You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2017/03/01 13:36:05 UTC
svn commit: r1784930 - in /ofbiz/ofbiz-framework/trunk/framework/webapp:
config/url.properties
src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
src/main/java/org/apache/ofbiz/webapp/website/WebSiteProperties.java
Author: jleroux
Date: Wed Mar 1 13:36:05 2017
New Revision: 1784930
URL: http://svn.apache.org/viewvc?rev=1784930&view=rev
Log:
Fixed: "Login and logout process in demos shows a certificate issue"
(OFBIZ-9206)
After my conclusions at OFBIZ-9240 I decided to reapply the changes and will
test on demos.
Because WebSiteProperties reuse the port initially found in the 1st login URL
I tried to replace locally
port.https=8443
by
port.https=
in url.properties (w/o SystemProperty) and did not face any issue but with
portOffset. This is due to the WebSiteProperties class works and there is also
an easy fix: don't add twice the portOffset when it's build from the request,
and only then. Keep it as is when it's build from a WebSite GenericValue.
We then trust the user and don't rely on the request.
I also removed the deprecated RequestHandler.getDefaultServerRootUrl()
I think it was time...
Thanks: Pierre Smits
Modified:
ofbiz/ofbiz-framework/trunk/framework/webapp/config/url.properties
ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/website/WebSiteProperties.java
Modified: ofbiz/ofbiz-framework/trunk/framework/webapp/config/url.properties
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/config/url.properties?rev=1784930&r1=1784929&r2=1784930&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/webapp/config/url.properties (original)
+++ ofbiz/ofbiz-framework/trunk/framework/webapp/config/url.properties Wed Mar 1 13:36:05 2017
@@ -20,21 +20,22 @@
# OFBiz Global URL Settings - WebSite specific settings found in WebSite entity
####
+# If you want to use HTTP then set no.http=N. Else all requests will use HTTPS (also enforced by a HSTS header) except if put in the http.request-map.list
+no.http=Y
+http.request-map.list=SOAPService,xmlrpc
+
# HTTPS Port (Secure port)
port.https.enabled=Y
-port.https=8443
+# empty by default see OFBIZ-9206
+port.https=
force.https.host=
# HTTP Port (Not Secure port)
port.http=8080
force.http.host=
-# If you want to use HTTP then set no.http=N. Else all requests will use HTTPS except if put in the http.request-map.list
-no.http=Y
-http.request-map.list=SOAPService,xmlrpc
-
# Static Content URLs to make it easy to move the serving load for static content to other machines
-# -- thse are for general content such as images, js & css files, or non-dynamic HTML files
+# -- these are for general content such as images, js & css files, or non-dynamic HTML files
content.url.prefix.secure=
content.url.prefix.standard=
Modified: ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java?rev=1784930&r1=1784929&r2=1784930&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java (original)
+++ ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java Wed Mar 1 13:36:05 2017
@@ -35,7 +35,6 @@ import javax.servlet.http.HttpServletReq
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import org.apache.ofbiz.base.start.Start;
import org.apache.ofbiz.base.util.Debug;
import org.apache.ofbiz.base.util.SSLUtil;
import org.apache.ofbiz.base.util.StringUtil;
@@ -1008,62 +1007,6 @@ public class RequestHandler {
}
/**
- * Returns a URL String that contains only the scheme and host parts. This method
- * should not be used because it ignores settings in the WebSite entity.
- *
- * @param request
- * @param secure
- * @deprecated Use OfbizUrlBuilder
- */
- @Deprecated
- public static String getDefaultServerRootUrl(HttpServletRequest request, boolean secure) {
- Delegator delegator = (Delegator) request.getAttribute("delegator");
- String httpsPort = EntityUtilProperties.getPropertyValue("url", "port.https", "443", delegator);
- String httpsServer = EntityUtilProperties.getPropertyValue("url", "force.https.host", delegator);
- String httpPort = EntityUtilProperties.getPropertyValue("url", "port.http", "80", delegator);
- String httpServer = EntityUtilProperties.getPropertyValue("url", "force.http.host", delegator);
- boolean useHttps = EntityUtilProperties.propertyValueEqualsIgnoreCase("url", "port.https.enabled", "Y", delegator);
-
- if (Start.getInstance().getConfig().portOffset != 0) {
- Integer httpPortValue = Integer.valueOf(httpPort);
- httpPortValue += Start.getInstance().getConfig().portOffset;
- httpPort = httpPortValue.toString();
- Integer httpsPortValue = Integer.valueOf(httpsPort);
- httpsPortValue += Start.getInstance().getConfig().portOffset;
- httpsPort = httpsPortValue.toString();
- }
-
- StringBuilder newURL = new StringBuilder();
-
- if (secure && useHttps) {
- String server = httpsServer;
- if (UtilValidate.isEmpty(server)) {
- server = request.getServerName();
- }
-
- newURL.append("https://");
- newURL.append(server);
- if (!httpsPort.equals("443")) {
- newURL.append(":").append(httpsPort);
- }
-
- } else {
- String server = httpServer;
- if (UtilValidate.isEmpty(server)) {
- server = request.getServerName();
- }
-
- newURL.append("http://");
- newURL.append(server);
- if (!httpPort.equals("80")) {
- newURL.append(":").append(httpPort);
- }
- }
- return newURL.toString();
- }
-
-
- /**
* Creates a query string based on the redirect parameters for a request response, if specified, or for all request parameters if no redirect parameters are specified.
*
* @param request the Http request
Modified: ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/website/WebSiteProperties.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/website/WebSiteProperties.java?rev=1784930&r1=1784929&r2=1784930&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/website/WebSiteProperties.java (original)
+++ ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/website/WebSiteProperties.java Wed Mar 1 13:36:05 2017
@@ -57,6 +57,7 @@ public final class WebSiteProperties {
Assert.notNull("request", request);
WebSiteProperties webSiteProps = (WebSiteProperties) request.getAttribute("_WEBSITE_PROPS_");
if (webSiteProps == null) {
+ Boolean dontAddPortoffset = false;
Delegator delegator = (Delegator) request.getAttribute("delegator");
WebSiteProperties defaults = new WebSiteProperties(delegator);
String httpPort = defaults.getHttpPort();
@@ -95,6 +96,7 @@ public final class WebSiteProperties {
}
if (httpsPort.isEmpty() && request.isSecure()) {
httpsPort = String.valueOf(request.getServerPort());
+ dontAddPortoffset = true; // We take the port from the request, don't add the portOffset
}
if (httpsHost.isEmpty()) {
httpsHost = request.getServerName();
@@ -104,10 +106,14 @@ public final class WebSiteProperties {
Integer httpPortValue = Integer.valueOf(httpPort);
httpPortValue += Start.getInstance().getConfig().portOffset;
httpPort = httpPortValue.toString();
- Integer httpsPortValue = Integer.valueOf(httpsPort);
- httpsPortValue += Start.getInstance().getConfig().portOffset;
- httpsPort = httpsPortValue.toString();
- }
+ if (!dontAddPortoffset) {
+ Integer httpsPortValue = Integer.valueOf(httpsPort);
+ if (!httpsPort.isEmpty()) {
+ httpsPortValue += Start.getInstance().getConfig().portOffset;
+ }
+ httpsPort = httpsPortValue.toString();
+ }
+ }
webSiteProps = new WebSiteProperties(httpPort, httpHost, httpsPort, httpsHost, enableHttps);
request.setAttribute("_WEBSITE_PROPS_", webSiteProps);
@@ -138,9 +144,9 @@ public final class WebSiteProperties {
httpPortValue += Start.getInstance().getConfig().portOffset;
httpPort = httpPortValue.toString();
Integer httpsPortValue = Integer.valueOf(httpsPort);
- httpsPortValue += Start.getInstance().getConfig().portOffset;
+ httpsPortValue += Start.getInstance().getConfig().portOffset; // Here unlike above we trust the user and don't rely on the request, no dontAddPortoffset.
httpsPort = httpsPortValue.toString();
- }
+ }
return new WebSiteProperties(httpPort, httpHost, httpsPort, httpsHost, enableHttps);
}