[WICKET-260] Wicket uses trivial encryption if com.sun.crypto.provider.SunJCE is not available - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.2.4, 1.2.5
Fix Version/s: 2.0 branch (discontinued), 1.2.6, 1.3.0-beta1
Component/s: wicket
Labels:
None

Description

The wicket.util.crypt.SunJceCrypt class attempts to load Sun's JCE security provider class and throws an exception if it doesn't exist. Wicket then defaults to a trivial encryption implementation. However, the Java runtime may have other security providers that support the required encryption (PBEWithMD5AndDES). The following patch checks for statically registered providers (which users typically configure in their java.security file) before defaulting to the Sun JCE case.

Index: src/main/java/wicket/util/crypt/SunJceCrypt.java
===================================================================
— src/main/java/wicket/util/crypt/SunJceCrypt.java (revision 501736)
+++ src/main/java/wicket/util/crypt/SunJceCrypt.java (working copy)
@@ -61,6 +61,11 @@
*/
public SunJceCrypt()
{
+ if ( Security.getProviders("Cipher."+CRYPT_METHOD).length > 0 )
+

{ + return; // we are good to go! + }

+
try
{
// Initialize and add a security provider required for encryption

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SunJceCrypt.java.patch
07/Feb/07 09:21
0.5 kB
Stuart McCulloch

Activity

People

Assignee:: Martijn Dashorst

Reporter:: Stuart McCulloch

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 07/Feb/07 09:20

Updated:: 10/Feb/07 08:11

Resolved:: 10/Feb/07 08:11