By default, Wicket uses the KeyInSessionSunJceCryptFactory which stores the encryption key in the user's session.
On Thu, Mar 25, 2010 at 11:50 AM, fachhoch <fachh...@gmail.com> wrote: > > does encryption has anything to do with this upon debugging I found its > failing in CryptedUrlWebRequestCodingStrategy.java > > here is the method where it fails > > protected String decodeURL(final String url) > { > int startIndex = url.indexOf("?x="); > if (startIndex == -1) > { > startIndex = url.indexOf("&x="); > } > > if (startIndex != -1) > { > try > { > startIndex = startIndex + 3; > final int endIndex = url.indexOf("&", > startIndex); > String secureParam; > if (endIndex == -1) > { > secureParam = > url.substring(startIndex); > } > else > { > secureParam = > url.substring(startIndex, endIndex); > } > > secureParam = > WicketURLDecoder.QUERY_INSTANCE.decode(secureParam); > > // Get the crypt implementation from the > application > final ICrypt urlCrypt = Application.get() > .getSecuritySettings() > .getCryptFactory() > .newCrypt(); > > // Decrypt the query string > String queryString = > urlCrypt.decryptUrlSafe(secureParam); > > // The querystring might have been shortened > (length reduced). > // In that case, lengthen the query string > again. > queryString = rebuildUrl(queryString); > return queryString; > } > catch (Exception ex) > { > return onError(ex, url); > } > } > return null; > } > it fails at this line > String queryString = urlCrypt.decryptUrlSafe(secureParam); > > why decrypt fails if session is invalidated ? > > James Carman-3 wrote: >> >> This works for me: >> >> final Link signOutLink = new Link("signOutLink") >> { >> public void onClick() >> { >> getSession().invalidate(); >> setResponsePage(getApplication().getHomePage()); >> setRedirect(true); >> } >> >> public boolean isVisible() >> { >> return ((MySessionClass)getSession()).isSignedIn(); >> } >> }; >> >> I put that in my "base page" class so that it's visible everywhere. >> >> On Thu, Mar 25, 2010 at 11:30 AM, fachhoch <fachh...@gmail.com> wrote: >>> >>> I did as u said >>> public class AuditSignOutPage extends SignOutPage >>> { >>> >>> public AuditSignOutPage() { >>> ((AuditWebSession)(Session.get())).signout(); >>> setRedirect(true); >>> throw new RestartResponseException(SSISignOutPage.class); >>> } >>> } >>> >>> >>> public class SSISignOutPage extends UnSecuredBasePage { >>> >>> public SSISignOutPage() { >>> add(new AjaxLink<Void>("relogin"){ >>> �...@override >>> public void onClick(AjaxRequestTarget target) { >>> setResponsePage(new >>> AuditWicketApplication.SignInPageHelper().getSignInPage()); >>> setRedirect(true); >>> } >>> }); >>> } >>> } >>> I click on the signout link AuditSignOutPage invalidates the session >>> and send to SSISignOutPage .here this page gets loaded , I see the >>> link >>> relogin. >>> >>> when I click on the link relogin it should take me to my signinpage but >>> again i am ending up with session expired page . I set the break point >>> in onClick method but it never goes there , >>> >>> please explain me what could be causing this ? >>> >>> >>> >>> Mauro Ciancio wrote: >>>> >>>> In order to implement my sign out page I've created a SignOutPage >>>> that invokes the signOut method in AuthenticatedWebSession, then >>>> setRedirect(true) and as final step I throw a: >>>> >>>> throw new RestartResponseException(HomePage.class). >>>> >>>> This makes the home page be processed (and the url in the navigation >>>> bar remains /your_home_page_url). >>>> >>>> Here is the full code if you need it: >>>> >>>> public class LogOutPage extends WebPage { >>>> >>>> public LogOutPage() { >>>> AuthenticatedWebSession.get().signOut(); >>>> setRedirect(true); >>>> throw new RestartResponseException(HomePage.class); >>>> } >>>> } >>>> >>>> Cheers. >>>> >>>> On Thu, Mar 25, 2010 at 11:19 AM, fachhoch <fachh...@gmail.com> wrote: >>>>> >>>>> I initially tried etResponsePage(SSISignOutPage.class) it did not >>>>> worked , >>>>> so used the new approach , >>>>> >>>>> regarding what my SSISignOutPage it does nothing except for showing a >>>>> link >>>>> , before to that the control never goes to the page constructor , >>>>> >>>>> I am assuming after a session is invalidated wicket removes all its >>>>> pages >>>>> from page map and its possible that it cannot find the page >>>>> SSISignOutPage >>>>> and for that reason do I get pageExpired error ? >>>>> >>>>> >>>>> >>>>> >>>>> christian.giambalvo wrote: >>>>>> >>>>>> Depends on what your SSISignOutPage.class does. >>>>>> But why don't use setResponsePage(SSISignOutPage.class) ?? >>>>>> >>>>>> -----Ursprüngliche Nachricht----- >>>>>> Von: tubin gen [mailto:fachh...@gmail.com] >>>>>> Gesendet: Donnerstag, 25. März 2010 12:59 >>>>>> An: users >>>>>> Betreff: signout and redirect >>>>>> >>>>>> here is my code to signout link. >>>>>> >>>>>> add(new Link<Void>("signout"){ >>>>>> @Override >>>>>> public void onClick() { >>>>>> ((AuditWebSession)(Session.get())).signout(); >>>>>> throw new RestartResponseException(SSISignOutPage.class); >>>>>> } >>>>>> }); >>>>>> >>>>>> when user clicks on signout I expect to go to SSISignOutPage. >>>>>> but I end up with a different page which is set in >>>>>> applicationsettings >>>>>> >>>>>> IApplicationSettings settings= super.getApplicationSettings(); >>>>>> settings.setPageExpiredErrorPage(SessionExpiredPage.class); >>>>>> >>>>>> >>>>>> the SessionExpiredPage . >>>>>> please tell me what could be causing this ? >>>>>> >>>>>> --------------------------------------------------------------------- >>>>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>>>>> For additional commands, e-mail: users-h...@wicket.apache.org >>>>>> >>>>>> >>>>>> >>>>> >>>>> -- >>>>> View this message in context: >>>>> http://old.nabble.com/signout-and-redirect-tp28027857p28029507.html >>>>> Sent from the Wicket - User mailing list archive at Nabble.com. >>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>>>> For additional commands, e-mail: users-h...@wicket.apache.org >>>>> >>>>> >>>> >>>> >>>> >>>> -- >>>> Mauro Ciancio <maurociancio at gmail dot com> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>>> For additional commands, e-mail: users-h...@wicket.apache.org >>>> >>>> >>>> >>> >>> -- >>> View this message in context: >>> http://old.nabble.com/signout-and-redirect-tp28027857p28030542.html >>> Sent from the Wicket - User mailing list archive at Nabble.com. >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>> For additional commands, e-mail: users-h...@wicket.apache.org >>> >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> >> > > -- > View this message in context: > http://old.nabble.com/signout-and-redirect-tp28027857p28030831.html > Sent from the Wicket - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org