Hi,
I'm looking for protection against CSRF and found and old issue for Apache
Wicket 1.3.4.
https://issues.apache.org/jira/browse/WICKET-1782
And as far as have understood the Apache Wicket does not support
Synchronizer Token Pattern, as suggested at
Hi,
On Tue, May 28, 2013 at 10:32 AM, Magnus K Karlsson
magnus.r.karls...@gmail.com wrote:
Hi,
I'm looking for protection against CSRF and found and old issue for Apache
Wicket 1.3.4.
https://issues.apache.org/jira/browse/WICKET-1782
And as far as have understood the Apache Wicket does
Thanks for your fast reply!
I have tested CryptoMapper, but as far as I can see the CryptoMapper does
not return unique URL for each session, as suggested by OWASP
The synchronizer token pattern requires the generating of random
challenge tokens that are associated with the user's current
On Tue, May 28, 2013 at 11:03 AM, Magnus K Karlsson
magnus.r.karls...@gmail.com wrote:
Thanks for your fast reply!
I have tested CryptoMapper, but as far as I can see the CryptoMapper does
not return unique URL for each session, as suggested by OWASP
The session id is used to
Hi,
Your app fails to start due to:
WARN - AbstractLifeCycle - FAILED
org.eclipse.jetty.security.ConstraintSecurityHandler@70e434d:
java.lang.IllegalStateException: No LoginService for
org.eclipse.jetty.security.authentication.FormAuthenticator@c163956 in
i might have solved the problem the default ICryptFactory is
/**
* Default crypt factory. This factory will instantiate a {@link
SunJceCrypt} once and cache it for
* all further invocations of {@link #newCrypt()}.
*
* @author Igor Vaynberg (ivaynberg)
*/
public class
The solution to generate unique URL for each session is to change the
default ICryptFactory to KeyInSessionSunJceCryptFactory.
getSecuritySettings().setCryptFactory(new
KeyInSessionSunJceCryptFactory());
setRootRequestMapper(new CryptoMapper(getRootRequestMapper(),
this));