[
https://issues.apache.org/jira/browse/OFBIZ-13179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18037844#comment-18037844
]
Jacques Le Roux commented on OFBIZ-13179:
-----------------------------------------
It has often a lot or resource to make your work unhappy :(
> Improve ViewHandler interface
> -----------------------------
>
> Key: OFBIZ-13179
> URL: https://issues.apache.org/jira/browse/OFBIZ-13179
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: 24.09.01
> Reporter: Nicolas Malin
> Assignee: Nicolas Malin
> Priority: Major
> Fix For: 24.09.01
>
> Attachments: OFBIZ-13153-fix.patch
>
>
> We extend *AbstractViewHandler* with a new method to override
> {*}prepareViewContext{*}.
> For each view handler implementation this will allow to control context used
> for rendering, applying Scriptlet token detection for security purpose.
> A new class *SecuredFreemarker* has been created to manage freemarker
> specific controls, outside global *SecurityUtil* class.
> We also add a new parameter *secure-context* (set true by default) to
> view-map xml element to indicate that this view allow unsecure rendering,
> this implies the view-map to required authentication.
>
> For custom implementation of AbstractViewHandler, you can improve quickly
> your class just add the following function
> {code:java}
> @Override
> public Map<String, Object> prepareViewContext(HttpServletRequest request,
> HttpServletResponse response, ConfigXMLReader.ViewMap viewMap) {
> return Map.of();
> } {code}
> Thanks to Gil Portenseigne for help
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
