You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by Michael Brohl <mi...@ecomify.de> on 2019/01/07 16:26:50 UTC
Re: svn commit: r1845558 - in /ofbiz:
ofbiz-framework/trunk/framework/base/dtd/
ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/component/
ofbiz-framework/trunk/framework/common/src/main/java/org/apache/ofbiz/common/
ofbiz-framewor...
Hi Jacques,
inline...
Am 02.11.18 um 10:46 schrieb jleroux@apache.org:
> + // Set an autologin cookie for the webapp if it requests it
> public static String autoLoginSet(HttpServletRequest request, HttpServletResponse response) {
> Delegator delegator = (Delegator) request.getAttribute("delegator");
> HttpSession session = request.getSession();
> GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
> - String domain = EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator);
> - if (userLogin != null) {
> + WebappInfo webappInfo = ComponentConfig.getWebappInfo("default-server", UtilHttp.getApplicationName(request));
This looks like it only works for webapps of the "default-server". This
name is configurable in the ofbiz-component.xml and and should not be
hard-coded in the code.
Am I right or do I miss something?
Regards,
Michael
> +
> + if (userLogin != null && webappInfo != null && webappInfo.isAutologinCookieUsed()) {
> Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
> autoLoginCookie.setMaxAge(60 * 60 * 24 * 365);
> - autoLoginCookie.setDomain(domain);
> - autoLoginCookie.setPath("/");
> + autoLoginCookie.setDomain(EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator));
> + autoLoginCookie.setPath("/" + UtilHttp.getApplicationName(request));
> autoLoginCookie.setSecure(true);
> autoLoginCookie.setHttpOnly(true);
> response.addCookie(autoLoginCookie);
> -
> +
> return autoLoginCheck(delegator, session, userLogin.getString("userLoginId"));
> } else {
> return "success";
> }
> }
>
Re: svn commit: r1845558 - in /ofbiz:
ofbiz-framework/trunk/framework/base/dtd/
ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/component/
ofbiz-framework/trunk/framework/common/src/main/java/org/apache/ofbiz/common/
ofbiz-framewor...
Posted by Jacques Le Roux <ja...@les7arts.com>.
Done with OFBIZ-10635
Thanks for spotting it
Jacques
Le 07/01/2019 à 21:03, Jacques Le Roux a écrit :
> Hi Michael,
>
> You are right, I missed that. Fortunately it's an easy fix.
>
> I'll create a Jira and will commit the fix soon.
>
> Jacques
>
> Le 07/01/2019 à 17:26, Michael Brohl a écrit :
>> Hi Jacques,
>>
>> inline...
>>
>> Am 02.11.18 um 10:46 schrieb jleroux@apache.org:
>>> + // Set an autologin cookie for the webapp if it requests it
>>> public static String autoLoginSet(HttpServletRequest request, HttpServletResponse response) {
>>> Delegator delegator = (Delegator) request.getAttribute("delegator");
>>> HttpSession session = request.getSession();
>>> GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
>>> - String domain = EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator);
>>> - if (userLogin != null) {
>>> + WebappInfo webappInfo = ComponentConfig.getWebappInfo("default-server", UtilHttp.getApplicationName(request));
>>
>>
>> This looks like it only works for webapps of the "default-server". This name is configurable in the ofbiz-component.xml and and should not be
>> hard-coded in the code.
>>
>> Am I right or do I miss something?
>>
>> Regards,
>>
>> Michael
>>
>>
>>> +
>>> + if (userLogin != null && webappInfo != null && webappInfo.isAutologinCookieUsed()) {
>>> Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
>>> autoLoginCookie.setMaxAge(60 * 60 * 24 * 365);
>>> - autoLoginCookie.setDomain(domain);
>>> - autoLoginCookie.setPath("/");
>>> + autoLoginCookie.setDomain(EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator));
>>> + autoLoginCookie.setPath("/" + UtilHttp.getApplicationName(request));
>>> autoLoginCookie.setSecure(true);
>>> autoLoginCookie.setHttpOnly(true);
>>> response.addCookie(autoLoginCookie);
>>> -
>>> +
>>> return autoLoginCheck(delegator, session, userLogin.getString("userLoginId"));
>>> } else {
>>> return "success";
>>> }
>>> }
>>
>
Re: svn commit: r1845558 - in /ofbiz:
ofbiz-framework/trunk/framework/base/dtd/
ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/component/
ofbiz-framework/trunk/framework/common/src/main/java/org/apache/ofbiz/common/
ofbiz-framewor...
Posted by Jacques Le Roux <ja...@les7arts.com>.
Hi Michael,
You are right, I missed that. Fortunately it's an easy fix.
I'll create a Jira and will commit the fix soon.
Jacques
Le 07/01/2019 à 17:26, Michael Brohl a écrit :
> Hi Jacques,
>
> inline...
>
> Am 02.11.18 um 10:46 schrieb jleroux@apache.org:
>> + // Set an autologin cookie for the webapp if it requests it
>> public static String autoLoginSet(HttpServletRequest request, HttpServletResponse response) {
>> Delegator delegator = (Delegator) request.getAttribute("delegator");
>> HttpSession session = request.getSession();
>> GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
>> - String domain = EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator);
>> - if (userLogin != null) {
>> + WebappInfo webappInfo = ComponentConfig.getWebappInfo("default-server", UtilHttp.getApplicationName(request));
>
>
> This looks like it only works for webapps of the "default-server". This name is configurable in the ofbiz-component.xml and and should not be
> hard-coded in the code.
>
> Am I right or do I miss something?
>
> Regards,
>
> Michael
>
>
>> +
>> + if (userLogin != null && webappInfo != null && webappInfo.isAutologinCookieUsed()) {
>> Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
>> autoLoginCookie.setMaxAge(60 * 60 * 24 * 365);
>> - autoLoginCookie.setDomain(domain);
>> - autoLoginCookie.setPath("/");
>> + autoLoginCookie.setDomain(EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator));
>> + autoLoginCookie.setPath("/" + UtilHttp.getApplicationName(request));
>> autoLoginCookie.setSecure(true);
>> autoLoginCookie.setHttpOnly(true);
>> response.addCookie(autoLoginCookie);
>> -
>> +
>> return autoLoginCheck(delegator, session, userLogin.getString("userLoginId"));
>> } else {
>> return "success";
>> }
>> }
>