* [ adempiere-Bugs-1719617 ] Server bean allows remote unauthenticated queries

- Added security token validation for wan profile. This is on by default, if you need to test the wan profile from your IDE ( Eclipse , Netbean, etc ), you need to manually edit the Adempiere.properties file on the application server, and change ServerValidateSecurityToken=xyzY to ServerValidateSecurityToken=xyzN
- Next step is to add JAAS authentication, later ...

looks/src/org/compiere/util/Ini.java

@@ -161,6 +161,11 @@ public final class Ini implements Serializable
 	
 	public static final String DEFAULT_LOAD_TAB_META_DATA_BG = "N";
 	
+	/** Apply wan security protection **/
+	public static final String P_SERVER_VALIDATE_SECURITY_TOKEN = "ServerValidateSecurityToken";
+	
+	public static final String DEFAULT_SERVER_VALIDATE_SECURITY_TOKEN = "Y";
+			
 	/** Ini Properties		*/
 	private static final String[]   PROPERTIES = new String[] {
 		P_UID, P_PWD, P_TRACELEVEL, P_TRACEFILE, 
@@ -177,7 +182,8 @@ public final class Ini implements Serializable
 		P_SINGLE_INSTANCE_PER_WINDOW,
 		P_OPEN_WINDOW_MAXIMIZED,
 		P_WARNING, P_WARNING_de,
-		P_CHARSET, P_LOAD_TAB_META_DATA_BG
+		P_CHARSET, P_LOAD_TAB_META_DATA_BG,
+		P_SERVER_VALIDATE_SECURITY_TOKEN
 	};
 	/** Ini Property Values	*/
 	private static final String[]   VALUES = new String[] {
@@ -195,7 +201,8 @@ public final class Ini implements Serializable
 		DEFAULT_SINGLE_INSTANCE_PER_WINDOW?"Y":"N",
 		DEFAULT_OPEN_WINDOW_MAXIMIZED?"Y":"N",
 		DEFAULT_WARNING, DEFAULT_WARNING_de,
-		DEFAULT_CHARSET, DEFAULT_LOAD_TAB_META_DATA_BG
+		DEFAULT_CHARSET, DEFAULT_LOAD_TAB_META_DATA_BG,
+		DEFAULT_SERVER_VALIDATE_SECURITY_TOKEN
 	};
 
 	/**	Container for Properties    */
@@ -768,4 +775,9 @@ public final class Ini implements Serializable
 		}
 		return Charset.defaultCharset();
 	}
+	
+	public static boolean isServerValidateSecurityToken()
+	{
+		return isPropertyBool(P_SERVER_VALIDATE_SECURITY_TOKEN);
+	}
 }	//	Ini