Examples of org.apache.wicket.util.crypt.ICrypt

• org.apache.wicket.util.crypt.ICrypt
  Encryption and decryption implementations are accessed through this interface. It provide some simple means to encrypt and decrypt strings, like passwords etc.. It depends on the implementation itself which algorithms are used to en-/decrypt the data.

  If you value the privacy of your websites users, then please consider using a one-way encryption algorithm instead of the Wicket provided ICrypt implementations. The intention of these encryption facilities is to keep passwords private when stored in cookies or in the session.The implementation of the encryption algorithm may change between releases. As such, this interface and its implementations are not intended and should not be used as an encryption facility for persistent values.

  As of Wicket 1.2 the methods encrypt and decrypt are deprecated. Consider changing your persistent encryption strategy to be based on a one-way encryption such as a SHA1 hash, not depending on Wicket classes. @author Juergen Donnerstag

   * @return The encoded url
   */
  protected CharSequence encodeURL(final CharSequence url)
  {
    // Get the crypt implementation from the application
    ICrypt urlCrypt = Application.get().getSecuritySettings().getCryptFactory().newCrypt();
    if (urlCrypt != null)
    {
      // The url must have a query string, otherwise keep the url
      // unchanged
      final int pos = url.toString().indexOf('?');
      if (pos > -1)
      {
        // The url's path
        CharSequence urlPrefix = url.subSequence(0, pos);

        // Extract the querystring
        String queryString = url.subSequence(pos + 1, url.length()).toString();

        // if the querystring starts with a parameter like
        // "x=", than don't change the querystring as it
        // has been encoded already
        if (!queryString.startsWith("x="))
        {
          // The length of the encrypted string depends on the
          // length of the original querystring. Let's try to
          // make the querystring shorter first without loosing
          // information.
          queryString = shortenUrl(queryString).toString();

          // encrypt the query string
          String encryptedQueryString = urlCrypt.encryptUrlSafe(queryString);

          encryptedQueryString = WicketURLEncoder.QUERY_INSTANCE.encode(encryptedQueryString);

          // build the new complete url
          return new AppendingStringBuffer(urlPrefix).append("?x=").append(

        }

        secureParam = WicketURLDecoder.QUERY_INSTANCE.decode(secureParam);

        // Get the crypt implementation from the application
        final ICrypt urlCrypt = Application.get()
          .getSecuritySettings()
          .getCryptFactory()
          .newCrypt();

        // Decrypt the query string
        String queryString = urlCrypt.decryptUrlSafe(secureParam);

        // The querystring might have been shortened (length reduced).
        // In that case, lengthen the query string again.
        queryString = rebuildUrl(queryString);
        return queryString;

    };

    panel.setPersistent(true);
    form = (Form<?>)panel.get("signInForm");

    final ICrypt crypt = tester.getApplication().getSecuritySettings().getCryptFactory()
        .newCrypt();
    final String encryptedPassword = crypt.encryptUrlSafe("test");
    assertNotNull(encryptedPassword);
    cookieUsername = new Cookie("panel.signInForm.username", "juergen");
    Cookie cookiePassword = new Cookie("panel.signInForm.password", encryptedPassword);
    Cookie[] cookies = new Cookie[]{cookieUsername, cookiePassword};

    };

    panel.setPersistent(true);
    form = (Form)panel.get("signInForm");

    final ICrypt crypt = tester.getApplication()
      .getSecuritySettings()
      .getCryptFactory()
      .newCrypt();
    final String encryptedPassword = crypt.encryptUrlSafe("test");
    assertNotNull(encryptedPassword);
    cookieUsername = new Cookie("panel.signInForm.username", "juergen");
    cookiePassword = new Cookie("panel.signInForm.password", encryptedPassword);
    cookies = new Cookie[] { cookieUsername, cookiePassword };

   * @return The encoded url
   */
  protected CharSequence encodeURL(final CharSequence url)
  {
    // Get the crypt implementation from the application
    ICrypt urlCrypt = Application.get().getSecuritySettings().getCryptFactory().newCrypt();
    if (urlCrypt != null)
    {
      // The url must have a query string, otherwise keep the url
      // unchanged
      final int pos = url.toString().indexOf('?');
      if (pos > -1)
      {
        // The url's path
        CharSequence urlPrefix = url.subSequence(0, pos);

        // Extract the querystring
        String queryString = url.subSequence(pos + 1, url.length()).toString();

        // if the querystring starts with a parameter like
        // "x=", than don't change the querystring as it
        // has been encoded already
        if (!queryString.startsWith("x="))
        {
          // The length of the encrypted string depends on the
          // length of the original querystring. Let's try to
          // make the querystring shorter first without loosing
          // information.
          queryString = shortenUrl(queryString).toString();

          // encrypt the query string
          String encryptedQueryString = urlCrypt.encryptUrlSafe(queryString);

          encryptedQueryString = WicketURLEncoder.QUERY_INSTANCE.encode(encryptedQueryString);

          // build the new complete url
          return new AppendingStringBuffer(urlPrefix).append("?x=").append(

        }

        secureParam = WicketURLDecoder.QUERY_INSTANCE.decode(secureParam);

        // Get the crypt implementation from the application
        final ICrypt urlCrypt = Application.get()
          .getSecuritySettings()
          .getCryptFactory()
          .newCrypt();

        // Decrypt the query string
        String queryString = urlCrypt.decryptUrlSafe(secureParam);

        // The querystring might have been shortened (length reduced).
        // In that case, lengthen the query string again.
        queryString = rebuildUrl(queryString);
        return queryString;

  private static class TestCryptFactory implements ICryptFactory
  {

    public ICrypt newCrypt()
    {
      return new ICrypt()
      {

        public String decryptUrlSafe(String text)
        {
          return new String(new Base64(true).decode(text));

   * @return The encoded url
   */
  protected CharSequence encodeURL(final CharSequence url)
  {
    // Get the crypt implementation from the application
    ICrypt urlCrypt = Application.get().getSecuritySettings().getCryptFactory().newCrypt();
    if (urlCrypt != null)
    {
      // The url must have a query string, otherwise keep the url
      // unchanged
      final int pos = url.toString().indexOf('?');
      if (pos > -1)
      {
        // The url's path
        CharSequence urlPrefix = url.subSequence(0, pos);

        // Extract the querystring
        String queryString = url.subSequence(pos + 1, url.length()).toString();

        // if the querystring starts with a parameter like
        // "x=", than don't change the querystring as it
        // has been encoded already
        if (!queryString.startsWith("x="))
        {
          // The length of the encrypted string depends on the
          // length of the original querystring. Let's try to
          // make the querystring shorter first without loosing
          // information.
          queryString = shortenUrl(queryString).toString();

          // encrypt the query string
          String encryptedQueryString = urlCrypt.encryptUrlSafe(queryString);

                    encryptedQueryString = WicketURLEncoder.QUERY_INSTANCE.encode(encryptedQueryString);

          // build the new complete url
          return new AppendingStringBuffer(urlPrefix).append("?x=").append(

        }

        secureParam = WicketURLDecoder.QUERY_INSTANCE.decode(secureParam);

        // Get the crypt implementation from the application
        final ICrypt urlCrypt = Application.get()
          .getSecuritySettings()
          .getCryptFactory()
          .newCrypt();

        // Decrypt the query string
        String queryString = urlCrypt.decryptUrlSafe(secureParam);

        // The querystring might have been shortened (length reduced).
        // In that case, lengthen the query string again.
        queryString = rebuildUrl(queryString);
        return queryString;

   * @return The encoded url
   */
  protected CharSequence encodeURL(final CharSequence url)
  {
    // Get the crypt implementation from the application
    ICrypt urlCrypt = Application.get().getSecuritySettings().getCryptFactory().newCrypt();
    if (urlCrypt != null)
    {
      // The url must have a query string, otherwise keep the url
      // unchanged
      final int pos = url.toString().indexOf('?');
      if (pos > -1)
      {
        // The url's path
        CharSequence urlPrefix = url.subSequence(0, pos);

        // Extract the querystring
        String queryString = url.subSequence(pos + 1, url.length()).toString();

        // if the querystring starts with a parameter like
        // "x=", than don't change the querystring as it
        // has been encoded already
        if (!queryString.startsWith("x="))
        {
          // The length of the encrypted string depends on the
          // length of the original querystring. Let's try to
          // make the querystring shorter first without loosing
          // information.
          queryString = shortenUrl(queryString).toString();

          // encrypt the query string
          String encryptedQueryString = urlCrypt.encryptUrlSafe(queryString);

          encryptedQueryString = WicketURLEncoder.QUERY_INSTANCE.encode(encryptedQueryString);

          // build the new complete url
          return new AppendingStringBuffer(urlPrefix).append("?x=").append(