svn commit: r1851998 - in /ofbiz/ofbiz-framework/trunk/framework: base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java

Thu, 24 Jan 2019 00:19:18 -0800 

Author: jleroux
Date: Thu Jan 24 08:17:38 2019
New Revision: 1851998

URL: http://svn.apache.org/viewvc?rev=1851998&view=rev
Log:
Fixed: Impossible secure and autologin cookie names when mountpoint contains a 
slash inside its name
(OFBIZ-10766)

Deepak Nigam reported on dev ML:
When there is one web app with the empty mount point (i.e. deployed on root), 
the auto-login cookie will not work for that particular webapp due to the 
change 
in the path of the cookie from "/" to "/" + applicationName. Because the system 
will try to find the cookie at the "/" but it is actually at "/" + 
applicationName.

Thanks Deepak for report

Modified:
    
ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
    
ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java

Modified: 
ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
URL: 
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java?rev=1851998&r1=1851997&r2=1851998&view=diff
==============================================================================
--- 
ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
 (original)
+++ 
ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
 Thu Jan 24 08:17:38 2019
@@ -668,6 +668,8 @@ public final class UtilHttp {
         if (request.getContextPath().length() > 1) {
             appName = request.getContextPath().substring(1);
         }
+        // When you set a mountpoint which contains a slash inside its name 
(ie not only a slash as a trailer, which is possible), 
+        // as it's needed with OFBIZ-10765, OFBiz tries to create a cookie 
with a slash in its name and that's impossible.
         return appName.replaceAll("/","_");
     }
 

Modified: 
ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
URL: 
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java?rev=1851998&r1=1851997&r2=1851998&view=diff
==============================================================================
--- 
ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
 (original)
+++ 
ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
 Thu Jan 24 08:17:38 2019
@@ -932,7 +932,7 @@ public class LoginWorker {
             Cookie autoLoginCookie = new 
Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
             autoLoginCookie.setMaxAge(60 * 60 * 24 * 365);
             
autoLoginCookie.setDomain(EntityUtilProperties.getPropertyValue("url", 
"cookie.domain", delegator));
-            autoLoginCookie.setPath("/" + applicationName);
+            autoLoginCookie.setPath( applicationName.equals("root") ? "/" : 
request.getContextPath());
             autoLoginCookie.setSecure(true);
             autoLoginCookie.setHttpOnly(true);
             response.addCookie(autoLoginCookie);
@@ -948,11 +948,13 @@ public class LoginWorker {
         Delegator delegator = (Delegator) request.getAttribute("delegator");
         HttpSession session = request.getSession();
         GenericValue userLogin = (GenericValue) 
session.getAttribute("userLogin");
+        String applicationName = UtilHttp.getApplicationName(request);
+        
         if (userLogin != null) {
             Cookie securedLoginIdCookie = new 
Cookie(getSecuredLoginIdCookieName(request), 
userLogin.getString("userLoginId"));
             securedLoginIdCookie.setMaxAge(-1);
             
securedLoginIdCookie.setDomain(EntityUtilProperties.getPropertyValue("url", 
"cookie.domain", delegator));
-            securedLoginIdCookie.setPath("/" + 
UtilHttp.getApplicationName(request));
+            securedLoginIdCookie.setPath( applicationName.equals("root") ? "/" 
: request.getContextPath());
             securedLoginIdCookie.setSecure(true);
             securedLoginIdCookie.setHttpOnly(true);
             response.addCookie(securedLoginIdCookie);
@@ -1052,10 +1054,11 @@ public class LoginWorker {
         // remove the cookie
         if (userLogin != null) {
             Delegator delegator = (Delegator) 
request.getAttribute("delegator");
+            String applicationName = UtilHttp.getApplicationName(request);
             Cookie autoLoginCookie = new 
Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
             autoLoginCookie.setMaxAge(0);
             
autoLoginCookie.setDomain(EntityUtilProperties.getPropertyValue("url", 
"cookie.domain", delegator));
-            autoLoginCookie.setPath("/" + 
UtilHttp.getApplicationName(request));
+            autoLoginCookie.setPath( applicationName.equals("root") ? "/" : 
request.getContextPath());
             response.addCookie(autoLoginCookie);
         }
         // remove the session attributes

Reply via email to