* [ adempiere-Bugs-1719617 ] Server bean allows remote unauthenticated queries

- Added security token validation for wan profile. This is on by default, if you need to test the wan profile from your IDE ( Eclipse , Netbean, etc ), you need to manually edit the Adempiere.properties file on the application server, and change ServerValidateSecurityToken=xyzY to ServerValidateSecurityToken=xyzN
- Next step is to add JAAS authentication, later ...
This commit is contained in:
Heng Sin Low 2007-05-21 05:03:12 +00:00
parent 9d23f98c76
commit 0d58e3158a
1 changed files with 14 additions and 2 deletions

View File

@ -160,6 +160,11 @@ public final class Ini implements Serializable
public static final String P_LOAD_TAB_META_DATA_BG = "LoadTabMetaDataBackground";
public static final String DEFAULT_LOAD_TAB_META_DATA_BG = "N";
/** Apply wan security protection **/
public static final String P_SERVER_VALIDATE_SECURITY_TOKEN = "ServerValidateSecurityToken";
public static final String DEFAULT_SERVER_VALIDATE_SECURITY_TOKEN = "Y";
/** Ini Properties */
private static final String[] PROPERTIES = new String[] {
@ -177,7 +182,8 @@ public final class Ini implements Serializable
P_SINGLE_INSTANCE_PER_WINDOW,
P_OPEN_WINDOW_MAXIMIZED,
P_WARNING, P_WARNING_de,
P_CHARSET, P_LOAD_TAB_META_DATA_BG
P_CHARSET, P_LOAD_TAB_META_DATA_BG,
P_SERVER_VALIDATE_SECURITY_TOKEN
};
/** Ini Property Values */
private static final String[] VALUES = new String[] {
@ -195,7 +201,8 @@ public final class Ini implements Serializable
DEFAULT_SINGLE_INSTANCE_PER_WINDOW?"Y":"N",
DEFAULT_OPEN_WINDOW_MAXIMIZED?"Y":"N",
DEFAULT_WARNING, DEFAULT_WARNING_de,
DEFAULT_CHARSET, DEFAULT_LOAD_TAB_META_DATA_BG
DEFAULT_CHARSET, DEFAULT_LOAD_TAB_META_DATA_BG,
DEFAULT_SERVER_VALIDATE_SECURITY_TOKEN
};
/** Container for Properties */
@ -768,4 +775,9 @@ public final class Ini implements Serializable
}
return Charset.defaultCharset();
}
public static boolean isServerValidateSecurityToken()
{
return isPropertyBool(P_SERVER_VALIDATE_SECURITY_TOKEN);
}
} // Ini