This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch release18.12 in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git
The following commit(s) were added to refs/heads/release18.12 by this push: new 812cab55b Fixed: Execution of queries without authentication (OFBIZ-12857) 812cab55b is described below commit 812cab55b17e9803144700760e86b4ae7a1b78b1 Author: Jacques Le Roux <jacques.le.r...@les7arts.com> AuthorDate: Sat Sep 23 09:55:22 2023 +0200 Fixed: Execution of queries without authentication (OFBIZ-12857) My brain told me that I could have made an error in previous commit. I just checked, it was right. This fixes previous commit where I misused userIsUnauthorized. --- .../org/apache/ofbiz/solr/webapp/OFBizSolrContextFilter.java | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/solr/src/main/java/org/apache/ofbiz/solr/webapp/OFBizSolrContextFilter.java b/solr/src/main/java/org/apache/ofbiz/solr/webapp/OFBizSolrContextFilter.java index 79c6a7d9a..4095533a7 100644 --- a/solr/src/main/java/org/apache/ofbiz/solr/webapp/OFBizSolrContextFilter.java +++ b/solr/src/main/java/org/apache/ofbiz/solr/webapp/OFBizSolrContextFilter.java @@ -65,6 +65,7 @@ public class OFBizSolrContextFilter extends SolrDispatchFilter { /** * @see javax.servlet.Filter#init(javax.servlet.FilterConfig) */ + @Override public void init(FilterConfig config) throws ServletException { Properties props = System.getProperties(); String ofbizHome = (String) props.get("ofbiz.home"); @@ -102,7 +103,7 @@ public class OFBizSolrContextFilter extends SolrDispatchFilter { || servletPath.endsWith("/replication") || servletPath.endsWith("/file") || servletPath.endsWith("/file/"))) { HttpSession session = httpRequest.getSession(); GenericValue userLogin = (GenericValue) session.getAttribute("userLogin"); - if (servletPath.startsWith("/admin/") && (UtilValidate.isEmpty(userLogin) || !LoginWorker.hasBasePermission(userLogin, httpRequest))) { + if (servletPath.startsWith("/admin/") && userIsUnauthorized( httpRequest)) { response.setContentType("application/json"); MapToJSON mapToJson = new MapToJSON(); JSON json; @@ -130,19 +131,19 @@ public class OFBizSolrContextFilter extends SolrDispatchFilter { } else if (servletPath.endsWith("/update") || servletPath.endsWith("/update/json") || servletPath.endsWith("/update/csv") || servletPath.endsWith("/update/extract")) { // NOTE: the update requests are defined in an index's solrconfig.xml // get the Solr index name from the request - if (UtilValidate.isEmpty(userLogin) || !LoginWorker.hasBasePermission(userLogin, httpRequest)) { + if (userIsUnauthorized( httpRequest)) { sendJsonHeaderMessage(httpRequest, httpResponse, userLogin, "SolrErrorUpdateLoginFirst", "SolrErrorNoUpdatePermission", locale); return; } } else if (servletPath.endsWith("/replication")) { // get the Solr index name from the request - if (UtilValidate.isEmpty(userLogin) || !LoginWorker.hasBasePermission(userLogin, httpRequest)) { + if (userIsUnauthorized( httpRequest)) { sendJsonHeaderMessage(httpRequest, httpResponse, userLogin, "SolrErrorReplicateLoginFirst", "SolrErrorNoReplicatePermission", locale); return; } } else if (servletPath.endsWith("/file") || servletPath.endsWith("/file/")) { // get the Solr index name from the request - if (UtilValidate.isEmpty(userLogin) || !LoginWorker.hasBasePermission(userLogin, httpRequest)) { + if (userIsUnauthorized( httpRequest)) { sendJsonHeaderMessage(httpRequest, httpResponse, userLogin, "SolrErrorViewFileLoginFirst", "SolrErrorNoViewFilePermission", locale); return; } @@ -171,6 +172,7 @@ public class OFBizSolrContextFilter extends SolrDispatchFilter { /** * @see javax.servlet.Filter#destroy() */ + @Override public void destroy() { super.destroy(); } @@ -179,6 +181,7 @@ public class OFBizSolrContextFilter extends SolrDispatchFilter { * Override this to change CoreContainer initialization * @return a CoreContainer to hold this server's cores */ + @Override protected CoreContainer createCoreContainer(Path solrHome, Properties extraProperties) { NodeConfig nodeConfig = null; try {