svn commit: r1746159 - /ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ConfigXMLReader.java

Author: jleroux
Date: Mon May 30 17:40:10 2016
New Revision: 1746159

URL: http://svn.apache.org/viewvc?rev=1746159&view=rev
Log:
A fix for "Use only HTTPS in OFBiz" - https://issues.apache.org/jira/browse/OFBIZ-6849

I just realised that the main change (the one in ConfigXMLReader.java, exposed in a comment in OFBIZ-6849) was not committed in r1745525. I guess it was because of tests I did for OFBIZ-4090, I certainly removed these changes then and forgot to put them back.

Modified:
    ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ConfigXMLReader.java

Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ConfigXMLReader.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ConfigXMLReader.java?rev=1746159&r1=1746158&r2=1746159&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ConfigXMLReader.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ConfigXMLReader.java Mon May 30 17:40:10 2016
@@ -40,7 +40,9 @@ import org.ofbiz.base.util.Assert;
 import org.ofbiz.base.util.Debug;
 import org.ofbiz.base.util.FileUtil;
 import org.ofbiz.base.util.GeneralException;
+import org.ofbiz.base.util.StringUtil;
 import org.ofbiz.base.util.UtilHttp;
+import org.ofbiz.base.util.UtilProperties;
 import org.ofbiz.base.util.UtilValidate;
 import org.ofbiz.base.util.UtilXml;
 import org.ofbiz.base.util.cache.UtilCache;
@@ -530,7 +532,7 @@ public class ConfigXMLReader {
         public boolean trackServerHit = true;
         public String description;
         public Event event;
-        public boolean securityHttps = false;
+        public boolean securityHttps = true;
         public boolean securityAuth = false;
         public boolean securityCert = false;
         public boolean securityExternalView = true;
@@ -547,7 +549,17 @@ public class ConfigXMLReader {
             // Check for security
             Element securityElement = UtilXml.firstChildElement(requestMapElement, "security");
             if (securityElement != null) {
+                if (!UtilProperties.propertyValueEqualsIgnoreCase("url", "no.http", "Y")) {
                 this.securityHttps = "true".equals(securityElement.getAttribute("https"));
+                } else {
+                    String httpRequestMapList = UtilProperties.getPropertyValue("url", "http.request-map.list");
+                    if (UtilValidate.isNotEmpty(httpRequestMapList)) {
+                        List<String> reqList = StringUtil.split(httpRequestMapList, ",");
+                        if (reqList.contains(this.uri)) {
+                            this.securityHttps = "true".equals(securityElement.getAttribute("https"));
+                        }
+                    }
+                }
                 this.securityAuth = "true".equals(securityElement.getAttribute("auth"));
                 this.securityCert = "true".equals(securityElement.getAttribute("cert"));
                 this.securityExternalView = !"false".equals(securityElement.getAttribute("external-view"));