OFBiz › OFBiz - Commits

svn commit: r731660 - in /ofbiz/trunk/framework/webapp: dtd/site-conf.xsd src/org/ofbiz/webapp/control/ConfigXMLReader.java src/org/ofbiz/webapp/control/RequestHandler.java src/org/ofbiz/webapp/control/RequestManager.java

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

jaz-3

svn commit: r731660 - in /ofbiz/trunk/framework/webapp: dtd/site-conf.xsd src/org/ofbiz/webapp/control/ConfigXMLReader.java src/org/ofbiz/webapp/control/RequestHandler.java src/org/ofbiz/webapp/control/RequestManager.java

Author: jaz
Date: Mon Jan 5 11:46:16 2009
New Revision: 731660

URL: http://svn.apache.org/viewvc?rev=731660&view=rev
Log:
implemented per-site "protect" settings. Instead of only per request or per instance (setting in security.properties), now we support per application with a new <protect view="name_of_view"/> element in controller.xml. If the "protect" response is not found, first it will check for a applicaiton default before falling back to per instance.

Modified:
ofbiz/trunk/framework/webapp/dtd/site-conf.xsd
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ConfigXMLReader.java
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestManager.java

Modified: ofbiz/trunk/framework/webapp/dtd/site-conf.xsd
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/dtd/site-conf.xsd?rev=731660&r1=731659&r2=731660&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/dtd/site-conf.xsd (original)
+++ ofbiz/trunk/framework/webapp/dtd/site-conf.xsd Mon Jan 5 11:46:16 2009
@@ -26,6 +26,7 @@
<xs:element minOccurs="0" ref="owner"/>
<xs:element minOccurs="0" ref="errorpage"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="handler"/>
+ <xs:element minOccurs="0" maxOccurs="1" ref="protect"/>
<xs:element minOccurs="0" ref="firstvisit"/>
<xs:element minOccurs="0" ref="preprocessor"/>
<xs:element minOccurs="0" ref="postprocessor"/>
@@ -74,6 +75,14 @@
</xs:attribute>
<xs:attribute type="xs:string" name="class" use="required"/>
</xs:attributeGroup>
+ <xs:element name="protect">
+ <xs:complexType>
+ <xs:attributeGroup ref="attlist.protect"/>
+ </xs:complexType>
+ </xs:element>
+ <xs:attributeGroup name="attlist.protect">
+ <xs:attribute type="xs:string" name="view" use="required"/>
+ </xs:attributeGroup>
<xs:element name="firstvisit">
<xs:complexType>
<xs:sequence>

Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ConfigXMLReader.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ConfigXMLReader.java?rev=731660&r1=731659&r2=731660&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ConfigXMLReader.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ConfigXMLReader.java Mon Jan 5 11:46:16 2009
@@ -171,6 +171,7 @@

/** Site Config Variables */
public static final String DEFAULT_ERROR_PAGE = "errorpage";
+ public static final String DEFAULT_PROTECT_VIEW = "protect";
public static final String SITE_OWNER = "owner";
public static final String SECURITY_CLASS = "security-class";
public static final String FIRSTVISIT = "firstvisit";
@@ -501,6 +502,14 @@
String errorpage = UtilXml.childElementValue(root, DEFAULT_ERROR_PAGE);
if (UtilValidate.isNotEmpty(errorpage)) map.put(DEFAULT_ERROR_PAGE, errorpage);

+ // default protect view
+ Element protectElement = UtilXml.firstChildElement(root, DEFAULT_PROTECT_VIEW);
+ String protectview;
+ if (protectElement != null) {
+ protectview = protectElement.getAttribute("view");
+ if (protectview != null) map.put(DEFAULT_PROTECT_VIEW, protectview);
+ }
+
// site owner
String owner = UtilXml.childElementValue(root, SITE_OWNER);
if (UtilValidate.isNotEmpty(owner)) map.put(SITE_OWNER, owner);

Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java?rev=731660&r1=731659&r2=731660&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java Mon Jan 5 11:46:16 2009
@@ -230,7 +230,10 @@
eventReturnString = "protect";
// check to see if there is an "protect" response, if so it's ok else show the default_error_response_view
if (null == requestManager.getRequestAttribute(requestUri, "protect")) {
- nextView = UtilProperties.getPropertyValue("security.properties", "default.error.response.view");
+ nextView = requestManager.getDefaultProtectView();
+ if (nextView == null) {
+ nextView = UtilProperties.getPropertyValue("security.properties", "default.error.response.view");
+ }
}
}
} else if (returnString == null) {

Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestManager.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestManager.java?rev=731660&r1=731659&r2=731660&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestManager.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestManager.java Mon Jan 5 11:46:16 2009
@@ -298,6 +298,11 @@
return "/error/error.jsp";
}

+ /** Gets the default "protect" view; used when no "protect" response type and :_protect_: is used */
+ public String getDefaultProtectView() {
+ return (String) ConfigXMLReader.getConfigMap(configFileUrl).get(ConfigXMLReader.DEFAULT_PROTECT_VIEW);
+ }
+
public boolean requiresAuth(String uriStr) {
Map<String, Object> uri = getRequestMapMap(uriStr);