You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2022/08/23 12:03:59 UTC

[ofbiz-framework] branch release22.01 updated: Improved: Configure of after-login Events in BasicLogin. (OFBIZ-12630)

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release22.01
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/release22.01 by this push:
     new ce23c03945 Improved: Configure of after-login Events in BasicLogin. (OFBIZ-12630)
ce23c03945 is described below

commit ce23c039450d34c4fe19d23222f500fd124a8e8a
Author: Georg <ge...@ecomify.de>
AuthorDate: Fri Jul 29 14:59:10 2022 +0200

    Improved: Configure of after-login Events in BasicLogin. (OFBIZ-12630)
---
 framework/security/config/security.properties          |  2 ++
 .../ofbiz/webapp/control/ExternalLoginKeysManager.java |  2 +-
 .../org/apache/ofbiz/webapp/control/JWTManager.java    |  2 +-
 .../org/apache/ofbiz/webapp/control/LoginWorker.java   | 18 ++++++++++++------
 4 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/framework/security/config/security.properties b/framework/security/config/security.properties
index 46a0280c7b..1aa8c7ff9b 100644
--- a/framework/security/config/security.properties
+++ b/framework/security/config/security.properties
@@ -291,3 +291,5 @@ allowedProtocols=localhost,127.0.0.1
 #-- eg: allowedURIsForFreemarkerInterpolation=createTextContentCms,updateTextContentCms,...
 allowedURIsForFreemarkerInterpolation=
 
+#-- Configure if after-login events are run in doMainLogin (default) or in do BasicLogin
+security.login.loginEventsAfterBasicLogin=N
diff --git a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java
index 867954304e..0abeaeca45 100644
--- a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java
+++ b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java
@@ -144,7 +144,7 @@ public class ExternalLoginKeysManager {
             request.getSession().setAttribute("userLogin", userLogin);
             userLogin = LoginWorker.checkLogout(request, response);
 
-            LoginWorker.doBasicLogin(userLogin, request);
+            LoginWorker.doBasicLogin(userLogin, request, response);
 
             // Create a secured cookie with the correct userLoginId
             LoginWorker.createSecuredLoginIdCookie(request, response);
diff --git a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/JWTManager.java b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/JWTManager.java
index d8f06822fb..6b9f17e2ab 100644
--- a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/JWTManager.java
+++ b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/JWTManager.java
@@ -120,7 +120,7 @@ public class JWTManager {
             return "success";
         }
 
-        LoginWorker.doBasicLogin(userLogin, request);
+        LoginWorker.doBasicLogin(userLogin, request, response);
         return "success";
     }
 
diff --git a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
index 2e71e537d4..d5895d9a1a 100644
--- a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
+++ b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
@@ -804,7 +804,7 @@ public final class LoginWorker {
             return "error";
         }
         if (userLogin != null && hasBasePermission(userLogin, request)) {
-            doBasicLogin(userLogin, request);
+            doBasicLogin(userLogin, request, response);
         } else {
             String errMsg = UtilProperties.getMessage(RESOURCE, "loginevents.unable_to_login_this_application", UtilHttp.getLocale(request));
             request.setAttribute("_ERROR_MESSAGE_", errMsg);
@@ -817,10 +817,11 @@ public final class LoginWorker {
 
         request.setAttribute("_LOGIN_PASSED_", "TRUE");
 
-        // run the after-login events
-        RequestHandler rh = RequestHandler.getRequestHandler(request.getSession().getServletContext());
-        rh.runAfterLoginEvents(request, response);
-
+        if (!"Y".equals(UtilProperties.getPropertyValue(SEC_PROPERTIES, "security.login.loginEventsAfterBasicLogin", "N"))) {
+            // run the after-login events
+            RequestHandler rh = RequestHandler.getRequestHandler(request.getSession().getServletContext());
+            rh.runAfterLoginEvents(request, response);
+        }
         // Create a secured cookie with the correct userLoginId
         createSecuredLoginIdCookie(request, response);
 
@@ -830,7 +831,7 @@ public final class LoginWorker {
         return autoLoginCheck(request, response);
     }
 
-    public static void doBasicLogin(GenericValue userLogin, HttpServletRequest request) {
+    public static void doBasicLogin(GenericValue userLogin, HttpServletRequest request, HttpServletResponse response) {
         HttpSession session = request.getSession();
         session.setAttribute("userLogin", userLogin);
 
@@ -930,6 +931,11 @@ public final class LoginWorker {
                 Debug.logError(e, MODULE);
             }
         }
+        if ("Y".equals(UtilProperties.getPropertyValue(SEC_PROPERTIES, "security.login.loginEventsAfterBasicLogin", "N"))) {
+            // run the after-login events
+            RequestHandler rh = RequestHandler.getRequestHandler(request.getSession().getServletContext());
+            rh.runAfterLoginEvents(request, response);
+        }
 
         // setup some things that should always be there
         UtilHttp.setInitialRequestInfo(request);