Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improved: Improve ViewHandler interface (OFBIZ-13179) #858

Merged
merged 1 commit into from
Nov 28, 2024
Merged

Improved: Improve ViewHandler interface (OFBIZ-13179) #858

merged 1 commit into from
Nov 28, 2024

Conversation

nmalin
Copy link
Contributor

@nmalin nmalin commented Nov 15, 2024
edited
Loading

We extend AbstractViewHandler with a new method to override prepareViewContext. For each view handler implementation this will allow to control context used for rendering, applying Scriptlet token detection for security purpose.

A new class SecuredFreemarker has been created to manage freemarker specific controls, outside global SecurityUtil class.

We also add a new parameter secure-context (set true by default) to view-map xml element to indicate that this view allow unsecure rendering, this implies the view-map to required authentication.

Thanks to Gil Portenseigne for help

@nmalin nmalin force-pushed the ViewMapImprovement branch 4 times, most recently from 03264d5 to 4429a34 Compare November 28, 2024 15:46
@nmalin
Improved: Improve ViewHandler interface (OFBIZ-13179)
8576da3 
We extend *AbstractViewHandler* with a new method to override *prepareViewContext*.
For each view handler implementation this will allow to control context used for rendering, applying Scriptlet token detection for security purpose.

A new class *SecuredFreemarker* has been created to manage freemarker specific controls, outside global *SecurityUtil* class.

We also add a new parameter *secure-context* (set true by default) to view-map xml element to indicate that this view allow unsecure rendering, this implies the view-map to required authentication.

Thanks to Gil Portenseigne for help
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Nov 28, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@nmalin nmalin merged commit 0fce1dd into apache:trunk Nov 28, 2024
5 of 6 checks passed
nmalin added a commit that referenced this pull request Nov 28, 2024
@nmalin
Improved: Improve ViewHandler interface (OFBIZ-13179) (#858)
cadcbec 
We extend *AbstractViewHandler* with a new method to override *prepareViewContext*.
For each view handler implementation this will allow to control context used for rendering, applying Scriptlet token detection for security purpose.

A new class *SecuredFreemarker* has been created to manage freemarker specific controls, outside global *SecurityUtil* class.

We also add a new parameter *secure-context* (set true by default) to view-map xml element to indicate that this view allow unsecure rendering, this implies the view-map to required authentication.

Thanks to Gil Portenseigne for help
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@nmalin