You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2022/08/23 12:03:59 UTC
[ofbiz-framework] branch release22.01 updated: Improved: Configure of after-login Events in BasicLogin. (OFBIZ-12630)
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release22.01
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release22.01 by this push:
new ce23c03945 Improved: Configure of after-login Events in BasicLogin. (OFBIZ-12630)
ce23c03945 is described below
commit ce23c039450d34c4fe19d23222f500fd124a8e8a
Author: Georg <ge...@ecomify.de>
AuthorDate: Fri Jul 29 14:59:10 2022 +0200
Improved: Configure of after-login Events in BasicLogin. (OFBIZ-12630)
---
framework/security/config/security.properties | 2 ++
.../ofbiz/webapp/control/ExternalLoginKeysManager.java | 2 +-
.../org/apache/ofbiz/webapp/control/JWTManager.java | 2 +-
.../org/apache/ofbiz/webapp/control/LoginWorker.java | 18 ++++++++++++------
4 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/framework/security/config/security.properties b/framework/security/config/security.properties
index 46a0280c7b..1aa8c7ff9b 100644
--- a/framework/security/config/security.properties
+++ b/framework/security/config/security.properties
@@ -291,3 +291,5 @@ allowedProtocols=localhost,127.0.0.1
#-- eg: allowedURIsForFreemarkerInterpolation=createTextContentCms,updateTextContentCms,...
allowedURIsForFreemarkerInterpolation=
+#-- Configure if after-login events are run in doMainLogin (default) or in do BasicLogin
+security.login.loginEventsAfterBasicLogin=N
diff --git a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java
index 867954304e..0abeaeca45 100644
--- a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java
+++ b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java
@@ -144,7 +144,7 @@ public class ExternalLoginKeysManager {
request.getSession().setAttribute("userLogin", userLogin);
userLogin = LoginWorker.checkLogout(request, response);
- LoginWorker.doBasicLogin(userLogin, request);
+ LoginWorker.doBasicLogin(userLogin, request, response);
// Create a secured cookie with the correct userLoginId
LoginWorker.createSecuredLoginIdCookie(request, response);
diff --git a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/JWTManager.java b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/JWTManager.java
index d8f06822fb..6b9f17e2ab 100644
--- a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/JWTManager.java
+++ b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/JWTManager.java
@@ -120,7 +120,7 @@ public class JWTManager {
return "success";
}
- LoginWorker.doBasicLogin(userLogin, request);
+ LoginWorker.doBasicLogin(userLogin, request, response);
return "success";
}
diff --git a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
index 2e71e537d4..d5895d9a1a 100644
--- a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
+++ b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
@@ -804,7 +804,7 @@ public final class LoginWorker {
return "error";
}
if (userLogin != null && hasBasePermission(userLogin, request)) {
- doBasicLogin(userLogin, request);
+ doBasicLogin(userLogin, request, response);
} else {
String errMsg = UtilProperties.getMessage(RESOURCE, "loginevents.unable_to_login_this_application", UtilHttp.getLocale(request));
request.setAttribute("_ERROR_MESSAGE_", errMsg);
@@ -817,10 +817,11 @@ public final class LoginWorker {
request.setAttribute("_LOGIN_PASSED_", "TRUE");
- // run the after-login events
- RequestHandler rh = RequestHandler.getRequestHandler(request.getSession().getServletContext());
- rh.runAfterLoginEvents(request, response);
-
+ if (!"Y".equals(UtilProperties.getPropertyValue(SEC_PROPERTIES, "security.login.loginEventsAfterBasicLogin", "N"))) {
+ // run the after-login events
+ RequestHandler rh = RequestHandler.getRequestHandler(request.getSession().getServletContext());
+ rh.runAfterLoginEvents(request, response);
+ }
// Create a secured cookie with the correct userLoginId
createSecuredLoginIdCookie(request, response);
@@ -830,7 +831,7 @@ public final class LoginWorker {
return autoLoginCheck(request, response);
}
- public static void doBasicLogin(GenericValue userLogin, HttpServletRequest request) {
+ public static void doBasicLogin(GenericValue userLogin, HttpServletRequest request, HttpServletResponse response) {
HttpSession session = request.getSession();
session.setAttribute("userLogin", userLogin);
@@ -930,6 +931,11 @@ public final class LoginWorker {
Debug.logError(e, MODULE);
}
}
+ if ("Y".equals(UtilProperties.getPropertyValue(SEC_PROPERTIES, "security.login.loginEventsAfterBasicLogin", "N"))) {
+ // run the after-login events
+ RequestHandler rh = RequestHandler.getRequestHandler(request.getSession().getServletContext());
+ rh.runAfterLoginEvents(request, response);
+ }
// setup some things that should always be there
UtilHttp.setInitialRequestInfo(request);