI8UXQ2B0gQCTDdAzJ7rUByXI
> org.apache.wicket.WicketRuntimeException: Unable to decrypt the text
> '�$^D�^B&m���o�^R^U�H'\5Cǿ�B��|�^Uǒ^U�]1^P�^H�E��^] @$�t^L��^A�r'
> at
>
> org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145)
> at
>
> org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67)
> at
>
> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:250)
> at
>
> org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:98)
> at org.apache.wicket.Request.getRequestParameters(Request.java:171)
> at org.apache.wicket.RequestCycle.step(RequestCycle.java:1233)
> at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1353)
> at org.apache.wicket.RequestCycle.request(RequestCycle.java:493)
> at
> org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:355)
> at
> org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:124)
>
> Anyone have any ideas what in the world is causing the jibberish? I am
> using JDK 6 and Wicket 1.3.5.
>
> Thanks,
>
> Andrew
>