Thanks Deepak,

Fixed in OFBIZ-10635

Jacques

Le 15/01/2019 à 13:42, Deepak Nigam a écrit :
Hi Jacques,

There is a chance of getting Null Pointer Exception (while creating the
auto-login cookie & calling the method autoLoginCheck() inside the if
block) if the userLogin is null. IMO, the below condition


*if (userLogin != null && *

*                (webappInfo != null &&
webappInfo.isAutologinCookieUsed())                || webappInfo == null) {
//
When using an empty mounpoint, ie using root as mounpoint. Beware:
works only for 1 webapp!*

can be improved as,


*if (userLogin != null && *

*                ((webappInfo != null &&
webappInfo.isAutologinCookieUsed())                || webappInfo == null))
{ //
When using an empty mounpoint, ie using root as mounpoint. Beware:
works only for 1 webapp!*


Thanks & Regards
--
Deepak Nigam
HotWax Systems Pvt. Ltd

On Fri, Jan 11, 2019 at 9:57 PM <jler...@apache.org> wrote:

Author: jleroux
Date: Fri Jan 11 16:27:11 2019
New Revision: 1851076

URL: http://svn.apache.org/viewvc?rev=1851076&view=rev
Log:
"Applied fix from trunk for revision: 1851074"
------------------------------------------------------------------------
r1851074 | jleroux | 2019-01-11 17:26:13 +0100 (ven. 11 janv. 2019) | 17
lignes

Fixed: Correct behaviour of Autologin cookies
(OFBIZ-10635)

In the method to set the autoLogin cookie, LoginWorker::autoLoginSet,
system fetches the webAppInfo by using the
method ComponentConfig::getWebappInfo. In this method, serverId and
applicationName are passed as arguments.

*WebappInfo webappInfo = ComponentConfig.getWebappInfo((String)
context.getAttribute("_serverId"), UtilHttp.getApplicationName(request));*

If the mount-point of the web app is set as an empty string, then 'root'
will be used as the application name, due to which the object webAppInfo
will come null. If the webAppInfo is null then the autoLogin cookie will
not be created and added to the response object by the system.

Thanks: Aditya for report and Mathieu Lirzin for discussion
------------------------------------------------------------------------

Modified:
     ofbiz/ofbiz-framework/branches/release17.12/   (props changed)

ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java

Propchange: ofbiz/ofbiz-framework/branches/release17.12/

------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Jan 11 16:27:11 2019
@@ -10,4 +10,4 @@
  /ofbiz/branches/json-integration-refactoring:1634077-1635900
  /ofbiz/branches/multitenant20100310:921280-927264
  /ofbiz/branches/release13.07:1547657

-/ofbiz/ofbiz-framework/trunk:1819499,1819598,1819800,1819805,1819811,1819947,1820038,1820262,1820374-1820375,1820441,1820457,1820644,1820658,1820790,1820823,1820949,1820966,1821012,1821036,1821112,1821115,1821144,1821186,1821219,1821226,1821230,1821386,1821613,1821628,1821965,1822125,1822310,1822377,1822383,1822393,1823467,1823562,1823876,1824314,1824316,1824732,1824803,1824847,1824855,1825192,1825211,1825216,1825233,1825450,1826374,1826502,1826592,1826671,1826674,1826780,1826805,1826938,1826997,1827439,1828255,1828316,1828346,1828424,1828512,1828514,1829690,1830936,1831074,1831078,1831234,1831608,1831831,1832577,1832662,1832756,1832800,1832944,1833173,1833211,1834181,1834191,1834736,1835235,1835887,1835891,1835953,1835964,1836144,1836871,1837857,1838032,1838256,1838381,1840189,1840199,1840828,1841657,1841662,1842372,1842921,1843225,1843893,1844943,1845418,1845420,1845466,1845544,1845552,1845558,1845933,1845995,1846097,1846107,1846214,1846594,1846632,1847398,1847478,1847670,1847715,

  
1847890,1848263,1848336,1848386,1848398,1848441,1848444,1848447,1848449,1848467,1848469,1848745,1848849-1848850,1849021,1849191,1849193,1849275,1849467,1849528,1849540,1849567,1849693,1850015,1850023,1850530,1850647,1850685,1850694,1850918,1850948,1850953,1851006,1851068

+/ofbiz/ofbiz-framework/trunk:1819499,1819598,1819800,1819805,1819811,1819947,1820038,1820262,1820374-1820375,1820441,1820457,1820644,1820658,1820790,1820823,1820949,1820966,1821012,1821036,1821112,1821115,1821144,1821186,1821219,1821226,1821230,1821386,1821613,1821628,1821965,1822125,1822310,1822377,1822383,1822393,1823467,1823562,1823876,1824314,1824316,1824732,1824803,1824847,1824855,1825192,1825211,1825216,1825233,1825450,1826374,1826502,1826592,1826671,1826674,1826780,1826805,1826938,1826997,1827439,1828255,1828316,1828346,1828424,1828512,1828514,1829690,1830936,1831074,1831078,1831234,1831608,1831831,1832577,1832662,1832756,1832800,1832944,1833173,1833211,1834181,1834191,1834736,1835235,1835887,1835891,1835953,1835964,1836144,1836871,1837857,1838032,1838256,1838381,1840189,1840199,1840828,1841657,1841662,1842372,1842921,1843225,1843893,1844943,1845418,1845420,1845466,1845544,1845552,1845558,1845933,1845995,1846097,1846107,1846214,1846594,1846632,1847398,1847478,1847670,1847715,

  
1847890,1848263,1848336,1848386,1848398,1848441,1848444,1848447,1848449,1848467,1848469,1848745,1848849-1848850,1849021,1849191,1849193,1849275,1849467,1849528,1849540,1849567,1849693,1850015,1850023,1850530,1850647,1850685,1850694,1850918,1850948,1850953,1851006,1851068,1851074

Modified:
ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
URL:
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java?rev=1851076&r1=1851075&r2=1851076&view=diff

==============================================================================
---
ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
(original)
+++
ofbiz/ofbiz-framework/branches/release17.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
Fri Jan 11 16:27:11 2019
@@ -711,13 +711,16 @@ public class LoginWorker {
          HttpSession session = request.getSession();
          GenericValue userLogin = (GenericValue)
session.getAttribute("userLogin");
          ServletContext context = request.getServletContext();
-        WebappInfo webappInfo = ComponentConfig.getWebappInfo((String)
context.getAttribute("_serverId"), UtilHttp.getApplicationName(request));
+        String applicationName = UtilHttp.getApplicationName(request);
+        WebappInfo webappInfo = ComponentConfig.getWebappInfo((String)
context.getAttribute("_serverId"), applicationName);

-        if (userLogin != null && webappInfo != null &&
webappInfo.isAutologinCookieUsed()) {
+        if (userLogin != null &&
+                (webappInfo != null && webappInfo.isAutologinCookieUsed())
+                || webappInfo == null) { // When using an empty
mounpoint, ie using root as mounpoint. Beware: works only for 1 webapp!
              Cookie autoLoginCookie = new
Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
              autoLoginCookie.setMaxAge(60 * 60 * 24 * 365);

  autoLoginCookie.setDomain(EntityUtilProperties.getPropertyValue("url",
"cookie.domain", delegator));
-            autoLoginCookie.setPath("/" +
UtilHttp.getApplicationName(request).replaceAll("/","_"));
+            autoLoginCookie.setPath("/" +
applicationName.replaceAll("/","_"));
              autoLoginCookie.setSecure(true);
              autoLoginCookie.setHttpOnly(true);
              response.addCookie(autoLoginCookie);




Reply via email to