ofbiz-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacques Le Roux (Closed) (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (OFBIZ-4596) URL parameter passed to secure (https) request-map is not allowed for security reasons
Date Fri, 02 Dec 2011 05:43:40 GMT

     [ https://issues.apache.org/jira/browse/OFBIZ-4596?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jacques Le Roux closed OFBIZ-4596.
----------------------------------

    Resolution: Not A Problem
      Assignee: Jacques Le Roux

Please don't use Jira to ask questions. Use rather user ML for such questions:
http://cwiki.apache.org/confluence/display/OFBADMIN/Mailing+Lists
                
> URL parameter passed to secure (https) request-map is not allowed for security reasons
> --------------------------------------------------------------------------------------
>
>                 Key: OFBIZ-4596
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-4596
>             Project: OFBiz
>          Issue Type: Test
>          Components: product
>         Environment: windows 7
>            Reporter: juning lee
>            Assignee: Jacques Le Roux
>
> Hi,everyone~
>   I wrote a screen,which is made up of two forms,first one is a search form looking up
a certain supplier,the second one is a list form, it shows all the products whose supplier
is the choosen one,and you can modify the lastPrice by fill in the text and click the submit
button next to it.
>   It all goes well until I done a modification and tries to page down,an error occurs
and says:
>   "Found URL parameter [partyId] passed to secure (https) request-map with uri [updateSupplierProductBySupplier]
with an event that calls service [updateSupplierProduct]; this is not allowed for security
reasons! The data should be encrypted by making it part of the request body (a form field)
instead of the request URL. "
> in the controller.xml I wrote this:
> <request-map uri="updateSupplierProductBySupplier">
>       <security https="true" auth="true"/>
>       <event type="service" path="" invoke="updateSupplierProduct"/>
>       <response name="success" type="request-redirect" value="ListSupplierPriceBySupplier"><redirect-parameter
name="partyId"/></response> <!-- goes back to the last page and passes partyId
to the screen -->
> </request-map>
>   I don't quite understand what to do,so would anyone be so kind to tell me what should
I do to solve this?
> Thx in advance~
> lee 2011-11-29

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message