OFBiz OFBiz - User

getting exception in calling the service

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Ashish Repal
Reply | Threaded
Open this post in threaded view
|

getting exception in calling the service

Ashish Repal
Hi All,
I am getting below exception when calling the service from controller.

[ServiceEventHandler.java:408:ERROR] =============== Found URL parameter
[shipId] passed to secure (https) request-map with uri
[ModifyShipmentStatus] with an event that calls service
[ModifyShipmentStatus]; this is not allowed for security reasons! The data
should be encrypted by making it part of the request body (a form field)
instead of the request URL.

anyone has idea about this?

controller.xml:

    <request-map uri="ModifyShipmentStatus">
         <security https="true" auth="true" />
        <event type="service" path="" invoke="ModifyShipmentStatus"/>
        <response name="success" type="view" value="EditTrip"/>
        <response name="error" type="view" value="EditTrip"/>
    </request-map>

If I comment the security tag in controller it works but later it fails
saying

org.ofbiz.webapp.control.RequestHandlerException: Not accepting insecure
form data posted to a secure request



Regards,
Aashish Repal
09623381664
pierre.gaudin
Reply | Threaded
Open this post in threaded view
|

Re: getting exception in calling the service

pierre.gaudin
Hi Ashish,

You may try to use a form instead of an url with parameters.

Regards

Pierre
On 25/07/2015 08:04, Ashish Repal wrote:
Hi All,
I am getting below exception when calling the service from controller.

[ServiceEventHandler.java:408:ERROR] =============== Found URL parameter
[shipId] passed to secure (https) request-map with uri
[ModifyShipmentStatus] with an event that calls service
[ModifyShipmentStatus]; this is not allowed for security reasons! The data
should be encrypted by making it part of the request body (a form field)
instead of the request URL.

anyone has idea about this?

controller.xml:

    <request-map uri="ModifyShipmentStatus">
         <security https="true" auth="true" />
        <event type="service" path="" invoke="ModifyShipmentStatus"/>
        <response name="success" type="view" value="EditTrip"/>
        <response name="error" type="view" value="EditTrip"/>
    </request-map>

If I comment the security tag in controller it works but later it fails
saying

org.ofbiz.webapp.control.RequestHandlerException: Not accepting insecure
form data posted to a secure request



Regards,
Aashish Repal
09623381664


--
logoNrd
 Pierre GAUDIN
Consultant Fonctionnel Apache-OFBiz, ERP en logiciel Libre
[hidden email]
3bis rue des Isles 37270 VERETZ
Std: 02 47 50 30 54 - mob: 06 08 40 25 70
ofbiz-fr | réseau LE
Adrian Crum-3
Reply | Threaded
Open this post in threaded view
|

Re: getting exception in calling the service

Adrian Crum-3
In reply to this post by Ashish Repal
Basically, you need to invoke the URL with an HTTP POST instead of an
HTTP GET.

Adrian Crum
Sandglass Software
www.sandglass-software.com

On 7/24/2015 11:04 PM, Ashish Repal wrote:

> Hi All,
> I am getting below exception when calling the service from controller.
>
> [ServiceEventHandler.java:408:ERROR] =============== Found URL parameter
> [shipId] passed to secure (https) request-map with uri
> [ModifyShipmentStatus] with an event that calls service
> [ModifyShipmentStatus]; this is not allowed for security reasons! The data
> should be encrypted by making it part of the request body (a form field)
> instead of the request URL.
>
> anyone has idea about this?
>
> controller.xml:
>
>      <request-map uri="ModifyShipmentStatus">
>           <security https="true" auth="true" />
>          <event type="service" path="" invoke="ModifyShipmentStatus"/>
>          <response name="success" type="view" value="EditTrip"/>
>          <response name="error" type="view" value="EditTrip"/>
>      </request-map>
>
> If I comment the security tag in controller it works but later it fails
> saying
>
> org.ofbiz.webapp.control.RequestHandlerException: Not accepting insecure
> form data posted to a secure request
>
>
>
> Regards,
> Aashish Repal
> 09623381664
>
Ashish Repal
Reply | Threaded
Open this post in threaded view
|

Re: getting exception in calling the service

Ashish Repal
Actually this is a listing screen where i have provided hyperlinks using
href.
Eg. in ftl
<td><a
href="/facility/control/ModifyShipmentStatus?shipId=${tripShipmentData.shipId?if_exists}&amp;status=Delivered"
class="buttontext">Delivered</a></td>

and in Form.xml

        <field name="start" position="2" title="" widget-style="buttontext"
use-when="&quot;N&quot;.equals(isStarted)"  >
             <hyperlink target="/startShip" description="start Ship"  >
                <parameter param-name="tripId" value="${shipId}"
/>
            </hyperlink>
        </field>


Regards,
Aashish Repal
09623381664

On Sat, Jul 25, 2015 at 1:00 PM, Adrian Crum <
[hidden email]> wrote:

> Basically, you need to invoke the URL with an HTTP POST instead of an HTTP
> GET.
>
> Adrian Crum
> Sandglass Software
> www.sandglass-software.com
>
>
> On 7/24/2015 11:04 PM, Ashish Repal wrote:
>
>> Hi All,
>> I am getting below exception when calling the service from controller.
>>
>> [ServiceEventHandler.java:408:ERROR] =============== Found URL parameter
>> [shipId] passed to secure (https) request-map with uri
>> [ModifyShipmentStatus] with an event that calls service
>> [ModifyShipmentStatus]; this is not allowed for security reasons! The data
>> should be encrypted by making it part of the request body (a form field)
>> instead of the request URL.
>>
>> anyone has idea about this?
>>
>> controller.xml:
>>
>>      <request-map uri="ModifyShipmentStatus">
>>           <security https="true" auth="true" />
>>          <event type="service" path="" invoke="ModifyShipmentStatus"/>
>>          <response name="success" type="view" value="EditTrip"/>
>>          <response name="error" type="view" value="EditTrip"/>
>>      </request-map>
>>
>> If I comment the security tag in controller it works but later it fails
>> saying
>>
>> org.ofbiz.webapp.control.RequestHandlerException: Not accepting insecure
>> form data posted to a secure request
>>
>>
>>
>> Regards,
>> Aashish Repal
>> 09623381664
>>
>>
Deepak Dixit-3
Reply | Threaded
Open this post in threaded view
|

Re: getting exception in calling the service

Deepak Dixit-3
Hi Ashish,

Comment inline:

> On Jul 25, 2015, at 5:01 PM, Ashish Repal <[hidden email]> wrote:
>
> Actually this is a listing screen where i have provided hyperlinks using
> href.
> Eg. in ftl
> <td><a
> href="/facility/control/ModifyShipmentStatus?shipId=${tripShipmentData.shipId?if_exists}&amp;status=Delivered"
> class="buttontext">Delivered</a></td>

Here you can create a html form element;

<form action=“<@ofbizUrl>ModifyShipmentStatus</@ofbizUrl>” method=“post”>
    <input type=“hidden” name=“shipId” value=“${tripShipmentData.shipId!}” />
    <input type=“submit” value=“ Delivered” />
</form>


>
> and in Form.xml
>
>        <field name="start" position="2" title="" widget-style="buttontext"
> use-when="&quot;N&quot;.equals(isStarted)"  >
>             <hyperlink target="/startShip" description="start Ship"  >
>                <parameter param-name="tripId" value="${shipId}"
> />
>            </hyperlink>
>        </field>

You can use link-type="hidden-form” in form widget to render link as form.


Thanks & Regards

Deepak Dixit

>
>
> Regards,
> Aashish Repal
> 09623381664
>
> On Sat, Jul 25, 2015 at 1:00 PM, Adrian Crum <
> [hidden email]> wrote:
>
>> Basically, you need to invoke the URL with an HTTP POST instead of an HTTP
>> GET.
>>
>> Adrian Crum
>> Sandglass Software
>> www.sandglass-software.com
>>
>>
>> On 7/24/2015 11:04 PM, Ashish Repal wrote:
>>
>>> Hi All,
>>> I am getting below exception when calling the service from controller.
>>>
>>> [ServiceEventHandler.java:408:ERROR] =============== Found URL parameter
>>> [shipId] passed to secure (https) request-map with uri
>>> [ModifyShipmentStatus] with an event that calls service
>>> [ModifyShipmentStatus]; this is not allowed for security reasons! The data
>>> should be encrypted by making it part of the request body (a form field)
>>> instead of the request URL.
>>>
>>> anyone has idea about this?
>>>
>>> controller.xml:
>>>
>>>     <request-map uri="ModifyShipmentStatus">
>>>          <security https="true" auth="true" />
>>>         <event type="service" path="" invoke="ModifyShipmentStatus"/>
>>>         <response name="success" type="view" value="EditTrip"/>
>>>         <response name="error" type="view" value="EditTrip"/>
>>>     </request-map>
>>>
>>> If I comment the security tag in controller it works but later it fails
>>> saying
>>>
>>> org.ofbiz.webapp.control.RequestHandlerException: Not accepting insecure
>>> form data posted to a secure request
>>>
>>>
>>>
>>> Regards,
>>> Aashish Repal
>>> 09623381664
>>>
>>>

Ashish Repal
Reply | Threaded
Open this post in threaded view
|

Re: getting exception in calling the service

Ashish Repal
Thanks Deepak!!


Regards,
Aashish Repal
09623381664

On Mon, Jul 27, 2015 at 11:19 AM, Deepak Dixit <
[hidden email]> wrote:

> Hi Ashish,
>
> Comment inline:
>
> > On Jul 25, 2015, at 5:01 PM, Ashish Repal <[hidden email]> wrote:
> >
> > Actually this is a listing screen where i have provided hyperlinks using
> > href.
> > Eg. in ftl
> > <td><a
> >
> href="/facility/control/ModifyShipmentStatus?shipId=${tripShipmentData.shipId?if_exists}&amp;status=Delivered"
> > class="buttontext">Delivered</a></td>
>
> Here you can create a html form element;
>
> <form action=“<@ofbizUrl>ModifyShipmentStatus</@ofbizUrl>” method=“post”>
>     <input type=“hidden” name=“shipId” value=“${tripShipmentData.shipId!}”
> />
>     <input type=“submit” value=“ Delivered” />
> </form>
>
>
> >
> > and in Form.xml
> >
> >        <field name="start" position="2" title=""
> widget-style="buttontext"
> > use-when="&quot;N&quot;.equals(isStarted)"  >
> >             <hyperlink target="/startShip" description="start Ship"  >
> >                <parameter param-name="tripId" value="${shipId}"
> > />
> >            </hyperlink>
> >        </field>
>
> You can use link-type="hidden-form” in form widget to render link as form.
>
>
> Thanks & Regards
> —
> Deepak Dixit
>
> >
> >
> > Regards,
> > Aashish Repal
> > 09623381664
> >
> > On Sat, Jul 25, 2015 at 1:00 PM, Adrian Crum <
> > [hidden email]> wrote:
> >
> >> Basically, you need to invoke the URL with an HTTP POST instead of an
> HTTP
> >> GET.
> >>
> >> Adrian Crum
> >> Sandglass Software
> >> www.sandglass-software.com
> >>
> >>
> >> On 7/24/2015 11:04 PM, Ashish Repal wrote:
> >>
> >>> Hi All,
> >>> I am getting below exception when calling the service from controller.
> >>>
> >>> [ServiceEventHandler.java:408:ERROR] =============== Found URL
> parameter
> >>> [shipId] passed to secure (https) request-map with uri
> >>> [ModifyShipmentStatus] with an event that calls service
> >>> [ModifyShipmentStatus]; this is not allowed for security reasons! The
> data
> >>> should be encrypted by making it part of the request body (a form
> field)
> >>> instead of the request URL.
> >>>
> >>> anyone has idea about this?
> >>>
> >>> controller.xml:
> >>>
> >>>     <request-map uri="ModifyShipmentStatus">
> >>>          <security https="true" auth="true" />
> >>>         <event type="service" path="" invoke="ModifyShipmentStatus"/>
> >>>         <response name="success" type="view" value="EditTrip"/>
> >>>         <response name="error" type="view" value="EditTrip"/>
> >>>     </request-map>
> >>>
> >>> If I comment the security tag in controller it works but later it fails
> >>> saying
> >>>
> >>> org.ofbiz.webapp.control.RequestHandlerException: Not accepting
> insecure
> >>> form data posted to a secure request
> >>>
> >>>
> >>>
> >>> Regards,
> >>> Aashish Repal
> >>> 09623381664
> >>>
> >>>
>
>
Free forum by Nabble Edit this page