svn commit: r1328122 - in /ofbiz/trunk: applications/securityext/src/o
Locked
svn commit: r1328122 - in /ofbiz/trunk: applications/securityext/src/o
 
|
Author: jleroux
Date: Thu Apr 19 21:41:39 2012 New Revision: 1328122 URL: http://svn.apache.org/viewvc?rev=1328122&view=rev Log: This introduces a mean to hide a service result in log (when the service is longer than 50 ms and Debug.timingOn() or > 200 ms and Debug.infoOn(), see ServiceDispatcher.java, just above line 600) A hideResultInLog service attribute is added. If set to true the service result will be hidden from possible exposition in ServiceDispatcher.runSync() This is convenient when used for sending a password to an user (the password must be legible in the sent mail). I'm sure a lot of you would want to have no logs at all in production. But by experience I know that we need to log info in logs even in production. Especially when the system is quickly moving ahead... So this is a sure mean to hide any password in logs, being current or backuped somewhere on the servers disks... Modified: ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java ofbiz/trunk/framework/common/servicedef/services_email.xml ofbiz/trunk/framework/common/src/org/ofbiz/common/email/EmailServices.java ofbiz/trunk/framework/service/dtd/services.xsd ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelServiceReader.java ofbiz/trunk/framework/service/src/org/ofbiz/service/ServiceDispatcher.java Modified: ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java?rev=1328122&r1=1328121&r2=1328122&view=diff ============================================================================== --- ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java (original) +++ ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java Thu Apr 19 21:41:39 2012 @@ -306,7 +306,7 @@ public class LoginEvents { serviceContext.put("partyId", party.getString("partyId")); try { - Map<String, Object> result = dispatcher.runSync("sendMailFromScreen", serviceContext); + Map<String, Object> result = dispatcher.runSync("sendMailHiddenInLogFromScreen", serviceContext); if (ModelService.RESPOND_ERROR.equals(result.get(ModelService.RESPONSE_MESSAGE))) { Map<String, Object> messageMap = UtilMisc.toMap("errorMessage", result.get(ModelService.ERROR_MESSAGE)); Modified: ofbiz/trunk/framework/common/servicedef/services_email.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/servicedef/services_email.xml?rev=1328122&r1=1328121&r2=1328122&view=diff ============================================================================== --- ofbiz/trunk/framework/common/servicedef/services_email.xml (original) +++ ofbiz/trunk/framework/common/servicedef/services_email.xml Thu Apr 19 21:41:39 2012 @@ -52,10 +52,8 @@ under the License. <!-- used for parsing and ECAs --> <attribute name="communicationEventId" type="String" mode="INOUT" optional="true"/> </service> - <service name="sendMail" engine="java" - location="org.ofbiz.common.email.EmailServices" invoke="sendMail"> - <description>Send E-Mail Service. partyId and communicationEventId aren't used by sendMail - but are passed down to storeEmailAsCommunication during the SECA chain. See sendMailInterface for more comments.</description> + <service name="sendMailOnePartInterface" engine="interface" location="" invoke=""> + <description>Interface service for sendMail* services.</description> <implements service="sendMailInterface"/> <attribute name="body" type="String" mode="INOUT" optional="false" allow-html="safe"/> <override name="contentType" mode="INOUT"/> @@ -63,14 +61,36 @@ under the License. <override name="emailType" type="String" mode="INOUT" optional="true"/> <override name="sendTo" optional="false"/><!-- service will give an NPE when not provided --> </service> - <service name="sendMailMultiPart" engine="java" - location="org.ofbiz.common.email.EmailServices" invoke="sendMail"> - <description>Send Multi-Part E-Mail Service</description> + <service name="sendMailMultiPartInterface" engine="interface" location="" invoke=""> + <description>Interface service for sendMailMultiPart* services</description> <implements service="sendMailInterface"/> <attribute name="bodyParts" type="java.util.List" mode="INOUT" optional="false"/> <attribute name="subject" type="String" mode="INOUT" optional="false"/> <override name="contentType" mode="INOUT"/> </service> + <service name="sendMail" engine="java" + location="org.ofbiz.common.email.EmailServices" invoke="sendMail"> + <description>Send E-Mail Service. partyId and communicationEventId aren't used by sendMail + but are passed down to storeEmailAsCommunication during the SECA chain. See sendMailInterface for more comments.</description> + <implements service="sendMailOnePartInterface"/> + </service> + <service name="sendMailHiddenInLog" engine="java" hideResultInLog="true" + location="org.ofbiz.common.email.EmailServices" invoke="sendMail"> + <description>Send E-Mail Service. partyId and communicationEventId aren't used by sendMail + but are passed down to storeEmailAsCommunication during the SECA chain. See sendMailInterface for more comments.</description> + <implements service="sendMailOnePartInterface"/> + <attribute name="hideInLog" type="Boolean" mode="IN" optional="true"/> + </service> + <service name="sendMailMultiPart" engine="java" + location="org.ofbiz.common.email.EmailServices" invoke="sendMail"> + <description>Send Multi-Part E-Mail Service</description> + <implements service="sendMailMultiPartInterface"/> + </service> + <service name="sendMailMultiPartHiddenInLog" engine="java" hideResultInLog="true" + location="org.ofbiz.common.email.EmailServices" invoke="sendMail"> + <description>Send Multi-Part E-Mail Service</description> + <implements service="sendMailMultiPartInterface"/> + </service> <service name="sendMailFromUrl" engine="java" location="org.ofbiz.common.email.EmailServices" invoke="sendMailFromUrl"> <description>Send E-Mail From URL Service</description> @@ -79,9 +99,8 @@ under the License. <attribute name="bodyUrlParameters" type="Map" mode="IN" optional="true"/> <attribute name="body" type="String" mode="OUT" optional="false" allow-html="safe"/> </service> - <service name="sendMailFromScreen" max-retry="3" engine="java" - location="org.ofbiz.common.email.EmailServices" invoke="sendMailFromScreen"> - <description>Send E-Mail From Screen Widget Service</description> + <service name="sendMailFromScreenInterface" engine="interface" location="" invoke=""> + <description>Interface service for E-Mail sent From Screen Widget</description> <implements service="sendMailInterface"/> <attribute name="bodyText" type="String" mode="IN" optional="true" allow-html="safe"/> <attribute name="bodyScreenUri" type="String" mode="IN" optional="true"/> @@ -94,6 +113,17 @@ under the License. <attribute name="subject" type="String" mode="OUT" optional="true"/> <attribute name="body" type="String" mode="OUT" optional="false"/> </service> + <service name="sendMailFromScreen" max-retry="3" engine="java" + location="org.ofbiz.common.email.EmailServices" invoke="sendMailFromScreen"> + <description>Send E-Mail From Screen Widget Service</description> + <implements service="sendMailFromScreenInterface"/> + <attribute name="hideInLog" type="Boolean" mode="IN" optional="true"/> + </service> + <service name="sendMailHiddenInLogFromScreen" max-retry="3" engine="java" hideResultInLog="true" + location="org.ofbiz.common.email.EmailServices" invoke="sendMailHiddenInLogFromScreen"> + <description>Send E-Mail hidden in log (password, etc.) From Screen Widget Service</description> + <implements service="sendMailFromScreenInterface"/> + </service> <service name="sendMailFromTemplateSetting" engine="simple" location="component://common/script/org/ofbiz/common/email/EmailServices.xml" invoke="sendMailFromTemplateSetting"> <description>Send Email From Email Template Setting Service</description> Modified: ofbiz/trunk/framework/common/src/org/ofbiz/common/email/EmailServices.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/email/EmailServices.java?rev=1328122&r1=1328121&r2=1328122&view=diff ============================================================================== --- ofbiz/trunk/framework/common/src/org/ofbiz/common/email/EmailServices.java (original) +++ ofbiz/trunk/framework/common/src/org/ofbiz/common/email/EmailServices.java Thu Apr 19 21:41:39 2012 @@ -585,11 +585,20 @@ public class EmailServices { Map<String, Object> result = ServiceUtil.returnSuccess(); Map<String, Object> sendMailResult; + Boolean hideInLog = (Boolean) serviceContext.get("hideInLog"); try { - if (isMultiPart) { - sendMailResult = dispatcher.runSync("sendMailMultiPart", serviceContext); + if (!hideInLog) { + if (isMultiPart) { + sendMailResult = dispatcher.runSync("sendMailMultiPart", serviceContext); + } else { + sendMailResult = dispatcher.runSync("sendMail", serviceContext); + } } else { - sendMailResult = dispatcher.runSync("sendMail", serviceContext); + if (isMultiPart) { + sendMailResult = dispatcher.runSync("sendMailMultiPartHiddenInLog", serviceContext); + } else { + sendMailResult = dispatcher.runSync("sendMailHiddenInLog", serviceContext); + } } } catch (Exception e) { Debug.logError(e, "Error send email:" + e.toString(), module); @@ -612,6 +621,19 @@ public class EmailServices { return result; } + /** + * JavaMail Service same than sendMailFromScreen but with hidden result in log. + * To prevent having not encoded passwords shown in log + *@param dctx The DispatchContext that this service is operating in + *@param rServiceContext Map containing the input parameters + *@return Map with the result of the service, the output parameters + */ + public static Map<String, Object> sendMailHiddenInLogFromScreen(DispatchContext dctx, Map<String, ? extends Object> rServiceContext) { + Map<String, Object> serviceContext = UtilMisc.makeMapWritable(rServiceContext); + serviceContext.put("hideInLog", true); + return sendMailFromScreen(dctx, serviceContext); + } + public static void sendFailureNotification(DispatchContext dctx, Map<String, ? extends Object> context, MimeMessage message, List<SMTPAddressFailedException> failures) { Locale locale = (Locale) context.get("locale"); Map<String, Object> newContext = FastMap.newInstance(); Modified: ofbiz/trunk/framework/service/dtd/services.xsd URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/dtd/services.xsd?rev=1328122&r1=1328121&r2=1328122&view=diff ============================================================================== --- ofbiz/trunk/framework/service/dtd/services.xsd (original) +++ ofbiz/trunk/framework/service/dtd/services.xsd Thu Apr 19 21:41:39 2012 @@ -114,6 +114,19 @@ under the License. </xs:restriction> </xs:simpleType> </xs:attribute> + <xs:attribute name="hideResultInLog" default="false"> + <xs:annotation> + <xs:documentation> + If set to true the result will be hidden from possible exposition in ServiceDispatcher.runSync() + </xs:documentation> + </xs:annotation> + <xs:simpleType> + <xs:restriction base="xs:token"> + <xs:enumeration value="true"/> + <xs:enumeration value="false"/> + </xs:restriction> + </xs:simpleType> + </xs:attribute> <xs:attribute name="transaction-timeout" type="xs:int" default="0"> <xs:annotation> <xs:documentation> Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java?rev=1328122&r1=1328121&r2=1328122&view=diff ============================================================================== --- ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java (original) +++ ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java Thu Apr 19 21:41:39 2012 @@ -178,6 +178,9 @@ public class ModelService extends Abstra /** Semaphore sleep time (in milliseconds) */ public int semaphoreSleep; + /** Require a new transaction for this service */ + public boolean hideResultInLog; + /** Set of services this service implements */ public Set<ModelServiceIface> implServices = new LinkedHashSet<ModelServiceIface>(); @@ -227,6 +230,7 @@ public class ModelService extends Abstra this.overrideParameters = model.overrideParameters; this.inheritedParameters = model.inheritedParameters(); this.internalGroup = model.internalGroup; + this.hideResultInLog = model.hideResultInLog; List<ModelParam> modelParamList = model.getModelParamList(); for (ModelParam param: modelParamList) { @@ -343,6 +347,7 @@ public class ModelService extends Abstra buf.append(contextInfo).append("::"); buf.append(contextParamList).append("::"); buf.append(inheritedParameters).append("::"); + buf.append(hideResultInLog).append("::"); return buf.toString(); } Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelServiceReader.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelServiceReader.java?rev=1328122&r1=1328121&r2=1328122&view=diff ============================================================================== --- ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelServiceReader.java (original) +++ ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelServiceReader.java Thu Apr 19 21:41:39 2012 @@ -213,10 +213,11 @@ public class ModelServiceReader implemen service.export = "true".equalsIgnoreCase(serviceElement.getAttribute("export")); service.debug = "true".equalsIgnoreCase(serviceElement.getAttribute("debug")); - // this defaults to true; if anything but false, make it true + // these defaults to false; if anything but false, make it true service.validate = !"false".equalsIgnoreCase(serviceElement.getAttribute("validate")); service.useTransaction = !"false".equalsIgnoreCase(serviceElement.getAttribute("use-transaction")); service.requireNewTransaction = !"false".equalsIgnoreCase(serviceElement.getAttribute("require-new-transaction")); + service.hideResultInLog = !"false".equalsIgnoreCase(serviceElement.getAttribute("hideResultInLog")); // set the semaphore sleep/wait times String semaphoreWaitStr = UtilXml.checkEmpty(serviceElement.getAttribute("semaphore-wait-seconds")); @@ -267,7 +268,7 @@ public class ModelServiceReader implemen timeout = 0; } } - service.transactionTimeout = timeout; + service.transactionTimeout = timeout; service.description = getCDATADef(serviceElement, "description"); service.nameSpace = getCDATADef(serviceElement, "namespace"); Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/ServiceDispatcher.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/org/ofbiz/service/ServiceDispatcher.java?rev=1328122&r1=1328121&r2=1328122&view=diff ============================================================================== --- ofbiz/trunk/framework/service/src/org/ofbiz/service/ServiceDispatcher.java (original) +++ ofbiz/trunk/framework/service/src/org/ofbiz/service/ServiceDispatcher.java Thu Apr 19 21:41:39 2012 @@ -592,14 +592,23 @@ public class ServiceDispatcher { if (resultStr.length() > 10240) { resultStr = resultStr.substring(0, 10226) + "...[truncated]"; } - Debug.logTiming("Sync service [" + localName + "/" + modelService.name + "] finished in [" + timeToRun + "] milliseconds with response [" + resultStr + "]", module); + if (!modelService.hideResultInLog) { + Debug.logTiming("Sync service [" + localName + "/" + modelService.name + "] finished in [" + timeToRun + "] milliseconds with response [" + resultStr + "]", module); + } else { + Debug.logTiming("Sync service [" + localName + "/" + modelService.name + "] finished in [" + timeToRun + "] milliseconds", module); + } } else if (timeToRun > 200 && Debug.infoOn()) { // Sanity check - some service results can be multiple MB in size. Limit message size to 10K. String resultStr = result.toString(); if (resultStr.length() > 10240) { resultStr = resultStr.substring(0, 10226) + "...[truncated]"; } - Debug.logInfo("Sync service [" + localName + "/" + modelService.name + "] finished in [" + timeToRun + "] milliseconds with response [" + resultStr + "]", module); + if (!modelService.hideResultInLog) { + Debug.logInfo("Sync service [" + localName + "/" + modelService.name + "] finished in [" + timeToRun + "] milliseconds with response [" + resultStr + "]", module); + } else { + Debug.logInfo("Sync service [" + localName + "/" + modelService.name + "] finished in [" + timeToRun + "] milliseconds", module); + + } } return result; |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |