This is an automated email from the ASF dual-hosted git repository.
deepak pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release18.12 by this push:
new 8b1ee1b3a5 Improved: Added support to allow direct view rendering in
override view functionality (OFBIZ-13117)
8b1ee1b3a5 is described below
commit 8b1ee1b3a5da79ae669aee324c51d073e4ba8b1f
Author: Deepak Dixit <dee...@apache.org>
AuthorDate: Fri Jun 14 19:26:51 2024 +0530
Improved: Added support to allow direct view rendering in override view
functionality (OFBIZ-13117)
Added allow-direct-view-rendering and direct-view-rendering-with-auth in
view-mapping tag, default values will be false. i.e by default now view
is allowed to be used as OOTB overridden view functionality.
In order to allow the view redirection (override) on all workflows
allow-direct-view-rendering must be set to true.
If view redirection is allowed and direct-view-rendering-with-auth is
set to true then login credentials are necessary to use this
functionality.
This feature may break some existing flow where overridden view workflow
is used
Thanks: Deepak Dixit for providing the initial patch
---
.../content/webapp/content/WEB-INF/controller.xml | 2 +-
framework/webapp/dtd/site-conf.xsd | 19 +++++++++++++++++++
.../ofbiz/webapp/control/ConfigXMLReader.java | 4 ++++
.../ofbiz/webapp/control/RequestHandler.java | 22 +++++++++++++++++-----
.../ofbiz/webapp/control/RequestHandlerTests.java | 5 ++++-
5 files changed, 45 insertions(+), 7 deletions(-)
diff --git a/applications/content/webapp/content/WEB-INF/controller.xml
b/applications/content/webapp/content/WEB-INF/controller.xml
index f3d8e58e82..63c443e77a 100644
--- a/applications/content/webapp/content/WEB-INF/controller.xml
+++ b/applications/content/webapp/content/WEB-INF/controller.xml
@@ -1993,7 +1993,7 @@ under the License.
<view-map name="EditWebSitePathAlias" type="screen"
page="component://content/widget/WebSiteScreens.xml#EditWebSitePathAlias"/>
<view-map name="WebSiteContent" type="screen"
page="component://content/widget/WebSiteScreens.xml#WebSiteContent"/>
<view-map name="WebSiteCMS" type="screen"
page="component://content/widget/WebSiteScreens.xml#WebSiteCMS"/>
- <view-map name="WebSiteCMSContent" type="screen"
page="component://content/widget/WebSiteScreens.xml#WebSiteCMSContent"/>
+ <view-map name="WebSiteCMSContent" type="screen"
page="component://content/widget/WebSiteScreens.xml#WebSiteCMSContent"
allow-direct-view-rendering="true"/>
<view-map name="WebSiteCMSEditor" type="screen"
page="component://content/widget/WebSiteScreens.xml#WebSiteCMSEditor"/>
<view-map name="WebSiteCMSMetaInfo" type="screen"
page="component://content/widget/WebSiteScreens.xml#WebSiteCMSMetaInfo"/>
<view-map name="WebSiteCMSPathAlias" type="screen"
page="component://content/widget/WebSiteScreens.xml#WebSiteCMSPathAlias"/>
diff --git a/framework/webapp/dtd/site-conf.xsd
b/framework/webapp/dtd/site-conf.xsd
index fc9a966615..6f42552f8e 100644
--- a/framework/webapp/dtd/site-conf.xsd
+++ b/framework/webapp/dtd/site-conf.xsd
@@ -719,6 +719,25 @@ under the License.
</xs:documentation>
</xs:annotation>
</xs:attribute>
+ <xs:attribute type="xs:boolean" name="allow-direct-view-rendering"
default="false">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute determines whether direct rendering of the
view is allowed when using the override view functionality.
+ If set to true,
+ the system permits the view to be rendered directly using
the override view functionality.
+ If false or not specified,
+ direct rendering is not allowed, and system throws Unknown
request exception.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ <xs:attribute type="xs:boolean" name="direct-view-rendering-with-auth"
default="false">
+ <xs:annotation>
+ <xs:documentation>
+ If direct-view-rendering-with-auth=true, direct rendering
of the view is only allowed with an active login when using the override view
functionality.
+ If direct-view-rendering-with-auth=false, no active login
is required.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
<xs:attribute name="x-frame-options" default="sameorigin">
<xs:annotation>
<xs:documentation>
diff --git
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ConfigXMLReader.java
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ConfigXMLReader.java
index 8181eb860e..cb15c385b4 100644
---
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ConfigXMLReader.java
+++
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ConfigXMLReader.java
@@ -573,6 +573,8 @@ public class ConfigXMLReader {
public String strictTransportSecurity;
public String description;
public boolean noCache = false;
+ public boolean allowDirectViewRendering = false;
+ public boolean directViewRenderingWithAuth = false;
public ViewMap(Element viewMapElement) {
this.name = viewMapElement.getAttribute("name");
@@ -581,6 +583,8 @@ public class ConfigXMLReader {
this.info = viewMapElement.getAttribute("info");
this.contentType = viewMapElement.getAttribute("content-type");
this.noCache =
"true".equals(viewMapElement.getAttribute("no-cache"));
+ this.allowDirectViewRendering =
"true".equals(viewMapElement.getAttribute("allow-direct-view-rendering"));
+ this.directViewRenderingWithAuth =
"true".equals(viewMapElement.getAttribute("direct-view-rendering-with-auth"));
this.encoding = viewMapElement.getAttribute("encoding");
this.xFrameOption = viewMapElement.getAttribute("x-frame-options");
this.strictTransportSecurity =
viewMapElement.getAttribute("strict-transport-security");
diff --git
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
index 59daed237d..98f205aeec 100644
---
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
+++
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
@@ -194,15 +194,20 @@ public class RequestHandler {
*/
static Collection<RequestMap> resolveURI(ControllerConfig ccfg,
HttpServletRequest req) {
Map<String, List<RequestMap>> requestMapMap = ccfg.getRequestMapMap();
- Map<String, ConfigXMLReader.ViewMap> viewMapMap = ccfg.getViewMapMap();
String defaultRequest = ccfg.getDefaultRequest();
String path = req.getPathInfo();
String requestUri = getRequestUri(path);
- String viewUri = getOverrideViewUri(path);
+ String overrideViewUri = getOverrideViewUri(path);
+ boolean allowDirectViewRendering = false;
Collection<RequestMap> rmaps;
+ // Ensure that overridden view exists and direct view rendering is
allowed.
+ if (UtilValidate.isNotEmpty(overrideViewUri)) {
+ ConfigXMLReader.ViewMap overrideViewMap =
ccfg.getViewMapMap().get(overrideViewUri);
+ allowDirectViewRendering = (overrideViewMap != null &&
overrideViewMap.allowDirectViewRendering);
+ }
if (requestMapMap.containsKey(requestUri)
// Ensure that overridden view exists.
- && (viewUri == null || viewMapMap.containsKey(viewUri)
+ && (allowDirectViewRendering
|| ("SOAPService".equals(requestUri) &&
"wsdl".equalsIgnoreCase(req.getQueryString())))){
rmaps = requestMapMap.get(requestUri);
} else if (defaultRequest != null) {
@@ -477,9 +482,14 @@ public class RequestHandler {
if (Debug.verboseOn()) Debug.logVerbose("[Processing Request]: " +
requestMap.uri + showSessionId(request), module);
request.setAttribute("thisRequestUri", requestMap.uri); // store the
actual request URI
-
+ boolean directViewRenderingWithAuth = false;
+ // Check if direct view rendering requires authentication.
+ if (UtilValidate.isNotEmpty(overrideViewUri)) {
+ ConfigXMLReader.ViewMap overrideViewMap =
ccfg.getViewMapMap().get(overrideViewUri);
+ directViewRenderingWithAuth = (overrideViewMap != null &&
overrideViewMap.directViewRenderingWithAuth);
+ }
// Perform security check.
- if (requestMap.securityAuth) {
+ if (requestMap.securityAuth || directViewRenderingWithAuth) {
// Invoke the security handler
// catch exceptions and throw RequestHandlerException if failed.
if (Debug.verboseOn()) Debug.logVerbose("[RequestHandler]:
AuthRequired. Running security check. " + showSessionId(request), module);
@@ -500,6 +510,8 @@ public class RequestHandler {
} else {
requestMap =
ccfg.getRequestMapMap().getFirst("ajaxCheckLogin");
}
+ // overrideViewUri needs to be deleted, as there is no
authentication
+ overrideViewUri = null;
}
} else if (requestUri != null) {
String[] loginUris =
EntityUtilProperties.getPropertyValue("security", "login.uris",
delegator).split(",");
diff --git
a/framework/webapp/src/test/java/org/apache/ofbiz/webapp/control/RequestHandlerTests.java
b/framework/webapp/src/test/java/org/apache/ofbiz/webapp/control/RequestHandlerTests.java
index acf941d374..812756fb62 100644
---
a/framework/webapp/src/test/java/org/apache/ofbiz/webapp/control/RequestHandlerTests.java
+++
b/framework/webapp/src/test/java/org/apache/ofbiz/webapp/control/RequestHandlerTests.java
@@ -40,6 +40,7 @@ import
org.apache.ofbiz.webapp.control.ConfigXMLReader.RequestMap;
import org.apache.ofbiz.webapp.control.ConfigXMLReader.ViewMap;
import org.junit.Before;
import org.junit.Test;
+import org.mockito.Mockito;
import org.w3c.dom.Element;
public class RequestHandlerTests {
@@ -126,10 +127,12 @@ public class RequestHandlerTests {
reqMaps.putSingle("foo", foo);
reqMaps.putSingle("bar", bar);
- viewMaps.put("baz", new ViewMap(dummyElement));
+ //viewMaps.put("baz", new ViewMap(dummyElement));
+ viewMaps.put("baz", Mockito.mock(ViewMap.class)); // Mock the
ViewMap
when(req.getPathInfo()).thenReturn("/foo/baz");
when(ccfg.getDefaultRequest()).thenReturn("bar");
+
when(viewMaps.get("baz").allowDirectViewRendering).thenReturn(true);
assertThat(RequestHandler.resolveURI(ccfg, req), hasItem(foo));
}
