OFBiz › OFBiz - Commits

svn commit: r1845568 - in /ofbiz/ofbiz-framework/branches/release17.12: ./ framework/base/dtd/ framework/base/src/main/java/org/apache/ofbiz/base/component/ framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

jleroux@apache.org

svn commit: r1845568 - in /ofbiz/ofbiz-framework/branches/release17.12: ./ framework/base/dtd/ framework/base/src/main/java/org/apache/ofbiz/base/component/ framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/

Author: jleroux
Date: Fri Nov 2 10:38:33 2018
New Revision: 1845568

URL: http://svn.apache.org/viewvc?rev=1845568&view=rev
Log:
"Applied fix from trunk for revision: 1845558 "
------------------------------------------------------------------------
r1845558 | jleroux | 2018-11-02 10:46:42 +0100 (ven. 02 nov. 2018) | 15 lignes

Fixed: Correct behaviour of Autologin cookies
(OFBIZ-10635)

Renames "keep-autologin-cookie" to "use-autologin-cookie", and only create
Autologin cookies when needed. No need to create Autologin cookies in
applications that don't need it.

Don't pass webAppName to LoginWorker::getSecuredUserLoginId, that can be handled
with improved LoginWorker::getSecuredLoginIdCookieName

Removes LoginWorker::autoLogoutCleanCookies, no longer needed since only those
needed are created and kept (1 year at least after creation).

For both autoLogin and securedLoginId cookies sets the path to the application.

------------------------------------------------------------------------

Modified:
ofbiz/ofbiz-framework/branches/release17.12/ (props changed)
ofbiz/ofbiz-framework/branches/release17.12/framework/base/dtd/ofbiz-component.xsd
ofbiz/ofbiz-framework/branches/release17.12/framework/base/src/main/java/org/apache/ofbiz/base/component/ComponentConfig.java
ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java

Propchange: ofbiz/ofbiz-framework/branches/release17.12/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Nov 2 10:38:33 2018
@@ -10,4 +10,4 @@
/ofbiz/branches/json-integration-refactoring:1634077-1635900
/ofbiz/branches/multitenant20100310:921280-927264
/ofbiz/branches/release13.07:1547657
-/ofbiz/ofbiz-framework/trunk:1819499,1819598,1819800,1819805,1819811,1820038,1820262,1820374-1820375,1820441,1820457,1820644,1820658,1820790,1820823,1820949,1820966,1821012,1821036,1821112,1821115,1821144,1821186,1821219,1821226,1821230,1821386,1821613,1821628,1821965,1822125,1822310,1822377,1822383,1822393,1823467,1823562,1823876,1824314,1824316,1824732,1824803,1824847,1824855,1825192,1825211,1825216,1825233,1825450,1826374,1826502,1826592,1826671,1826674,1826805,1826938,1826997,1827439,1828255,1828316,1828346,1828424,1828512,1828514,1829690,1830936,1831074,1831078,1831234,1831608,1831831,1832577,1832662,1832756,1832800,1832944,1833173,1833211,1834181,1834191,1834736,1835235,1835887,1835891,1835953,1835964,1836144,1836871,1837857,1838032,1838256,1838381,1840189,1840199,1840828,1841657,1841662,1842372,1842921,1843225,1843893,1844943,1845418,1845420,1845466,1845544,1845552
+/ofbiz/ofbiz-framework/trunk:1819499,1819598,1819800,1819805,1819811,1820038,1820262,1820374-1820375,1820441,1820457,1820644,1820658,1820790,1820823,1820949,1820966,1821012,1821036,1821112,1821115,1821144,1821186,1821219,1821226,1821230,1821386,1821613,1821628,1821965,1822125,1822310,1822377,1822383,1822393,1823467,1823562,1823876,1824314,1824316,1824732,1824803,1824847,1824855,1825192,1825211,1825216,1825233,1825450,1826374,1826502,1826592,1826671,1826674,1826805,1826938,1826997,1827439,1828255,1828316,1828346,1828424,1828512,1828514,1829690,1830936,1831074,1831078,1831234,1831608,1831831,1832577,1832662,1832756,1832800,1832944,1833173,1833211,1834181,1834191,1834736,1835235,1835887,1835891,1835953,1835964,1836144,1836871,1837857,1838032,1838256,1838381,1840189,1840199,1840828,1841657,1841662,1842372,1842921,1843225,1843893,1844943,1845418,1845420,1845466,1845544,1845552,1845558

Modified: ofbiz/ofbiz-framework/branches/release17.12/framework/base/dtd/ofbiz-component.xsd
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/framework/base/dtd/ofbiz-component.xsd?rev=1845568&r1=1845567&r2=1845568&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release17.12/framework/base/dtd/ofbiz-component.xsd (original)
+++ ofbiz/ofbiz-framework/branches/release17.12/framework/base/dtd/ofbiz-component.xsd Fri Nov 2 10:38:33 2018
@@ -251,7 +251,7 @@ under the License.
</xs:restriction>
</xs:simpleType>
</xs:attribute>
- <xs:attribute name="keep-autologin-cookie" default="false">
+ <xs:attribute name="use-autologin-cookie" default="false">
<xs:simpleType>
<xs:annotation>
<xs:documentation>

Modified: ofbiz/ofbiz-framework/branches/release17.12/framework/base/src/main/java/org/apache/ofbiz/base/component/ComponentConfig.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/framework/base/src/main/java/org/apache/ofbiz/base/component/ComponentConfig.java?rev=1845568&r1=1845567&r2=1845568&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release17.12/framework/base/src/main/java/org/apache/ofbiz/base/component/ComponentConfig.java (original)
+++ ofbiz/ofbiz-framework/branches/release17.12/framework/base/src/main/java/org/apache/ofbiz/base/component/ComponentConfig.java Fri Nov 2 10:38:33 2018
@@ -829,7 +829,7 @@ public final class ComponentConfig {
// CatalinaContainer modifies this field.
private volatile boolean appBarDisplay;
private final String accessPermission;
- private final boolean keepAutologinCookie;
+ private final boolean useAutologinCookie;

private WebappInfo(ComponentConfig componentConfig, Element element) {
this.componentConfig = componentConfig;
@@ -869,7 +869,7 @@ public final class ComponentConfig {
this.appBarDisplay = !"false".equals(element.getAttribute("app-bar-display"));
this.privileged = !"false".equals(element.getAttribute("privileged"));
this.accessPermission = element.getAttribute("access-permission");
- this.keepAutologinCookie = !"false".equals(element.getAttribute("keep-autologin-cookie"));
+ this.useAutologinCookie = !"false".equals(element.getAttribute("use-autologin-cookie"));
String basePermStr = element.getAttribute("base-permission");
if (!basePermStr.isEmpty()) {
this.basePermission = basePermStr.split(",");
@@ -959,8 +959,8 @@ public final class ComponentConfig {
return virtualHosts;
}

- public boolean getKeepAutologinCookie() {
- return keepAutologinCookie;
+ public boolean isAutologinCookieUsed() {
+ return useAutologinCookie;
}

public synchronized void setAppBarDisplay(boolean appBarDisplay) {

Modified: ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java?rev=1845568&r1=1845567&r2=1845568&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java (original)
+++ ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java Fri Nov 2 10:38:33 2018
@@ -520,9 +520,7 @@ public class LoginWorker {
} catch (GenericServiceException e) {
Debug.logError(e, "Error setting user preference", module);
}
- // start with a clean state, in case the user has quit the session w/o login out
- autoLogoutCleanCookies(userLogin, request, response);
-
+
// finally do the main login routine to set everything else up in the session, etc
return doMainLogin(request, response, userLogin, userLoginSession);
} else {
@@ -579,6 +577,7 @@ public class LoginWorker {
RequestHandler rh = RequestHandler.getRequestHandler(request.getSession().getServletContext());
rh.runAfterLoginEvents(request, response);

+
// make sure the autoUserLogin is set to the same and that the client cookie has the correct userLoginId
return autoLoginSet(request, response);
}
@@ -636,7 +635,6 @@ public class LoginWorker {

doBasicLogout(userLogin, request, response);

- autoLogoutCleanCookies(userLogin, request, response);
if (request.getAttribute("_AUTO_LOGIN_LOGOUT_") == null) {
return autoLoginCheck(request, response);
}
@@ -704,16 +702,18 @@ public class LoginWorker {
// DON'T save the cart, causes too many problems: if (shoppingCart != null) session.setAttribute("shoppingCart", new WebShoppingCart(shoppingCart, session));
}

+ // Set an autologin cookie for the webapp if it requests it
public static String autoLoginSet(HttpServletRequest request, HttpServletResponse response) {
Delegator delegator = (Delegator) request.getAttribute("delegator");
HttpSession session = request.getSession();
GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
- String domain = EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator);
- if (userLogin != null) {
+ WebappInfo webappInfo = ComponentConfig.getWebappInfo("default-server", UtilHttp.getApplicationName(request));
+
+ if (userLogin != null && webappInfo != null && webappInfo.isAutologinCookieUsed()) {
Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
autoLoginCookie.setMaxAge(60 * 60 * 24 * 365);
- autoLoginCookie.setDomain(domain);
- autoLoginCookie.setPath("/");
+ autoLoginCookie.setDomain(EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator));
+ autoLoginCookie.setPath("/" + UtilHttp.getApplicationName(request));
autoLoginCookie.setSecure(true);
autoLoginCookie.setHttpOnly(true);
response.addCookie(autoLoginCookie);
@@ -727,14 +727,6 @@ public class LoginWorker {
return UtilHttp.getApplicationName(request) + ".autoUserLoginId";
}

- protected static String getAutoLoginCookieName(String webappName) {
- return webappName + ".autoUserLoginId";
- }
-
- /**
- * @deprecated Moved to {@link org.apache.ofbiz.webapp.control.LoginWorker#getAutoUserLoginId(HttpServletRequest request, String webappName) String}
- */
- @Deprecated
public static String getAutoUserLoginId(HttpServletRequest request) {
String autoUserLoginId = null;
Cookie[] cookies = request.getCookies();
@@ -752,30 +744,12 @@ public class LoginWorker {
return autoUserLoginId;
}

- public static String getAutoUserLoginId(HttpServletRequest request, String webappName) {
- String autoUserLoginId = null;
- Cookie[] cookies = request.getCookies();
- if (Debug.verboseOn()) {
- Debug.logVerbose("Cookies: " + Arrays.toString(cookies), module);
- }
- if (cookies != null) {
- for (Cookie cookie: cookies) {
- String cookieName = (webappName != null) ? getAutoLoginCookieName(webappName) : getAutoLoginCookieName(request);
- if (cookie.getName().equals(cookieName)) {
- autoUserLoginId = cookie.getValue();
- break;
- }
- }
- }
- return autoUserLoginId;
- }
-

public static String autoLoginCheck(HttpServletRequest request, HttpServletResponse response) {
Delegator delegator = (Delegator) request.getAttribute("delegator");
HttpSession session = request.getSession();

- return autoLoginCheck(delegator, session, getAutoUserLoginId(request, null));
+ return autoLoginCheck(delegator, session, getAutoUserLoginId(request));
}

private static String autoLoginCheck(Delegator delegator, HttpSession session, String autoUserLoginId) {
@@ -830,34 +804,6 @@ public class LoginWorker {
return "success";
}

- // Removes all the autoLoginCookies but if the webapp requires keeping it
- public static String autoLogoutCleanCookies(GenericValue userLogin, HttpServletRequest request, HttpServletResponse response) {
- HttpSession session = request.getSession();
-
- Cookie[] cookies = request.getCookies();
- if (Debug.verboseOn()) {
- Debug.logVerbose("Cookies: " + Arrays.toString(cookies), module);
- }
- if (cookies != null && userLogin != null) {
- for (Cookie autoLoginCookie: cookies) {
- String autoLoginName = autoLoginCookie.getName().replace(".autoUserLoginId", "");
- WebappInfo webappInfo = ComponentConfig.getWebappInfo("default-server", autoLoginName);
- if (webappInfo != null && !webappInfo.getKeepAutologinCookie()) {
- autoLoginCookie.setMaxAge(0);
- autoLoginCookie.setPath("/");
- response.addCookie(autoLoginCookie);
- }
- }
- }
-
- // remove the session attributes
- session.removeAttribute("autoUserLogin");
- session.removeAttribute("autoName");
-
- request.setAttribute("_AUTO_LOGIN_LOGOUT_", Boolean.TRUE);
- return "success";
- }
-
public static boolean isUserLoggedIn(HttpServletRequest request) {
HttpSession session = request.getSession();
GenericValue currentUserLogin = (GenericValue) session.getAttribute("userLogin");