svn commit: r965167 - /ofbiz/branches/release09.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java

Sat, 17 Jul 2010 23:18:08 -0700 

Author: lektran
Date: Sun Jul 18 06:16:36 2010
New Revision: 965167

URL: http://svn.apache.org/viewvc?rev=965167&view=rev
Log:
Backport from trunk r965163:
Setting the request-map/security element's direct-request attribute to false 
was only working if a default-request was present.  Reported by Wai in 
OFBIZ-3861 and fixed using a variation of the patch that he supplied.

Modified:
    
ofbiz/branches/release09.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java

Modified: 
ofbiz/branches/release09.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release09.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java?rev=965167&r1=965166&r2=965167&view=diff
==============================================================================
--- 
ofbiz/branches/release09.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
 (original)
+++ 
ofbiz/branches/release09.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
 Sun Jul 18 06:16:36 2010
@@ -166,12 +166,13 @@ public class RequestHandler {
 
             // Check to make sure we are allowed to access this request 
directly. (Also checks if this request is defined.)
             // If the request cannot be called, or is not defined, check and 
see if there is a default-request we can process
-            if (!requestMap.securityDirectRequest && 
controllerConfig.defaultRequest != null) {
-                if 
(!controllerConfig.requestMapMap.get(controllerConfig.defaultRequest).securityDirectRequest)
 {
+            if (!requestMap.securityDirectRequest) {
+                String defaultRequest = controllerConfig.defaultRequest;
+                if (defaultRequest == null || 
!controllerConfig.requestMapMap.get(defaultRequest).securityDirectRequest) {
                     // use the same message as if it was missing for security 
reasons, ie so can't tell if it is missing or direct request is not allowed
                     throw new 
RequestHandlerException(requestMissingErrorMessage);
                 } else {
-                    requestMap = 
controllerConfig.requestMapMap.get(controllerConfig.defaultRequest);
+                    requestMap = 
controllerConfig.requestMapMap.get(defaultRequest);
                 }
             }

Reply via email to