This is an automated email from the ASF dual-hosted git repository.
deepak pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 05349a94f5 Improved: Added support to allow direct view rendering in
override view (#816)
05349a94f5 is described below
commit 05349a94f5b28ed7316580f464217a165956eb3c
Author: Sebastian Tschikin <156071181+stschi...@users.noreply.github.com>
AuthorDate: Fri Jun 14 14:19:06 2024 +0200
Improved: Added support to allow direct view rendering in override view
(#816)
Improved: Added support to allow direct view rendering in override view
functionality (OFBIZ-13117)
Added allow-direct-view-rendering and direct-view-rendering-with-auth in
view-mapping tag, default values will be false. i.e by default now view
is allowed to be used as OOTB overridden view functionality.
In order to allow the view redirection (override) on all workflows
allow-direct-view-rendering must be set to true.
If view redirection is allowed and direct-view-rendering-with-auth is
set to true then login credentials are necessary to use this
functionality.
This feature may break some existing flow where overridden view workflow
is used
Thanks: Deepak Dixit for providing the initial patch
---
.../content/webapp/content/WEB-INF/controller.xml | 2 +-
framework/webapp/dtd/site-conf.xsd | 19 +++++++++++++++++++
.../ofbiz/webapp/control/ConfigXMLReader.java | 22 ++++++++++++++++++++++
.../ofbiz/webapp/control/RequestHandler.java | 20 ++++++++++++++++----
.../ofbiz/webapp/control/RequestHandlerTests.java | 5 ++++-
5 files changed, 62 insertions(+), 6 deletions(-)
diff --git a/applications/content/webapp/content/WEB-INF/controller.xml
b/applications/content/webapp/content/WEB-INF/controller.xml
index 1667d087b0..87e72b564e 100644
--- a/applications/content/webapp/content/WEB-INF/controller.xml
+++ b/applications/content/webapp/content/WEB-INF/controller.xml
@@ -1851,7 +1851,7 @@ under the License.
<view-map name="EditWebSitePathAlias" type="screen"
page="component://content/widget/WebSiteScreens.xml#EditWebSitePathAlias"/>
<view-map name="WebSiteContent" type="screen"
page="component://content/widget/WebSiteScreens.xml#WebSiteContent"/>
<view-map name="WebSiteCMS" type="screen"
page="component://content/widget/WebSiteScreens.xml#WebSiteCMS"/>
- <view-map name="WebSiteCMSContent" type="screen"
page="component://content/widget/WebSiteScreens.xml#WebSiteCMSContent"/>
+ <view-map name="WebSiteCMSContent" type="screen"
page="component://content/widget/WebSiteScreens.xml#WebSiteCMSContent"
allow-direct-view-rendering="true"/>
<view-map name="WebSiteCMSEditor" type="screen"
page="component://content/widget/WebSiteScreens.xml#WebSiteCMSEditor"/>
<view-map name="WebSiteCMSMetaInfo" type="screen"
page="component://content/widget/WebSiteScreens.xml#WebSiteCMSMetaInfo"/>
<view-map name="WebSiteCMSPathAlias" type="screen"
page="component://content/widget/WebSiteScreens.xml#WebSiteCMSPathAlias"/>
diff --git a/framework/webapp/dtd/site-conf.xsd
b/framework/webapp/dtd/site-conf.xsd
index 8f3bf3732c..cf6c63b977 100644
--- a/framework/webapp/dtd/site-conf.xsd
+++ b/framework/webapp/dtd/site-conf.xsd
@@ -776,6 +776,25 @@ under the License.
</xs:documentation>
</xs:annotation>
</xs:attribute>
+ <xs:attribute type="xs:boolean" name="allow-direct-view-rendering"
default="false">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute determines whether direct rendering of the
view is allowed when using the override view functionality.
+ If set to true,
+ the system permits the view to be rendered directly using
the override view functionality.
+ If false or not specified,
+ direct rendering is not allowed, and system throws Unknown
request exception.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ <xs:attribute type="xs:boolean" name="direct-view-rendering-with-auth"
default="false">
+ <xs:annotation>
+ <xs:documentation>
+ If direct-view-rendering-with-auth=true, direct rendering
of the view is only allowed with an active login when using the override view
functionality.
+ If direct-view-rendering-with-auth=false, no active login
is required.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
<xs:attribute name="x-frame-options" default="sameorigin">
<xs:annotation>
<xs:documentation>
diff --git
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ConfigXMLReader.java
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ConfigXMLReader.java
index 1ed0a0a8cd..9cb1aa616f 100644
---
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ConfigXMLReader.java
+++
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ConfigXMLReader.java
@@ -1044,6 +1044,8 @@ public final class ConfigXMLReader {
private String strictTransportSecurity;
private String description;
private boolean noCache = false;
+ private boolean allowDirectViewRendering = false;
+ private boolean directViewRenderingWithAuth = false;
/**
* Gets name.
@@ -1120,6 +1122,24 @@ public final class ConfigXMLReader {
return contentType;
}
+ /**
+ * allow direct view rendering boolean
+ *
+ * @return the boolean
+ */
+ public boolean isAllowDirectViewRendering() {
+ return this.allowDirectViewRendering;
+ }
+
+ /**
+ * direct view rendering with authentication boolean
+ *
+ * @return the boolean
+ */
+ public boolean isDirectViewRenderingWithAuth() {
+ return this.directViewRenderingWithAuth;
+ }
+
/**
* Gets encoding.
* @return the encoding
@@ -1135,6 +1155,8 @@ public final class ConfigXMLReader {
this.info = viewMapElement.getAttribute("info");
this.contentType = viewMapElement.getAttribute("content-type");
this.noCache =
"true".equals(viewMapElement.getAttribute("no-cache"));
+ this.allowDirectViewRendering =
"true".equals(viewMapElement.getAttribute("allow-direct-view-rendering"));
+ this.directViewRenderingWithAuth =
"true".equals(viewMapElement.getAttribute("direct-view-rendering-with-auth"));
this.encoding = viewMapElement.getAttribute("encoding");
this.xFrameOption = viewMapElement.getAttribute("x-frame-options");
this.strictTransportSecurity =
viewMapElement.getAttribute("strict-transport-security");
diff --git
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
index 1e6f110c2b..e3cb6ce8bc 100644
---
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
+++
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
@@ -129,14 +129,18 @@ public final class RequestHandler {
Map<String, List<RequestMap>> requestMapMap =
ccfg.getRequestMapMultiMap();
Collection<RequestMap> rmaps = resolveTemplateURI(requestMapMap, req);
if (rmaps.isEmpty()) {
- Map<String, ConfigXMLReader.ViewMap> viewMapMap =
ccfg.getViewMapMap();
String defaultRequest = ccfg.getDefaultRequest();
String path = req.getPathInfo();
String requestUri = getRequestUri(path);
String overrideViewUri = getOverrideViewUri(path);
+ boolean allowDirectViewRendering = false;
+ // Ensure that overridden view exists and direct view rendering is
allowed.
+ if (UtilValidate.isNotEmpty(overrideViewUri)) {
+ ConfigXMLReader.ViewMap overrideViewMap =
ccfg.getViewMapMap().get(overrideViewUri);
+ allowDirectViewRendering = (overrideViewMap != null &&
overrideViewMap.isAllowDirectViewRendering());
+ }
if (requestMapMap.containsKey(requestUri)
- // Ensure that overridden view exists.
- && (overrideViewUri == null ||
viewMapMap.containsKey(overrideViewUri)
+ && (allowDirectViewRendering
|| ("SOAPService".equals(requestUri) &&
"wsdl".equalsIgnoreCase(req.getQueryString())))) {
rmaps = requestMapMap.get(requestUri);
req.setAttribute("overriddenView", overrideViewUri);
@@ -606,7 +610,13 @@ public final class RequestHandler {
}
// Perform security check.
- if (requestMap.isSecurityAuth()) {
+ boolean directViewRenderingWithAuth = false;
+ // Check if direct view rendering requires authentication.
+ if (UtilValidate.isNotEmpty(overrideViewUri)) {
+ ConfigXMLReader.ViewMap overrideViewMap =
ccfg.getViewMapMap().get(overrideViewUri);
+ directViewRenderingWithAuth = (overrideViewMap != null &&
overrideViewMap.isDirectViewRenderingWithAuth());
+ }
+ if (requestMap.isSecurityAuth() || directViewRenderingWithAuth) {
// Invoke the security handler
// catch exceptions and throw RequestHandlerException if failed.
if (Debug.verboseOn()) {
@@ -629,6 +639,8 @@ public final class RequestHandler {
} else {
requestMap = ccfg.getRequestMapMap().get("ajaxCheckLogin");
}
+ // overrideViewUri needs to be deleted, as there is no
authentication
+ overrideViewUri = null;
}
} else if (requestUri != null) {
String[] loginUris =
EntityUtilProperties.getPropertyValue("security", "login.uris",
delegator).split(",");
diff --git
a/framework/webapp/src/test/java/org/apache/ofbiz/webapp/control/RequestHandlerTests.java
b/framework/webapp/src/test/java/org/apache/ofbiz/webapp/control/RequestHandlerTests.java
index 9ba9ecab58..384cffbbec 100644
---
a/framework/webapp/src/test/java/org/apache/ofbiz/webapp/control/RequestHandlerTests.java
+++
b/framework/webapp/src/test/java/org/apache/ofbiz/webapp/control/RequestHandlerTests.java
@@ -46,6 +46,7 @@ import
org.apache.ofbiz.webapp.control.ConfigXMLReader.ViewMap;
import org.junit.Before;
import org.junit.Test;
import org.w3c.dom.Element;
+import org.mockito.Mockito;
public class RequestHandlerTests {
public static class ResolveURITests {
@@ -190,10 +191,12 @@ public class RequestHandlerTests {
reqMaps.putSingle("foo", foo);
reqMaps.putSingle("bar", bar);
- viewMaps.put("baz", new ViewMap(dummyElement));
+ //viewMaps.put("baz", new ViewMap(dummyElement));
+ viewMaps.put("baz", Mockito.mock(ViewMap.class)); // Mock the
ViewMap
when(req.getPathInfo()).thenReturn("/foo/baz");
when(ccfg.getDefaultRequest()).thenReturn("bar");
+
when(viewMaps.get("baz").isAllowDirectViewRendering()).thenReturn(true);
assertThat(RequestHandler.resolveURI(ccfg, req), hasItem(foo));
}
