Wicket
  1. Wicket
  2. WICKET-260

Wicket uses trivial encryption if com.sun.crypto.provider.SunJCE is not available

    Details

      Description

      The wicket.util.crypt.SunJceCrypt class attempts to load Sun's JCE security provider class and throws an exception if it doesn't exist. Wicket then defaults to a trivial encryption implementation. However, the Java runtime may have other security providers that support the required encryption (PBEWithMD5AndDES). The following patch checks for statically registered providers (which users typically configure in their java.security file) before defaulting to the Sun JCE case.

      Index: src/main/java/wicket/util/crypt/SunJceCrypt.java
      ===================================================================
      — src/main/java/wicket/util/crypt/SunJceCrypt.java (revision 501736)
      +++ src/main/java/wicket/util/crypt/SunJceCrypt.java (working copy)
      @@ -61,6 +61,11 @@
      */
      public SunJceCrypt()
      {
      + if ( Security.getProviders("Cipher."+CRYPT_METHOD).length > 0 )
      +

      { + return; // we are good to go! + }

      +
      try
      {
      // Initialize and add a security provider required for encryption

      1. SunJceCrypt.java.patch
        0.5 kB
        Stuart McCulloch

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Martijn Dashorst
            Reporter:
            Stuart McCulloch
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development