svn commit: r1827442 - in /ofbiz/ofbiz-framework/branches/release17.12: ./ framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ContextFilter.java

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r1827442 - in /ofbiz/ofbiz-framework/branches/release17.12: ./ framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ContextFilter.java

jleroux@apache.org
Author: jleroux
Date: Wed Mar 21 21:00:50 2018
New Revision: 1827442

URL: http://svn.apache.org/viewvc?rev=1827442&view=rev
Log:
"Applied fix from trunk for revision: 1827441  "
------------------------------------------------------------------------
r1827441 | jleroux | 2018-03-21 21:59:49 +0100 (mer., 21 mars 2018) | 4 lines

Fixed: Token Based Authentication
(OFBIZ-9833)

Reverts change in ContextFilter.java committed with 1813679, was wrong
------------------------------------------------------------------------

Modified:
    ofbiz/ofbiz-framework/branches/release17.12/   (props changed)
    ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ContextFilter.java

Propchange: ofbiz/ofbiz-framework/branches/release17.12/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Mar 21 21:00:50 2018
@@ -10,4 +10,4 @@
 /ofbiz/branches/json-integration-refactoring:1634077-1635900
 /ofbiz/branches/multitenant20100310:921280-927264
 /ofbiz/branches/release13.07:1547657
-/ofbiz/ofbiz-framework/trunk:1819499,1819598,1819800,1819805,1819811,1820038,1820262,1820374-1820375,1820441,1820457,1820644,1820658,1820790,1820823,1820949,1820966,1821012,1821036,1821112,1821115,1821144,1821186,1821219,1821226,1821230,1821386,1821600,1821613,1821628,1821965,1822125,1822310,1822377,1822383,1822393,1822882,1823324,1823467,1823562,1823876,1824260,1824314,1824316,1824732,1824803,1824847,1824855,1825192,1825211,1825216,1825233,1825450,1826374,1826502,1826592,1826671,1826674,1826805,1826938,1826997,1827439
+/ofbiz/ofbiz-framework/trunk:1819499,1819598,1819800,1819805,1819811,1820038,1820262,1820374-1820375,1820441,1820457,1820644,1820658,1820790,1820823,1820949,1820966,1821012,1821036,1821112,1821115,1821144,1821186,1821219,1821226,1821230,1821386,1821600,1821613,1821628,1821965,1822125,1822310,1822377,1822383,1822393,1822882,1823324,1823467,1823562,1823876,1824260,1824314,1824316,1824732,1824803,1824847,1824855,1825192,1825211,1825216,1825233,1825450,1826374,1826502,1826592,1826671,1826674,1826805,1826938,1826997,1827439,1827441

Modified: ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ContextFilter.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ContextFilter.java?rev=1827442&r1=1827441&r2=1827442&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ContextFilter.java (original)
+++ ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ContextFilter.java Wed Mar 21 21:00:50 2018
@@ -28,7 +28,6 @@ import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.ofbiz.base.util.Debug;
@@ -188,33 +187,8 @@ public class ContextFilter implements Fi
             }
         }
 
-        HttpServletRequestWrapper wrapper = new HttpServletRequestWrapper(httpRequest) {
-            @Override
-            public String getHeader(String name) {
-                String sourceWebappName = request.getParameter(ExternalLoginKeysManager.SOURCE_SERVER_WEBAPP_NAME);
-                String value = null;
-                if (sourceWebappName != null) {
-                    HttpServletRequest httpRequest = (HttpServletRequest) request;
-                    String userLoginId = LoginWorker.getAutoUserLoginId(httpRequest, sourceWebappName);
-                    if (userLoginId != null) { // At this stage the user must be logged in. But safer to check because we can't grab it from the session here.
-                            // ExternalLoginKeysManager.createJwt() arguments in order:
-                            // id an Id, here userLoginId
-                            // issuer is who/what issued the token, here the server URL
-                            // subject is the subject of the token, here the target webapp
-                            // timeToLive is the token maximum duration, default 30 seconds
-                            String targetWebAppName = UtilHttp.getApplicationName(httpRequest);
-                            String targetServerUrl = ExternalLoginKeysManager.getTargetServerUrl(httpRequest);
-                            long timeToLive = ExternalLoginKeysManager.getJwtTokenTimeToLive(httpRequest);
-                            // We would need a Bearer token (in Authorization request header) if we were using Oauth2, here we don't, so no Bearer
-                            value = ExternalLoginKeysManager.createJwt(userLoginId, targetServerUrl, targetWebAppName , timeToLive);
-                    }
-                }
-                if (value != null) return value;
-                return super.getHeader(name);
-            }
-        };
         // we're done checking; continue on
-        chain.doFilter(wrapper, httpResponse);
+        chain.doFilter(request, httpResponse);
     }
 
     /**