OFBiz › OFBiz - Commits

svn commit: r1784550 - in /ofbiz/branches/release16.11: ./ framework/webapp/config/ framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ framework/webapp/src/main/java/org/apache/ofbiz/webapp/website/

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

jleroux@apache.org

svn commit: r1784550 - in /ofbiz/branches/release16.11: ./ framework/webapp/config/ framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ framework/webapp/src/main/java/org/apache/ofbiz/webapp/website/

Author: jleroux
Date: Mon Feb 27 12:35:04 2017
New Revision: 1784550

URL: http://svn.apache.org/viewvc?rev=1784550&view=rev
Log:
"Applied fix from trunk framework for revision: 1784549 "
------------------------------------------------------------------------
r1784549 | jleroux | 2017-02-27 13:33:42 +0100 (lun. 27 févr. 2017) | 26 lignes

Fixed: "Login and logout process in demos shows a certificate issue"
(OFBIZ-9206)

Also fixes "16.11 ofbizUrl include host+port and break some reverse-proxy/docker
setups"
(OFBIZ-9224)

It was an easy fix, I just imported
<SystemProperty systemPropertyId="port.https" systemResourceId="url"
systemPropertyValue=""/>
in trunk demo and all work perfectly.

I also tried to replace locally
port.https=8443
by
port.https=
in url.properties (w/o SystemProperty) and did not face any issue but with
portOffset. This is due to the WebSiteProperties class works and there is also
an easy fix: don't add twice the portOffset when it's build from the request,
and only then. Keep it as is when it's build from a WebSite GenericValue.
We then trust the user and don't rely on the request.

I also removed the deprecated RequestHandler.getDefaultServerRootUrl()
I think it was time...

Thanks: Pierre Smits and Leonard Lin for reports
------------------------------------------------------------------------

Modified:
ofbiz/branches/release16.11/ (props changed)
ofbiz/branches/release16.11/framework/webapp/config/url.properties
ofbiz/branches/release16.11/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
ofbiz/branches/release16.11/framework/webapp/src/main/java/org/apache/ofbiz/webapp/website/WebSiteProperties.java

Propchange: ofbiz/branches/release16.11/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Feb 27 12:35:04 2017
@@ -10,5 +10,5 @@
/ofbiz/branches/json-integration-refactoring:1634077-1635900
/ofbiz/branches/multitenant20100310:921280-927264
/ofbiz/branches/release13.07:1547657
-/ofbiz/ofbiz-framework/trunk:1783202,1783388
+/ofbiz/ofbiz-framework/trunk:1783202,1783388,1784549
/ofbiz/trunk:1770481,1770490,1770540,1771440,1771448,1771516,1771935,1772346,1772880,1774772,1775441,1779724,1780659,1781109,1781125,1781979,1782498,1782520

Modified: ofbiz/branches/release16.11/framework/webapp/config/url.properties
URL: http://svn.apache.org/viewvc/ofbiz/branches/release16.11/framework/webapp/config/url.properties?rev=1784550&r1=1784549&r2=1784550&view=diff
==============================================================================
--- ofbiz/branches/release16.11/framework/webapp/config/url.properties (original)
+++ ofbiz/branches/release16.11/framework/webapp/config/url.properties Mon Feb 27 12:35:04 2017
@@ -20,19 +20,20 @@
# OFBiz Global URL Settings - WebSite specific settings found in WebSite entity
####

+# If you want to use HTTP then set no.http=N. Else all requests will use HTTPS (also enforced by a HSTS header) except if put in the http.request-map.list
+no.http=Y
+http.request-map.list=SOAPService,xmlrpc
+
# HTTPS Port (Secure port)
port.https.enabled=Y
-port.https=8443
+# empty by default see OFBIZ-9206
+port.https=
force.https.host=

# HTTP Port (Not Secure port)
port.http=8080
force.http.host=

-# If you want to use HTTP then set no.http=N. Else all requests will use HTTPS except if put in the http.request-map.list
-no.http=Y
-http.request-map.list=SOAPService,xmlrpc
-
# Static Content URLs to make it easy to move the serving load for static content to other machines
# -- thse are for general content such as images, js & css files, or non-dynamic HTML files
content.url.prefix.secure=

Modified: ofbiz/branches/release16.11/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/release16.11/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java?rev=1784550&r1=1784549&r2=1784550&view=diff
==============================================================================
--- ofbiz/branches/release16.11/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java (original)
+++ ofbiz/branches/release16.11/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java Mon Feb 27 12:35:04 2017
@@ -35,7 +35,6 @@ import javax.servlet.http.HttpServletReq
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

-import org.apache.ofbiz.base.start.Start;
import org.apache.ofbiz.base.util.Debug;
import org.apache.ofbiz.base.util.SSLUtil;
import org.apache.ofbiz.base.util.StringUtil;
@@ -1009,62 +1008,6 @@ public class RequestHandler {
}

/**
- * Returns a URL String that contains only the scheme and host parts. This method
- * should not be used because it ignores settings in the WebSite entity.
- *
- * @param request
- * @param secure
- * @deprecated Use OfbizUrlBuilder
- */
- @Deprecated
- public static String getDefaultServerRootUrl(HttpServletRequest request, boolean secure) {
- Delegator delegator = (Delegator) request.getAttribute("delegator");
- String httpsPort = EntityUtilProperties.getPropertyValue("url", "port.https", "443", delegator);
- String httpsServer = EntityUtilProperties.getPropertyValue("url", "force.https.host", delegator);
- String httpPort = EntityUtilProperties.getPropertyValue("url", "port.http", "80", delegator);
- String httpServer = EntityUtilProperties.getPropertyValue("url", "force.http.host", delegator);
- boolean useHttps = EntityUtilProperties.propertyValueEqualsIgnoreCase("url", "port.https.enabled", "Y", delegator);
-
- if (Start.getInstance().getConfig().portOffset != 0) {
- Integer httpPortValue = Integer.valueOf(httpPort);
- httpPortValue += Start.getInstance().getConfig().portOffset;
- httpPort = httpPortValue.toString();
- Integer httpsPortValue = Integer.valueOf(httpsPort);
- httpsPortValue += Start.getInstance().getConfig().portOffset;
- httpsPort = httpsPortValue.toString();
- }
-
- StringBuilder newURL = new StringBuilder();
-
- if (secure && useHttps) {
- String server = httpsServer;
- if (UtilValidate.isEmpty(server)) {
- server = request.getServerName();
- }
-
- newURL.append("https://");
- newURL.append(server);
- if (!httpsPort.equals("443")) {
- newURL.append(":").append(httpsPort);
- }
-
- } else {
- String server = httpServer;
- if (UtilValidate.isEmpty(server)) {
- server = request.getServerName();
- }
-
- newURL.append("http://");
- newURL.append(server);
- if (!httpPort.equals("80")) {
- newURL.append(":").append(httpPort);
- }
- }
- return newURL.toString();
- }
-
-
- /**
* Creates a query string based on the redirect parameters for a request response, if specified, or for all request parameters if no redirect parameters are specified.
*
* @param request the Http request

Modified: ofbiz/branches/release16.11/framework/webapp/src/main/java/org/apache/ofbiz/webapp/website/WebSiteProperties.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/release16.11/framework/webapp/src/main/java/org/apache/ofbiz/webapp/website/WebSiteProperties.java?rev=1784550&r1=1784549&r2=1784550&view=diff
==============================================================================
--- ofbiz/branches/release16.11/framework/webapp/src/main/java/org/apache/ofbiz/webapp/website/WebSiteProperties.java (original)
+++ ofbiz/branches/release16.11/framework/webapp/src/main/java/org/apache/ofbiz/webapp/website/WebSiteProperties.java Mon Feb 27 12:35:04 2017
@@ -57,6 +57,7 @@ public final class WebSiteProperties {
Assert.notNull("request", request);
WebSiteProperties webSiteProps = (WebSiteProperties) request.getAttribute("_WEBSITE_PROPS_");
if (webSiteProps == null) {
+ Boolean dontAdd = false;
Delegator delegator = (Delegator) request.getAttribute("delegator");
WebSiteProperties defaults = new WebSiteProperties(delegator);
String httpPort = defaults.getHttpPort();
@@ -95,6 +96,7 @@ public final class WebSiteProperties {
}
if (httpsPort.isEmpty() && request.isSecure()) {
httpsPort = String.valueOf(request.getServerPort());
+ dontAdd = true; // We take the port from the request, don't add the portOffset
}
if (httpsHost.isEmpty()) {
httpsHost = request.getServerName();
@@ -104,9 +106,12 @@ public final class WebSiteProperties {
Integer httpPortValue = Integer.valueOf(httpPort);
httpPortValue += Start.getInstance().getConfig().portOffset;
httpPort = httpPortValue.toString();
- Integer httpsPortValue = Integer.valueOf(httpsPort);
- httpsPortValue += Start.getInstance().getConfig().portOffset;
- httpsPort = httpsPortValue.toString();
+ if (!dontAdd) {
+ Integer httpsPortValue = Integer.valueOf(httpsPort);
+ if (! httpsPort.isEmpty())
+ httpsPortValue += Start.getInstance().getConfig().portOffset;
+ httpsPort = httpsPortValue.toString();
+ }
}

webSiteProps = new WebSiteProperties(httpPort, httpHost, httpsPort, httpsHost, enableHttps);
@@ -138,7 +143,7 @@ public final class WebSiteProperties {
httpPortValue += Start.getInstance().getConfig().portOffset;
httpPort = httpPortValue.toString();
Integer httpsPortValue = Integer.valueOf(httpsPort);
- httpsPortValue += Start.getInstance().getConfig().portOffset;
+ httpsPortValue += Start.getInstance().getConfig().portOffset; // Here unlike above we trust the user and don't rely on the request, no dontAdd.
httpsPort = httpsPortValue.toString();
}