From 0d58e3158a71924d1417cc7b448e94d048bbce1e Mon Sep 17 00:00:00 2001 From: Heng Sin Low Date: Mon, 21 May 2007 05:03:12 +0000 Subject: [PATCH] * [ adempiere-Bugs-1719617 ] Server bean allows remote unauthenticated queries - Added security token validation for wan profile. This is on by default, if you need to test the wan profile from your IDE ( Eclipse , Netbean, etc ), you need to manually edit the Adempiere.properties file on the application server, and change ServerValidateSecurityToken=xyzY to ServerValidateSecurityToken=xyzN - Next step is to add JAAS authentication, later ... --- looks/src/org/compiere/util/Ini.java | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/looks/src/org/compiere/util/Ini.java b/looks/src/org/compiere/util/Ini.java index adf53c54b2..93ebb796da 100644 --- a/looks/src/org/compiere/util/Ini.java +++ b/looks/src/org/compiere/util/Ini.java @@ -160,6 +160,11 @@ public final class Ini implements Serializable public static final String P_LOAD_TAB_META_DATA_BG = "LoadTabMetaDataBackground"; public static final String DEFAULT_LOAD_TAB_META_DATA_BG = "N"; + + /** Apply wan security protection **/ + public static final String P_SERVER_VALIDATE_SECURITY_TOKEN = "ServerValidateSecurityToken"; + + public static final String DEFAULT_SERVER_VALIDATE_SECURITY_TOKEN = "Y"; /** Ini Properties */ private static final String[] PROPERTIES = new String[] { @@ -177,7 +182,8 @@ public final class Ini implements Serializable P_SINGLE_INSTANCE_PER_WINDOW, P_OPEN_WINDOW_MAXIMIZED, P_WARNING, P_WARNING_de, - P_CHARSET, P_LOAD_TAB_META_DATA_BG + P_CHARSET, P_LOAD_TAB_META_DATA_BG, + P_SERVER_VALIDATE_SECURITY_TOKEN }; /** Ini Property Values */ private static final String[] VALUES = new String[] { @@ -195,7 +201,8 @@ public final class Ini implements Serializable DEFAULT_SINGLE_INSTANCE_PER_WINDOW?"Y":"N", DEFAULT_OPEN_WINDOW_MAXIMIZED?"Y":"N", DEFAULT_WARNING, DEFAULT_WARNING_de, - DEFAULT_CHARSET, DEFAULT_LOAD_TAB_META_DATA_BG + DEFAULT_CHARSET, DEFAULT_LOAD_TAB_META_DATA_BG, + DEFAULT_SERVER_VALIDATE_SECURITY_TOKEN }; /** Container for Properties */ @@ -768,4 +775,9 @@ public final class Ini implements Serializable } return Charset.defaultCharset(); } + + public static boolean isServerValidateSecurityToken() + { + return isPropertyBool(P_SERVER_VALIDATE_SECURITY_TOKEN); + } } // Ini