Hi Jacques,

There is a chance of getting Null Pointer Exception (while creating the
auto-login cookie & calling the method autoLoginCheck() inside the if
block) if the userLogin is null. IMO, the below condition


*if (userLogin != null && *

*                (webappInfo != null &&
webappInfo.isAutologinCookieUsed())                || webappInfo == null) {
//
When using an empty mounpoint, ie using root as mounpoint. Beware:
works only for 1 webapp!*

can be improved as,


*if (userLogin != null && *

*                ((webappInfo != null &&
webappInfo.isAutologinCookieUsed())                || webappInfo == null))
{ //
When using an empty mounpoint, ie using root as mounpoint. Beware:
works only for 1 webapp!*


Thanks & Regards
--
Deepak Nigam
HotWax Systems Pvt. Ltd

On Fri, Jan 11, 2019 at 9:57 PM <jler...@apache.org> wrote:

> Author: jleroux
> Date: Fri Jan 11 16:27:11 2019
> New Revision: 1851076
>
> URL: http://svn.apache.org/viewvc?rev=1851076&view=rev
> Log:
> "Applied fix from trunk for revision: 1851074  "
> ------------------------------------------------------------------------
> r1851074 | jleroux | 2019-01-11 17:26:13 +0100 (ven. 11 janv. 2019) | 17
> lignes
>
> Fixed: Correct behaviour of Autologin cookies
> (OFBIZ-10635)
>
> In the method to set the autoLogin cookie, LoginWorker::autoLoginSet,
> system fetches the webAppInfo by using the
> method ComponentConfig::getWebappInfo. In this method, serverId and
> applicationName are passed as arguments.
>
> *WebappInfo webappInfo = ComponentConfig.getWebappInfo((String)
> context.getAttribute("_serverId"), UtilHttp.getApplicationName(request));*
>
> If the mount-point of the web app is set as an empty string, then 'root'
> will be used as the application name, due to which the object webAppInfo
> will come null. If the webAppInfo is null then the autoLogin cookie will
> not be created and added to the response object by the system.
>
> Thanks: Aditya for report and Mathieu Lirzin for discussion
> ------------------------------------------------------------------------
>
> Modified:
>     ofbiz/ofbiz-framework/branches/release17.12/   (props changed)
>
> ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
>
> Propchange: ofbiz/ofbiz-framework/branches/release17.12/
>
> ------------------------------------------------------------------------------
> --- svn:mergeinfo (original)
> +++ svn:mergeinfo Fri Jan 11 16:27:11 2019
> @@ -10,4 +10,4 @@
>  /ofbiz/branches/json-integration-refactoring:1634077-1635900
>  /ofbiz/branches/multitenant20100310:921280-927264
>  /ofbiz/branches/release13.07:1547657
>
> -/ofbiz/ofbiz-framework/trunk:1819499,1819598,1819800,1819805,1819811,1819947,1820038,1820262,1820374-1820375,1820441,1820457,1820644,1820658,1820790,1820823,1820949,1820966,1821012,1821036,1821112,1821115,1821144,1821186,1821219,1821226,1821230,1821386,1821613,1821628,1821965,1822125,1822310,1822377,1822383,1822393,1823467,1823562,1823876,1824314,1824316,1824732,1824803,1824847,1824855,1825192,1825211,1825216,1825233,1825450,1826374,1826502,1826592,1826671,1826674,1826780,1826805,1826938,1826997,1827439,1828255,1828316,1828346,1828424,1828512,1828514,1829690,1830936,1831074,1831078,1831234,1831608,1831831,1832577,1832662,1832756,1832800,1832944,1833173,1833211,1834181,1834191,1834736,1835235,1835887,1835891,1835953,1835964,1836144,1836871,1837857,1838032,1838256,1838381,1840189,1840199,1840828,1841657,1841662,1842372,1842921,1843225,1843893,1844943,1845418,1845420,1845466,1845544,1845552,1845558,1845933,1845995,1846097,1846107,1846214,1846594,1846632,1847398,1847478,1847670,1847715,
>
>  
> 1847890,1848263,1848336,1848386,1848398,1848441,1848444,1848447,1848449,1848467,1848469,1848745,1848849-1848850,1849021,1849191,1849193,1849275,1849467,1849528,1849540,1849567,1849693,1850015,1850023,1850530,1850647,1850685,1850694,1850918,1850948,1850953,1851006,1851068
>
> +/ofbiz/ofbiz-framework/trunk:1819499,1819598,1819800,1819805,1819811,1819947,1820038,1820262,1820374-1820375,1820441,1820457,1820644,1820658,1820790,1820823,1820949,1820966,1821012,1821036,1821112,1821115,1821144,1821186,1821219,1821226,1821230,1821386,1821613,1821628,1821965,1822125,1822310,1822377,1822383,1822393,1823467,1823562,1823876,1824314,1824316,1824732,1824803,1824847,1824855,1825192,1825211,1825216,1825233,1825450,1826374,1826502,1826592,1826671,1826674,1826780,1826805,1826938,1826997,1827439,1828255,1828316,1828346,1828424,1828512,1828514,1829690,1830936,1831074,1831078,1831234,1831608,1831831,1832577,1832662,1832756,1832800,1832944,1833173,1833211,1834181,1834191,1834736,1835235,1835887,1835891,1835953,1835964,1836144,1836871,1837857,1838032,1838256,1838381,1840189,1840199,1840828,1841657,1841662,1842372,1842921,1843225,1843893,1844943,1845418,1845420,1845466,1845544,1845552,1845558,1845933,1845995,1846097,1846107,1846214,1846594,1846632,1847398,1847478,1847670,1847715,
>
>  
> 1847890,1848263,1848336,1848386,1848398,1848441,1848444,1848447,1848449,1848467,1848469,1848745,1848849-1848850,1849021,1849191,1849193,1849275,1849467,1849528,1849540,1849567,1849693,1850015,1850023,1850530,1850647,1850685,1850694,1850918,1850948,1850953,1851006,1851068,1851074
>
> Modified:
> ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
> URL:
> http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java?rev=1851076&r1=1851075&r2=1851076&view=diff
>
> ==============================================================================
> ---
> ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
> (original)
> +++
> ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
> Fri Jan 11 16:27:11 2019
> @@ -711,13 +711,16 @@ public class LoginWorker {
>          HttpSession session = request.getSession();
>          GenericValue userLogin = (GenericValue)
> session.getAttribute("userLogin");
>          ServletContext context = request.getServletContext();
> -        WebappInfo webappInfo = ComponentConfig.getWebappInfo((String)
> context.getAttribute("_serverId"), UtilHttp.getApplicationName(request));
> +        String applicationName = UtilHttp.getApplicationName(request);
> +        WebappInfo webappInfo = ComponentConfig.getWebappInfo((String)
> context.getAttribute("_serverId"), applicationName);
>
> -        if (userLogin != null && webappInfo != null &&
> webappInfo.isAutologinCookieUsed()) {
> +        if (userLogin != null &&
> +                (webappInfo != null && webappInfo.isAutologinCookieUsed())
> +                || webappInfo == null) { // When using an empty
> mounpoint, ie using root as mounpoint. Beware: works only for 1 webapp!
>              Cookie autoLoginCookie = new
> Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
>              autoLoginCookie.setMaxAge(60 * 60 * 24 * 365);
>
>  autoLoginCookie.setDomain(EntityUtilProperties.getPropertyValue("url",
> "cookie.domain", delegator));
> -            autoLoginCookie.setPath("/" +
> UtilHttp.getApplicationName(request).replaceAll("/","_"));
> +            autoLoginCookie.setPath("/" +
> applicationName.replaceAll("/","_"));
>              autoLoginCookie.setSecure(true);
>              autoLoginCookie.setHttpOnly(true);
>              response.addCookie(autoLoginCookie);
>
>
>

Reply via email to