Author: jleroux
Date: Wed Mar 1 13:36:05 2017 New Revision: 1784930 URL: http://svn.apache.org/viewvc?rev=1784930&view=rev Log: Fixed: "Login and logout process in demos shows a certificate issue" (OFBIZ-9206) After my conclusions at OFBIZ-9240 I decided to reapply the changes and will test on demos. Because WebSiteProperties reuse the port initially found in the 1st login URL I tried to replace locally port.https=8443 by port.https= in url.properties (w/o SystemProperty) and did not face any issue but with portOffset. This is due to the WebSiteProperties class works and there is also an easy fix: don't add twice the portOffset when it's build from the request, and only then. Keep it as is when it's build from a WebSite GenericValue. We then trust the user and don't rely on the request. I also removed the deprecated RequestHandler.getDefaultServerRootUrl() I think it was time... Thanks: Pierre Smits Modified: ofbiz/ofbiz-framework/trunk/framework/webapp/config/url.properties ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/website/WebSiteProperties.java Modified: ofbiz/ofbiz-framework/trunk/framework/webapp/config/url.properties URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/config/url.properties?rev=1784930&r1=1784929&r2=1784930&view=diff ============================================================================== --- ofbiz/ofbiz-framework/trunk/framework/webapp/config/url.properties (original) +++ ofbiz/ofbiz-framework/trunk/framework/webapp/config/url.properties Wed Mar 1 13:36:05 2017 @@ -20,21 +20,22 @@ # OFBiz Global URL Settings - WebSite specific settings found in WebSite entity #### +# If you want to use HTTP then set no.http=N. Else all requests will use HTTPS (also enforced by a HSTS header) except if put in the http.request-map.list +no.http=Y +http.request-map.list=SOAPService,xmlrpc + # HTTPS Port (Secure port) port.https.enabled=Y -port.https=8443 +# empty by default see OFBIZ-9206 +port.https= force.https.host= # HTTP Port (Not Secure port) port.http=8080 force.http.host= -# If you want to use HTTP then set no.http=N. Else all requests will use HTTPS except if put in the http.request-map.list -no.http=Y -http.request-map.list=SOAPService,xmlrpc - # Static Content URLs to make it easy to move the serving load for static content to other machines -# -- thse are for general content such as images, js & css files, or non-dynamic HTML files +# -- these are for general content such as images, js & css files, or non-dynamic HTML files content.url.prefix.secure= content.url.prefix.standard= Modified: ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java?rev=1784930&r1=1784929&r2=1784930&view=diff ============================================================================== --- ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java (original) +++ ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java Wed Mar 1 13:36:05 2017 @@ -35,7 +35,6 @@ import javax.servlet.http.HttpServletReq import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -import org.apache.ofbiz.base.start.Start; import org.apache.ofbiz.base.util.Debug; import org.apache.ofbiz.base.util.SSLUtil; import org.apache.ofbiz.base.util.StringUtil; @@ -1008,62 +1007,6 @@ public class RequestHandler { } /** - * Returns a URL String that contains only the scheme and host parts. This method - * should not be used because it ignores settings in the WebSite entity. - * - * @param request - * @param secure - * @deprecated Use OfbizUrlBuilder - */ - @Deprecated - public static String getDefaultServerRootUrl(HttpServletRequest request, boolean secure) { - Delegator delegator = (Delegator) request.getAttribute("delegator"); - String httpsPort = EntityUtilProperties.getPropertyValue("url", "port.https", "443", delegator); - String httpsServer = EntityUtilProperties.getPropertyValue("url", "force.https.host", delegator); - String httpPort = EntityUtilProperties.getPropertyValue("url", "port.http", "80", delegator); - String httpServer = EntityUtilProperties.getPropertyValue("url", "force.http.host", delegator); - boolean useHttps = EntityUtilProperties.propertyValueEqualsIgnoreCase("url", "port.https.enabled", "Y", delegator); - - if (Start.getInstance().getConfig().portOffset != 0) { - Integer httpPortValue = Integer.valueOf(httpPort); - httpPortValue += Start.getInstance().getConfig().portOffset; - httpPort = httpPortValue.toString(); - Integer httpsPortValue = Integer.valueOf(httpsPort); - httpsPortValue += Start.getInstance().getConfig().portOffset; - httpsPort = httpsPortValue.toString(); - } - - StringBuilder newURL = new StringBuilder(); - - if (secure && useHttps) { - String server = httpsServer; - if (UtilValidate.isEmpty(server)) { - server = request.getServerName(); - } - - newURL.append("https://"); - newURL.append(server); - if (!httpsPort.equals("443")) { - newURL.append(":").append(httpsPort); - } - - } else { - String server = httpServer; - if (UtilValidate.isEmpty(server)) { - server = request.getServerName(); - } - - newURL.append("http://"); - newURL.append(server); - if (!httpPort.equals("80")) { - newURL.append(":").append(httpPort); - } - } - return newURL.toString(); - } - - - /** * Creates a query string based on the redirect parameters for a request response, if specified, or for all request parameters if no redirect parameters are specified. * * @param request the Http request Modified: ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/website/WebSiteProperties.java URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/website/WebSiteProperties.java?rev=1784930&r1=1784929&r2=1784930&view=diff ============================================================================== --- ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/website/WebSiteProperties.java (original) +++ ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/website/WebSiteProperties.java Wed Mar 1 13:36:05 2017 @@ -57,6 +57,7 @@ public final class WebSiteProperties { Assert.notNull("request", request); WebSiteProperties webSiteProps = (WebSiteProperties) request.getAttribute("_WEBSITE_PROPS_"); if (webSiteProps == null) { + Boolean dontAddPortoffset = false; Delegator delegator = (Delegator) request.getAttribute("delegator"); WebSiteProperties defaults = new WebSiteProperties(delegator); String httpPort = defaults.getHttpPort(); @@ -95,6 +96,7 @@ public final class WebSiteProperties { } if (httpsPort.isEmpty() && request.isSecure()) { httpsPort = String.valueOf(request.getServerPort()); + dontAddPortoffset = true; // We take the port from the request, don't add the portOffset } if (httpsHost.isEmpty()) { httpsHost = request.getServerName(); @@ -104,10 +106,14 @@ public final class WebSiteProperties { Integer httpPortValue = Integer.valueOf(httpPort); httpPortValue += Start.getInstance().getConfig().portOffset; httpPort = httpPortValue.toString(); - Integer httpsPortValue = Integer.valueOf(httpsPort); - httpsPortValue += Start.getInstance().getConfig().portOffset; - httpsPort = httpsPortValue.toString(); - } + if (!dontAddPortoffset) { + Integer httpsPortValue = Integer.valueOf(httpsPort); + if (!httpsPort.isEmpty()) { + httpsPortValue += Start.getInstance().getConfig().portOffset; + } + httpsPort = httpsPortValue.toString(); + } + } webSiteProps = new WebSiteProperties(httpPort, httpHost, httpsPort, httpsHost, enableHttps); request.setAttribute("_WEBSITE_PROPS_", webSiteProps); @@ -138,9 +144,9 @@ public final class WebSiteProperties { httpPortValue += Start.getInstance().getConfig().portOffset; httpPort = httpPortValue.toString(); Integer httpsPortValue = Integer.valueOf(httpsPort); - httpsPortValue += Start.getInstance().getConfig().portOffset; + httpsPortValue += Start.getInstance().getConfig().portOffset; // Here unlike above we trust the user and don't rely on the request, no dontAddPortoffset. httpsPort = httpsPortValue.toString(); - } + } return new WebSiteProperties(httpPort, httpHost, httpsPort, httpsHost, enableHttps); } |
Free forum by Nabble | Edit this page |