You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2018/03/21 21:00:50 UTC
svn commit: r1827442 - in /ofbiz/ofbiz-framework/branches/release17.12: ./
framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ContextFilter.java
Author: jleroux
Date: Wed Mar 21 21:00:50 2018
New Revision: 1827442
URL: http://svn.apache.org/viewvc?rev=1827442&view=rev
Log:
"Applied fix from trunk for revision: 1827441 "
------------------------------------------------------------------------
r1827441 | jleroux | 2018-03-21 21:59:49 +0100 (mer., 21 mars 2018) | 4 lines
Fixed: Token Based Authentication
(OFBIZ-9833)
Reverts change in ContextFilter.java committed with 1813679, was wrong
------------------------------------------------------------------------
Modified:
ofbiz/ofbiz-framework/branches/release17.12/ (props changed)
ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ContextFilter.java
Propchange: ofbiz/ofbiz-framework/branches/release17.12/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Mar 21 21:00:50 2018
@@ -10,4 +10,4 @@
/ofbiz/branches/json-integration-refactoring:1634077-1635900
/ofbiz/branches/multitenant20100310:921280-927264
/ofbiz/branches/release13.07:1547657
-/ofbiz/ofbiz-framework/trunk:1819499,1819598,1819800,1819805,1819811,1820038,1820262,1820374-1820375,1820441,1820457,1820644,1820658,1820790,1820823,1820949,1820966,1821012,1821036,1821112,1821115,1821144,1821186,1821219,1821226,1821230,1821386,1821600,1821613,1821628,1821965,1822125,1822310,1822377,1822383,1822393,1822882,1823324,1823467,1823562,1823876,1824260,1824314,1824316,1824732,1824803,1824847,1824855,1825192,1825211,1825216,1825233,1825450,1826374,1826502,1826592,1826671,1826674,1826805,1826938,1826997,1827439
+/ofbiz/ofbiz-framework/trunk:1819499,1819598,1819800,1819805,1819811,1820038,1820262,1820374-1820375,1820441,1820457,1820644,1820658,1820790,1820823,1820949,1820966,1821012,1821036,1821112,1821115,1821144,1821186,1821219,1821226,1821230,1821386,1821600,1821613,1821628,1821965,1822125,1822310,1822377,1822383,1822393,1822882,1823324,1823467,1823562,1823876,1824260,1824314,1824316,1824732,1824803,1824847,1824855,1825192,1825211,1825216,1825233,1825450,1826374,1826502,1826592,1826671,1826674,1826805,1826938,1826997,1827439,1827441
Modified: ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ContextFilter.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ContextFilter.java?rev=1827442&r1=1827441&r2=1827442&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ContextFilter.java (original)
+++ ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ContextFilter.java Wed Mar 21 21:00:50 2018
@@ -28,7 +28,6 @@ import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.apache.ofbiz.base.util.Debug;
@@ -188,33 +187,8 @@ public class ContextFilter implements Fi
}
}
- HttpServletRequestWrapper wrapper = new HttpServletRequestWrapper(httpRequest) {
- @Override
- public String getHeader(String name) {
- String sourceWebappName = request.getParameter(ExternalLoginKeysManager.SOURCE_SERVER_WEBAPP_NAME);
- String value = null;
- if (sourceWebappName != null) {
- HttpServletRequest httpRequest = (HttpServletRequest) request;
- String userLoginId = LoginWorker.getAutoUserLoginId(httpRequest, sourceWebappName);
- if (userLoginId != null) { // At this stage the user must be logged in. But safer to check because we can't grab it from the session here.
- // ExternalLoginKeysManager.createJwt() arguments in order:
- // id an Id, here userLoginId
- // issuer is who/what issued the token, here the server URL
- // subject is the subject of the token, here the target webapp
- // timeToLive is the token maximum duration, default 30 seconds
- String targetWebAppName = UtilHttp.getApplicationName(httpRequest);
- String targetServerUrl = ExternalLoginKeysManager.getTargetServerUrl(httpRequest);
- long timeToLive = ExternalLoginKeysManager.getJwtTokenTimeToLive(httpRequest);
- // We would need a Bearer token (in Authorization request header) if we were using Oauth2, here we don't, so no Bearer
- value = ExternalLoginKeysManager.createJwt(userLoginId, targetServerUrl, targetWebAppName , timeToLive);
- }
- }
- if (value != null) return value;
- return super.getHeader(name);
- }
- };
// we're done checking; continue on
- chain.doFilter(wrapper, httpResponse);
+ chain.doFilter(request, httpResponse);
}
/**