Uncaught exception guesing urls using CryptedUrlWebRequestCodingStrategy
------------------------------------------------------------------------
Key: WICKET-178
URL: http://issues.apache.org/jira/browse/WICKET-178
Project: Wicket
Issue Type: Bug
Components: wicket
Affects Versions: 1.2.3
Environment: Windows XP
Reporter: Craig Lenzen
Priority: Minor
When used the CryptedUrlWebRequestCodingStrategy strategy in my wicket
application I get an uncaught exception when trying to hack urls in the browser
address bar.
Configuration:
@Override
protected IRequestCycleProcessor newRequestCycleProcessor() {
return new CompoundRequestCycleProcessor(new
CryptedUrlWebRequestCodingStrategy(
new WebRequestCodingStrategy()),
null,
null,
null,
null);
} // newRequestCycleProcessor
Exception:
java.lang.ArrayIndexOutOfBoundsException: 81
at wicket.util.crypt.Base64UrlSafe.decodeBase64(Base64UrlSafe.java:367)
at wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:87)
at
wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:256)
at
wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:91)
at wicket.Request.getRequestParameters(Request.java:163)
at wicket.RequestCycle.step(RequestCycle.java:992)
at wicket.RequestCycle.steps(RequestCycle.java:1084)
at wicket.RequestCycle.request(RequestCycle.java:454)
at wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:219)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
at
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at
org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at
org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
at java.lang.Thread.run(Thread.java:595)
I'd except that this exception would be caught an a user is taken to a user
friendly error page, possibly the default error page.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
