You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by Deepak Nigam <de...@gmail.com> on 2019/01/15 12:42:32 UTC
Re: svn commit: r1851076 - in /ofbiz/ofbiz-framework/branches/release17.12:
./ framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
Hi Jacques,
There is a chance of getting Null Pointer Exception (while creating the
auto-login cookie & calling the method autoLoginCheck() inside the if
block) if the userLogin is null. IMO, the below condition
*if (userLogin != null && *
* (webappInfo != null &&
webappInfo.isAutologinCookieUsed()) || webappInfo == null) {
//
When using an empty mounpoint, ie using root as mounpoint. Beware:
works only for 1 webapp!*
can be improved as,
*if (userLogin != null && *
* ((webappInfo != null &&
webappInfo.isAutologinCookieUsed()) || webappInfo == null))
{ //
When using an empty mounpoint, ie using root as mounpoint. Beware:
works only for 1 webapp!*
Thanks & Regards
--
Deepak Nigam
HotWax Systems Pvt. Ltd
On Fri, Jan 11, 2019 at 9:57 PM <jl...@apache.org> wrote:
> Author: jleroux
> Date: Fri Jan 11 16:27:11 2019
> New Revision: 1851076
>
> URL: http://svn.apache.org/viewvc?rev=1851076&view=rev
> Log:
> "Applied fix from trunk for revision: 1851074 "
> ------------------------------------------------------------------------
> r1851074 | jleroux | 2019-01-11 17:26:13 +0100 (ven. 11 janv. 2019) | 17
> lignes
>
> Fixed: Correct behaviour of Autologin cookies
> (OFBIZ-10635)
>
> In the method to set the autoLogin cookie, LoginWorker::autoLoginSet,
> system fetches the webAppInfo by using the
> method ComponentConfig::getWebappInfo. In this method, serverId and
> applicationName are passed as arguments.
>
> *WebappInfo webappInfo = ComponentConfig.getWebappInfo((String)
> context.getAttribute("_serverId"), UtilHttp.getApplicationName(request));*
>
> If the mount-point of the web app is set as an empty string, then 'root'
> will be used as the application name, due to which the object webAppInfo
> will come null. If the webAppInfo is null then the autoLogin cookie will
> not be created and added to the response object by the system.
>
> Thanks: Aditya for report and Mathieu Lirzin for discussion
> ------------------------------------------------------------------------
>
> Modified:
> ofbiz/ofbiz-framework/branches/release17.12/ (props changed)
>
> ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
>
> Propchange: ofbiz/ofbiz-framework/branches/release17.12/
>
> ------------------------------------------------------------------------------
> --- svn:mergeinfo (original)
> +++ svn:mergeinfo Fri Jan 11 16:27:11 2019
> @@ -10,4 +10,4 @@
> /ofbiz/branches/json-integration-refactoring:1634077-1635900
> /ofbiz/branches/multitenant20100310:921280-927264
> /ofbiz/branches/release13.07:1547657
>
> -/ofbiz/ofbiz-framework/trunk:1819499,1819598,1819800,1819805,1819811,1819947,1820038,1820262,1820374-1820375,1820441,1820457,1820644,1820658,1820790,1820823,1820949,1820966,1821012,1821036,1821112,1821115,1821144,1821186,1821219,1821226,1821230,1821386,1821613,1821628,1821965,1822125,1822310,1822377,1822383,1822393,1823467,1823562,1823876,1824314,1824316,1824732,1824803,1824847,1824855,1825192,1825211,1825216,1825233,1825450,1826374,1826502,1826592,1826671,1826674,1826780,1826805,1826938,1826997,1827439,1828255,1828316,1828346,1828424,1828512,1828514,1829690,1830936,1831074,1831078,1831234,1831608,1831831,1832577,1832662,1832756,1832800,1832944,1833173,1833211,1834181,1834191,1834736,1835235,1835887,1835891,1835953,1835964,1836144,1836871,1837857,1838032,1838256,1838381,1840189,1840199,1840828,1841657,1841662,1842372,1842921,1843225,1843893,1844943,1845418,1845420,1845466,1845544,1845552,1845558,1845933,1845995,1846097,1846107,1846214,1846594,1846632,1847398,1847478,1847670,1847715,
>
> 1847890,1848263,1848336,1848386,1848398,1848441,1848444,1848447,1848449,1848467,1848469,1848745,1848849-1848850,1849021,1849191,1849193,1849275,1849467,1849528,1849540,1849567,1849693,1850015,1850023,1850530,1850647,1850685,1850694,1850918,1850948,1850953,1851006,1851068
>
> +/ofbiz/ofbiz-framework/trunk:1819499,1819598,1819800,1819805,1819811,1819947,1820038,1820262,1820374-1820375,1820441,1820457,1820644,1820658,1820790,1820823,1820949,1820966,1821012,1821036,1821112,1821115,1821144,1821186,1821219,1821226,1821230,1821386,1821613,1821628,1821965,1822125,1822310,1822377,1822383,1822393,1823467,1823562,1823876,1824314,1824316,1824732,1824803,1824847,1824855,1825192,1825211,1825216,1825233,1825450,1826374,1826502,1826592,1826671,1826674,1826780,1826805,1826938,1826997,1827439,1828255,1828316,1828346,1828424,1828512,1828514,1829690,1830936,1831074,1831078,1831234,1831608,1831831,1832577,1832662,1832756,1832800,1832944,1833173,1833211,1834181,1834191,1834736,1835235,1835887,1835891,1835953,1835964,1836144,1836871,1837857,1838032,1838256,1838381,1840189,1840199,1840828,1841657,1841662,1842372,1842921,1843225,1843893,1844943,1845418,1845420,1845466,1845544,1845552,1845558,1845933,1845995,1846097,1846107,1846214,1846594,1846632,1847398,1847478,1847670,1847715,
>
> 1847890,1848263,1848336,1848386,1848398,1848441,1848444,1848447,1848449,1848467,1848469,1848745,1848849-1848850,1849021,1849191,1849193,1849275,1849467,1849528,1849540,1849567,1849693,1850015,1850023,1850530,1850647,1850685,1850694,1850918,1850948,1850953,1851006,1851068,1851074
>
> Modified:
> ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
> URL:
> http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java?rev=1851076&r1=1851075&r2=1851076&view=diff
>
> ==============================================================================
> ---
> ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
> (original)
> +++
> ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
> Fri Jan 11 16:27:11 2019
> @@ -711,13 +711,16 @@ public class LoginWorker {
> HttpSession session = request.getSession();
> GenericValue userLogin = (GenericValue)
> session.getAttribute("userLogin");
> ServletContext context = request.getServletContext();
> - WebappInfo webappInfo = ComponentConfig.getWebappInfo((String)
> context.getAttribute("_serverId"), UtilHttp.getApplicationName(request));
> + String applicationName = UtilHttp.getApplicationName(request);
> + WebappInfo webappInfo = ComponentConfig.getWebappInfo((String)
> context.getAttribute("_serverId"), applicationName);
>
> - if (userLogin != null && webappInfo != null &&
> webappInfo.isAutologinCookieUsed()) {
> + if (userLogin != null &&
> + (webappInfo != null && webappInfo.isAutologinCookieUsed())
> + || webappInfo == null) { // When using an empty
> mounpoint, ie using root as mounpoint. Beware: works only for 1 webapp!
> Cookie autoLoginCookie = new
> Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
> autoLoginCookie.setMaxAge(60 * 60 * 24 * 365);
>
> autoLoginCookie.setDomain(EntityUtilProperties.getPropertyValue("url",
> "cookie.domain", delegator));
> - autoLoginCookie.setPath("/" +
> UtilHttp.getApplicationName(request).replaceAll("/","_"));
> + autoLoginCookie.setPath("/" +
> applicationName.replaceAll("/","_"));
> autoLoginCookie.setSecure(true);
> autoLoginCookie.setHttpOnly(true);
> response.addCookie(autoLoginCookie);
>
>
>
Re: svn commit: r1851076 - in
/ofbiz/ofbiz-framework/branches/release17.12: ./
framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
Posted by Jacques Le Roux <ja...@les7arts.com>.
Thanks Deepak,
Fixed in OFBIZ-10635
Jacques
Le 15/01/2019 à 13:42, Deepak Nigam a écrit :
> Hi Jacques,
>
> There is a chance of getting Null Pointer Exception (while creating the
> auto-login cookie & calling the method autoLoginCheck() inside the if
> block) if the userLogin is null. IMO, the below condition
>
>
> *if (userLogin != null && *
>
> * (webappInfo != null &&
> webappInfo.isAutologinCookieUsed()) || webappInfo == null) {
> //
> When using an empty mounpoint, ie using root as mounpoint. Beware:
> works only for 1 webapp!*
>
> can be improved as,
>
>
> *if (userLogin != null && *
>
> * ((webappInfo != null &&
> webappInfo.isAutologinCookieUsed()) || webappInfo == null))
> { //
> When using an empty mounpoint, ie using root as mounpoint. Beware:
> works only for 1 webapp!*
>
>
> Thanks & Regards
> --
> Deepak Nigam
> HotWax Systems Pvt. Ltd
>
> On Fri, Jan 11, 2019 at 9:57 PM <jl...@apache.org> wrote:
>
>> Author: jleroux
>> Date: Fri Jan 11 16:27:11 2019
>> New Revision: 1851076
>>
>> URL: http://svn.apache.org/viewvc?rev=1851076&view=rev
>> Log:
>> "Applied fix from trunk for revision: 1851074"
>> ------------------------------------------------------------------------
>> r1851074 | jleroux | 2019-01-11 17:26:13 +0100 (ven. 11 janv. 2019) | 17
>> lignes
>>
>> Fixed: Correct behaviour of Autologin cookies
>> (OFBIZ-10635)
>>
>> In the method to set the autoLogin cookie, LoginWorker::autoLoginSet,
>> system fetches the webAppInfo by using the
>> method ComponentConfig::getWebappInfo. In this method, serverId and
>> applicationName are passed as arguments.
>>
>> *WebappInfo webappInfo = ComponentConfig.getWebappInfo((String)
>> context.getAttribute("_serverId"), UtilHttp.getApplicationName(request));*
>>
>> If the mount-point of the web app is set as an empty string, then 'root'
>> will be used as the application name, due to which the object webAppInfo
>> will come null. If the webAppInfo is null then the autoLogin cookie will
>> not be created and added to the response object by the system.
>>
>> Thanks: Aditya for report and Mathieu Lirzin for discussion
>> ------------------------------------------------------------------------
>>
>> Modified:
>> ofbiz/ofbiz-framework/branches/release17.12/ (props changed)
>>
>> ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
>>
>> Propchange: ofbiz/ofbiz-framework/branches/release17.12/
>>
>> ------------------------------------------------------------------------------
>> --- svn:mergeinfo (original)
>> +++ svn:mergeinfo Fri Jan 11 16:27:11 2019
>> @@ -10,4 +10,4 @@
>> /ofbiz/branches/json-integration-refactoring:1634077-1635900
>> /ofbiz/branches/multitenant20100310:921280-927264
>> /ofbiz/branches/release13.07:1547657
>>
>> -/ofbiz/ofbiz-framework/trunk:1819499,1819598,1819800,1819805,1819811,1819947,1820038,1820262,1820374-1820375,1820441,1820457,1820644,1820658,1820790,1820823,1820949,1820966,1821012,1821036,1821112,1821115,1821144,1821186,1821219,1821226,1821230,1821386,1821613,1821628,1821965,1822125,1822310,1822377,1822383,1822393,1823467,1823562,1823876,1824314,1824316,1824732,1824803,1824847,1824855,1825192,1825211,1825216,1825233,1825450,1826374,1826502,1826592,1826671,1826674,1826780,1826805,1826938,1826997,1827439,1828255,1828316,1828346,1828424,1828512,1828514,1829690,1830936,1831074,1831078,1831234,1831608,1831831,1832577,1832662,1832756,1832800,1832944,1833173,1833211,1834181,1834191,1834736,1835235,1835887,1835891,1835953,1835964,1836144,1836871,1837857,1838032,1838256,1838381,1840189,1840199,1840828,1841657,1841662,1842372,1842921,1843225,1843893,1844943,1845418,1845420,1845466,1845544,1845552,1845558,1845933,1845995,1846097,1846107,1846214,1846594,1846632,1847398,1847478,1847670,1847715,
>>
>> 1847890,1848263,1848336,1848386,1848398,1848441,1848444,1848447,1848449,1848467,1848469,1848745,1848849-1848850,1849021,1849191,1849193,1849275,1849467,1849528,1849540,1849567,1849693,1850015,1850023,1850530,1850647,1850685,1850694,1850918,1850948,1850953,1851006,1851068
>>
>> +/ofbiz/ofbiz-framework/trunk:1819499,1819598,1819800,1819805,1819811,1819947,1820038,1820262,1820374-1820375,1820441,1820457,1820644,1820658,1820790,1820823,1820949,1820966,1821012,1821036,1821112,1821115,1821144,1821186,1821219,1821226,1821230,1821386,1821613,1821628,1821965,1822125,1822310,1822377,1822383,1822393,1823467,1823562,1823876,1824314,1824316,1824732,1824803,1824847,1824855,1825192,1825211,1825216,1825233,1825450,1826374,1826502,1826592,1826671,1826674,1826780,1826805,1826938,1826997,1827439,1828255,1828316,1828346,1828424,1828512,1828514,1829690,1830936,1831074,1831078,1831234,1831608,1831831,1832577,1832662,1832756,1832800,1832944,1833173,1833211,1834181,1834191,1834736,1835235,1835887,1835891,1835953,1835964,1836144,1836871,1837857,1838032,1838256,1838381,1840189,1840199,1840828,1841657,1841662,1842372,1842921,1843225,1843893,1844943,1845418,1845420,1845466,1845544,1845552,1845558,1845933,1845995,1846097,1846107,1846214,1846594,1846632,1847398,1847478,1847670,1847715,
>>
>> 1847890,1848263,1848336,1848386,1848398,1848441,1848444,1848447,1848449,1848467,1848469,1848745,1848849-1848850,1849021,1849191,1849193,1849275,1849467,1849528,1849540,1849567,1849693,1850015,1850023,1850530,1850647,1850685,1850694,1850918,1850948,1850953,1851006,1851068,1851074
>>
>> Modified:
>> ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
>> URL:
>> http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java?rev=1851076&r1=1851075&r2=1851076&view=diff
>>
>> ==============================================================================
>> ---
>> ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
>> (original)
>> +++
>> ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
>> Fri Jan 11 16:27:11 2019
>> @@ -711,13 +711,16 @@ public class LoginWorker {
>> HttpSession session = request.getSession();
>> GenericValue userLogin = (GenericValue)
>> session.getAttribute("userLogin");
>> ServletContext context = request.getServletContext();
>> - WebappInfo webappInfo = ComponentConfig.getWebappInfo((String)
>> context.getAttribute("_serverId"), UtilHttp.getApplicationName(request));
>> + String applicationName = UtilHttp.getApplicationName(request);
>> + WebappInfo webappInfo = ComponentConfig.getWebappInfo((String)
>> context.getAttribute("_serverId"), applicationName);
>>
>> - if (userLogin != null && webappInfo != null &&
>> webappInfo.isAutologinCookieUsed()) {
>> + if (userLogin != null &&
>> + (webappInfo != null && webappInfo.isAutologinCookieUsed())
>> + || webappInfo == null) { // When using an empty
>> mounpoint, ie using root as mounpoint. Beware: works only for 1 webapp!
>> Cookie autoLoginCookie = new
>> Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
>> autoLoginCookie.setMaxAge(60 * 60 * 24 * 365);
>>
>> autoLoginCookie.setDomain(EntityUtilProperties.getPropertyValue("url",
>> "cookie.domain", delegator));
>> - autoLoginCookie.setPath("/" +
>> UtilHttp.getApplicationName(request).replaceAll("/","_"));
>> + autoLoginCookie.setPath("/" +
>> applicationName.replaceAll("/","_"));
>> autoLoginCookie.setSecure(true);
>> autoLoginCookie.setHttpOnly(true);
>> response.addCookie(autoLoginCookie);
>>
>>
>>