Skip to content

Commit

Permalink
Improved: Added support to allow direct view rendering in override view
Browse files Browse the repository at this point in the history
functionality (OFBIZ-13117)

Added allow-direct-view-rendering and direct-view-rendering-with-auth in
view-mapping tag, default values will be false. i.e by default now view
is allowed to be used as OOTB overridden view functionality.
In order to allow the view redirection (override) on all workflows
allow-direct-view-rendering must be set to true.
If view redirection is allowed and direct-view-rendering-with-auth is
set to true then login credentials are necessary to use this
functionality.
This feature may break some existing flow where overridden view workflow
is used
  • Loading branch information
stschikin committed Jun 14, 2024
1 parent 3b15ef6 commit 1d46cb6
Show file tree
Hide file tree
Showing 5 changed files with 62 additions and 6 deletions.
2 changes: 1 addition & 1 deletion applications/content/webapp/content/WEB-INF/controller.xml
Original file line number Diff line number Diff line change
Expand Up @@ -1851,7 +1851,7 @@ under the License.
<view-map name="EditWebSitePathAlias" type="screen" page="component://content/widget/WebSiteScreens.xml#EditWebSitePathAlias"/>
<view-map name="WebSiteContent" type="screen" page="component://content/widget/WebSiteScreens.xml#WebSiteContent"/>
<view-map name="WebSiteCMS" type="screen" page="component://content/widget/WebSiteScreens.xml#WebSiteCMS"/>
<view-map name="WebSiteCMSContent" type="screen" page="component://content/widget/WebSiteScreens.xml#WebSiteCMSContent"/>
<view-map name="WebSiteCMSContent" type="screen" page="component://content/widget/WebSiteScreens.xml#WebSiteCMSContent" allow-direct-view-rendering="true"/>
<view-map name="WebSiteCMSEditor" type="screen" page="component://content/widget/WebSiteScreens.xml#WebSiteCMSEditor"/>
<view-map name="WebSiteCMSMetaInfo" type="screen" page="component://content/widget/WebSiteScreens.xml#WebSiteCMSMetaInfo"/>
<view-map name="WebSiteCMSPathAlias" type="screen" page="component://content/widget/WebSiteScreens.xml#WebSiteCMSPathAlias"/>
Expand Down
19 changes: 19 additions & 0 deletions framework/webapp/dtd/site-conf.xsd
Original file line number Diff line number Diff line change
Expand Up @@ -776,6 +776,25 @@ under the License.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:boolean" name="allow-direct-view-rendering" default="false">
<xs:annotation>
<xs:documentation>
This attribute determines whether direct rendering of the view is allowed when using the override view functionality.
If set to true,
the system permits the view to be rendered directly using the override view functionality.
If false or not specified,
direct rendering is not allowed, and system throws Unknown request exception.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:boolean" name="direct-view-rendering-with-auth" default="false">
<xs:annotation>
<xs:documentation>
If direct-view-rendering-with-auth=true, direct rendering of the view is only allowed with an active login when using the override view functionality.
If direct-view-rendering-with-auth=false, no active login is required.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="x-frame-options" default="sameorigin">
<xs:annotation>
<xs:documentation>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1044,6 +1044,8 @@ public static class ViewMap {
private String strictTransportSecurity;
private String description;
private boolean noCache = false;
private boolean allowDirectViewRendering = false;
private boolean directViewRenderingWithAuth = false;

/**
* Gets name.
Expand Down Expand Up @@ -1120,6 +1122,24 @@ public String getContentType() {
return contentType;
}

/**
* allow direct view rendering boolean
*
* @return the boolean
*/
public boolean isAllowDirectViewRendering() {
return this.allowDirectViewRendering;
}

/**
* direct view rendering with authentication boolean
*
* @return the boolean
*/
public boolean isDirectViewRenderingWithAuth() {
return this.directViewRenderingWithAuth;
}

/**
* Gets encoding.
* @return the encoding
Expand All @@ -1135,6 +1155,8 @@ public ViewMap(Element viewMapElement) {
this.info = viewMapElement.getAttribute("info");
this.contentType = viewMapElement.getAttribute("content-type");
this.noCache = "true".equals(viewMapElement.getAttribute("no-cache"));
this.allowDirectViewRendering = "true".equals(viewMapElement.getAttribute("allow-direct-view-rendering"));
this.directViewRenderingWithAuth = "true".equals(viewMapElement.getAttribute("direct-view-rendering-with-auth"));
this.encoding = viewMapElement.getAttribute("encoding");
this.xFrameOption = viewMapElement.getAttribute("x-frame-options");
this.strictTransportSecurity = viewMapElement.getAttribute("strict-transport-security");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -129,14 +129,18 @@ static Collection<RequestMap> resolveURI(ControllerConfig ccfg, HttpServletReque
Map<String, List<RequestMap>> requestMapMap = ccfg.getRequestMapMultiMap();
Collection<RequestMap> rmaps = resolveTemplateURI(requestMapMap, req);
if (rmaps.isEmpty()) {
Map<String, ConfigXMLReader.ViewMap> viewMapMap = ccfg.getViewMapMap();
String defaultRequest = ccfg.getDefaultRequest();
String path = req.getPathInfo();
String requestUri = getRequestUri(path);
String overrideViewUri = getOverrideViewUri(path);
boolean allowDirectViewRendering = false;
// Ensure that overridden view exists and direct view rendering is allowed.
if (UtilValidate.isNotEmpty(overrideViewUri)) {
ConfigXMLReader.ViewMap overrideViewMap = ccfg.getViewMapMap().get(overrideViewUri);
allowDirectViewRendering = (overrideViewMap != null && overrideViewMap.isAllowDirectViewRendering());
}
if (requestMapMap.containsKey(requestUri)
// Ensure that overridden view exists.
&& (overrideViewUri == null || viewMapMap.containsKey(overrideViewUri)
&& (allowDirectViewRendering
|| ("SOAPService".equals(requestUri) && "wsdl".equalsIgnoreCase(req.getQueryString())))) {
rmaps = requestMapMap.get(requestUri);
req.setAttribute("overriddenView", overrideViewUri);
Expand Down Expand Up @@ -606,7 +610,13 @@ public void doRequest(HttpServletRequest request, HttpServletResponse response,
}

// Perform security check.
if (requestMap.isSecurityAuth()) {
boolean directViewRenderingWithAuth = false;
// Check if direct view rendering requires authentication.
if (UtilValidate.isNotEmpty(overrideViewUri)) {
ConfigXMLReader.ViewMap overrideViewMap = ccfg.getViewMapMap().get(overrideViewUri);
directViewRenderingWithAuth = (overrideViewMap != null && overrideViewMap.isDirectViewRenderingWithAuth());
}
if (requestMap.isSecurityAuth() || directViewRenderingWithAuth) {
// Invoke the security handler
// catch exceptions and throw RequestHandlerException if failed.
if (Debug.verboseOn()) {
Expand All @@ -629,6 +639,8 @@ public void doRequest(HttpServletRequest request, HttpServletResponse response,
} else {
requestMap = ccfg.getRequestMapMap().get("ajaxCheckLogin");
}
// overrideViewUri needs to be deleted, as there is no authentication
overrideViewUri = null;
}
} else if (requestUri != null) {
String[] loginUris = EntityUtilProperties.getPropertyValue("security", "login.uris", delegator).split(",");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@
import org.junit.Before;
import org.junit.Test;
import org.w3c.dom.Element;
import org.mockito.Mockito;

public class RequestHandlerTests {
public static class ResolveURITests {
Expand Down Expand Up @@ -190,10 +191,12 @@ public void resolveURIBasicOverrideView() throws Exception {
reqMaps.putSingle("foo", foo);
reqMaps.putSingle("bar", bar);

viewMaps.put("baz", new ViewMap(dummyElement));
//viewMaps.put("baz", new ViewMap(dummyElement));
viewMaps.put("baz", Mockito.mock(ViewMap.class)); // Mock the ViewMap

when(req.getPathInfo()).thenReturn("/foo/baz");
when(ccfg.getDefaultRequest()).thenReturn("bar");
when(viewMaps.get("baz").isAllowDirectViewRendering()).thenReturn(true);
assertThat(RequestHandler.resolveURI(ccfg, req), hasItem(foo));
}

Expand Down

0 comments on commit 1d46cb6

Please sign in to comment.