Hi,
i want to encrypt my urls except the bookmarkable ones.
my bookmarkable pages are mounted in the contructor of my Application class.
In my Application class i have this code (copied from wicket wiki page):
@Override
protected IRequestCycleProcessor newRequestCycleProcessor() {
return new WebRequestCycleProcessor()
{
protected IRequestCodingStrategy
newRequestCodingStrategy()
{
return new
CryptedUrlWebRequestCodingStrategy(new
WebRequestCodingStrategy());
}
};
}
When i leave it like this, the bookmarkable pages are still bookmarkable,
but when i also set a crypt factory in my Application class, the
bookmarkable pages are not bookmarkable any more:
@Override
protected void init() {
getSecuritySettings().setCryptFactory(
new
ClassCryptFactory(KeyInSessionSunJceCryptFactory.class,
ISecuritySettings.DEFAULT_ENCRYPTION_KEY));
}
The comment of class "CryptedUrlWebRequestCodingStrategy" says that
bookmarkable pages created during sessions will be not bookmarkable any
more, but this isn't the case with my bookmarkable pages, because my mounts
are set in my Application class.
*Note:* The usage of the default {@link KeyInSessionSunJceCryptFactory} will
also make all
* bookmarkable urls generated during the user's session non-bookmarkable
because they will be
* encrypted using a session-relative encryption key; however, bookmarkable
urls are still available
* through their mounts.
* </p>
Thanks for any ideas.
--
View this message in context:
http://apache-wicket.1842946.n4.nabble.com/CryptedUrlWebRequestCodingStrategy-and-bookmarkable-urls-tp4498153p4498153.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
