svn commit: r1784930 - in /ofbiz/ofbiz-framework/trunk/framework/webapp: config/url.properties src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java src/main/java/org/apache/ofbiz/webapp/website/WebSiteProperties.java

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r1784930 - in /ofbiz/ofbiz-framework/trunk/framework/webapp: config/url.properties src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java src/main/java/org/apache/ofbiz/webapp/website/WebSiteProperties.java

jleroux@apache.org
Author: jleroux
Date: Wed Mar  1 13:36:05 2017
New Revision: 1784930

URL: http://svn.apache.org/viewvc?rev=1784930&view=rev
Log:
Fixed: "Login and logout process in demos shows a certificate issue"
(OFBIZ-9206)

After my conclusions at OFBIZ-9240 I decided to reapply the changes and will
test on demos.

Because WebSiteProperties reuse the port initially found in the 1st login URL
I tried to replace locally
port.https=8443
by
port.https=
in url.properties (w/o SystemProperty) and did not face any issue but with
portOffset. This is due to the WebSiteProperties class works and there is also
an easy fix: don't add twice the portOffset when it's build from the request,
and only then. Keep it as is when it's build from a WebSite GenericValue.
We then trust the user and don't rely on the request.

I also removed the deprecated RequestHandler.getDefaultServerRootUrl()
I think it was time...

Thanks: Pierre Smits

Modified:
    ofbiz/ofbiz-framework/trunk/framework/webapp/config/url.properties
    ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
    ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/website/WebSiteProperties.java

Modified: ofbiz/ofbiz-framework/trunk/framework/webapp/config/url.properties
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/config/url.properties?rev=1784930&r1=1784929&r2=1784930&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/webapp/config/url.properties (original)
+++ ofbiz/ofbiz-framework/trunk/framework/webapp/config/url.properties Wed Mar  1 13:36:05 2017
@@ -20,21 +20,22 @@
 # OFBiz Global URL Settings - WebSite specific settings found in WebSite entity
 ####
 
+# If you want to use HTTP then set no.http=N. Else all requests will use HTTPS (also enforced by a HSTS header) except if put in the http.request-map.list  
+no.http=Y
+http.request-map.list=SOAPService,xmlrpc
+
 # HTTPS Port (Secure port)
 port.https.enabled=Y
-port.https=8443
+# empty by default see OFBIZ-9206
+port.https=
 force.https.host=
 
 # HTTP Port (Not Secure port)
 port.http=8080
 force.http.host=
 
-# If you want to use HTTP then set no.http=N. Else all requests will use HTTPS except if put in the http.request-map.list  
-no.http=Y
-http.request-map.list=SOAPService,xmlrpc
-
 # Static Content URLs to make it easy to move the serving load for static content to other machines
-# -- thse are for general content such as images, js & css files, or non-dynamic HTML files
+# -- these are for general content such as images, js & css files, or non-dynamic HTML files
 content.url.prefix.secure=
 content.url.prefix.standard=
 

Modified: ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java?rev=1784930&r1=1784929&r2=1784930&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java (original)
+++ ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java Wed Mar  1 13:36:05 2017
@@ -35,7 +35,6 @@ import javax.servlet.http.HttpServletReq
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.apache.ofbiz.base.start.Start;
 import org.apache.ofbiz.base.util.Debug;
 import org.apache.ofbiz.base.util.SSLUtil;
 import org.apache.ofbiz.base.util.StringUtil;
@@ -1008,62 +1007,6 @@ public class RequestHandler {
     }
 
     /**
-     * Returns a URL String that contains only the scheme and host parts. This method
-     * should not be used because it ignores settings in the WebSite entity.
-     *
-     * @param request
-     * @param secure
-     * @deprecated Use OfbizUrlBuilder
-     */
-    @Deprecated
-    public static String getDefaultServerRootUrl(HttpServletRequest request, boolean secure) {
-        Delegator delegator = (Delegator) request.getAttribute("delegator");
-        String httpsPort = EntityUtilProperties.getPropertyValue("url", "port.https", "443", delegator);
-        String httpsServer = EntityUtilProperties.getPropertyValue("url", "force.https.host", delegator);
-        String httpPort = EntityUtilProperties.getPropertyValue("url", "port.http", "80", delegator);
-        String httpServer = EntityUtilProperties.getPropertyValue("url", "force.http.host", delegator);
-        boolean useHttps = EntityUtilProperties.propertyValueEqualsIgnoreCase("url", "port.https.enabled", "Y", delegator);
-
-        if (Start.getInstance().getConfig().portOffset != 0) {
-            Integer httpPortValue = Integer.valueOf(httpPort);
-            httpPortValue += Start.getInstance().getConfig().portOffset;
-            httpPort = httpPortValue.toString();
-            Integer httpsPortValue = Integer.valueOf(httpsPort);
-            httpsPortValue += Start.getInstance().getConfig().portOffset;
-            httpsPort = httpsPortValue.toString();
-        }
-        
-        StringBuilder newURL = new StringBuilder();
-
-        if (secure && useHttps) {
-            String server = httpsServer;
-            if (UtilValidate.isEmpty(server)) {
-                server = request.getServerName();
-            }
-
-            newURL.append("https://");
-            newURL.append(server);
-            if (!httpsPort.equals("443")) {
-                newURL.append(":").append(httpsPort);
-            }
-
-        } else {
-            String server = httpServer;
-            if (UtilValidate.isEmpty(server)) {
-                server = request.getServerName();
-            }
-
-            newURL.append("http://");
-            newURL.append(server);
-            if (!httpPort.equals("80")) {
-                newURL.append(":").append(httpPort);
-            }
-        }
-        return newURL.toString();
-    }
-
-
-    /**
      * Creates a query string based on the redirect parameters for a request response, if specified, or for all request parameters if no redirect parameters are specified.
      *
      * @param request the Http request

Modified: ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/website/WebSiteProperties.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/website/WebSiteProperties.java?rev=1784930&r1=1784929&r2=1784930&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/website/WebSiteProperties.java (original)
+++ ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/website/WebSiteProperties.java Wed Mar  1 13:36:05 2017
@@ -57,6 +57,7 @@ public final class WebSiteProperties {
         Assert.notNull("request", request);
         WebSiteProperties webSiteProps = (WebSiteProperties) request.getAttribute("_WEBSITE_PROPS_");
         if (webSiteProps == null) {
+            Boolean dontAddPortoffset = false;
             Delegator delegator = (Delegator) request.getAttribute("delegator");
             WebSiteProperties defaults = new WebSiteProperties(delegator);
             String httpPort = defaults.getHttpPort();
@@ -95,6 +96,7 @@ public final class WebSiteProperties {
             }
             if (httpsPort.isEmpty() && request.isSecure()) {
                 httpsPort = String.valueOf(request.getServerPort());
+                dontAddPortoffset = true; // We take the port from the request, don't add the portOffset
             }
             if (httpsHost.isEmpty()) {
                 httpsHost = request.getServerName();
@@ -104,10 +106,14 @@ public final class WebSiteProperties {
                 Integer httpPortValue = Integer.valueOf(httpPort);
                 httpPortValue += Start.getInstance().getConfig().portOffset;
                 httpPort = httpPortValue.toString();
-                Integer httpsPortValue = Integer.valueOf(httpsPort);
-                httpsPortValue += Start.getInstance().getConfig().portOffset;
-                httpsPort = httpsPortValue.toString();
-            }                
+                if (!dontAddPortoffset) {
+                    Integer httpsPortValue = Integer.valueOf(httpsPort);
+                    if (!httpsPort.isEmpty()) {
+                        httpsPortValue += Start.getInstance().getConfig().portOffset;
+                    }
+                    httpsPort = httpsPortValue.toString();
+                }
+            }
             
             webSiteProps = new WebSiteProperties(httpPort, httpHost, httpsPort, httpsHost, enableHttps);
             request.setAttribute("_WEBSITE_PROPS_", webSiteProps);
@@ -138,9 +144,9 @@ public final class WebSiteProperties {
             httpPortValue += Start.getInstance().getConfig().portOffset;
             httpPort = httpPortValue.toString();
             Integer httpsPortValue = Integer.valueOf(httpsPort);
-            httpsPortValue += Start.getInstance().getConfig().portOffset;
+            httpsPortValue += Start.getInstance().getConfig().portOffset; // Here unlike above we trust the user and don't rely on the request, no dontAddPortoffset.
             httpsPort = httpsPortValue.toString();
-        }                
+        }
         
         return new WebSiteProperties(httpPort, httpHost, httpsPort, httpsHost, enableHttps);
     }