You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ofbiz.apache.org by do...@apache.org on 2013/06/28 21:08:25 UTC

svn commit: r1497891 - in /ofbiz/trunk/framework: security/config/security.properties webapp/src/org/ofbiz/webapp/control/LoginWorker.java

Author: doogie
Date: Fri Jun 28 19:08:24 2013
New Revision: 1497891

URL: http://svn.apache.org/r1497891
Log:
FEATURE: Allow for externalLoginKey parameter generation to be turned
off; the use for this feature will become apparent shortly.

Modified:
    ofbiz/trunk/framework/security/config/security.properties
    ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java

Modified: ofbiz/trunk/framework/security/config/security.properties
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/security/config/security.properties?rev=1497891&r1=1497890&r2=1497891&view=diff
==============================================================================
--- ofbiz/trunk/framework/security/config/security.properties (original)
+++ ofbiz/trunk/framework/security/config/security.properties Fri Jun 28 19:08:24 2013
@@ -124,3 +124,6 @@ protect-view.preprocessor=java.org.ofbiz
 # -- Name of the default error response view for protected views ("none:" will be rendered as a blank page, see RequestHandler.java)
 #default.error.response.view=none:
 default.error.response.view=view:viewBlocked
+
+# If false, then no externalLoginKey parameters will be added to cross-webapp urls
+security.login.externalLoginKey.enabled=true

Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java?rev=1497891&r1=1497890&r2=1497891&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java Fri Jun 28 19:08:24 2013
@@ -121,6 +121,10 @@ public class LoginWorker {
      * Gets (and creates if necessary) a key to be used for an external login parameter
      */
     public static String getExternalLoginKey(HttpServletRequest request) {
+        boolean externalLoginKeyEnabled = "true".equals(UtilProperties.getPropertyValue("security", "security.login.externalLoginKey.enabled", "true"));
+        if (!externalLoginKeyEnabled) {
+            return null;
+        }
         //Debug.logInfo("Running getExternalLoginKey, externalLoginKeys.size=" + externalLoginKeys.size(), module);
         GenericValue userLogin = (GenericValue) request.getAttribute("userLogin");