svn commit: r1845558 - in /ofbiz: ofbiz-framework/trunk/framewor
Locked
svn commit: r1845558 - in /ofbiz: ofbiz-framework/trunk/framewor
 
|
Author: jleroux
Date: Fri Nov 2 09:46:42 2018 New Revision: 1845558 URL: http://svn.apache.org/viewvc?rev=1845558&view=rev Log: Fixed: Correct behaviour of Autologin cookies (OFBIZ-10635) Renames "keep-autologin-cookie" to "use-autologin-cookie", and only create Autologin cookies when needed. No need to create Autologin cookies in applications that don't need it. Don't pass webAppName to LoginWorker::getSecuredUserLoginId, that can be handled with improved LoginWorker::getSecuredLoginIdCookieName Removes LoginWorker::autoLogoutCleanCookies, no longer needed since only those needed are created and kept (1 year at least after creation). For both autoLogin and securedLoginId cookies sets the path to the application. Modified: ofbiz/ofbiz-framework/trunk/framework/base/dtd/ofbiz-component.xsd ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/component/ComponentConfig.java ofbiz/ofbiz-framework/trunk/framework/common/src/main/java/org/apache/ofbiz/common/CommonEvents.java ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java ofbiz/ofbiz-plugins/trunk/ecommerce/ofbiz-component.xml ofbiz/ofbiz-plugins/trunk/webpos/ofbiz-component.xml Modified: ofbiz/ofbiz-framework/trunk/framework/base/dtd/ofbiz-component.xsd URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/base/dtd/ofbiz-component.xsd?rev=1845558&r1=1845557&r2=1845558&view=diff ============================================================================== --- ofbiz/ofbiz-framework/trunk/framework/base/dtd/ofbiz-component.xsd (original) +++ ofbiz/ofbiz-framework/trunk/framework/base/dtd/ofbiz-component.xsd Fri Nov 2 09:46:42 2018 @@ -258,7 +258,7 @@ under the License. </xs:restriction> </xs:simpleType> </xs:attribute> - <xs:attribute name="keep-autologin-cookie" default="false"> + <xs:attribute name="use-autologin-cookie" default="false"> <xs:simpleType> <xs:annotation> <xs:documentation> Modified: ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/component/ComponentConfig.java URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/component/ComponentConfig.java?rev=1845558&r1=1845557&r2=1845558&view=diff ============================================================================== --- ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/component/ComponentConfig.java (original) +++ ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/component/ComponentConfig.java Fri Nov 2 09:46:42 2018 @@ -856,7 +856,7 @@ public final class ComponentConfig { // CatalinaContainer modifies this field. private volatile boolean appBarDisplay; private final String accessPermission; - private final boolean keepAutologinCookie; + private final boolean useAutologinCookie; private WebappInfo(ComponentConfig componentConfig, Element element) { this.componentConfig = componentConfig; @@ -896,7 +896,7 @@ public final class ComponentConfig { this.appBarDisplay = !"false".equals(element.getAttribute("app-bar-display")); this.privileged = !"false".equals(element.getAttribute("privileged")); this.accessPermission = element.getAttribute("access-permission"); - this.keepAutologinCookie = !"false".equals(element.getAttribute("keep-autologin-cookie")); + this.useAutologinCookie = !"false".equals(element.getAttribute("use-autologin-cookie")); String basePermStr = element.getAttribute("base-permission"); if (!basePermStr.isEmpty()) { this.basePermission = basePermStr.split(","); @@ -986,8 +986,8 @@ public final class ComponentConfig { return virtualHosts; } - public boolean getKeepAutologinCookie() { - return keepAutologinCookie; + public boolean isAutologinCookieUsed() { + return useAutologinCookie; } public synchronized void setAppBarDisplay(boolean appBarDisplay) { Modified: ofbiz/ofbiz-framework/trunk/framework/common/src/main/java/org/apache/ofbiz/common/CommonEvents.java URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/common/src/main/java/org/apache/ofbiz/common/CommonEvents.java?rev=1845558&r1=1845557&r2=1845558&view=diff ============================================================================== --- ofbiz/ofbiz-framework/trunk/framework/common/src/main/java/org/apache/ofbiz/common/CommonEvents.java (original) +++ ofbiz/ofbiz-framework/trunk/framework/common/src/main/java/org/apache/ofbiz/common/CommonEvents.java Fri Nov 2 09:46:42 2018 @@ -384,8 +384,7 @@ public class CommonEvents { public static String loadJWT(HttpServletRequest request, HttpServletResponse response) throws UnsupportedEncodingException { Delegator delegator = (Delegator) request.getAttribute("delegator"); Map<String, String> types = new HashMap<>(); - String webAppName = UtilHttp.getApplicationName(request); - String securedUserLoginId = LoginWorker.getSecuredUserLoginId(request, webAppName); + String securedUserLoginId = LoginWorker.getSecuredUserLoginId(request); if (securedUserLoginId != null) { types.put("userLoginId", securedUserLoginId); int ttlSeconds = (int) Long.parseLong(EntityUtilProperties.getPropertyValue("security", "security.jwt.token.expireTime", "10", delegator)); Modified: ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java?rev=1845558&r1=1845557&r2=1845558&view=diff ============================================================================== --- ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java (original) +++ ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java Fri Nov 2 09:46:42 2018 @@ -577,9 +577,6 @@ public class LoginWorker { } catch (GenericServiceException e) { Debug.logError(e, "Error setting user preference", module); } - // start with a clean state, in case the user has quit the session w/o login out - autoLogoutCleanCookies(request, response); - // finally do the main login routine to set everything else up in the session, etc return doMainLogin(request, response, userLogin, userLoginSession); } else { @@ -790,7 +787,7 @@ public class LoginWorker { RequestHandler rh = RequestHandler.getRequestHandler(request.getSession().getServletContext()); rh.runAfterLoginEvents(request, response); - // Create a secured cookie the client cookie with the correct userLoginId + // Create a secured cookie with the correct userLoginId createSecuredLoginIdCookie(request, response); // make sure the autoUserLogin is set to the same and that the client cookie has the correct userLoginId @@ -850,7 +847,6 @@ public class LoginWorker { doBasicLogout(userLogin, request, response); - autoLogoutCleanCookies(request, response); if (request.getAttribute("_AUTO_LOGIN_LOGOUT_") == null) { return autoLoginCheck(request, response); } @@ -918,36 +914,37 @@ public class LoginWorker { // DON'T save the cart, causes too many problems: if (shoppingCart != null) session.setAttribute("shoppingCart", new WebShoppingCart(shoppingCart, session)); } + // Set an autologin cookie for the webapp if it requests it public static String autoLoginSet(HttpServletRequest request, HttpServletResponse response) { Delegator delegator = (Delegator) request.getAttribute("delegator"); HttpSession session = request.getSession(); GenericValue userLogin = (GenericValue) session.getAttribute("userLogin"); - String domain = EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator); - if (userLogin != null) { + WebappInfo webappInfo = ComponentConfig.getWebappInfo("default-server", UtilHttp.getApplicationName(request)); + + if (userLogin != null && webappInfo != null && webappInfo.isAutologinCookieUsed()) { Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId")); autoLoginCookie.setMaxAge(60 * 60 * 24 * 365); - autoLoginCookie.setDomain(domain); - autoLoginCookie.setPath("/"); + autoLoginCookie.setDomain(EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator)); + autoLoginCookie.setPath("/" + UtilHttp.getApplicationName(request)); autoLoginCookie.setSecure(true); autoLoginCookie.setHttpOnly(true); response.addCookie(autoLoginCookie); - + return autoLoginCheck(delegator, session, userLogin.getString("userLoginId")); } else { return "success"; } } + // Create a securedLoginId cookie for the browser session public static void createSecuredLoginIdCookie(HttpServletRequest request, HttpServletResponse response) { Delegator delegator = (Delegator) request.getAttribute("delegator"); HttpSession session = request.getSession(); GenericValue userLogin = (GenericValue) session.getAttribute("userLogin"); - String domain = EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator); if (userLogin != null) { - String webappName = UtilHttp.getApplicationName(request); - Cookie securedLoginIdCookie = new Cookie(getSecuredLoginIdCookieName(webappName), userLogin.getString("userLoginId")); + Cookie securedLoginIdCookie = new Cookie(getSecuredLoginIdCookieName(request), userLogin.getString("userLoginId")); securedLoginIdCookie.setMaxAge(-1); - securedLoginIdCookie.setDomain(domain); + securedLoginIdCookie.setDomain(EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator)); securedLoginIdCookie.setPath("/" + UtilHttp.getApplicationName(request)); securedLoginIdCookie.setSecure(true); securedLoginIdCookie.setHttpOnly(true); @@ -959,8 +956,8 @@ public class LoginWorker { return UtilHttp.getApplicationName(request) + ".autoUserLoginId"; } - protected static String getSecuredLoginIdCookieName(String webappName) { - return webappName + ".securedLoginId"; + protected static String getSecuredLoginIdCookieName(HttpServletRequest request) { + return UtilHttp.getApplicationName(request) + ".securedLoginId"; } public static String getAutoUserLoginId(HttpServletRequest request) { @@ -980,15 +977,15 @@ public class LoginWorker { return autoUserLoginId; } - public static String getSecuredUserLoginId(HttpServletRequest request, String webappName) { + public static String getSecuredUserLoginId(HttpServletRequest request) { String securedUserLoginId = null; Cookie[] cookies = request.getCookies(); if (Debug.verboseOn()) { Debug.logVerbose("Cookies: " + Arrays.toString(cookies), module); } - if (cookies != null && webappName !=null) { + if (cookies != null) { for (Cookie cookie: cookies) { - String cookieName = getSecuredLoginIdCookieName(webappName); + String cookieName = getSecuredLoginIdCookieName(request); if (cookie.getName().equals(cookieName)) { securedUserLoginId = cookie.getValue(); break; @@ -1058,55 +1055,6 @@ public class LoginWorker { return "success"; } - // Removes all autoLoginCookies but if the webapp requires keeping it - public static String autoLogoutCleanCookies(HttpServletRequest request, HttpServletResponse response) { - HttpSession session = request.getSession(); - - Cookie[] cookies = request.getCookies(); - if (Debug.verboseOn()) { - Debug.logVerbose("Cookies: " + Arrays.toString(cookies), module); - } - if (cookies != null) { - for (Cookie autoLoginCookie: cookies) { - String autoLoginName = autoLoginCookie.getName().replace(".autoUserLoginId", ""); - WebappInfo webappInfo = ComponentConfig.getWebappInfo("default-server", autoLoginName); - if (webappInfo != null && !webappInfo.getKeepAutologinCookie()) { - autoLoginCookie.setMaxAge(0); - autoLoginCookie.setPath("/"); - response.addCookie(autoLoginCookie); - } - } - } - - // remove the session attributes - session.removeAttribute("autoUserLogin"); - session.removeAttribute("autoName"); - - request.setAttribute("_AUTO_LOGIN_LOGOUT_", Boolean.TRUE); - clearSecuredUserLoginIdCookies(request, response); - return "success"; - } - - // Removes all securedLoginIdCookies - public static void clearSecuredUserLoginIdCookies(HttpServletRequest request, HttpServletResponse response) { - - Cookie[] cookies = request.getCookies(); - if (Debug.verboseOn()) { - Debug.logVerbose("Cookies: " + Arrays.toString(cookies), module); - } - if (cookies != null) { - for (Cookie securedLoginIdCookie: cookies) { - String securedLoginIdName = securedLoginIdCookie.getName().replace(".securedLoginId", ""); - WebappInfo webappInfo = ComponentConfig.getWebappInfo("default-server", securedLoginIdName); - if (webappInfo != null) { - securedLoginIdCookie.setMaxAge(0); - securedLoginIdCookie.setPath("/" + UtilHttp.getApplicationName(request)); - response.addCookie(securedLoginIdCookie); - } - } - } - } - public static boolean isUserLoggedIn(HttpServletRequest request) { HttpSession session = request.getSession(); GenericValue currentUserLogin = (GenericValue) session.getAttribute("userLogin"); Modified: ofbiz/ofbiz-plugins/trunk/ecommerce/ofbiz-component.xml URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-plugins/trunk/ecommerce/ofbiz-component.xml?rev=1845558&r1=1845557&r2=1845558&view=diff ============================================================================== --- ofbiz/ofbiz-plugins/trunk/ecommerce/ofbiz-component.xml (original) +++ ofbiz/ofbiz-plugins/trunk/ecommerce/ofbiz-component.xml Fri Nov 2 09:46:42 2018 @@ -57,13 +57,13 @@ under the License. location="webapp/ecommerce" mount-point="/ecommerce" app-bar-display="false" - keep-autologin-cookie="true"/> + use-autologin-cookie="true"/> <webapp name="ecomseo" title="SEO enhanced eCommerce" server="default-server" location="webapp/ecomseo" mount-point="/ecomseo" app-bar-display="false" - keep-autologin-cookie="true"/> + use-autologin-cookie="true"/> </ofbiz-component> Modified: ofbiz/ofbiz-plugins/trunk/webpos/ofbiz-component.xml URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-plugins/trunk/webpos/ofbiz-component.xml?rev=1845558&r1=1845557&r2=1845558&view=diff ============================================================================== --- ofbiz/ofbiz-plugins/trunk/webpos/ofbiz-component.xml (original) +++ ofbiz/ofbiz-plugins/trunk/webpos/ofbiz-component.xml Fri Nov 2 09:46:42 2018 @@ -52,5 +52,5 @@ under the License. base-permission="WEBPOS" mount-point="/webpos" app-bar-display="true" - keep-autologin-cookie="true"/> + use-autologin-cookie="true"/> </ofbiz-component> |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |