This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository
https://gitbox.apache.org/repos/asf/ofbiz-framework.gitThe following commit(s) were added to refs/heads/trunk by this push:
new d60bf15 Fixed: Remove _PREVIOUS_REQUEST_ Session Attribute on non-authentication pages (OFBIZ-12047)
d60bf15 is described below
commit d60bf1574bbf49aa99b0358b2b4a45a0fec71717
Author: Jacques Le Roux <
[hidden email]>
AuthorDate: Sat Feb 13 12:29:02 2021 +0100
Fixed: Remove _PREVIOUS_REQUEST_ Session Attribute on non-authentication pages (OFBIZ-12047)
After some small study, it seem there is a problem because login request not
require authentication
I have tried to add a test to check if current request is login and only if it's
not to remove PREVIOUS_REQUEST Session Attribute, it seem better with this
modification.
Thanks: Olivier for the patch and Michael for suggesting to parameterize using
a property. I simply used EntityUtilProperties.getPropertyValue instead of
UtilProperties.getPropertyValue
---
framework/security/config/security.properties | 6 +++++-
.../org/apache/ofbiz/webapp/control/RequestHandler.java | 13 +++++++++++--
2 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/framework/security/config/security.properties b/framework/security/config/security.properties
index 702971a..2981e11 100644
--- a/framework/security/config/security.properties
+++ b/framework/security/config/security.properties
@@ -232,4 +232,8 @@ allowAllUploads=
#-- Popup last-visited time from database after user has logged in.
#-- So users can know of any unauthorised access to their accounts.
#-- Default is true.
-afterlogin.lastvisit.show=
\ No newline at end of file
+afterlogin.lastvisit.show=
+
+#-- uri used for login (cf jira OFBIZ-12047)
+#-- it's a list, each uri should be separated by comma, without space
+login.uris=login
\ No newline at end of file
diff --git a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
index 6b2c08a..46ed743 100644
--- a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
+++ b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
@@ -630,8 +630,17 @@ public final class RequestHandler {
}
}
} else {
- // Remove previous request attribute on navigation to non-authenticated request
- request.getSession().removeAttribute("_PREVIOUS_REQUEST_");
+ String[] loginUris = EntityUtilProperties.getPropertyValue("security", "login.uris", delegator).split(",");
+ boolean removePreviousRequest = true;
+ for (int i = 0; i < loginUris.length; i++) {
+ if (requestUri.equals(loginUris[i])) {
+ removePreviousRequest = false;
+ }
+ }
+ if (removePreviousRequest) {
+ // Remove previous request attribute on navigation to non-authenticated request
+ request.getSession().removeAttribute("_PREVIOUS_REQUEST_");
+ }
}
if (request.getAttribute("targetRequestUri") == null) {
Locked
