| Log Message: |
A few related changes:
Big refactor of ControlServlet, RequestManager, RequestHandler, and ConfigXMLReader so that simple objects are used instead of Maps within Maps within Maps for the data from the controller.xml file, which results in eliminating hundreds of lines of code including the entire RequestHandler class. I have tested this a lot with different apps that use the ControlServlet differently, but this is a very big change so there could still be issues. Based on this cleanup future issues and new features should be easier and less error prone, and that is why doing it now in order to help with a number of other improvements and bug fixes that are part of this commit.
Also added redirect-parameter element to go under the request-map -> response element which allows you to specify which parameters will be passed on in a redirect instead of using all of them. Also improved default there and in various places to only include parameters from the URL to avoid issues with form data, but if the ID to display (like following a crAlso added redirect-parameter element to go under the request-map -> response element which allows you to specify which parameters will be passed on in a redirect instead of using all of them. Also improved default there and in various places to only include parameters from the URL to avoid issues with form data, but if the ID to display (like following a crAlso added redirect-parameter element to go under the request-map -> response element which allows you to specify which parameters will be passed on in a redirect instead of using all of them. Also improved default there and in various places to only include parameters from the URL to avoid issues wd in and also going to the same page after login from auth=true or from clicking on the login link.
Related to cleaning up login URLs also changed how the request and parameters passed to a request before a login are saved and used after a login is successful so that it URL parameters go on the URL in a redirect to the original request to make it more transparent, and non-URL parameters just stay in the session and are used when the original request is run again to avoid putting sensitive information like passwords and big information like textarea data in the URL, which has been a problem before.
To see what some of these things combined can do try going to the example app, login, click on the New Example link, then logout in another tab or window, then go back to the New Example page and enter a name and a whole bunch of text in the long description then click Create, the system will show you the login page so enter username/password, and then after login you'll see a nice URL to EditExample with the correct exampleId parameter and all of the data entered before login successfully saved and never appearing in a URL.
|
ofbiz/trunk/applications/ecommerce/webapp/ecommerce/login.ftl