[jira] [Commented] (OFBIZ-13179) Improve ViewHandler interface

Thu, 28 Nov 2024 09:06:45 -0800 


    [ 
https://issues.apache.org/jira/browse/OFBIZ-13179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17901764#comment-17901764
 ] 

ASF subversion and git services commented on OFBIZ-13179:
---------------------------------------------------------

Commit cadcbecdaa10621583f3a191f77787b18c82c62b in ofbiz-framework's branch 
refs/heads/release24.09 from Nicolas Malin
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=cadcbecdaa ]

Improved: Improve ViewHandler interface (OFBIZ-13179) (#858)

We extend *AbstractViewHandler* with a new method to override 
*prepareViewContext*.
For each view handler implementation this will allow to control context used 
for rendering, applying Scriptlet token detection for security purpose.

A new class *SecuredFreemarker* has been created to manage freemarker specific 
controls, outside global *SecurityUtil* class.

We also add a new parameter *secure-context* (set true by default) to view-map 
xml element to indicate that this view allow unsecure rendering, this implies 
the view-map to required authentication.

Thanks to Gil Portenseigne for help

> Improve ViewHandler interface
> -----------------------------
>
>                 Key: OFBIZ-13179
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-13179
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: framework
>    Affects Versions: 24.09.01
>            Reporter: Nicolas Malin
>            Assignee: Nicolas Malin
>            Priority: Major
>
> We extend *AbstractViewHandler* with a new method to override 
> {*}prepareViewContext{*}.
> For each view handler implementation this will allow to control context used 
> for rendering, applying Scriptlet token detection for security purpose.
> A new class *SecuredFreemarker* has been created to manage freemarker 
> specific controls, outside global *SecurityUtil* class.
> We also add a new parameter *secure-context* (set true by default) to 
> view-map xml element to indicate that this view allow unsecure rendering, 
> this implies the view-map to required authentication.
>  
> For custom implementation of AbstractViewHandler, you can improve quickly 
> your class just add the following function
> {code:java}
> @Override
> public Map<String, Object> prepareViewContext(HttpServletRequest request, 
> HttpServletResponse response, ConfigXMLReader.ViewMap viewMap) {
>     return Map.of();
> } {code}
> Thanks to Gil Portenseigne for help



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to