You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by Ashish Repal <as...@gmail.com> on 2015/07/25 08:04:33 UTC
getting exception in calling the service
Hi All,
I am getting below exception when calling the service from controller.
[ServiceEventHandler.java:408:ERROR] =============== Found URL parameter
[shipId] passed to secure (https) request-map with uri
[ModifyShipmentStatus] with an event that calls service
[ModifyShipmentStatus]; this is not allowed for security reasons! The data
should be encrypted by making it part of the request body (a form field)
instead of the request URL.
anyone has idea about this?
controller.xml:
<request-map uri="ModifyShipmentStatus">
<security https="true" auth="true" />
<event type="service" path="" invoke="ModifyShipmentStatus"/>
<response name="success" type="view" value="EditTrip"/>
<response name="error" type="view" value="EditTrip"/>
</request-map>
If I comment the security tag in controller it works but later it fails
saying
org.ofbiz.webapp.control.RequestHandlerException: Not accepting insecure
form data posted to a secure request
Regards,
Aashish Repal
09623381664
Re: getting exception in calling the service
Posted by "pierre.gaudin" <pi...@nereide.fr>.
Hi Ashish,
You may try to use a form instead of an url with parameters.
Regards
Pierre
On 25/07/2015 08:04, Ashish Repal wrote:
> Hi All,
> I am getting below exception when calling the service from controller.
>
> [ServiceEventHandler.java:408:ERROR] =============== Found URL parameter
> [shipId] passed to secure (https) request-map with uri
> [ModifyShipmentStatus] with an event that calls service
> [ModifyShipmentStatus]; this is not allowed for security reasons! The data
> should be encrypted by making it part of the request body (a form field)
> instead of the request URL.
>
> anyone has idea about this?
>
> controller.xml:
>
> <request-map uri="ModifyShipmentStatus">
> <security https="true" auth="true" />
> <event type="service" path="" invoke="ModifyShipmentStatus"/>
> <response name="success" type="view" value="EditTrip"/>
> <response name="error" type="view" value="EditTrip"/>
> </request-map>
>
> If I comment the security tag in controller it works but later it fails
> saying
>
> org.ofbiz.webapp.control.RequestHandlerException: Not accepting insecure
> form data posted to a secure request
>
>
>
> Regards,
> Aashish Repal
> 09623381664
>
--
logoNrd <http://nereide.fr/>
Pierre GAUDIN
Consultant Fonctionnel Apache-OFBiz, ERP en logiciel Libre
information@nereide.fr
3bis rue des Isles 37270 VERETZ
Std: 02 47 50 30 54 - mob: 06 08 40 25 70
ofbiz-fr <http://www.ofbiz-fr.org/> | réseau LE
<http://www.libre-entreprise.org/>
Re: getting exception in calling the service
Posted by Ashish Repal <as...@gmail.com>.
Thanks Deepak!!
Regards,
Aashish Repal
09623381664
On Mon, Jul 27, 2015 at 11:19 AM, Deepak Dixit <
deepak.dixit@hotwaxsystems.com> wrote:
> Hi Ashish,
>
> Comment inline:
>
> > On Jul 25, 2015, at 5:01 PM, Ashish Repal <as...@gmail.com> wrote:
> >
> > Actually this is a listing screen where i have provided hyperlinks using
> > href.
> > Eg. in ftl
> > <td><a
> >
> href="/facility/control/ModifyShipmentStatus?shipId=${tripShipmentData.shipId?if_exists}&status=Delivered"
> > class="buttontext">Delivered</a></td>
>
> Here you can create a html form element;
>
> <form action=“<@o...@ofbizUrl>” method=“post”>
> <input type=“hidden” name=“shipId” value=“${tripShipmentData.shipId!}”
> />
> <input type=“submit” value=“ Delivered” />
> </form>
>
>
> >
> > and in Form.xml
> >
> > <field name="start" position="2" title=""
> widget-style="buttontext"
> > use-when=""N".equals(isStarted)" >
> > <hyperlink target="/startShip" description="start Ship" >
> > <parameter param-name="tripId" value="${shipId}"
> > />
> > </hyperlink>
> > </field>
>
> You can use link-type="hidden-form” in form widget to render link as form.
>
>
> Thanks & Regards
> —
> Deepak Dixit
>
> >
> >
> > Regards,
> > Aashish Repal
> > 09623381664
> >
> > On Sat, Jul 25, 2015 at 1:00 PM, Adrian Crum <
> > adrian.crum@sandglass-software.com> wrote:
> >
> >> Basically, you need to invoke the URL with an HTTP POST instead of an
> HTTP
> >> GET.
> >>
> >> Adrian Crum
> >> Sandglass Software
> >> www.sandglass-software.com
> >>
> >>
> >> On 7/24/2015 11:04 PM, Ashish Repal wrote:
> >>
> >>> Hi All,
> >>> I am getting below exception when calling the service from controller.
> >>>
> >>> [ServiceEventHandler.java:408:ERROR] =============== Found URL
> parameter
> >>> [shipId] passed to secure (https) request-map with uri
> >>> [ModifyShipmentStatus] with an event that calls service
> >>> [ModifyShipmentStatus]; this is not allowed for security reasons! The
> data
> >>> should be encrypted by making it part of the request body (a form
> field)
> >>> instead of the request URL.
> >>>
> >>> anyone has idea about this?
> >>>
> >>> controller.xml:
> >>>
> >>> <request-map uri="ModifyShipmentStatus">
> >>> <security https="true" auth="true" />
> >>> <event type="service" path="" invoke="ModifyShipmentStatus"/>
> >>> <response name="success" type="view" value="EditTrip"/>
> >>> <response name="error" type="view" value="EditTrip"/>
> >>> </request-map>
> >>>
> >>> If I comment the security tag in controller it works but later it fails
> >>> saying
> >>>
> >>> org.ofbiz.webapp.control.RequestHandlerException: Not accepting
> insecure
> >>> form data posted to a secure request
> >>>
> >>>
> >>>
> >>> Regards,
> >>> Aashish Repal
> >>> 09623381664
> >>>
> >>>
>
>
Re: getting exception in calling the service
Posted by Deepak Dixit <de...@hotwaxsystems.com>.
Hi Ashish,
Comment inline:
> On Jul 25, 2015, at 5:01 PM, Ashish Repal <as...@gmail.com> wrote:
>
> Actually this is a listing screen where i have provided hyperlinks using
> href.
> Eg. in ftl
> <td><a
> href="/facility/control/ModifyShipmentStatus?shipId=${tripShipmentData.shipId?if_exists}&status=Delivered"
> class="buttontext">Delivered</a></td>
Here you can create a html form element;
<form action=“<@o...@ofbizUrl>” method=“post”>
<input type=“hidden” name=“shipId” value=“${tripShipmentData.shipId!}” />
<input type=“submit” value=“ Delivered” />
</form>
>
> and in Form.xml
>
> <field name="start" position="2" title="" widget-style="buttontext"
> use-when=""N".equals(isStarted)" >
> <hyperlink target="/startShip" description="start Ship" >
> <parameter param-name="tripId" value="${shipId}"
> />
> </hyperlink>
> </field>
You can use link-type="hidden-form” in form widget to render link as form.
Thanks & Regards
—
Deepak Dixit
>
>
> Regards,
> Aashish Repal
> 09623381664
>
> On Sat, Jul 25, 2015 at 1:00 PM, Adrian Crum <
> adrian.crum@sandglass-software.com> wrote:
>
>> Basically, you need to invoke the URL with an HTTP POST instead of an HTTP
>> GET.
>>
>> Adrian Crum
>> Sandglass Software
>> www.sandglass-software.com
>>
>>
>> On 7/24/2015 11:04 PM, Ashish Repal wrote:
>>
>>> Hi All,
>>> I am getting below exception when calling the service from controller.
>>>
>>> [ServiceEventHandler.java:408:ERROR] =============== Found URL parameter
>>> [shipId] passed to secure (https) request-map with uri
>>> [ModifyShipmentStatus] with an event that calls service
>>> [ModifyShipmentStatus]; this is not allowed for security reasons! The data
>>> should be encrypted by making it part of the request body (a form field)
>>> instead of the request URL.
>>>
>>> anyone has idea about this?
>>>
>>> controller.xml:
>>>
>>> <request-map uri="ModifyShipmentStatus">
>>> <security https="true" auth="true" />
>>> <event type="service" path="" invoke="ModifyShipmentStatus"/>
>>> <response name="success" type="view" value="EditTrip"/>
>>> <response name="error" type="view" value="EditTrip"/>
>>> </request-map>
>>>
>>> If I comment the security tag in controller it works but later it fails
>>> saying
>>>
>>> org.ofbiz.webapp.control.RequestHandlerException: Not accepting insecure
>>> form data posted to a secure request
>>>
>>>
>>>
>>> Regards,
>>> Aashish Repal
>>> 09623381664
>>>
>>>
Re: getting exception in calling the service
Posted by Ashish Repal <as...@gmail.com>.
Actually this is a listing screen where i have provided hyperlinks using
href.
Eg. in ftl
<td><a
href="/facility/control/ModifyShipmentStatus?shipId=${tripShipmentData.shipId?if_exists}&status=Delivered"
class="buttontext">Delivered</a></td>
and in Form.xml
<field name="start" position="2" title="" widget-style="buttontext"
use-when=""N".equals(isStarted)" >
<hyperlink target="/startShip" description="start Ship" >
<parameter param-name="tripId" value="${shipId}"
/>
</hyperlink>
</field>
Regards,
Aashish Repal
09623381664
On Sat, Jul 25, 2015 at 1:00 PM, Adrian Crum <
adrian.crum@sandglass-software.com> wrote:
> Basically, you need to invoke the URL with an HTTP POST instead of an HTTP
> GET.
>
> Adrian Crum
> Sandglass Software
> www.sandglass-software.com
>
>
> On 7/24/2015 11:04 PM, Ashish Repal wrote:
>
>> Hi All,
>> I am getting below exception when calling the service from controller.
>>
>> [ServiceEventHandler.java:408:ERROR] =============== Found URL parameter
>> [shipId] passed to secure (https) request-map with uri
>> [ModifyShipmentStatus] with an event that calls service
>> [ModifyShipmentStatus]; this is not allowed for security reasons! The data
>> should be encrypted by making it part of the request body (a form field)
>> instead of the request URL.
>>
>> anyone has idea about this?
>>
>> controller.xml:
>>
>> <request-map uri="ModifyShipmentStatus">
>> <security https="true" auth="true" />
>> <event type="service" path="" invoke="ModifyShipmentStatus"/>
>> <response name="success" type="view" value="EditTrip"/>
>> <response name="error" type="view" value="EditTrip"/>
>> </request-map>
>>
>> If I comment the security tag in controller it works but later it fails
>> saying
>>
>> org.ofbiz.webapp.control.RequestHandlerException: Not accepting insecure
>> form data posted to a secure request
>>
>>
>>
>> Regards,
>> Aashish Repal
>> 09623381664
>>
>>
Re: getting exception in calling the service
Posted by Adrian Crum <ad...@sandglass-software.com>.
Basically, you need to invoke the URL with an HTTP POST instead of an
HTTP GET.
Adrian Crum
Sandglass Software
www.sandglass-software.com
On 7/24/2015 11:04 PM, Ashish Repal wrote:
> Hi All,
> I am getting below exception when calling the service from controller.
>
> [ServiceEventHandler.java:408:ERROR] =============== Found URL parameter
> [shipId] passed to secure (https) request-map with uri
> [ModifyShipmentStatus] with an event that calls service
> [ModifyShipmentStatus]; this is not allowed for security reasons! The data
> should be encrypted by making it part of the request body (a form field)
> instead of the request URL.
>
> anyone has idea about this?
>
> controller.xml:
>
> <request-map uri="ModifyShipmentStatus">
> <security https="true" auth="true" />
> <event type="service" path="" invoke="ModifyShipmentStatus"/>
> <response name="success" type="view" value="EditTrip"/>
> <response name="error" type="view" value="EditTrip"/>
> </request-map>
>
> If I comment the security tag in controller it works but later it fails
> saying
>
> org.ofbiz.webapp.control.RequestHandlerException: Not accepting insecure
> form data posted to a secure request
>
>
>
> Regards,
> Aashish Repal
> 09623381664
>