The wicket.util.crypt.SunJceCrypt class attempts to load Sun's JCE security provider class and throws an exception if it doesn't exist. Wicket then defaults to a trivial encryption implementation. However, the Java runtime may have other security providers that support the required encryption (PBEWithMD5AndDES). The following patch checks for statically registered providers (which users typically configure in their java.security file) before defaulting to the Sun JCE case.
— src/main/java/wicket/util/crypt/SunJceCrypt.java (revision 501736)
+++ src/main/java/wicket/util/crypt/SunJceCrypt.java (working copy)
@@ -61,6 +61,11 @@
+ if ( Security.getProviders("Cipher."+CRYPT_METHOD).length > 0 )
// Initialize and add a security provider required for encryption