Author: lektran
Date: Sun Jul 18 05:55:35 2010
New Revision: 965163
URL: http://svn.apache.org/viewvc?rev=965163&view=rev
Log:
Setting the request-map/security element's direct-request attribute to false
was only working if a default-request was present. Reported by Wai in
OFBIZ-3861 and fixed using a variation of the patch that he supplied.
Modified:
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
Modified:
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java?rev=965163&r1=965162&r2=965163&view=diff
==============================================================================
---
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
(original)
+++
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
Sun Jul 18 05:55:35 2010
@@ -173,9 +173,9 @@ public class RequestHandler {
// Check to make sure we are allowed to access this request
directly. (Also checks if this request is defined.)
// If the request cannot be called, or is not defined, check and
see if there is a default-request we can process
- String defaultRequest = controllerConfig.getDefaultRequest();
- if (!requestMap.securityDirectRequest && defaultRequest != null) {
- if (!requestMapMap.get(defaultRequest).securityDirectRequest) {
+ if (!requestMap.securityDirectRequest) {
+ String defaultRequest = controllerConfig.getDefaultRequest();
+ if (defaultRequest == null ||
!requestMapMap.get(defaultRequest).securityDirectRequest) {
// use the same message as if it was missing for security
reasons, ie so can't tell if it is missing or direct request is not allowed
throw new
RequestHandlerException(requestMissingErrorMessage);
} else {
