Re: svn commit: r1851076 - in /ofbiz/ofbiz-framework/branche
Locked
Re: svn commit: r1851076 - in /ofbiz/ofbiz-framework/branche
 
|
Hi Jacques,
There is a chance of getting Null Pointer Exception (while creating the auto-login cookie & calling the method autoLoginCheck() inside the if block) if the userLogin is null. IMO, the below condition *if (userLogin != null && * * (webappInfo != null && webappInfo.isAutologinCookieUsed()) || webappInfo == null) { // When using an empty mounpoint, ie using root as mounpoint. Beware: works only for 1 webapp!* can be improved as, *if (userLogin != null && * * ((webappInfo != null && webappInfo.isAutologinCookieUsed()) || webappInfo == null)) { // When using an empty mounpoint, ie using root as mounpoint. Beware: works only for 1 webapp!* Thanks & Regards -- Deepak Nigam HotWax Systems Pvt. Ltd On Fri, Jan 11, 2019 at 9:57 PM <[hidden email]> wrote: > Author: jleroux > Date: Fri Jan 11 16:27:11 2019 > New Revision: 1851076 > > URL: http://svn.apache.org/viewvc?rev=1851076&view=rev > Log: > "Applied fix from trunk for revision: 1851074 " > ------------------------------------------------------------------------ > r1851074 | jleroux | 2019-01-11 17:26:13 +0100 (ven. 11 janv. 2019) | 17 > lignes > > Fixed: Correct behaviour of Autologin cookies > (OFBIZ-10635) > > In the method to set the autoLogin cookie, LoginWorker::autoLoginSet, > system fetches the webAppInfo by using the > method ComponentConfig::getWebappInfo. In this method, serverId and > applicationName are passed as arguments. > > *WebappInfo webappInfo = ComponentConfig.getWebappInfo((String) > context.getAttribute("_serverId"), UtilHttp.getApplicationName(request));* > > If the mount-point of the web app is set as an empty string, then 'root' > will be used as the application name, due to which the object webAppInfo > will come null. If the webAppInfo is null then the autoLogin cookie will > not be created and added to the response object by the system. > > Thanks: Aditya for report and Mathieu Lirzin for discussion > ------------------------------------------------------------------------ > > Modified: > ofbiz/ofbiz-framework/branches/release17.12/ (props changed) > > ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java > > Propchange: ofbiz/ofbiz-framework/branches/release17.12/ > > ------------------------------------------------------------------------------ > --- svn:mergeinfo (original) > +++ svn:mergeinfo Fri Jan 11 16:27:11 2019 > @@ -10,4 +10,4 @@ > /ofbiz/branches/json-integration-refactoring:1634077-1635900 > /ofbiz/branches/multitenant20100310:921280-927264 > /ofbiz/branches/release13.07:1547657 > > -/ofbiz/ofbiz-framework/trunk:1819499,1819598,1819800,1819805,1819811,1819947,1820038,1820262,1820374-1820375,1820441,1820457,1820644,1820658,1820790,1820823,1820949,1820966,1821012,1821036,1821112,1821115,1821144,1821186,1821219,1821226,1821230,1821386,1821613,1821628,1821965,1822125,1822310,1822377,1822383,1822393,1823467,1823562,1823876,1824314,1824316,1824732,1824803,1824847,1824855,1825192,1825211,1825216,1825233,1825450,1826374,1826502,1826592,1826671,1826674,1826780,1826805,1826938,1826997,1827439,1828255,1828316,1828346,1828424,1828512,1828514,1829690,1830936,1831074,1831078,1831234,1831608,1831831,1832577,1832662,1832756,1832800,1832944,1833173,1833211,1834181,1834191,1834736,1835235,1835887,1835891,1835953,1835964,1836144,1836871,1837857,1838032,1838256,1838381,1840189,1840199,1840828,1841657,1841662,1842372,1842921,1843225,1843893,1844943,1845418,1845420,1845466,1845544,1845552,1845558,1845933,1845995,1846097,1846107,1846214,1846594,1846632,1847398,1847478,1847670,1847715, > > 1847890,1848263,1848336,1848386,1848398,1848441,1848444,1848447,1848449,1848467,1848469,1848745,1848849-1848850,1849021,1849191,1849193,1849275,1849467,1849528,1849540,1849567,1849693,1850015,1850023,1850530,1850647,1850685,1850694,1850918,1850948,1850953,1851006,1851068 > > +/ofbiz/ofbiz-framework/trunk:1819499,1819598,1819800,1819805,1819811,1819947,1820038,1820262,1820374-1820375,1820441,1820457,1820644,1820658,1820790,1820823,1820949,1820966,1821012,1821036,1821112,1821115,1821144,1821186,1821219,1821226,1821230,1821386,1821613,1821628,1821965,1822125,1822310,1822377,1822383,1822393,1823467,1823562,1823876,1824314,1824316,1824732,1824803,1824847,1824855,1825192,1825211,1825216,1825233,1825450,1826374,1826502,1826592,1826671,1826674,1826780,1826805,1826938,1826997,1827439,1828255,1828316,1828346,1828424,1828512,1828514,1829690,1830936,1831074,1831078,1831234,1831608,1831831,1832577,1832662,1832756,1832800,1832944,1833173,1833211,1834181,1834191,1834736,1835235,1835887,1835891,1835953,1835964,1836144,1836871,1837857,1838032,1838256,1838381,1840189,1840199,1840828,1841657,1841662,1842372,1842921,1843225,1843893,1844943,1845418,1845420,1845466,1845544,1845552,1845558,1845933,1845995,1846097,1846107,1846214,1846594,1846632,1847398,1847478,1847670,1847715, > > 1847890,1848263,1848336,1848386,1848398,1848441,1848444,1848447,1848449,1848467,1848469,1848745,1848849-1848850,1849021,1849191,1849193,1849275,1849467,1849528,1849540,1849567,1849693,1850015,1850023,1850530,1850647,1850685,1850694,1850918,1850948,1850953,1851006,1851068,1851074 > > Modified: > ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java > URL: > http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java?rev=1851076&r1=1851075&r2=1851076&view=diff > > ============================================================================== > --- > ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java > (original) > +++ > ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java > Fri Jan 11 16:27:11 2019 > @@ -711,13 +711,16 @@ public class LoginWorker { > HttpSession session = request.getSession(); > GenericValue userLogin = (GenericValue) > session.getAttribute("userLogin"); > ServletContext context = request.getServletContext(); > - WebappInfo webappInfo = ComponentConfig.getWebappInfo((String) > context.getAttribute("_serverId"), UtilHttp.getApplicationName(request)); > + String applicationName = UtilHttp.getApplicationName(request); > + WebappInfo webappInfo = ComponentConfig.getWebappInfo((String) > context.getAttribute("_serverId"), applicationName); > > - if (userLogin != null && webappInfo != null && > webappInfo.isAutologinCookieUsed()) { > + if (userLogin != null && > + (webappInfo != null && webappInfo.isAutologinCookieUsed()) > + || webappInfo == null) { // When using an empty > mounpoint, ie using root as mounpoint. Beware: works only for 1 webapp! > Cookie autoLoginCookie = new > Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId")); > autoLoginCookie.setMaxAge(60 * 60 * 24 * 365); > > autoLoginCookie.setDomain(EntityUtilProperties.getPropertyValue("url", > "cookie.domain", delegator)); > - autoLoginCookie.setPath("/" + > UtilHttp.getApplicationName(request).replaceAll("/","_")); > + autoLoginCookie.setPath("/" + > applicationName.replaceAll("/","_")); > autoLoginCookie.setSecure(true); > autoLoginCookie.setHttpOnly(true); > response.addCookie(autoLoginCookie); > > > |
Re: svn commit: r1851076 - in /ofbiz/ofbiz-framework/branche
Administrator
|
Thanks Deepak,
Fixed in OFBIZ-10635 Jacques Le 15/01/2019 à 13:42, Deepak Nigam a écrit : > Hi Jacques, > > There is a chance of getting Null Pointer Exception (while creating the > auto-login cookie & calling the method autoLoginCheck() inside the if > block) if the userLogin is null. IMO, the below condition > > > *if (userLogin != null && * > > * (webappInfo != null && > webappInfo.isAutologinCookieUsed()) || webappInfo == null) { > // > When using an empty mounpoint, ie using root as mounpoint. Beware: > works only for 1 webapp!* > > can be improved as, > > > *if (userLogin != null && * > > * ((webappInfo != null && > webappInfo.isAutologinCookieUsed()) || webappInfo == null)) > { // > When using an empty mounpoint, ie using root as mounpoint. Beware: > works only for 1 webapp!* > > > Thanks & Regards > -- > Deepak Nigam > HotWax Systems Pvt. Ltd > > On Fri, Jan 11, 2019 at 9:57 PM <[hidden email]> wrote: > >> Author: jleroux >> Date: Fri Jan 11 16:27:11 2019 >> New Revision: 1851076 >> >> URL: http://svn.apache.org/viewvc?rev=1851076&view=rev >> Log: >> "Applied fix from trunk for revision: 1851074" >> ------------------------------------------------------------------------ >> r1851074 | jleroux | 2019-01-11 17:26:13 +0100 (ven. 11 janv. 2019) | 17 >> lignes >> >> Fixed: Correct behaviour of Autologin cookies >> (OFBIZ-10635) >> >> In the method to set the autoLogin cookie, LoginWorker::autoLoginSet, >> system fetches the webAppInfo by using the >> method ComponentConfig::getWebappInfo. In this method, serverId and >> applicationName are passed as arguments. >> >> *WebappInfo webappInfo = ComponentConfig.getWebappInfo((String) >> context.getAttribute("_serverId"), UtilHttp.getApplicationName(request));* >> >> If the mount-point of the web app is set as an empty string, then 'root' >> will be used as the application name, due to which the object webAppInfo >> will come null. If the webAppInfo is null then the autoLogin cookie will >> not be created and added to the response object by the system. >> >> Thanks: Aditya for report and Mathieu Lirzin for discussion >> ------------------------------------------------------------------------ >> >> Modified: >> ofbiz/ofbiz-framework/branches/release17.12/ (props changed) >> >> ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java >> >> Propchange: ofbiz/ofbiz-framework/branches/release17.12/ >> >> ------------------------------------------------------------------------------ >> --- svn:mergeinfo (original) >> +++ svn:mergeinfo Fri Jan 11 16:27:11 2019 >> @@ -10,4 +10,4 @@ >> /ofbiz/branches/json-integration-refactoring:1634077-1635900 >> /ofbiz/branches/multitenant20100310:921280-927264 >> /ofbiz/branches/release13.07:1547657 >> >> -/ofbiz/ofbiz-framework/trunk:1819499,1819598,1819800,1819805,1819811,1819947,1820038,1820262,1820374-1820375,1820441,1820457,1820644,1820658,1820790,1820823,1820949,1820966,1821012,1821036,1821112,1821115,1821144,1821186,1821219,1821226,1821230,1821386,1821613,1821628,1821965,1822125,1822310,1822377,1822383,1822393,1823467,1823562,1823876,1824314,1824316,1824732,1824803,1824847,1824855,1825192,1825211,1825216,1825233,1825450,1826374,1826502,1826592,1826671,1826674,1826780,1826805,1826938,1826997,1827439,1828255,1828316,1828346,1828424,1828512,1828514,1829690,1830936,1831074,1831078,1831234,1831608,1831831,1832577,1832662,1832756,1832800,1832944,1833173,1833211,1834181,1834191,1834736,1835235,1835887,1835891,1835953,1835964,1836144,1836871,1837857,1838032,1838256,1838381,1840189,1840199,1840828,1841657,1841662,1842372,1842921,1843225,1843893,1844943,1845418,1845420,1845466,1845544,1845552,1845558,1845933,1845995,1846097,1846107,1846214,1846594,1846632,1847398,1847478,1847670,1847715, >> >> 1847890,1848263,1848336,1848386,1848398,1848441,1848444,1848447,1848449,1848467,1848469,1848745,1848849-1848850,1849021,1849191,1849193,1849275,1849467,1849528,1849540,1849567,1849693,1850015,1850023,1850530,1850647,1850685,1850694,1850918,1850948,1850953,1851006,1851068 >> >> +/ofbiz/ofbiz-framework/trunk:1819499,1819598,1819800,1819805,1819811,1819947,1820038,1820262,1820374-1820375,1820441,1820457,1820644,1820658,1820790,1820823,1820949,1820966,1821012,1821036,1821112,1821115,1821144,1821186,1821219,1821226,1821230,1821386,1821613,1821628,1821965,1822125,1822310,1822377,1822383,1822393,1823467,1823562,1823876,1824314,1824316,1824732,1824803,1824847,1824855,1825192,1825211,1825216,1825233,1825450,1826374,1826502,1826592,1826671,1826674,1826780,1826805,1826938,1826997,1827439,1828255,1828316,1828346,1828424,1828512,1828514,1829690,1830936,1831074,1831078,1831234,1831608,1831831,1832577,1832662,1832756,1832800,1832944,1833173,1833211,1834181,1834191,1834736,1835235,1835887,1835891,1835953,1835964,1836144,1836871,1837857,1838032,1838256,1838381,1840189,1840199,1840828,1841657,1841662,1842372,1842921,1843225,1843893,1844943,1845418,1845420,1845466,1845544,1845552,1845558,1845933,1845995,1846097,1846107,1846214,1846594,1846632,1847398,1847478,1847670,1847715, >> >> 1847890,1848263,1848336,1848386,1848398,1848441,1848444,1848447,1848449,1848467,1848469,1848745,1848849-1848850,1849021,1849191,1849193,1849275,1849467,1849528,1849540,1849567,1849693,1850015,1850023,1850530,1850647,1850685,1850694,1850918,1850948,1850953,1851006,1851068,1851074 >> >> Modified: >> ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java >> URL: >> http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java?rev=1851076&r1=1851075&r2=1851076&view=diff >> >> ============================================================================== >> --- >> ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java >> (original) >> +++ >> ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java >> Fri Jan 11 16:27:11 2019 >> @@ -711,13 +711,16 @@ public class LoginWorker { >> HttpSession session = request.getSession(); >> GenericValue userLogin = (GenericValue) >> session.getAttribute("userLogin"); >> ServletContext context = request.getServletContext(); >> - WebappInfo webappInfo = ComponentConfig.getWebappInfo((String) >> context.getAttribute("_serverId"), UtilHttp.getApplicationName(request)); >> + String applicationName = UtilHttp.getApplicationName(request); >> + WebappInfo webappInfo = ComponentConfig.getWebappInfo((String) >> context.getAttribute("_serverId"), applicationName); >> >> - if (userLogin != null && webappInfo != null && >> webappInfo.isAutologinCookieUsed()) { >> + if (userLogin != null && >> + (webappInfo != null && webappInfo.isAutologinCookieUsed()) >> + || webappInfo == null) { // When using an empty >> mounpoint, ie using root as mounpoint. Beware: works only for 1 webapp! >> Cookie autoLoginCookie = new >> Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId")); >> autoLoginCookie.setMaxAge(60 * 60 * 24 * 365); >> >> autoLoginCookie.setDomain(EntityUtilProperties.getPropertyValue("url", >> "cookie.domain", delegator)); >> - autoLoginCookie.setPath("/" + >> UtilHttp.getApplicationName(request).replaceAll("/","_")); >> + autoLoginCookie.setPath("/" + >> applicationName.replaceAll("/","_")); >> autoLoginCookie.setSecure(true); >> autoLoginCookie.setHttpOnly(true); >> response.addCookie(autoLoginCookie); >> >> >> |
«
Return to OFBiz - Dev
|
1 view|%1 views
| Free forum by Nabble | Edit this page |