Re: svn commit: r731660 - in /ofbiz/trunk/framework/webapp: dtd/site-conf.xsd src/org/ofbiz/webapp/control/C
Locked
Re: svn commit: r731660 - in /ofbiz/trunk/framework/webapp: dtd/site-conf.xsd src/org/ofbiz/webapp/control/C
 
Administrator
|
Thanks Andrew,
I have added your comment in http://docs.ofbiz.org/display/OFBTECH/OFBiz+security Jacques From: <[hidden email]> > Author: jaz > Date: Mon Jan 5 11:46:16 2009 > New Revision: 731660 > > URL: http://svn.apache.org/viewvc?rev=731660&view=rev > Log: > implemented per-site "protect" settings. Instead of only per request or per instance (setting in security.properties), now we > support per application with a new <protect view="name_of_view"/> element in controller.xml. If the "protect" response is not > found, first it will check for a applicaiton default before falling back to per instance. > > > Modified: > ofbiz/trunk/framework/webapp/dtd/site-conf.xsd > ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ConfigXMLReader.java > ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java > ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestManager.java > > Modified: ofbiz/trunk/framework/webapp/dtd/site-conf.xsd > URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/dtd/site-conf.xsd?rev=731660&r1=731659&r2=731660&view=diff > ============================================================================== > --- ofbiz/trunk/framework/webapp/dtd/site-conf.xsd (original) > +++ ofbiz/trunk/framework/webapp/dtd/site-conf.xsd Mon Jan 5 11:46:16 2009 > @@ -26,6 +26,7 @@ > <xs:element minOccurs="0" ref="owner"/> > <xs:element minOccurs="0" ref="errorpage"/> > <xs:element minOccurs="0" maxOccurs="unbounded" ref="handler"/> > + <xs:element minOccurs="0" maxOccurs="1" ref="protect"/> > <xs:element minOccurs="0" ref="firstvisit"/> > <xs:element minOccurs="0" ref="preprocessor"/> > <xs:element minOccurs="0" ref="postprocessor"/> > @@ -74,6 +75,14 @@ > </xs:attribute> > <xs:attribute type="xs:string" name="class" use="required"/> > </xs:attributeGroup> > + <xs:element name="protect"> > + <xs:complexType> > + <xs:attributeGroup ref="attlist.protect"/> > + </xs:complexType> > + </xs:element> > + <xs:attributeGroup name="attlist.protect"> > + <xs:attribute type="xs:string" name="view" use="required"/> > + </xs:attributeGroup> > <xs:element name="firstvisit"> > <xs:complexType> > <xs:sequence> > > Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ConfigXMLReader.java > URL: > http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ConfigXMLReader.java?rev=731660&r1=731659&r2=731660&view=diff > ============================================================================== > --- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ConfigXMLReader.java (original) > +++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ConfigXMLReader.java Mon Jan 5 11:46:16 2009 > @@ -171,6 +171,7 @@ > > /** Site Config Variables */ > public static final String DEFAULT_ERROR_PAGE = "errorpage"; > + public static final String DEFAULT_PROTECT_VIEW = "protect"; > public static final String SITE_OWNER = "owner"; > public static final String SECURITY_CLASS = "security-class"; > public static final String FIRSTVISIT = "firstvisit"; > @@ -501,6 +502,14 @@ > String errorpage = UtilXml.childElementValue(root, DEFAULT_ERROR_PAGE); > if (UtilValidate.isNotEmpty(errorpage)) map.put(DEFAULT_ERROR_PAGE, errorpage); > > + // default protect view > + Element protectElement = UtilXml.firstChildElement(root, DEFAULT_PROTECT_VIEW); > + String protectview; > + if (protectElement != null) { > + protectview = protectElement.getAttribute("view"); > + if (protectview != null) map.put(DEFAULT_PROTECT_VIEW, protectview); > + } > + > // site owner > String owner = UtilXml.childElementValue(root, SITE_OWNER); > if (UtilValidate.isNotEmpty(owner)) map.put(SITE_OWNER, owner); > > Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java > URL: > http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java?rev=731660&r1=731659&r2=731660&view=diff > ============================================================================== > --- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java (original) > +++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java Mon Jan 5 11:46:16 2009 > @@ -230,7 +230,10 @@ > eventReturnString = "protect"; > // check to see if there is an "protect" response, if so it's ok else show the > default_error_response_view > if (null == requestManager.getRequestAttribute(requestUri, "protect")) { > - nextView = UtilProperties.getPropertyValue("security.properties", > "default.error.response.view"); > + nextView = requestManager.getDefaultProtectView(); > + if (nextView == null) { > + nextView = UtilProperties.getPropertyValue("security.properties", > "default.error.response.view"); > + } > } > } > } else if (returnString == null) { > > Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestManager.java > URL: > http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestManager.java?rev=731660&r1=731659&r2=731660&view=diff > ============================================================================== > --- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestManager.java (original) > +++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestManager.java Mon Jan 5 11:46:16 2009 > @@ -298,6 +298,11 @@ > return "/error/error.jsp"; > } > > + /** Gets the default "protect" view; used when no "protect" response type and :_protect_: is used */ > + public String getDefaultProtectView() { > + return (String) ConfigXMLReader.getConfigMap(configFileUrl).get(ConfigXMLReader.DEFAULT_PROTECT_VIEW); > + } > + > public boolean requiresAuth(String uriStr) { > Map<String, Object> uri = getRequestMapMap(uriStr); > > > |
«
Return to OFBiz - Dev
|
1 view|%1 views
| Free forum by Nabble | Edit this page |