OFBiz › OFBiz - Commits

svn commit: r686301 - in /ofbiz/trunk/framework/webapp: dtd/site-conf.xsd src/org/ofbiz/webapp/control/ConfigXMLReader.java src/org/ofbiz/webapp/control/RequestHandler.java

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

sichen

svn commit: r686301 - in /ofbiz/trunk/framework/webapp: dtd/site-conf.xsd src/org/ofbiz/webapp/control/ConfigXMLReader.java src/org/ofbiz/webapp/control/RequestHandler.java

Author: sichen
Date: Fri Aug 15 11:15:39 2008
New Revision: 686301

URL: http://svn.apache.org/viewvc?rev=686301&view=rev
Log:
OFBIZ-1915 from Jeremy Wickersheimer for request-redirect-filter-param

Modified:
ofbiz/trunk/framework/webapp/dtd/site-conf.xsd
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ConfigXMLReader.java
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java

Modified: ofbiz/trunk/framework/webapp/dtd/site-conf.xsd
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/dtd/site-conf.xsd?rev=686301&r1=686300&r2=686301&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/dtd/site-conf.xsd (original)
+++ ofbiz/trunk/framework/webapp/dtd/site-conf.xsd Fri Aug 15 11:15:39 2008
@@ -235,11 +235,14 @@
<xs:enumeration value="request"/>
<xs:enumeration value="request-redirect"/>
<xs:enumeration value="request-redirect-noparam"/>
+ <xs:enumeration value="request-redirect-filterparam"/>
<xs:enumeration value="url"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute type="xs:string" name="value"/>
+ <xs:attribute type="xs:string" name="allowed-params"/>
+ <xs:attribute type="xs:string" name="allowed-attributes"/>
</xs:attributeGroup>
<xs:element name="view-map">
<xs:complexType>

Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ConfigXMLReader.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ConfigXMLReader.java?rev=686301&r1=686300&r2=686301&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ConfigXMLReader.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ConfigXMLReader.java Fri Aug 15 11:15:39 2008
@@ -22,10 +22,12 @@
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
+import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
+import java.util.HashSet;

import javolution.util.FastList;
import javolution.util.FastMap;
@@ -210,6 +212,8 @@
public static final String RESPONSE_TYPE = "type";
public static final String RESPONSE_VALUE = "value";
public static final String RESPONSE_MAP = "response-map";
+ public static final String RESPONSE_ALLOWEDPARAMS = "allowed-params";
+ public static final String RESPONSE_ALLOWEDATTRIBUTES = "allowed-attributes";

/** View Config Variables */
public static final String VIEW_MAPPING = "view-map";
@@ -331,7 +335,7 @@
uriMap.put(REQUEST_DESCRIPTION, UtilValidate.isNotEmpty(description) ? description : "");

// Get the response(s).
- Map<String, String> responseMap = FastMap.newInstance();
+ Map<String, Object> responseMap = FastMap.newInstance();
uriMap.put(RESPONSE_MAP, responseMap);

for (Element responseElement: UtilXml.childElementList(requestMapElement, RESPONSE)) {
@@ -339,6 +343,20 @@
String type = responseElement.getAttribute(RESPONSE_TYPE);
String value = responseElement.getAttribute(RESPONSE_VALUE);

+ String allowedParams = responseElement.getAttribute(RESPONSE_ALLOWEDPARAMS);
+ if (allowedParams != null && allowedParams.length() > 0) {
+ String[] allowedParamsList = allowedParams.split(",");
+ Set allowedParamsSet = new HashSet();
+ allowedParamsSet.addAll(Arrays.asList(allowedParamsList));
+ responseMap.put(RESPONSE_ALLOWEDPARAMS, allowedParamsSet);
+ }
+ String allowedAttributes = responseElement.getAttribute(RESPONSE_ALLOWEDATTRIBUTES);
+ if (allowedAttributes != null && allowedAttributes.length() > 0) {
+ String[] allowedAttributesList = allowedAttributes.split(",");
+ Set allowedAttributesSet = new HashSet();
+ allowedAttributesSet.addAll(Arrays.asList(allowedAttributesList));
+ responseMap.put(RESPONSE_ALLOWEDATTRIBUTES, allowedAttributesSet);
+ }
responseMap.put(name, type + ":" + value);
}

Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java?rev=686301&r1=686300&r2=686301&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java Fri Aug 15 11:15:39 2008
@@ -418,6 +418,15 @@
Debug.logInfo("[RequestHandler.doRequest]: Response is a Request redirect with no parameters." + " sessionId=" + UtilHttp.getSessionId(request), module);
nextView = nextView.substring(25);
callRedirect(makeLink(request, response, nextView), response, request);
+ } else if (nextView != null && nextView.startsWith("request-redirect-filterparam:")) {
+ // check for a Request redirect
+ Debug.logInfo("[RequestHandler.doRequest]: Response is a Request redirect with filtered parameters." + " sessionId=" + UtilHttp.getSessionId(request), module);
+ nextView = nextView.substring(29);
+ Set allowedParams = (Set)requestManager.getRequestMapMap(requestUri).get(ConfigXMLReader.RESPONSE_MAP).get(ConfigXMLReader.RESPONSE_ALLOWEDPARAMS);
+ Set allowedAttributes = (Set)requestManager.getRequestMapMap(requestUri).get(ConfigXMLReader.RESPONSE_MAP).get(ConfigXMLReader.RESPONSE_ALLOWEDATTRIBUTES);
+ if (allowedParams != null) Debug.logInfo("Filtering parameters : "+allowedParams, module);
+ if (allowedAttributes != null) Debug.logInfo("Filtering attributes : "+allowedAttributes, module);
+ callRedirect(makeLinkWithQueryString(request, response, "/" + nextView, allowedParams, allowedAttributes), response, request);
} else if (nextView != null && nextView.startsWith("view:")) {
// check for a View
Debug.logInfo("[RequestHandler.doRequest]: Response is a view." + " sessionId=" + UtilHttp.getSessionId(request), module);
@@ -466,12 +475,23 @@
queryString.append(name);
queryString.append("=");
queryString.append(value);
+ } else {
+ Debug.logInfo("found param not a String: "+name+" = "+value, module);
}
+
}
}
return queryString.toString();
}

+ public String makeQueryString(HttpServletRequest request, Set allowedParams) {
+ return makeQueryString(request, null, null);
+ }
+
+ public String makeQueryString(HttpServletRequest request) {
+ return makeQueryString(request, null);
+ }
+
/** Returns the RequestManager Object. */
public RequestManager getRequestManager() {
return requestManager;
@@ -696,12 +716,16 @@
}

- public String makeLinkWithQueryString(HttpServletRequest request, HttpServletResponse response, String url) {
+ public String makeLinkWithQueryString(HttpServletRequest request, HttpServletResponse response, String url, Set allowedParams, Set allowedAttributes) {
String initialLink = this.makeLink(request, response, url);
- String queryString = this.makeQueryString(request);
+ String queryString = this.makeQueryString(request, allowedParams, allowedAttributes);
return initialLink + queryString;
}

+ public String makeLinkWithQueryString(HttpServletRequest request, HttpServletResponse response, String url) {
+ return makeLinkWithQueryString(request, response, url, null, null);
+ }
+
public String makeLink(HttpServletRequest request, HttpServletResponse response, String url) {
return makeLink(request, response, url, false, false, true);
}