Author: jonesde
Date: Sat Feb 14 08:17:05 2009
New Revision: 744418
URL: http://svn.apache.org/viewvc?rev=744418&view=rev
Log:
Changed LoginWorker.makeLoginUrl back to returning a String and
implemented a more general solution for the @ofbizUrl and
@ofbizContentUrl tags so that they do decoding and are now tolerant
of encoded URLs just in case it happens; this should be a more
general fix and avoid the problem more; also a few cleanups like
resolving warnings
Modified:
ofbiz/trunk/framework/base/src/org/ofbiz/base/util/
KeyStoreUtil.java
ofbiz/trunk/framework/service/src/org/ofbiz/service/engine/
GenericEngineFactory.java
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/
LoginWorker.java
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/
OfbizContentTransform.java
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/
OfbizUrlTransform.java
Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/
KeyStoreUtil.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/KeyStoreUtil.java?rev=744418&r1=744417&r2=744418&view=diff
=
=
=
=
=
=
=
=
=
=====================================================================
--- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/
KeyStoreUtil.java (original)
+++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/
KeyStoreUtil.java Sat Feb 14 08:17:05 2009
@@ -18,25 +18,41 @@
*******************************************************************************/
package org.ofbiz.base.util;
-import org.apache.commons.codec.binary.Base64;
-import org.ofbiz.base.component.ComponentConfig;
-import org.ofbiz.base.config.GenericConfigException;
-
-import java.io.*;
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.PrintStream;
+import java.io.Reader;
+import java.io.StringReader;
import java.net.URL;
-import java.security.*;
-import java.security.cert.*;
+import java.security.GeneralSecurityException;
+import java.security.KeyFactory;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.Principal;
+import java.security.PrivateKey;
import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Collection;
import java.util.Map;
-import java.util.regex.Pattern;
-import java.util.regex.Matcher;
import javolution.util.FastMap;
-import javax.security.auth.x500.X500Principal;
+import org.apache.commons.codec.binary.Base64;
+import org.ofbiz.base.component.ComponentConfig;
+import org.ofbiz.base.config.GenericConfigException;
/**
* KeyStoreUtil - Utilities for getting KeyManagers and TrustManagers
Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/
engine/GenericEngineFactory.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/org/ofbiz/service/engine/GenericEngineFactory.java?rev=744418&r1=744417&r2=744418&view=diff
=
=
=
=
=
=
=
=
=
=====================================================================
--- ofbiz/trunk/framework/service/src/org/ofbiz/service/engine/
GenericEngineFactory.java (original)
+++ ofbiz/trunk/framework/service/src/org/ofbiz/service/engine/
GenericEngineFactory.java Sat Feb 14 08:17:05 2009
@@ -59,7 +59,7 @@
Element engineElement =
UtilXml.firstChildElement(rootElement, "engine", "name", engineName);
if (engineElement == null) {
- throw new GenericServiceException("Cannot find an
engine definition for the engine name [" + engineName + "] in the
serviceengine.xml file");
+ throw new GenericServiceException("Cannot find a
service engine definition for the engine name [" + engineName + "]
in the serviceengine.xml file");
}
String className = engineElement.getAttribute("class");
Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/
LoginWorker.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java?rev=744418&r1=744417&r2=744418&view=diff
=
=
=
=
=
=
=
=
=
=====================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/
LoginWorker.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/
LoginWorker.java Sat Feb 14 08:17:05 2009
@@ -27,7 +27,6 @@
import java.util.regex.Matcher;
import java.util.regex.Pattern;
-import javax.security.auth.x500.X500Principal;
import javax.servlet.ServletContext;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
@@ -43,13 +42,11 @@
import org.ofbiz.base.util.Debug;
import org.ofbiz.base.util.GeneralException;
import org.ofbiz.base.util.KeyStoreUtil;
-import org.ofbiz.base.util.StringUtil;
import org.ofbiz.base.util.UtilFormatOut;
import org.ofbiz.base.util.UtilHttp;
import org.ofbiz.base.util.UtilMisc;
import org.ofbiz.base.util.UtilProperties;
import org.ofbiz.base.util.UtilValidate;
-import org.ofbiz.base.util.StringUtil.StringWrapper;
import org.ofbiz.common.login.LoginServices;
import org.ofbiz.entity.GenericDelegator;
import org.ofbiz.entity.GenericEntityException;
@@ -81,25 +78,25 @@
/** This Map is keyed by the randomly generated externalLoginKey
and the value is a UserLogin GenericValue object */
public static Map<String, GenericValue> externalLoginKeys =
FastMap.newInstance();
- public static StringWrapper makeLoginUrl(PageContext
pageContext) {
+ public static String makeLoginUrl(PageContext pageContext) {
return makeLoginUrl(pageContext, "checkLogin");
}
- public static StringWrapper makeLoginUrl(HttpServletRequest
request) {
+ public static String makeLoginUrl(HttpServletRequest request) {
return makeLoginUrl(request, "checkLogin");
}
- public static StringWrapper makeLoginUrl(PageContext
pageContext, String requestName) {
+ public static String makeLoginUrl(PageContext pageContext,
String requestName) {
return makeLoginUrl((HttpServletRequest)
pageContext.getRequest(), requestName);
}
- public static StringWrapper makeLoginUrl(HttpServletRequest
request, String requestName) {
+ public static String makeLoginUrl(HttpServletRequest request,
String requestName) {
Map<String, Object> urlParams =
UtilHttp.getUrlOnlyParameterMap(request);
String queryString = UtilHttp.urlEncodeArgs(urlParams, false);
String currentView = UtilFormatOut.checkNull((String)
request.getAttribute("_CURRENT_VIEW_"));
String loginUrl = "/" + requestName;
if ("login".equals(currentView)) {
- return StringUtil.wrapString(loginUrl);
+ return loginUrl;
}
if (UtilValidate.isNotEmpty(currentView)) {
loginUrl += "/" + currentView;
@@ -108,7 +105,8 @@
loginUrl += "?" + queryString;
}
- return StringUtil.wrapString(loginUrl);
+ //return StringUtil.wrapString(loginUrl);
+ return loginUrl;
}
/**
@@ -360,7 +358,7 @@
String errMsg =
UtilProperties.getMessage(resourceWebapp,
"loginevents.following_error_occurred_during_login", messageMap,
UtilHttp.getLocale(request));
request.setAttribute("_ERROR_MESSAGE_", errMsg);
}
- request.setAttribute("_ERROR_MESSAGE_LIST_",
(List) result.get(ModelService.ERROR_MESSAGE_LIST));
+ request.setAttribute("_ERROR_MESSAGE_LIST_",
result.get(ModelService.ERROR_MESSAGE_LIST));
return "error";
} else {
password = request.getParameter("newPassword");
@@ -720,10 +718,10 @@
String userLoginId = null;
for (int i = 0; i < clientCerts.length; i++) {
- X500Principal x500 =
clientCerts[i].getSubjectX500Principal();
+ //X500Principal x500 =
clientCerts[i].getSubjectX500Principal();
//Debug.log("Checking client certification
for authentication: " + x500.getName(), module);
- Map x500Map =
KeyStoreUtil.getCertX500Map(clientCerts[i]);
+ Map<String, String> x500Map =
KeyStoreUtil.getCertX500Map(clientCerts[i]);
if (i == 0) {
String cn = (String) x500Map.get("CN");
cn = cn.replaceAll("\\\\", "");
@@ -765,7 +763,7 @@
return "success";
}
- protected static boolean checkValidIssuer(GenericDelegator
delegator, Map x500Map, BigInteger serialNumber) throws
GeneralException {
+ protected static boolean checkValidIssuer(GenericDelegator
delegator, Map<String, String> x500Map, BigInteger serialNumber)
throws GeneralException {
List<EntityCondition> conds = FastList.newInstance();
conds.add(EntityCondition.makeCondition(EntityOperator.OR,
EntityCondition.makeConditionMap("commonName", x500Map.get("CN")),
EntityCondition.makeConditionMap("commonName", null),
Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/
OfbizContentTransform.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java?rev=744418&r1=744417&r2=744418&view=diff
=
=
=
=
=
=
=
=
=
=====================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/
OfbizContentTransform.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/
OfbizContentTransform.java Sat Feb 14 08:17:05 2009
@@ -24,7 +24,10 @@
import javax.servlet.http.HttpServletRequest;
+import org.ofbiz.base.util.Debug;
+import org.ofbiz.base.util.StringUtil;
import org.ofbiz.webapp.taglib.ContentUrlTag;
+import org.owasp.esapi.errors.EncodingException;
import freemarker.core.Environment;
import freemarker.ext.beans.BeanModel;
@@ -36,35 +39,45 @@
*/
public class OfbizContentTransform implements
TemplateTransformModel {
- public Writer getWriter(final Writer out, Map args) {
- final StringBuilder buf = new StringBuilder();
- return new Writer(out) {
- public void write(char cbuf[], int off, int len) {
- buf.append(cbuf, off, len);
- }
-
- public void flush() throws IOException {
- out.flush();
- }
-
- public void close() throws IOException {
- try {
- Environment env =
Environment.getCurrentEnvironment();
- BeanModel req =
(BeanModel)env.getVariable("request");
- HttpServletRequest request = req == null ?
null : (HttpServletRequest) req.getWrappedObject();
-
- // make the link
- StringBuffer newURL = new StringBuffer();
- ContentUrlTag.appendContentPrefix(request,
newURL);
- if (newURL.length() > 0 &&
newURL.charAt(newURL.length() - 1) != '/' && buf.charAt(0) != '/') {
- newURL.append('/');
- }
- newURL.append(buf.toString());
- out.write(newURL.toString());
- } catch (TemplateModelException e) {
- throw new IOException(e.getMessage());
+ public final static String module =
OfbizUrlTransform.class.getName();
+
+ public Writer getWriter(final Writer out, Map args) {
+ final StringBuilder buf = new StringBuilder();
+ return new Writer(out) {
+ public void write(char cbuf[], int off, int len) {
+ buf.append(cbuf, off, len);
+ }
+
+ public void flush() throws IOException {
+ out.flush();
+ }
+
+ public void close() throws IOException {
+ try {
+ Environment env =
Environment.getCurrentEnvironment();
+ BeanModel req =
(BeanModel)env.getVariable("request");
+ HttpServletRequest request = req == null ?
null : (HttpServletRequest) req.getWrappedObject();
+
+ String requestUrl = buf.toString();
+ // just in case the request is encoded, decode
before making the link
+ try {
+ requestUrl =
StringUtil.defaultWebEncoder.decodeFromURL(requestUrl);
+ } catch (EncodingException e) {
+ Debug.logError(e, "Error decoding URL
string [" + requestUrl + "]: " + e.toString(), module);
+ }
+
+ // make the link
+ StringBuffer newURL = new StringBuffer();
+ ContentUrlTag.appendContentPrefix(request,
newURL);
+ if (newURL.length() > 0 &&
newURL.charAt(newURL.length() - 1) != '/' && requestUrl.charAt(0) !
= '/') {
+ newURL.append('/');
}
+ newURL.append(requestUrl);
+ out.write(newURL.toString());
+ } catch (TemplateModelException e) {
+ throw new IOException(e.getMessage());
}
- };
- }
+ }
+ };
}
+}
Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/
OfbizUrlTransform.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizUrlTransform.java?rev=744418&r1=744417&r2=744418&view=diff
=
=
=
=
=
=
=
=
=
=====================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/
OfbizUrlTransform.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/
OfbizUrlTransform.java Sat Feb 14 08:17:05 2009
@@ -21,10 +21,16 @@
import java.io.IOException;
import java.io.Writer;
import java.util.Map;
+
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.ofbiz.base.util.Debug;
+import org.ofbiz.base.util.StringUtil;
+import org.ofbiz.webapp.control.RequestHandler;
+import org.owasp.esapi.errors.EncodingException;
+
import freemarker.core.Environment;
import freemarker.ext.beans.BeanModel;
import freemarker.template.SimpleScalar;
@@ -32,12 +38,12 @@
import freemarker.template.TemplateScalarModel;
import freemarker.template.TemplateTransformModel;
-import org.ofbiz.webapp.control.RequestHandler;
-
/**
* OfbizUrlTransform - Freemarker Transform for URLs (links)
*/
public class OfbizUrlTransform implements TemplateTransformModel {
+
+ public final static String module =
OfbizUrlTransform.class.getName();
public boolean checkArg(Map args, String key, boolean
defaultValue) {
if (!args.containsKey(key)) {
@@ -80,10 +86,18 @@
if (res != null) {
response = (HttpServletResponse)
res.getWrappedObject();
}
-
+
+ String requestUrl = buf.toString();
+ // just in case the request is encoded,
decode before making the link
+ try {
+ requestUrl =
StringUtil.defaultWebEncoder.decodeFromURL(requestUrl);
+ } catch (EncodingException e) {
+ Debug.logError(e, "Error decoding URL
string [" + requestUrl + "]: " + e.toString(), module);
+ }
+
// make the link
RequestHandler rh = (RequestHandler)
ctx.getAttribute("_REQUEST_HANDLER_");
- out.write(rh.makeLink(request, response,
buf.toString(), fullPath, secure, encode));
+ out.write(rh.makeLink(request, response,
requestUrl, fullPath, secure, encode));
} else if (prefix != null) {
if (prefix instanceof TemplateScalarModel) {
TemplateScalarModel s =
(TemplateScalarModel) prefix;
