Skip to content

Commit

Permalink
bug#13454961. encode configName, fix pswd alias dropdown, ensure enco…
Browse files Browse the repository at this point in the history 
…dedconfigname is used in ajax call.

This has been checked into 3.1.2.  Now port to trunk.


git-svn-id: https://svn.java.net/svn/glassfish~svn/trunk/main@51840 6f3ba3e3-413c-0410-a8aa-90bee3ab43b5
  • Loading branch information
anilam committed Dec 31, 2011
1 parent 9a6dc6d commit 536f63f
Show file tree
Hide file tree
Showing 19 changed files with 114 additions and 80 deletions.
7 changes: 6 additions & 1 deletion .../admingui/common/src/main/java/org/glassfish/admingui/common/handlers/CommonHandlers.java
View file
Expand Up @@ -448,23 +448,27 @@ public static void removeEmptyProps(HandlerContext handlerCtx) {
* <p> This method will "html escape" any &lt;, &gt;, or &amp; characters
* that appear in a String from the QUERY_STRING. This is to help
* prevent XSS vulnerabilities.</p>
* <p> orig without escape is available, but be very cautious when using it.
*
* <p> Input value: "key" -- Type: <code>String</code></p>
*
* <p> Output value: "value" -- Type: <code>String</code></p>
* <p> Output value: "orig" -- Type: <code>String</code></p>
*
*/
@Handler(id="getRequestValue",
input={
@HandlerInput(name="key", type=String.class, required=true),
@HandlerInput(name="default", type=String.class)},
output={
@HandlerOutput(name="value", type=Object.class)}
@HandlerOutput(name="value", type=Object.class),
@HandlerOutput(name="orig", type=Object.class)}
)
public static void getRequestValue(HandlerContext handlerCtx) {
String key = (String) handlerCtx.getInputValue("key");
Object defaultValue = handlerCtx.getInputValue("default");
Object value = handlerCtx.getFacesContext().getExternalContext().getRequestParameterMap().get(key);
Object orig = value;
if ((value == null) || "".equals(value)) {
value = handlerCtx.getFacesContext().getExternalContext().getRequestMap().get(key);
if ((value == null) && (defaultValue != null)){
Expand All @@ -480,6 +484,7 @@ public static void getRequestValue(HandlerContext handlerCtx) {
value = Util.htmlEscape((String) value);
}
handlerCtx.setOutputValue("value", value);
handlerCtx.setOutputValue("orig", orig);
}

/**
Expand Down
10 changes: 5 additions & 5 deletions appserver/admingui/common/src/main/resources/appServer/pswdAliasAttr.inc
View file
Expand Up @@ -40,16 +40,16 @@
-->

<sun:propertySheet id="propertySheet" requiredFields="true">
<sun:propertySheet id="propertySheet" requiredFields="true">

<sun:propertySheetSection id="propertSectionTextField">
<sun:property id="aliasName" rendered="#{edit}" labelAlign="left" noWrap="#{true}" overlapLabel="#{false}" label="$resource{i18nc.pswdAlias.aliasName}" >
<sun:staticText id="aliasName" text="#{pageSession.valueMap['aliasname']}"/>
<sun:staticText id="aliasName" text="#{pageSession.name}"/>
</sun:property>

<sun:property id="aliasNameNew" rendered="#{!edit}" labelAlign="left" noWrap="#{true}" overlapLabel="#{false}" label="$resource{i18nc.pswdAlias.aliasName}" helpText="$resource{i18nc.pswdAlias.aliasNameHelp}">
<sun:textField id="aliasNameNew" styleClass="required" required="#{true}" text="#{pageSession.valueMap['aliasname']}" columns="$int{55}" maxLength="#{sessionScope.fieldLengths['maxLength.common.Name']}" />
</sun:property>
</sun:property>

<sun:property id="newPasswordProp" labelAlign="left" noWrap="#{true}" overlapLabel="#{false}" label="$resource{i18nc.pswdAlias.password}" helpText="$resource{i18nc.pswdAlias.passwordHelp}">
<sun:passwordField id="NewPassword" styleClass="required" required="#{true}" columns="$int{25}" maxLength="#{sessionScope.fieldLengths['maxLength.server.NewPassword']}" text="#{pageSession.valueMap['aliaspassword']}" >
Expand All @@ -67,6 +67,6 @@
</sun:property>

</sun:propertySheetSection>
</sun:propertySheet>
</sun:propertySheet>


4 changes: 2 additions & 2 deletions appserver/admingui/common/src/main/resources/appServer/pswdAliasEdit.jsf
View file
Expand Up @@ -50,9 +50,9 @@
<!define name="content">
<event>
<!beforeCreate
getRequestValue(key="name" value="#{pageSession.name}");
getRequestValue(key="name" value="#{pageSession.name}" , orig="#{pageSession.origName}");
createMap(result="#{pageSession.valueMap}");
mapPut(map="#{pageSession.valueMap}" key="aliasname" value="#{pageSession.name}")
mapPut(map="#{pageSession.valueMap}" key="aliasname" value="#{pageSession.origName}")
setPageSessionAttribute(key="edit" value="#{true}" );
/>
</event>
Expand Down
4 changes: 2 additions & 2 deletions appserver/admingui/common/src/main/resources/applications/lifecycleEdit.jsf
View file
Expand Up @@ -2,7 +2,7 @@

DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.

Copyright (c) 2009-2010 Oracle and/or its affiliates. All rights reserved.
Copyright (c) 2009-2011 Oracle and/or its affiliates. All rights reserved.

The contents of this file are subject to the terms of either the GNU
General Public License Version 2 only ("GPL") or the Common Development
Expand Down Expand Up @@ -47,7 +47,7 @@
setResourceBundle(key="help_common" bundle="org.glassfish.common.admingui.Helplinks");
/>
<!composition template="/templates/default.layout" guiTitle="$resource{i18nc.lifecycleModule.editPageTitle}"
guiOnLoad="admingui.nav.selectTreeNodeWithURL('#{request.contextPath}/common/applications/lifecycleEdit.jsf?appName=#{pageSession.name}');"
guiOnLoad="admingui.nav.selectTreeNodeWithURL('#{request.contextPath}/common/applications/lifecycleEdit.jsf?appName=#{pageSession.encodedName}');"
>
<!define name="content">
<event>
Expand Down
7 changes: 4 additions & 3 deletions appserver/admingui/common/src/main/resources/security/auditModules/auditModules.jsf
View file
Expand Up @@ -46,12 +46,13 @@
/>
<!composition template="/templates/default.layout"
guiTitle="$resource{i18nc.auditModule.PageTitle}"
guiTemplateOnLoad="admingui.nav.refreshTree('treeForm:tree:configurations:#{pageSession.configName}:security:auditModules');"
guiTemplateOnLoad="admingui.nav.refreshTree('treeForm:tree:configurations:#{pageSession.encodedConfigName}:security:auditModules');"
>
<!define name="content">
<event>
<!beforeCreate
getRequestValue(key="configName" value=>$page{configName} default="server-config");
getRequestValue(key="configName" value=>$page{configName} );
urlencode(value="#{pageSession.configName}" encoding="UTF-8" result="#{pageSession.encodedConfigName}");
setPageSessionAttribute(key="childType" value="audit-module");
setPageSessionAttribute(key="parentUrl", value="#{sessionScope.REST_URL}/configs/config/#{pageSession.configName}/security-service");
setPageSessionAttribute(key="selfUrl", value="#{pageSession.parentUrl}/audit-module");
Expand All @@ -66,7 +67,7 @@
setPageSessionAttribute(key="tableTitle" value="$resource{i18nc.auditModule.TableTitle}");
/>
</event>
" <script type="text/javascript">admingui.nav.selectTreeNodeById(admingui.nav.TREE_ID+":configurations:#{pageSession.configName}:security:auditModules");</script>
" <script type="text/javascript">admingui.nav.selectTreeNodeById(admingui.nav.TREE_ID+":configurations:#{pageSession.encodedConfigName}:security:auditModules");</script>

<sun:form id="propertyForm">
#include "/common/shared/alertMsg.inc"
Expand Down
8 changes: 5 additions & 3 deletions appserver/admingui/common/src/main/resources/security/jacc/jaccProviders.jsf
View file
Expand Up @@ -49,12 +49,14 @@
/>
<!composition template="/templates/default.layout"
guiTitle="$resource{i18nc.jacc.PageTitle}"
guiTemplateOnLoad="admingui.nav.refreshTree('treeForm:tree:configurations:#{pageSession.configName}:security:jaccProviders');"
guiTemplateOnLoad="admingui.nav.refreshTree('treeForm:tree:configurations:#{pageSession.escapedConfigName}:security:jaccProviders');"
>
<!define name="content">
<event>
<!beforeCreate
getRequestValue(key="configName" value=>$page{configName} default="server-config");
getRequestValue(key="configName" value=>$page{configName} );
urlencode(value="#{pageSession.configName}" encoding="UTF-8" result="#{pageSession.encodedConfigName}");
htmlEscape(value="#{pageSession.configName}" result="#{pageSession.escapedConfigName}");
setPageSessionAttribute(key="childType" value="jacc-provider");
setPageSessionAttribute(key="parentUrl", value="#{sessionScope.REST_URL}/configs/config/#{pageSession.configName}/security-service");
setPageSessionAttribute(key="selfUrl", value="#{pageSession.parentUrl}/#{pageSession.childType}");
Expand All @@ -69,7 +71,7 @@
setPageSessionAttribute(key="tableTitle" value="$resource{i18nc.jacc.TableTitle}");
/>
</event>
" <script type="text/javascript">admingui.nav.selectTreeNodeById(admingui.nav.TREE_ID+":configurations:#{pageSession.configName}:security:jaccProviders");</script>
" <script type="text/javascript">admingui.nav.selectTreeNodeById(admingui.nav.TREE_ID+":configurations:#{pageSession.escapedConfigName}:security:jaccProviders");</script>
<sun:form id="propertyForm">
#include "/common/shared/alertMsg.inc"
<sun:title id="propertyContentPage" title="$resource{i18nc.jacc.PageTitle}"
Expand Down
7 changes: 4 additions & 3 deletions appserver/admingui/common/src/main/resources/security/msgSecurity/msgSecurity.jsf
View file
Expand Up @@ -46,12 +46,13 @@
/>
<!composition template="/templates/default.layout"
guiTitle="$resource{i18nc.msgSecurity.ListPageTitle}"
guiTemplateOnLoad="admingui.nav.refreshTree('treeForm:tree:configurations:#{pageSession.configName}:security:messageSecurity');"
guiTemplateOnLoad="admingui.nav.refreshTree('treeForm:tree:configurations:#{pageSession.encodedConfigName}:security:messageSecurity');"
>
<!define name="content">
<event>
<!beforeCreate
getRequestValue(key="configName" value=>$page{configName} default="server-config");
getRequestValue(key="configName" value=>$page{configName});
urlencode(value="#{pageSession.configName}" encoding="UTF-8" result="#{pageSession.encodedConfigName}");
setPageSessionAttribute(key="childType" value="message-security-config");
setPageSessionAttribute(key="parentUrl", value="#{sessionScope.REST_URL}/configs/config/#{pageSession.configName}/security-service");
setPageSessionAttribute(key="selfUrl", value="#{pageSession.parentUrl}/#{pageSession.childType}");
Expand All @@ -70,7 +71,7 @@
}
/>
</event>
" <script type="text/javascript">admingui.nav.selectTreeNodeById(admingui.nav.TREE_ID+":configurations:#{pageSession.configName}:security:messageSecurity");</script>
" <script type="text/javascript">admingui.nav.selectTreeNodeById(admingui.nav.TREE_ID+":configurations:#{pageSession.encodedConfigName}:security:messageSecurity");</script>

<sun:form id="propertyForm">
#include "/common/shared/alertMsg.inc"
Expand Down
8 changes: 5 additions & 3 deletions appserver/admingui/common/src/main/resources/security/realms/realms.jsf
View file
Expand Up @@ -46,11 +46,13 @@
/>
<!composition template="/templates/default.layout"
guiTitle="$resource{i18nc.realm.PageTitle}"
guiTemplateOnLoad="admingui.nav.refreshTree('treeForm:tree:configurations:#{pageSession.configName}:security:realms');">
guiTemplateOnLoad="admingui.nav.refreshTree('treeForm:tree:configurations:#{pageSession.encodedConfigName}:security:realms');"
>
<!define name="content">
<event>
<!beforeCreate
getRequestValue(key="configName" value=>$page{configName} default="server-config");
getRequestValue(key="configName" value=>$page{configName});
urlencode(value="#{pageSession.name}" encoding="UTF-8" result=>$page{encodedConfigName});
setPageSessionAttribute(key="childType" value="auth-realm");
setPageSessionAttribute(key="parentUrl", value="#{sessionScope.REST_URL}/configs/config/#{pageSession.configName}/security-service");
setPageSessionAttribute(key="selfUrl", value="#{pageSession.parentUrl}/#{pageSession.childType}");
Expand All @@ -65,7 +67,7 @@
setPageSessionAttribute(key="tableTitle" value="$resource{i18nc.realm.TableTitle}");
/>
</event>
" <script type="text/javascript">admingui.nav.selectTreeNodeById(admingui.nav.TREE_ID+":configurations:#{pageSession.configName}:security:realms");</script>
" <script type="text/javascript">admingui.nav.selectTreeNodeById(admingui.nav.TREE_ID+":configurations:#{pageSession.encodedConfigName}:security:realms");</script>
<sun:form id="propertyForm">
#include "/common/shared/alertMsg.inc"
<sun:title id="propertyContentPage" title="$resource{i18nc.realm.PageTitle}"
Expand Down
9 changes: 8 additions & 1 deletion appserver/admingui/common/src/main/resources/shared/commonHandlers.inc
View file
Expand Up @@ -2,7 +2,7 @@
DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
Copyright (c) 2010 Oracle and/or its affiliates. All rights reserved.
Copyright (c) 2010-2011 Oracle and/or its affiliates. All rights reserved.
The contents of this file are subject to the terms of either the GNU
General Public License Version 2 only ("GPL") or the Common Development
Expand Down Expand Up @@ -42,6 +42,7 @@

<!--
This handler gets a list of password aliases
Input: #{requestScope.doEscape}
Output: #{pageSession.listOfAliases}
-->
<handler id="gfr.getPswdAliases">
Expand All @@ -53,8 +54,14 @@
setPageSessionAttribute(key="listOfAliases" value={});
if( "!(#{requestScope._listOfMap} = #{null})" ){
foreach(var="oneChildMap" list="#{requestScope._listOfMap}"){
if ("#{requestScope.doEscape}"){
htmlEscape(value="#{requestScope.oneChildMap.message}" result="#{requestScope.encodedAliasName}");
listAdd(list="#{pageSession.listOfAliases}" value="#{requestScope.encodedAliasName}" );
}
if ("!#{requestScope.doEscape}"){
listAdd(list="#{pageSession.listOfAliases}" value="#{requestScope.oneChildMap.message}" );
}
}
gf.listSort(list="#{pageSession.listOfAliases}");
}
</handler>
Expand Down
10 changes: 5 additions & 5 deletions appserver/admingui/jms-plugin/src/main/resources/jmsHosts.jsf
View file
Expand Up @@ -2,7 +2,7 @@

DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.

Copyright (c) 1997-2010 Oracle and/or its affiliates. All rights reserved.
Copyright (c) 1997-2011 Oracle and/or its affiliates. All rights reserved.

The contents of this file are subject to the terms of either the GNU
General Public License Version 2 only ("GPL") or the Common Development
Expand Down Expand Up @@ -47,14 +47,14 @@

<!composition template="/templates/default.layout"
guiTitle="$resource{i18njms.jmsHosts.ListPageTitle}"
guiTemplateOnLoad="admingui.nav.refreshTree('treeForm:tree:configurations:#{pageSession.configName}:jmsConfiguration:jmsHosts');">
guiTemplateOnLoad="admingui.nav.refreshTree('treeForm:tree:configurations:#{pageSession.encodedConfigName}:jmsConfiguration:jmsHosts');">
<!define name="content">
<event>
<!beforeCreate
getRequestValue(key="configName" value=>$page{configName});

urlencode(value="#{pageSession.configName}" encoding="UTF-8" result="#{pageSession.encodedConfigName}");
setPageSessionAttribute(key="childType" value="jms-host");
setPageSessionAttribute(key="parentUrl", value="#{sessionScope.REST_URL}/configs/config/#{pageSession.configName}/jms-service");
setPageSessionAttribute(key="parentUrl", value="#{sessionScope.REST_URL}/configs/config/#{pageSession.encodedConfigName}/jms-service");
setPageSessionAttribute(key="selfUrl", value="#{pageSession.parentUrl}/#{pageSession.childType}");
setPageSessionAttribute(key="rest-api" value="true");
gf.getChildList(parentEndpoint="#{pageSession.parentUrl}", childType="#{pageSession.childType}", result="#{requestScope.listOfRows}");
Expand All @@ -79,7 +79,7 @@
}
/>
</event>
" <script type="text/javascript">admingui.nav.selectTreeNodeById(admingui.nav.TREE_ID+":configurations:#{pageSession.configName}:jmsConfiguration:jmsHosts");</script>
" <script type="text/javascript">admingui.nav.selectTreeNodeById(admingui.nav.TREE_ID+":configurations:#{pageSession.encodedConfigName}:jmsConfiguration:jmsHosts");</script>
<sun:form id="propertyForm">
#include "/common/shared/alertMsg.inc"
<sun:title id="propertyContentPage" title="$resource{i18njms.jmsHosts.ListPageTitle}" helpText="$resource{i18njms.jmsHosts.ListPageHelp}"/>
Expand Down
5 changes: 3 additions & 2 deletions appserver/admingui/web/src/main/resources/configuration/httpListenerEdit.jsf
View file
Expand Up @@ -50,10 +50,11 @@
<!beforeCreate
setSessionAttribute(key="listenerTabs" value="generalTab");
getRequestValue(key="configName" value=>$page{configName});
urlencode(value="#{pageSession.configName}" encoding="UTF-8" result="#{pageSession.encodedConfigName}");
getRequestValue(key="name" value="#{pageSession.Name}");
urlencode(value="#{pageSession.Name}" encoding="UTF-8" result="#{pageSession.encodedName}");

setPageSessionAttribute(key="prefix", value="#{sessionScope.REST_URL}/configs/config/#{pageSession.configName}/network-config");
setPageSessionAttribute(key="prefix", value="#{sessionScope.REST_URL}/configs/config/#{pageSession.encodedConfigName}/network-config");

gf.getEntityAttrs(endpoint="#{pageSession.prefix}/network-listeners/network-listener/#{pageSession.encodedName}" valueMap="#{pageSession.valueMap}");

Expand Down Expand Up @@ -81,7 +82,7 @@
setSessionAttribute(key="secureCancelUrl" value="#{pageSession.selfPage}")
/>
</event>
" <script type="text/javascript">admingui.nav.selectTreeNodeById(admingui.nav.TREE_ID+":configurations:#{pageSession.configName}httpService:httpListeners:#{pageSession.Name}");</script>
" <script type="text/javascript">admingui.nav.selectTreeNodeById(admingui.nav.TREE_ID+":configurations:#{pageSession.encodedConfigName}:httpService:httpListeners:#{pageSession.encodedName}");</script>

<sun:form id="propertyForm">
#include "/common/shared/alertMsg.inc"
Expand Down

0 comments on commit 536f63f

Please sign in to comment.