Home/ Questions/Q 6689659
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T05:32:43+00:00

I have problem with Stripes forms in the application for Google App Engine. I

  • 0

I have problem with Stripes forms in the application for Google App Engine.
I have a JSP page with Stripes form tag. When I submit the form and a validation error occurs on one of the fields, Stripes shows me a screen with following notice:

Here’s how it is.

Someone (quite possibly the Stripes Dispatcher) needed to get the
source page resolution. But no source page was supplied in the
request, and unless you override
ActionBeanContext.getSourcePageResolution() you’re going to need that
value. When you use a tag a hidden field called ‘_sourcePage’ is
included. If you write your own forms or links that could generate
validation errors, you must include a value for this parameter. This
can be done by calling request.getServletPath().”

I have checked source of the page with form and hidden input field _sourcePage is present in the form as it should be. Value of the field seems to be somehow encrypted.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Encryption of values that are sent to the client (hidden form fields etc.) is one of the Stripes features and it’s a cause of the problem.

    To encrypt and decrypt values Stripes use a key, that is specified in configuration property named Stripes.EncryptionKey.
    This property doesn’t have default value so if it’s not specified, Stripes will generate random key each time the
    application is initialized.

    This needn’t be a problem on traditional application server, moreover it can be welcomed security enhancement, because
    key is changed from time to time.

    On the other hand on Google App Engine this is a major problem. On GAE there is no guarantee that
    subsequent requests in the scope of one user session will be served by the same application with same generated key.
    App Engine can decide to shutdown any of the running instances of application anytime and if the next request comes, it
    will start another instance to serve the request (this is called “cold start”). This new instance will have new generated key.
    The result is that the application will try to decrypt the values with different key than they were encrypted with and of course
    fails to do so.

    In this situation Stripes logs a warning “Input was not encrypted with the current encryption key: ” and behaves as parameter that it’s trying to decrypt is not present at all
    (see net.sourceforge.stripes.util.CryptoUtil). In your case it means that it behaves as _sourcePage parameter is not present and
    that’s why it shows “Here’s how it is” screen if validation error occurs.

    So if you use Stripes on Google App Engine, you should set some random value to configuration property Stripes.EncryptionKey.

    • 0