[ 
https://issues.apache.org/jira/browse/OFBIZ-4596?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jacques Le Roux closed OFBIZ-4596.
----------------------------------

    Resolution: Not A Problem
      Assignee: Jacques Le Roux

Please don't use Jira to ask questions. Use rather user ML for such questions:
http://cwiki.apache.org/confluence/display/OFBADMIN/Mailing+Lists
                
> URL parameter passed to secure (https) request-map is not allowed for 
> security reasons
> --------------------------------------------------------------------------------------
>
>                 Key: OFBIZ-4596
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-4596
>             Project: OFBiz
>          Issue Type: Test
>          Components: product
>         Environment: windows 7
>            Reporter: juning lee
>            Assignee: Jacques Le Roux
>
> Hi,everyone~
>   I wrote a screen,which is made up of two forms,first one is a search form 
> looking up a certain supplier,the second one is a list form, it shows all the 
> products whose supplier is the choosen one,and you can modify the lastPrice 
> by fill in the text and click the submit button next to it.
>   It all goes well until I done a modification and tries to page down,an 
> error occurs and says:
>   "Found URL parameter [partyId] passed to secure (https) request-map with 
> uri [updateSupplierProductBySupplier] with an event that calls service 
> [updateSupplierProduct]; this is not allowed for security reasons! The data 
> should be encrypted by making it part of the request body (a form field) 
> instead of the request URL. "
> in the controller.xml I wrote this:
> <request-map uri="updateSupplierProductBySupplier">
>       <security https="true" auth="true"/>
>       <event type="service" path="" invoke="updateSupplierProduct"/>
>       <response name="success" type="request-redirect" 
> value="ListSupplierPriceBySupplier"><redirect-parameter 
> name="partyId"/></response> <!-- goes back to the last page and passes 
> partyId to the screen -->
> </request-map>
>   I don't quite understand what to do,so would anyone be so kind to tell me 
> what should I do to solve this?
> Thx in advance~
> lee 2011-11-29

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Reply via email to