Nicolas Malin created OFBIZ-13186:
-------------------------------------
Summary: Delegate to secure view rendering to ViewHandler
Key: OFBIZ-13186
URL: https://issues.apache.org/jira/browse/OFBIZ-13186
Project: OFBiz
Issue Type: Improvement
Components: framework
Reporter: Nicolas Malin
Assignee: Nicolas Malin
We extend *AbstractViewHandler* with a new method to override
{*}prepareViewContext{*}.
For each view handler implementation this will allow to control context used
for rendering, applying Scriptlet token detection for security purpose.
A new class *SecuredFreemarker* has been created to manage freemarker specific
controls, outside global *SecurityUtil* class.
We also add a new parameter *secure-context* (set true by default) to view-map
xml element to indicate that this view allow unsecure rendering, this implies
the view-map to required authentication.
For custom implementation of AbstractViewHandler, you can improve quickly your
class just add the following function
{code:java}
@Override
public Map<String, Object> prepareViewContext(HttpServletRequest request,
HttpServletResponse response, ConfigXMLReader.ViewMap viewMap) {
return Map.of();
} {code}
Thanks to Gil Portenseigne for help
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
