[1/2] wicket git commit: WICKET-5855 RememberMe functionality seems to be broken after the change of the default crypt factory

Mon, 30 Mar 2015 12:11:19 -0700 

Repository: wicket
Updated Branches:
  refs/heads/wicket-6.x 2de1284a5 -> 6d6792793


WICKET-5855 RememberMe functionality seems to be broken after the change of the 
default crypt factory

(cherry picked from commit c682e71225f10e1cbcf359f667406077a55d6019)


Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/6056a5c0
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/6056a5c0
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/6056a5c0

Branch: refs/heads/wicket-6.x
Commit: 6056a5c0a54efb95eb60f507ac568ca882d7cc5d
Parents: 2de1284
Author: Martin Tzvetanov Grigorov <mgrigo...@apache.org>
Authored: Fri Mar 27 22:20:44 2015 +0200
Committer: Martin Tzvetanov Grigorov <mgrigo...@apache.org>
Committed: Mon Mar 30 22:07:08 2015 +0300

----------------------------------------------------------------------
 .../strategy/DefaultAuthenticationStrategy.java | 26 +++++++++++---------
 1 file changed, 14 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/wicket/blob/6056a5c0/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java
----------------------------------------------------------------------
diff --git 
a/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java
 
b/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java
index 62c324a..695170f 100644
--- 
a/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java
+++ 
b/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java
@@ -18,7 +18,9 @@ package org.apache.wicket.authentication.strategy;
 
 import org.apache.wicket.Application;
 import org.apache.wicket.authentication.IAuthenticationStrategy;
+import org.apache.wicket.util.cookies.CookieDefaults;
 import org.apache.wicket.util.cookies.CookieUtils;
+import org.apache.wicket.util.crypt.CachingSunJceCryptFactory;
 import org.apache.wicket.util.crypt.ICrypt;
 import org.apache.wicket.util.lang.Args;
 import org.apache.wicket.util.string.Strings;
@@ -68,7 +70,9 @@ public class DefaultAuthenticationStrategy implements 
IAuthenticationStrategy
        {
                if (cookieUtils == null)
                {
-                       cookieUtils = new CookieUtils();
+                       CookieDefaults settings = new CookieDefaults();
+                       settings.setHttpOnly(true);
+                       cookieUtils = new CookieUtils(settings);
                }
                return cookieUtils;
        }
@@ -80,14 +84,19 @@ public class DefaultAuthenticationStrategy implements 
IAuthenticationStrategy
        {
                if (crypt == null)
                {
-                       crypt = 
Application.get().getSecuritySettings().getCryptFactory().newCrypt();
+                       String encryptionKey;
+                       if (Application.exists())
+                       {
+                               encryptionKey = Application.get().getName();
+                       } else {
+                               encryptionKey = "LoggedIn";
+                       }
+                       CachingSunJceCryptFactory cryptFactory = new 
CachingSunJceCryptFactory(encryptionKey);
+                       crypt = cryptFactory.newCrypt();
                }
                return crypt;
        }
 
-       /**
-        * @see org.apache.wicket.authentication.IAuthenticationStrategy#load()
-        */
        @Override
        public String[] load()
        {
@@ -139,10 +148,6 @@ public class DefaultAuthenticationStrategy implements 
IAuthenticationStrategy
                return null;
        }
 
-       /**
-        * @see 
org.apache.wicket.authentication.IAuthenticationStrategy#save(java.lang.String,
-        *      java.lang.String)
-        */
        @Override
        public void save(final String username, final String password)
        {
@@ -153,9 +158,6 @@ public class DefaultAuthenticationStrategy implements 
IAuthenticationStrategy
                getCookieUtils().save(cookieKey, encryptedValue);
        }
 
-       /**
-        * @see 
org.apache.wicket.authentication.IAuthenticationStrategy#remove()
-        */
        @Override
        public void remove()
        {

Reply via email to