This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Child pages
  • Obfuscating urls

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Bookmarkable Link

Excerpt
hiddentrue

How to obfuscate/encrypt a wicket url

Panel
borderStylesolid
titleTable of contents
Table of Contents
minLevel2

How to obfuscate/encrypt a wicket url

From time to time users ask how to obfuscate wicket urls. Instead of myApp?component=1&version=0&interface=IRedirectListener they asked for myApp?sdf897sD879ddfD8... and myApp/sdf897sD879ddfD8 and many more. Due to varying requirements such as being Google and/or cluster compliant we decided to provide "hooks" build into the core to allow for virtually any obfuscating alogrithm to be implemented by wicket users. Hopefully users will contribute their implementations back to the project.

Classes involved in encrypting and decrypting URLs are WebResponse and WebRequest. The default implementations provided by Wicket don't encrypt the URL at all, but subclasses (currently provided by core as well) like WebResponseWithCryptedUrl and WebRequestWithCryptedUrl do. In order for your application to use them you must subclass WebApplication.newWebRequest() and WebApplication.newWebResponse() like in the snippet shown below.

Note, this changed slightly in Wicket 1.2 and 1.3, as can be seen by comparing the fragments below:

Wicket 1.3

Code Block
titleWicket 1.3+

protected IRequestCycleProcessor newRequestCycleProcessor()
{
    return new WebRequestCycleProcessor()
    {
        protected IRequestCodingStrategy newRequestCodingStrategy()
        {
            return new CryptedUrlWebRequestCodingStrategy(new WebRequestCodingStrategy());
        }
    };
} 

The Jasypt (Java Simplified Encryption) framework has some Wicket-specific support for this functionality. See http://www.jasypt.org/wicket.html for more info.

Wicket 1.2

Code Block
titleWicket 1.2+
public final class SignIn2Application extends WicketExampleApplication
{
....
 protected IRequestCycleProcessor newRequestCycleProcessor()
 {
 	return new CompoundRequestCycleProcessor(new CryptedUrlWebRequestCodingStrategy(
 			new WebRequestCodingStrategy()), null, null, null, null);
 }
}

Wicket 1.1

Code Block
titleWicket 1.1
public final class SignIn2Application extends WicketExampleApplication
{
....
	/**
	 * @see wicket.protocol.http.WebApplication#newWebRequest(javax.servlet.http.HttpServletRequest)
	 */
	protected WebRequest newWebRequest(HttpServletRequest servletRequest)
	{
		return new WebRequestWithCryptedUrl(servletRequest);
	}
	
	/**
	 * @see wicket.protocol.http.WebApplication#newWebResponse(javax.servlet.http.HttpServletResponse)
	 */
	protected WebResponse newWebResponse(HttpServletResponse servletResponse) throws IOException
	{
		return new WebResponseWithCryptedUrl(servletResponse);
	}
}