This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 78dd625 Improved: Display last-visited-time popup after login
(OFBIZ-12148)
78dd625 is described below
commit 78dd625bbe2689ce275fc3b4a03673296e105d9a
Author: Jacques Le Roux <[email protected]>
AuthorDate: Mon Feb 22 11:15:28 2021 +0100
Improved: Display last-visited-time popup after login (OFBIZ-12148)
Makes afterlogin.lastvisit.show to false by default and document that in the
security documentation, ie in
https://cwiki.apache.org/confluence/display/OFBIZ/How+to+secure+your+deployment
Else when working in dev mode you always have to remove or wait the message
to
remove itself
Fixes wrong wiki links in sy-password-and-JWT.adoc
---
framework/security/config/security.properties | 2 +-
.../src/docs/asciidoc/_include/sy-password-and-JWT.adoc | 4 ++--
.../java/org/apache/ofbiz/webapp/AfterLoginEvents.java | 17 +++++++++--------
3 files changed, 12 insertions(+), 11 deletions(-)
diff --git a/framework/security/config/security.properties
b/framework/security/config/security.properties
index 2981e11..e37ba2c 100644
--- a/framework/security/config/security.properties
+++ b/framework/security/config/security.properties
@@ -231,7 +231,7 @@ allowAllUploads=
#-- Popup last-visited time from database after user has logged in.
#-- So users can know of any unauthorised access to their accounts.
-#-- Default is true.
+#-- Default is false.
afterlogin.lastvisit.show=
#-- uri used for login (cf jira OFBIZ-12047)
diff --git
a/framework/security/src/docs/asciidoc/_include/sy-password-and-JWT.adoc
b/framework/security/src/docs/asciidoc/_include/sy-password-and-JWT.adoc
index 62770ec..b4812e4 100644
--- a/framework/security/src/docs/asciidoc/_include/sy-password-and-JWT.adoc
+++ b/framework/security/src/docs/asciidoc/_include/sy-password-and-JWT.adoc
@@ -33,8 +33,8 @@ endif::[]
Demo and seed passwords are stored in files loaded through security
ofbiz-component.xml. To know more about that be sure to read:
-*
https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Technical+Production+Setup+Guidehttp://url[The
technical production setup guide] notably "Initial Data Loading" and "Security
Settings" sections
-*
https://cwiki.apache.org/confluence/display/OFBIZ/How+to+secure+your+deploymenthttp://url[How
to secure your deployment]
+*
https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Technical+Production+Setup+Guide[The
technical production setup guide] notably "Initial Data Loading" and "Security
Settings" sections
+*
https://cwiki.apache.org/confluence/display/OFBIZ/How+to+secure+your+deployment[How
to secure your deployment]
[CAUTION]
These configuration steps are not to be neglected for the security of a
*production environment*
diff --git
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/AfterLoginEvents.java
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/AfterLoginEvents.java
index 7744126..878d1f5 100644
---
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/AfterLoginEvents.java
+++
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/AfterLoginEvents.java
@@ -18,6 +18,14 @@
*******************************************************************************/
package org.apache.ofbiz.webapp;
+import java.sql.Timestamp;
+import java.text.SimpleDateFormat;
+import java.util.Locale;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
import org.apache.ofbiz.base.util.Debug;
import org.apache.ofbiz.base.util.UtilHttp;
import org.apache.ofbiz.base.util.UtilProperties;
@@ -28,13 +36,6 @@ import org.apache.ofbiz.entity.GenericValue;
import org.apache.ofbiz.entity.util.EntityListIterator;
import org.apache.ofbiz.entity.util.EntityQuery;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import java.sql.Timestamp;
-import java.text.SimpleDateFormat;
-import java.util.Locale;
-
public class AfterLoginEvents {
private static final String MODULE = AfterLoginEvents.class.getName();
@@ -52,7 +53,7 @@ public class AfterLoginEvents {
public static String showLastVisit(HttpServletRequest request,
HttpServletResponse response) {
- boolean show = UtilProperties.getPropertyAsBoolean("security",
"afterlogin.lastvisit.show", true);
+ boolean show = UtilProperties.getPropertyAsBoolean("security",
"afterlogin.lastvisit.show", false);
if (!show) {
return "success";
}
