Package org.apache.wicket.core.util.crypt

Source Code of org.apache.wicket.core.util.crypt.KeyInSessionSunJceCryptFactory

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements.  See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License.  You may obtain a copy of the License at
*
*      http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.wicket.core.util.crypt;

import java.util.UUID;

import org.apache.wicket.MetaDataKey;
import org.apache.wicket.Session;
import org.apache.wicket.util.crypt.ICrypt;
import org.apache.wicket.util.crypt.ICryptFactory;
import org.apache.wicket.util.crypt.SunJceCrypt;

/**
* Crypt factory that produces {@link SunJceCrypt} instances based on http session-specific
* encryption key. This allows each user to have their own encryption key, hardening against CSRF
* attacks.
*
* Note that the use of this crypt factory will result in an immediate creation of a http session
*
* @author igor.vaynberg
*/
public class KeyInSessionSunJceCryptFactory implements ICryptFactory
{
  /** metadata-key used to store crypto-key in session metadata */
  private static MetaDataKey<String> KEY = new MetaDataKey<String>()
  {
    private static final long serialVersionUID = 1L;
  };


  @Override
  public ICrypt newCrypt()
  {
    Session session = Session.get();
    session.bind();

    // retrieve or generate encryption key from session
    String key = session.getMetaData(KEY);
    if (key == null)
    {
      // generate new key
      key = session.getId() + "." + UUID.randomUUID().toString();
      session.setMetaData(KEY, key);
    }

    // build the crypt based on session key
    ICrypt crypt = new SunJceCrypt();
    crypt.setKey(key);
    return crypt;
  }
}
TOP

Related Classes of org.apache.wicket.core.util.crypt.KeyInSessionSunJceCryptFactory

  • org.apache.wicket.Session
  • org.apache.wicket.util.crypt.ICrypt
  • org.apache.wicket.util.crypt.SunJceCrypt
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.