[
https://issues.apache.org/jira/browse/OFBIZ-13179?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nicolas Malin updated OFBIZ-13179:
----------------------------------
Description:
We extend *AbstractViewHandler* with a new method to override
{*}prepareViewContext{*}.
For each view handler implementation this will allow to control context used
for rendering, applying Scriptlet token detection for security purpose.
A new class *SecuredFreemarker* has been created to manage freemarker specific
controls, outside global *SecurityUtil* class.
We also add a new parameter *secure-context* (set true by default) to view-map
xml element to indicate that this view allow unsecure rendering, this implies
the view-map to required authentication.
For custom implementation of AbstractViewHandler, you can improve quickly your
class just add the following function
{code:java}
@Override
public Map<String, Object> prepareViewContext(HttpServletRequest request,
HttpServletResponse response, ConfigXMLReader.ViewMap viewMap) {
return Map.of();
} {code}
Thanks to Gil Portenseigne for help
was:
We extend _AbstractViewHandler_ with a new method to override
{_}prepareViewContext{_}.
For each view handler implementation this will allow to control context used
for rendering, applying Scriptlet token detection for security purpose.
A new class _SecuredFreemarker_ has been created to manage freemarker specific
controls, outside of global _SecurityUtil_ class.
We also add a new parameter _secure-context_ (to true by default) to view-map
to indicate that this view allow unsecure rendering, this implies the view-map
to required authentication.
> Improve ViewHandler interface
> -----------------------------
>
> Key: OFBIZ-13179
> URL: https://issues.apache.org/jira/browse/OFBIZ-13179
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: 24.09.01
> Reporter: Nicolas Malin
> Assignee: Nicolas Malin
> Priority: Major
>
> We extend *AbstractViewHandler* with a new method to override
> {*}prepareViewContext{*}.
> For each view handler implementation this will allow to control context used
> for rendering, applying Scriptlet token detection for security purpose.
> A new class *SecuredFreemarker* has been created to manage freemarker
> specific controls, outside global *SecurityUtil* class.
> We also add a new parameter *secure-context* (set true by default) to
> view-map xml element to indicate that this view allow unsecure rendering,
> this implies the view-map to required authentication.
>
> For custom implementation of AbstractViewHandler, you can improve quickly
> your class just add the following function
> {code:java}
> @Override
> public Map<String, Object> prepareViewContext(HttpServletRequest request,
> HttpServletResponse response, ConfigXMLReader.ViewMap viewMap) {
> return Map.of();
> } {code}
> Thanks to Gil Portenseigne for help
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
