OFBiz › OFBiz - Commits

svn commit: r744418 - in /ofbiz/trunk/framework: base/src/org/ofbiz/base/util/ service/src/org/ofbiz/service/engine/ webapp/src/org/ofbiz/webapp/control/ webapp/src/org/ofbiz/webapp/ftl/

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

jonesde

svn commit: r744418 - in /ofbiz/trunk/framework: base/src/org/ofbiz/base/util/ service/src/org/ofbiz/service/engine/ webapp/src/org/ofbiz/webapp/control/ webapp/src/org/ofbiz/webapp/ftl/

Author: jonesde
Date: Sat Feb 14 08:17:05 2009
New Revision: 744418

URL: http://svn.apache.org/viewvc?rev=744418&view=rev
Log:
Changed LoginWorker.makeLoginUrl back to returning a String and implemented a more general solution for the @ofbizUrl and @ofbizContentUrl tags so that they do decoding and are now tolerant of encoded URLs just in case it happens; this should be a more general fix and avoid the problem more; also a few cleanups like resolving warnings

Modified:
ofbiz/trunk/framework/base/src/org/ofbiz/base/util/KeyStoreUtil.java
ofbiz/trunk/framework/service/src/org/ofbiz/service/engine/GenericEngineFactory.java
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizUrlTransform.java

Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/KeyStoreUtil.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/KeyStoreUtil.java?rev=744418&r1=744417&r2=744418&view=diff
==============================================================================
--- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/KeyStoreUtil.java (original)
+++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/KeyStoreUtil.java Sat Feb 14 08:17:05 2009
@@ -18,25 +18,41 @@
*******************************************************************************/
package org.ofbiz.base.util;

-import org.apache.commons.codec.binary.Base64;
-import org.ofbiz.base.component.ComponentConfig;
-import org.ofbiz.base.config.GenericConfigException;
-
-import java.io.*;
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.PrintStream;
+import java.io.Reader;
+import java.io.StringReader;
import java.net.URL;
-import java.security.*;
-import java.security.cert.*;
+import java.security.GeneralSecurityException;
+import java.security.KeyFactory;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.Principal;
+import java.security.PrivateKey;
import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Collection;
import java.util.Map;
-import java.util.regex.Pattern;
-import java.util.regex.Matcher;

import javolution.util.FastMap;

-import javax.security.auth.x500.X500Principal;
+import org.apache.commons.codec.binary.Base64;
+import org.ofbiz.base.component.ComponentConfig;
+import org.ofbiz.base.config.GenericConfigException;

/**
* KeyStoreUtil - Utilities for getting KeyManagers and TrustManagers

Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/engine/GenericEngineFactory.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/org/ofbiz/service/engine/GenericEngineFactory.java?rev=744418&r1=744417&r2=744418&view=diff
==============================================================================
--- ofbiz/trunk/framework/service/src/org/ofbiz/service/engine/GenericEngineFactory.java (original)
+++ ofbiz/trunk/framework/service/src/org/ofbiz/service/engine/GenericEngineFactory.java Sat Feb 14 08:17:05 2009
@@ -59,7 +59,7 @@
Element engineElement = UtilXml.firstChildElement(rootElement, "engine", "name", engineName);

if (engineElement == null) {
- throw new GenericServiceException("Cannot find an engine definition for the engine name [" + engineName + "] in the serviceengine.xml file");
+ throw new GenericServiceException("Cannot find a service engine definition for the engine name [" + engineName + "] in the serviceengine.xml file");
}

String className = engineElement.getAttribute("class");

Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java?rev=744418&r1=744417&r2=744418&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java Sat Feb 14 08:17:05 2009
@@ -27,7 +27,6 @@
import java.util.regex.Matcher;
import java.util.regex.Pattern;

-import javax.security.auth.x500.X500Principal;
import javax.servlet.ServletContext;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
@@ -43,13 +42,11 @@
import org.ofbiz.base.util.Debug;
import org.ofbiz.base.util.GeneralException;
import org.ofbiz.base.util.KeyStoreUtil;
-import org.ofbiz.base.util.StringUtil;
import org.ofbiz.base.util.UtilFormatOut;
import org.ofbiz.base.util.UtilHttp;
import org.ofbiz.base.util.UtilMisc;
import org.ofbiz.base.util.UtilProperties;
import org.ofbiz.base.util.UtilValidate;
-import org.ofbiz.base.util.StringUtil.StringWrapper;
import org.ofbiz.common.login.LoginServices;
import org.ofbiz.entity.GenericDelegator;
import org.ofbiz.entity.GenericEntityException;
@@ -81,25 +78,25 @@
/** This Map is keyed by the randomly generated externalLoginKey and the value is a UserLogin GenericValue object */
public static Map<String, GenericValue> externalLoginKeys = FastMap.newInstance();

- public static StringWrapper makeLoginUrl(PageContext pageContext) {
+ public static String makeLoginUrl(PageContext pageContext) {
return makeLoginUrl(pageContext, "checkLogin");
}

- public static StringWrapper makeLoginUrl(HttpServletRequest request) {
+ public static String makeLoginUrl(HttpServletRequest request) {
return makeLoginUrl(request, "checkLogin");
}

- public static StringWrapper makeLoginUrl(PageContext pageContext, String requestName) {
+ public static String makeLoginUrl(PageContext pageContext, String requestName) {
return makeLoginUrl((HttpServletRequest) pageContext.getRequest(), requestName);
}
- public static StringWrapper makeLoginUrl(HttpServletRequest request, String requestName) {
+ public static String makeLoginUrl(HttpServletRequest request, String requestName) {
Map<String, Object> urlParams = UtilHttp.getUrlOnlyParameterMap(request);
String queryString = UtilHttp.urlEncodeArgs(urlParams, false);
String currentView = UtilFormatOut.checkNull((String) request.getAttribute("_CURRENT_VIEW_"));

String loginUrl = "/" + requestName;
if ("login".equals(currentView)) {
- return StringUtil.wrapString(loginUrl);
+ return loginUrl;
}
if (UtilValidate.isNotEmpty(currentView)) {
loginUrl += "/" + currentView;
@@ -108,7 +105,8 @@
loginUrl += "?" + queryString;
}

- return StringUtil.wrapString(loginUrl);
+ //return StringUtil.wrapString(loginUrl);
+ return loginUrl;
}

/**
@@ -360,7 +358,7 @@
String errMsg = UtilProperties.getMessage(resourceWebapp, "loginevents.following_error_occurred_during_login", messageMap, UtilHttp.getLocale(request));
request.setAttribute("_ERROR_MESSAGE_", errMsg);
}
- request.setAttribute("_ERROR_MESSAGE_LIST_", (List) result.get(ModelService.ERROR_MESSAGE_LIST));
+ request.setAttribute("_ERROR_MESSAGE_LIST_", result.get(ModelService.ERROR_MESSAGE_LIST));
return "error";
} else {
password = request.getParameter("newPassword");
@@ -720,10 +718,10 @@
String userLoginId = null;

for (int i = 0; i < clientCerts.length; i++) {
- X500Principal x500 = clientCerts[i].getSubjectX500Principal();
+ //X500Principal x500 = clientCerts[i].getSubjectX500Principal();
//Debug.log("Checking client certification for authentication: " + x500.getName(), module);

- Map x500Map = KeyStoreUtil.getCertX500Map(clientCerts[i]);
+ Map<String, String> x500Map = KeyStoreUtil.getCertX500Map(clientCerts[i]);
if (i == 0) {
String cn = (String) x500Map.get("CN");
cn = cn.replaceAll("\\\\", "");
@@ -765,7 +763,7 @@
return "success";
}

- protected static boolean checkValidIssuer(GenericDelegator delegator, Map x500Map, BigInteger serialNumber) throws GeneralException {
+ protected static boolean checkValidIssuer(GenericDelegator delegator, Map<String, String> x500Map, BigInteger serialNumber) throws GeneralException {
List<EntityCondition> conds = FastList.newInstance();
conds.add(EntityCondition.makeCondition(EntityOperator.OR, EntityCondition.makeConditionMap("commonName", x500Map.get("CN")),
EntityCondition.makeConditionMap("commonName", null),

Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java?rev=744418&r1=744417&r2=744418&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java Sat Feb 14 08:17:05 2009
@@ -24,7 +24,10 @@

import javax.servlet.http.HttpServletRequest;

+import org.ofbiz.base.util.Debug;
+import org.ofbiz.base.util.StringUtil;
import org.ofbiz.webapp.taglib.ContentUrlTag;
+import org.owasp.esapi.errors.EncodingException;

import freemarker.core.Environment;
import freemarker.ext.beans.BeanModel;
@@ -36,35 +39,45 @@
*/
public class OfbizContentTransform implements TemplateTransformModel {

- public Writer getWriter(final Writer out, Map args) {
- final StringBuilder buf = new StringBuilder();
- return new Writer(out) {
- public void write(char cbuf[], int off, int len) {
- buf.append(cbuf, off, len);
- }
-
- public void flush() throws IOException {
- out.flush();
- }
-
- public void close() throws IOException {
- try {
- Environment env = Environment.getCurrentEnvironment();
- BeanModel req = (BeanModel)env.getVariable("request");
- HttpServletRequest request = req == null ? null : (HttpServletRequest) req.getWrappedObject();
-
- // make the link
- StringBuffer newURL = new StringBuffer();
- ContentUrlTag.appendContentPrefix(request, newURL);
- if (newURL.length() > 0 && newURL.charAt(newURL.length() - 1) != '/' && buf.charAt(0) != '/') {
- newURL.append('/');
- }
- newURL.append(buf.toString());
- out.write(newURL.toString());
- } catch (TemplateModelException e) {
- throw new IOException(e.getMessage());
+ public final static String module = OfbizUrlTransform.class.getName();
+
+ public Writer getWriter(final Writer out, Map args) {
+ final StringBuilder buf = new StringBuilder();
+ return new Writer(out) {
+ public void write(char cbuf[], int off, int len) {
+ buf.append(cbuf, off, len);
+ }
+
+ public void flush() throws IOException {
+ out.flush();
+ }
+
+ public void close() throws IOException {
+ try {
+ Environment env = Environment.getCurrentEnvironment();
+ BeanModel req = (BeanModel)env.getVariable("request");
+ HttpServletRequest request = req == null ? null : (HttpServletRequest) req.getWrappedObject();
+
+ String requestUrl = buf.toString();
+ // just in case the request is encoded, decode before making the link
+ try {
+ requestUrl = StringUtil.defaultWebEncoder.decodeFromURL(requestUrl);
+ } catch (EncodingException e) {
+ Debug.logError(e, "Error decoding URL string [" + requestUrl + "]: " + e.toString(), module);
+ }
+
+ // make the link
+ StringBuffer newURL = new StringBuffer();
+ ContentUrlTag.appendContentPrefix(request, newURL);
+ if (newURL.length() > 0 && newURL.charAt(newURL.length() - 1) != '/' && requestUrl.charAt(0) != '/') {
+ newURL.append('/');
}
+ newURL.append(requestUrl);
+ out.write(newURL.toString());
+ } catch (TemplateModelException e) {
+ throw new IOException(e.getMessage());
}
- };
- }
+ }
+ };
}
+}

Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizUrlTransform.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizUrlTransform.java?rev=744418&r1=744417&r2=744418&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizUrlTransform.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizUrlTransform.java Sat Feb 14 08:17:05 2009
@@ -21,10 +21,16 @@
import java.io.IOException;
import java.io.Writer;
import java.util.Map;
+
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

+import org.ofbiz.base.util.Debug;
+import org.ofbiz.base.util.StringUtil;
+import org.ofbiz.webapp.control.RequestHandler;
+import org.owasp.esapi.errors.EncodingException;
+
import freemarker.core.Environment;
import freemarker.ext.beans.BeanModel;
import freemarker.template.SimpleScalar;
@@ -32,12 +38,12 @@
import freemarker.template.TemplateScalarModel;
import freemarker.template.TemplateTransformModel;

-import org.ofbiz.webapp.control.RequestHandler;
-
/**
* OfbizUrlTransform - Freemarker Transform for URLs (links)
*/
public class OfbizUrlTransform implements TemplateTransformModel {
+
+ public final static String module = OfbizUrlTransform.class.getName();

public boolean checkArg(Map args, String key, boolean defaultValue) {
if (!args.containsKey(key)) {
@@ -80,10 +86,18 @@
if (res != null) {
response = (HttpServletResponse) res.getWrappedObject();
}
-
+
+ String requestUrl = buf.toString();
+ // just in case the request is encoded, decode before making the link
+ try {
+ requestUrl = StringUtil.defaultWebEncoder.decodeFromURL(requestUrl);
+ } catch (EncodingException e) {
+ Debug.logError(e, "Error decoding URL string [" + requestUrl + "]: " + e.toString(), module);
+ }
+
// make the link
RequestHandler rh = (RequestHandler) ctx.getAttribute("_REQUEST_HANDLER_");
- out.write(rh.makeLink(request, response, buf.toString(), fullPath, secure, encode));
+ out.write(rh.makeLink(request, response, requestUrl, fullPath, secure, encode));
} else if (prefix != null) {
if (prefix instanceof TemplateScalarModel) {
TemplateScalarModel s = (TemplateScalarModel) prefix;