You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by Michael Brohl <mi...@ecomify.de> on 2019/01/07 16:26:50 UTC

Re: svn commit: r1845558 - in /ofbiz: ofbiz-framework/trunk/framework/base/dtd/ ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/component/ ofbiz-framework/trunk/framework/common/src/main/java/org/apache/ofbiz/common/ ofbiz-framewor...

Hi Jacques,

inline...

Am 02.11.18 um 10:46 schrieb jleroux@apache.org:
> +    // Set an autologin cookie for the webapp if it requests it
>       public static String autoLoginSet(HttpServletRequest request, HttpServletResponse response) {
>           Delegator delegator = (Delegator) request.getAttribute("delegator");
>           HttpSession session = request.getSession();
>           GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
> -        String domain = EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator);
> -        if (userLogin != null) {
> +        WebappInfo webappInfo = ComponentConfig.getWebappInfo("default-server", UtilHttp.getApplicationName(request));


This looks like it only works for webapps of the "default-server". This 
name is configurable in the ofbiz-component.xml and and should not be 
hard-coded in the code.

Am I right or do I miss something?

Regards,

Michael


> +
> +        if (userLogin != null && webappInfo != null && webappInfo.isAutologinCookieUsed()) {
>               Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
>               autoLoginCookie.setMaxAge(60 * 60 * 24 * 365);
> -            autoLoginCookie.setDomain(domain);
> -            autoLoginCookie.setPath("/");
> +            autoLoginCookie.setDomain(EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator));
> +            autoLoginCookie.setPath("/" + UtilHttp.getApplicationName(request));
>               autoLoginCookie.setSecure(true);
>               autoLoginCookie.setHttpOnly(true);
>               response.addCookie(autoLoginCookie);
> -
> +
>               return autoLoginCheck(delegator, session, userLogin.getString("userLoginId"));
>           } else {
>               return "success";
>           }
>       }
>

Re: svn commit: r1845558 - in /ofbiz: ofbiz-framework/trunk/framework/base/dtd/ ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/component/ ofbiz-framework/trunk/framework/common/src/main/java/org/apache/ofbiz/common/ ofbiz-framewor...

Posted by Jacques Le Roux <ja...@les7arts.com>.

Done with OFBIZ-10635

Thanks for spotting it

Jacques

Le 07/01/2019 à 21:03, Jacques Le Roux a écrit :
> Hi Michael,
>
> You are right, I missed that. Fortunately it's an easy fix.
>
> I'll create a Jira and will commit the fix soon.
>
> Jacques
>
> Le 07/01/2019 à 17:26, Michael Brohl a écrit :
>> Hi Jacques,
>>
>> inline...
>>
>> Am 02.11.18 um 10:46 schrieb jleroux@apache.org:
>>> +    // Set an autologin cookie for the webapp if it requests it
>>>       public static String autoLoginSet(HttpServletRequest request, HttpServletResponse response) {
>>>           Delegator delegator = (Delegator) request.getAttribute("delegator");
>>>           HttpSession session = request.getSession();
>>>           GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
>>> -        String domain = EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator);
>>> -        if (userLogin != null) {
>>> +        WebappInfo webappInfo = ComponentConfig.getWebappInfo("default-server", UtilHttp.getApplicationName(request));
>>
>>
>> This looks like it only works for webapps of the "default-server". This name is configurable in the ofbiz-component.xml and and should not be 
>> hard-coded in the code.
>>
>> Am I right or do I miss something?
>>
>> Regards,
>>
>> Michael
>>
>>
>>> +
>>> +        if (userLogin != null && webappInfo != null && webappInfo.isAutologinCookieUsed()) {
>>>               Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
>>>               autoLoginCookie.setMaxAge(60 * 60 * 24 * 365);
>>> -            autoLoginCookie.setDomain(domain);
>>> -            autoLoginCookie.setPath("/");
>>> + autoLoginCookie.setDomain(EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator));
>>> +            autoLoginCookie.setPath("/" + UtilHttp.getApplicationName(request));
>>>               autoLoginCookie.setSecure(true);
>>>               autoLoginCookie.setHttpOnly(true);
>>>               response.addCookie(autoLoginCookie);
>>> -
>>> +
>>>               return autoLoginCheck(delegator, session, userLogin.getString("userLoginId"));
>>>           } else {
>>>               return "success";
>>>           }
>>>       }
>>
>

Re: svn commit: r1845558 - in /ofbiz: ofbiz-framework/trunk/framework/base/dtd/ ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/component/ ofbiz-framework/trunk/framework/common/src/main/java/org/apache/ofbiz/common/ ofbiz-framewor...

Posted by Jacques Le Roux <ja...@les7arts.com>.

Hi Michael,

You are right, I missed that. Fortunately it's an easy fix.

I'll create a Jira and will commit the fix soon.

Jacques

Le 07/01/2019 à 17:26, Michael Brohl a écrit :
> Hi Jacques,
>
> inline...
>
> Am 02.11.18 um 10:46 schrieb jleroux@apache.org:
>> +    // Set an autologin cookie for the webapp if it requests it
>>       public static String autoLoginSet(HttpServletRequest request, HttpServletResponse response) {
>>           Delegator delegator = (Delegator) request.getAttribute("delegator");
>>           HttpSession session = request.getSession();
>>           GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
>> -        String domain = EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator);
>> -        if (userLogin != null) {
>> +        WebappInfo webappInfo = ComponentConfig.getWebappInfo("default-server", UtilHttp.getApplicationName(request));
>
>
> This looks like it only works for webapps of the "default-server". This name is configurable in the ofbiz-component.xml and and should not be 
> hard-coded in the code.
>
> Am I right or do I miss something?
>
> Regards,
>
> Michael
>
>
>> +
>> +        if (userLogin != null && webappInfo != null && webappInfo.isAutologinCookieUsed()) {
>>               Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
>>               autoLoginCookie.setMaxAge(60 * 60 * 24 * 365);
>> -            autoLoginCookie.setDomain(domain);
>> -            autoLoginCookie.setPath("/");
>> + autoLoginCookie.setDomain(EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator));
>> +            autoLoginCookie.setPath("/" + UtilHttp.getApplicationName(request));
>>               autoLoginCookie.setSecure(true);
>>               autoLoginCookie.setHttpOnly(true);
>>               response.addCookie(autoLoginCookie);
>> -
>> +
>>               return autoLoginCheck(delegator, session, userLogin.getString("userLoginId"));
>>           } else {
>>               return "success";
>>           }
>>       }
>