This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git
The following commit(s) were added to refs/heads/release18.12 by this push:
new 812cab55b Fixed: Execution of queries without authentication
(OFBIZ-12857)
812cab55b is described below
commit 812cab55b17e9803144700760e86b4ae7a1b78b1
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Sat Sep 23 09:55:22 2023 +0200
Fixed: Execution of queries without authentication (OFBIZ-12857)
My brain told me that I could have made an error in previous commit.
I just checked, it was right.
This fixes previous commit where I misused userIsUnauthorized.
---
.../org/apache/ofbiz/solr/webapp/OFBizSolrContextFilter.java | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git
a/solr/src/main/java/org/apache/ofbiz/solr/webapp/OFBizSolrContextFilter.java
b/solr/src/main/java/org/apache/ofbiz/solr/webapp/OFBizSolrContextFilter.java
index 79c6a7d9a..4095533a7 100644
---
a/solr/src/main/java/org/apache/ofbiz/solr/webapp/OFBizSolrContextFilter.java
+++
b/solr/src/main/java/org/apache/ofbiz/solr/webapp/OFBizSolrContextFilter.java
@@ -65,6 +65,7 @@ public class OFBizSolrContextFilter extends
SolrDispatchFilter {
/**
* @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
*/
+ @Override
public void init(FilterConfig config) throws ServletException {
Properties props = System.getProperties();
String ofbizHome = (String) props.get("ofbiz.home");
@@ -102,7 +103,7 @@ public class OFBizSolrContextFilter extends
SolrDispatchFilter {
|| servletPath.endsWith("/replication") ||
servletPath.endsWith("/file") || servletPath.endsWith("/file/"))) {
HttpSession session = httpRequest.getSession();
GenericValue userLogin = (GenericValue)
session.getAttribute("userLogin");
- if (servletPath.startsWith("/admin/") &&
(UtilValidate.isEmpty(userLogin) || !LoginWorker.hasBasePermission(userLogin,
httpRequest))) {
+ if (servletPath.startsWith("/admin/") && userIsUnauthorized(
httpRequest)) {
response.setContentType("application/json");
MapToJSON mapToJson = new MapToJSON();
JSON json;
@@ -130,19 +131,19 @@ public class OFBizSolrContextFilter extends
SolrDispatchFilter {
} else if (servletPath.endsWith("/update") ||
servletPath.endsWith("/update/json") || servletPath.endsWith("/update/csv") ||
servletPath.endsWith("/update/extract")) {
// NOTE: the update requests are defined in an index's
solrconfig.xml
// get the Solr index name from the request
- if (UtilValidate.isEmpty(userLogin) ||
!LoginWorker.hasBasePermission(userLogin, httpRequest)) {
+ if (userIsUnauthorized( httpRequest)) {
sendJsonHeaderMessage(httpRequest, httpResponse,
userLogin, "SolrErrorUpdateLoginFirst", "SolrErrorNoUpdatePermission", locale);
return;
}
} else if (servletPath.endsWith("/replication")) {
// get the Solr index name from the request
- if (UtilValidate.isEmpty(userLogin) ||
!LoginWorker.hasBasePermission(userLogin, httpRequest)) {
+ if (userIsUnauthorized( httpRequest)) {
sendJsonHeaderMessage(httpRequest, httpResponse,
userLogin, "SolrErrorReplicateLoginFirst", "SolrErrorNoReplicatePermission",
locale);
return;
}
} else if (servletPath.endsWith("/file") ||
servletPath.endsWith("/file/")) {
// get the Solr index name from the request
- if (UtilValidate.isEmpty(userLogin) ||
!LoginWorker.hasBasePermission(userLogin, httpRequest)) {
+ if (userIsUnauthorized( httpRequest)) {
sendJsonHeaderMessage(httpRequest, httpResponse,
userLogin, "SolrErrorViewFileLoginFirst", "SolrErrorNoViewFilePermission",
locale);
return;
}
@@ -171,6 +172,7 @@ public class OFBizSolrContextFilter extends
SolrDispatchFilter {
/**
* @see javax.servlet.Filter#destroy()
*/
+ @Override
public void destroy() {
super.destroy();
}
@@ -179,6 +181,7 @@ public class OFBizSolrContextFilter extends
SolrDispatchFilter {
* Override this to change CoreContainer initialization
* @return a CoreContainer to hold this server's cores
*/
+ @Override
protected CoreContainer createCoreContainer(Path solrHome, Properties
extraProperties) {
NodeConfig nodeConfig = null;
try {
