Stripes on Google App Engine issue
https://stackoverflow.com/questions/7778151
-
10-02-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have problem with Stripes forms in the application for Google App Engine. I have a JSP page with Stripes form tag. When I submit the form and a validation error occurs on one of the fields, Stripes shows me a screen with following notice:
Here's how it is.
Someone (quite possibly the Stripes Dispatcher) needed to get the source page resolution. But no source page was supplied in the request, and unless you override ActionBeanContext.getSourcePageResolution() you're going to need that value. When you use a tag a hidden field called '_sourcePage' is included. If you write your own forms or links that could generate validation errors, you must include a value for this parameter. This can be done by calling request.getServletPath()."
I have checked source of the page with form and hidden input field _sourcePage is present in the form as it should be. Value of the field seems to be somehow encrypted.
Solution
Encryption of values that are sent to the client (hidden form fields etc.) is one of the Stripes features and it's a cause of the problem.
To encrypt and decrypt values Stripes use a key, that is specified in configuration property named Stripes.EncryptionKey. This property doesn't have default value so if it's not specified, Stripes will generate random key each time the application is initialized.
This needn't be a problem on traditional application server, moreover it can be welcomed security enhancement, because key is changed from time to time.
On the other hand on Google App Engine this is a major problem. On GAE there is no guarantee that subsequent requests in the scope of one user session will be served by the same application with same generated key. App Engine can decide to shutdown any of the running instances of application anytime and if the next request comes, it will start another instance to serve the request (this is called "cold start"). This new instance will have new generated key. The result is that the application will try to decrypt the values with different key than they were encrypted with and of course fails to do so.
In this situation Stripes logs a warning "Input was not encrypted with the current encryption key: " and behaves as parameter that it's trying to decrypt is not present at all (see net.sourceforge.stripes.util.CryptoUtil). In your case it means that it behaves as _sourcePage parameter is not present and that's why it shows "Here's how it is" screen if validation error occurs.
So if you use Stripes on Google App Engine, you should set some random value to configuration property Stripes.EncryptionKey.
