<!-- Events to run on every request before security (chains exempt) --> <!-- <preprocessor> </preprocessor> --> <!-- Events to run on every request after all other processing (chains exempt) --> <!-- <postprocessor> <event name="test" type="java" path="org.apache.ofbiz.webapp.event.TestEvent" invoke="test"/> </postprocessor> -->
<preprocessor> <!-- Events to run on every request before security (chains exempt) --> <eventname="check509CertLogin"type="java"path="org.apache.ofbiz.webapp.control.LoginWorker"invoke="check509CertLogin"/> <eventname="checkRequestHeaderLogin"type="java"path="org.apache.ofbiz.webapp.control.LoginWorker"invoke="checkRequestHeaderLogin"/> <eventname="checkServletRequestRemoteUserLogin"type="java"path="org.apache.ofbiz.webapp.control.LoginWorker"invoke="checkServletRequestRemoteUserLogin"/> <eventname="checkExternalLoginKey"type="java"path="org.apache.ofbiz.webapp.control.ExternalLoginKeysManager"invoke="checkExternalLoginKey"/> <eventname="checkJWTLogin"type="java"path="org.apache.ofbiz.webapp.control.JWTManager"invoke="checkJWTLogin"/> <eventname="checkProtectedView"type="java"path="org.apache.ofbiz.webapp.control.ProtectViewWorker"invoke="checkProtectedView"/> <eventname="extensionConnectLogin"type="java"path="org.apache.ofbiz.webapp.control.LoginWorker"invoke="extensionConnectLogin"/> </preprocessor> <postprocessor> <!-- Events to run on every request after all other processing (chains exempt) --> </postprocessor>
<request-mapuri="checkLogin"> <description>Verify a user is logged in.</description> <securityhttps="true"auth="false"/> <eventtype="java"path="org.apache.ofbiz.webapp.control.LoginWorker"invoke="extensionCheckLogin"/> <responsename="success"type="view"value="main"/> <responsename="impersonated"type="view"value="impersonated"/> <responsename="error"type="view"value="login"/> </request-map>
// Invoke the defined event (unless login failed) if (eventReturn == null && requestMap.event != null) { if (requestMap.event.type != null && requestMap.event.path != null && requestMap.event.invoke != null) { try { long eventStartTime = System.currentTimeMillis();
// run the request event eventReturn = this.runEvent(request, response, requestMap.event, requestMap, "request");
if (requestMap.event.metrics != null) { requestMap.event.metrics.recordServiceRate(1, System.currentTimeMillis() - startTime); }
// save the server hit for the request event if (this.trackStats(request)) { ServerHitBin.countEvent(cname + "." + requestMap.event.invoke, request, eventStartTime, System.currentTimeMillis() - eventStartTime, userLogin); }
// set the default event return if (eventReturn == null) { nextRequestResponse = ConfigXMLReader.emptyNoneRequestResponse; } } catch (EventHandlerException e) { // check to see if there is an "error" response, if so go there and make an request error message if (requestMap.requestResponseMap.containsKey("error")) { eventReturn = "error"; Locale locale = UtilHttp.getLocale(request); String errMsg = UtilProperties.getMessage("WebappUiLabels", "requestHandler.error_call_event", locale); request.setAttribute("_ERROR_MESSAGE_", errMsg + ": " + e.toString()); } else { thrownew RequestHandlerException("Error calling event and no error response was specified", e); } } } }
// if previous request exists, and a login just succeeded, do that now. if (previousRequest != null && loginPass != null && "TRUE".equalsIgnoreCase(loginPass)) { request.getSession().removeAttribute("_PREVIOUS_REQUEST_"); // special case to avoid login/logout looping: if request was "logout" before the login, change to null for default success view; do the same for "login" to avoid going back to the same page if ("logout".equals(previousRequest) || "/logout".equals(previousRequest) || "login".equals(previousRequest) || "/login".equals(previousRequest) || "checkLogin".equals(previousRequest) || "/checkLogin".equals(previousRequest) || "/checkLogin/login".equals(previousRequest)) { Debug.logWarning("Found special _PREVIOUS_REQUEST_ of [" + previousRequest + "], setting to null to avoid problems, not running request again", module); } else { if (Debug.infoOn()) Debug.logInfo("[Doing Previous Request]: " + previousRequest + showSessionId(request), module);
// note that the previous form parameters are not setup (only the URL ones here), they will be found in the session later and handled when the old request redirect comes back Map<String, Object> previousParamMap = UtilGenerics.checkMap(request.getSession().getAttribute("_PREVIOUS_PARAM_MAP_URL_"), String.class, Object.class); String queryString = UtilHttp.urlEncodeArgs(previousParamMap, false); String redirectTarget = previousRequest; if (UtilValidate.isNotEmpty(queryString)) { redirectTarget += "?" + queryString; }
ConfigXMLReader.RequestResponse successResponse = requestMap.requestResponseMap.get("success"); if ((eventReturn == null || "success".equals(eventReturn)) && successResponse != null && "request".equals(successResponse.type)) { // chains will override any url defined views; but we will save the view for the very end if (UtilValidate.isNotEmpty(overrideViewUri)) { request.setAttribute("_POST_CHAIN_VIEW_", overrideViewUri); } nextRequestResponse = successResponse; }
// Make sure we have some sort of response to go to if (nextRequestResponse == null) nextRequestResponse = successResponse;
if (nextRequestResponse == null) { thrownew RequestHandlerException("Illegal response; handler could not process request [" + requestMap.uri + "] and event return [" + eventReturn + "]."); }
if ("url".equals(nextRequestResponse.type)) { if (Debug.verboseOn()) Debug.logVerbose("[RequestHandler.doRequest]: Response is a URL redirect." + showSessionId(request), module); callRedirect(nextRequestResponse.value, response, request, ccfg.getStatusCodeString()); } elseif ("url-redirect".equals(nextRequestResponse.type)) { // check for a cross-application redirect if (Debug.verboseOn()) Debug.logVerbose("[RequestHandler.doRequest]: Response is a URL redirect with redirect parameters." + showSessionId(request), module); callRedirect(nextRequestResponse.value + this.makeQueryString(request, nextRequestResponse), response, request, ccfg.getStatusCodeString()); } elseif ("cross-redirect".equals(nextRequestResponse.type)) { // check for a cross-application redirect if (Debug.verboseOn()) Debug.logVerbose("[RequestHandler.doRequest]: Response is a Cross-Application redirect." + showSessionId(request), module); String url = nextRequestResponse.value.startsWith("/") ? nextRequestResponse.value : "/" + nextRequestResponse.value; callRedirect(url + this.makeQueryString(request, nextRequestResponse), response, request, ccfg.getStatusCodeString()); } elseif ("request-redirect".equals(nextRequestResponse.type)) { if (Debug.verboseOn()) Debug.logVerbose("[RequestHandler.doRequest]: Response is a Request redirect." + showSessionId(request), module); callRedirect(makeLinkWithQueryString(request, response, "/" + nextRequestResponse.value, nextRequestResponse), response, request, ccfg.getStatusCodeString()); } elseif ("request-redirect-noparam".equals(nextRequestResponse.type)) { if (Debug.verboseOn()) Debug.logVerbose("[RequestHandler.doRequest]: Response is a Request redirect with no parameters." + showSessionId(request), module); callRedirect(makeLink(request, response, nextRequestResponse.value), response, request, ccfg.getStatusCodeString()); } elseif ("view".equals(nextRequestResponse.type)) { if (Debug.verboseOn()) Debug.logVerbose("[RequestHandler.doRequest]: Response is a view." + showSessionId(request), module);
// check for an override view, only used if "success" = eventReturn String viewName = (UtilValidate.isNotEmpty(overrideViewUri) && (eventReturn == null || "success".equals(eventReturn))) ? overrideViewUri : nextRequestResponse.value; renderView(viewName, requestMap.securityExternalView, request, response, saveName); } elseif ("view-last".equals(nextRequestResponse.type)) { if (Debug.verboseOn()) Debug.logVerbose("[RequestHandler.doRequest]: Response is a view." + showSessionId(request), module);
// check for an override view, only used if "success" = eventReturn String viewName = (UtilValidate.isNotEmpty(overrideViewUri) && (eventReturn == null || "success".equals(eventReturn))) ? overrideViewUri : nextRequestResponse.value;
// as a further override, look for the _SAVED and then _HOME and then _LAST session attributes Map<String, Object> urlParams = null; if (session.getAttribute("_SAVED_VIEW_NAME_") != null) { viewName = (String) session.getAttribute("_SAVED_VIEW_NAME_"); urlParams = UtilGenerics.<String, Object>checkMap(session.getAttribute("_SAVED_VIEW_PARAMS_")); } elseif (session.getAttribute("_HOME_VIEW_NAME_") != null) { viewName = (String) session.getAttribute("_HOME_VIEW_NAME_"); urlParams = UtilGenerics.<String, Object>checkMap(session.getAttribute("_HOME_VIEW_PARAMS_")); } elseif (session.getAttribute("_LAST_VIEW_NAME_") != null) { viewName = (String) session.getAttribute("_LAST_VIEW_NAME_"); urlParams = UtilGenerics.<String, Object>checkMap(session.getAttribute("_LAST_VIEW_PARAMS_")); } elseif (UtilValidate.isNotEmpty(nextRequestResponse.value)) { viewName = nextRequestResponse.value; } if (UtilValidate.isEmpty(viewName) && UtilValidate.isNotEmpty(nextRequestResponse.value)) { viewName = nextRequestResponse.value; } if (urlParams != null) { for (Map.Entry<String, Object> urlParamEntry: urlParams.entrySet()) { String key = urlParamEntry.getKey(); // Don't overwrite messages coming from the current event if (!("_EVENT_MESSAGE_".equals(key) || "_ERROR_MESSAGE_".equals(key) || "_EVENT_MESSAGE_LIST_".equals(key) || "_ERROR_MESSAGE_LIST_".equals(key))) { request.setAttribute(key, urlParamEntry.getValue()); } } } renderView(viewName, requestMap.securityExternalView, request, response, null); } elseif ("view-last-noparam".equals(nextRequestResponse.type)) { if (Debug.verboseOn()) Debug.logVerbose("[RequestHandler.doRequest]: Response is a view." + showSessionId(request), module);
// check for an override view, only used if "success" = eventReturn String viewName = (UtilValidate.isNotEmpty(overrideViewUri) && (eventReturn == null || "success".equals(eventReturn))) ? overrideViewUri : nextRequestResponse.value;
// as a further override, look for the _SAVED and then _HOME and then _LAST session attributes if (session.getAttribute("_SAVED_VIEW_NAME_") != null) { viewName = (String) session.getAttribute("_SAVED_VIEW_NAME_"); } elseif (session.getAttribute("_HOME_VIEW_NAME_") != null) { viewName = (String) session.getAttribute("_HOME_VIEW_NAME_"); } elseif (session.getAttribute("_LAST_VIEW_NAME_") != null) { viewName = (String) session.getAttribute("_LAST_VIEW_NAME_"); } elseif (UtilValidate.isNotEmpty(nextRequestResponse.value)) { viewName = nextRequestResponse.value; } renderView(viewName, requestMap.securityExternalView, request, response, null); } elseif ("view-home".equals(nextRequestResponse.type)) { if (Debug.verboseOn()) Debug.logVerbose("[RequestHandler.doRequest]: Response is a view." + showSessionId(request), module);
// check for an override view, only used if "success" = eventReturn String viewName = (UtilValidate.isNotEmpty(overrideViewUri) && (eventReturn == null || "success".equals(eventReturn))) ? overrideViewUri : nextRequestResponse.value;
// as a further override, look for the _HOME session attributes Map<String, Object> urlParams = null; if (session.getAttribute("_HOME_VIEW_NAME_") != null) { viewName = (String) session.getAttribute("_HOME_VIEW_NAME_"); urlParams = UtilGenerics.<String, Object>checkMap(session.getAttribute("_HOME_VIEW_PARAMS_")); } if (urlParams != null) { for (Map.Entry<String, Object> urlParamEntry: urlParams.entrySet()) { request.setAttribute(urlParamEntry.getKey(), urlParamEntry.getValue()); } } renderView(viewName, requestMap.securityExternalView, request, response, null); } elseif ("none".equals(nextRequestResponse.type)) { // no view to render (meaning the return was processed by the event) if (Debug.verboseOn()) Debug.logVerbose("[RequestHandler.doRequest]: Response is handled by the event." + showSessionId(request), module); }
if (!parameters.groovyProgram) { groovyProgram = ''' // Use the List variable recordValues to fill it with GenericValue maps. // full groovy syntaxt is available import org.apache.ofbiz.entity.util.EntityFindOptions // example: // find the first three record in the product entity (if any) EntityFindOptions findOptions = new EntityFindOptions() findOptions.setMaxRows(3) List products = delegator.findList("Product", null, null, null, findOptions, false) if (products != null) { recordValues.addAll(products) } ''' parameters.groovyProgram = groovyProgram } else { groovyProgram = parameters.groovyProgram }
// Add imports for script. def importCustomizer = new ImportCustomizer() importCustomizer.addImport("org.apache.ofbiz.entity.GenericValue") importCustomizer.addImport("org.apache.ofbiz.entity.model.ModelEntity") def configuration = new CompilerConfiguration() configuration.addCompilationCustomizers(importCustomizer)
Binding binding = new Binding() binding.setVariable("delegator", delegator) binding.setVariable("recordValues", recordValues)
// org.apache.ofbiz.webapp.control.LoginWorker publicstaticbooleanhasBasePermission(GenericValue userLogin, HttpServletRequest request){ Security security = (Security) request.getAttribute("security"); if (security != null) { ServletContext context = request.getServletContext(); String serverId = (String) context.getAttribute("_serverId"); // get a context path from the request, if it is empty then assume it is the root mount point String contextPath = request.getContextPath(); if (UtilValidate.isEmpty(contextPath)) { contextPath = "/"; } ComponentConfig.WebappInfo info = ComponentConfig.getWebAppInfo(serverId, contextPath); if (info != null) { return hasApplicationPermission(info, security, userLogin); } else { if (Debug.infoOn()) { Debug.logInfo("No webapp configuration found for : " + serverId + " / " + contextPath, module); } } } else { if (Debug.warningOn()) { Debug.logWarning("Received a null Security object from HttpServletRequest", module); } } returntrue; }
// org.apache.ofbiz.base.component.ComponentConfig publicstatic WebappInfo getWebAppInfo(String serverName, String contextRoot){ if (serverName == null || contextRoot == null) { returnnull; } ComponentConfig.WebappInfo info = null; for (ComponentConfig cc : getAllComponents()) { for (WebappInfo wInfo : cc.getWebappInfos()) { if (serverName.equals(wInfo.server) && contextRoot.equals(wInfo.getContextRoot())) { info = wInfo; } } } return info; }
/** * Return the portion of the request URI used to select the Context of the Request. The value returned is not * decoded which also implies it is not normalised. */ @Override public String getContextPath(){ int lastSlash = mappingData.contextSlashCount; // Special case handling for the root context if (lastSlash == 0) { return""; }
String uri = getRequestURI(); int pos = 0; if (!getContext().getAllowMultipleLeadingForwardSlashInPath()) { // Ensure that the returned value only starts with a single '/'. // This prevents the value being misinterpreted as a protocol- // relative URI if used with sendRedirect(). do { pos++; } while (pos < uri.length() && uri.charAt(pos) == '/'); pos--; uri = uri.substring(pos); }
char[] uriChars = uri.toCharArray(); // Need at least the number of slashes in the context path while (lastSlash > 0) { pos = nextSlash(uriChars, pos + 1); if (pos == -1) { break; } lastSlash--; } // Now allow for path parameters, normalization and/or encoding. // Essentially, keep extending the candidate path up to the next slash // until the decoded and normalized candidate path (with the path // parameters removed) is the same as the canonical path. String candidate; if (pos == -1) { candidate = uri; } else { candidate = uri.substring(0, pos); } candidate = removePathParameters(candidate); candidate = UDecoder.URLDecode(candidate, connector.getURICharset()); candidate = org.apache.tomcat.util.http.RequestUtil.normalize(candidate); boolean match = canonicalContextPath.equals(candidate); while (!match && pos != -1) { pos = nextSlash(uriChars, pos + 1); if (pos == -1) { candidate = uri; } else { candidate = uri.substring(0, pos); } candidate = removePathParameters(candidate); candidate = UDecoder.URLDecode(candidate, connector.getURICharset()); candidate = org.apache.tomcat.util.http.RequestUtil.normalize(candidate); match = canonicalContextPath.equals(candidate); } if (match) { if (pos == -1) { return uri; } else { return uri.substring(0, pos); } } else { // Should never happen thrownew IllegalStateException( sm.getString("coyoteRequest.getContextPath.ise", canonicalContextPath, uri)); } }
if ("view".equals(nextRequestResponse.type)) { if (Debug.verboseOn()) Debug.logVerbose("[RequestHandler.doRequest]: Response is a view." + showSessionId(request), module);
// check for an override view, only used if "success" = eventReturn String viewName = (UtilValidate.isNotEmpty(overrideViewUri) && (eventReturn == null || "success".equals(eventReturn))) ? overrideViewUri : nextRequestResponse.value; renderView(viewName, requestMap.securityExternalView, request, response, saveName); }