framework/common/webcommon/WEB-INF/common-controller.xml
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file is subject to the terms and conditions defined in the
files 'LICENSE' and 'NOTICE', which are part of this source
code package.
-->
<site-conf xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/site-conf.xsd">
<include location="component://common/webcommon/WEB-INF/base-controller.xml"/>
<description>Common ControlServlet Configuration File</description>
<errorpage>${_CONTROL_SERVPATH_}/error</errorpage> <!-- /error/error.jsp -->
<preprocessor>
<!-- Events to run on every request before security (chains exempt) -->
<event name="check509CertLogin" type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="check509CertLogin"/>
<event name="checkRequestHeaderLogin" type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkRequestHeaderLogin"/>
<event name="checkServletRequestRemoteUserLogin" type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkServletRequestRemoteUserLogin"/>
<event name="checkExternalLoginKey" type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkExternalLoginKey"/>
<event name="checkProtectedView" type="java" path="org.ofbiz.webapp.control.ProtectViewWorker" invoke="checkProtectedView"/>
<event name="extensionConnectLogin" type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="extensionConnectLogin"/>
<event name="checkMessageRedirect" type="java" path="com.ilscipio.scipio.common.CommonEvents" invoke="checkMessageRedirect"/>
</preprocessor>
<postprocessor>
<!-- Events to run on every request after all other processing (chains exempt) -->
</postprocessor>
<!-- SCIPIO: view-as-json configuration; created 2017-05-15 -->
<view-as-json enabled="true" json-request-uri="jsonExplicit" update-session="false" regular-login="true" />
<!-- SCIPIO: New common settings -->
<common-settings>
<request-map-settings>
<response-settings>
<!-- SCIPIO: 2018-10-26: default view for view-last, view-last-noparam and view-home when not found by other means -->
<view-last default-view="main"/>
<!-- SCIPIO: 2018-06: When the response view-name matches "Lookup*",
set allow-view-save to false instead of true, to prevent interference with "view-last" responses -->
<allow-view-save-default>
<name-filter field="view-name" prefix="Lookup" use-value="false"/>
</allow-view-save-default>
</response-settings>
</request-map-settings>
<view-map-settings default-view-access="public"/><!-- NOTE: default-view-access could change to "internal" in future -->
</common-settings>
<!-- SCIPIO: NOTE: 2018-07-09: Most requests changed to https true (now the framework default when unspecified) -->
<!-- Security Mappings -->
<request-map uri="checkLogin" edit="false">
<description>Verify a user is logged in.</description>
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="extensionCheckLogin"/>
<response name="success" type="view" value="main"/>
<response name="error" type="view" value="login"/>
</request-map>
<request-map uri="ajaxCheckLogin" edit="false">
<description>Verify a user is logged in.</description>
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="extensionCheckLogin"/>
<response name="success" type="view" value="main"/>
<response name="error" type="view" value="ajaxLogin"/>
</request-map>
<request-map uri="login">
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="login"/>
<response name="success" type="view" value="main"/>
<response name="requirePasswordChange" type="view" value="requirePasswordChange"/>
<response name="loggedIn" type="view-last" value="main"/>
<response name="error" type="view" value="login"/>
</request-map>
<request-map uri="error">
<security https="true" auth="false"/><!-- SCIPIO: 2018-07-09: added security elem -->
<response name="success" type="view" value="error"/>
</request-map>
<request-map uri="logout">
<security https="true" auth="true"/>
<event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="logout"/>
<response name="success" type="request-redirect" value="checkLogin"/>
<response name="error" type="view" value="main"/>
</request-map>
<request-map uri="forgotPassword">
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="forgotPassword"/>
<response name="success" type="view" value="forgotPassword"/>
<response name="error" type="view" value="forgotPassword"/>
</request-map>
<request-map uri="passwordChange">
<security https="true" auth="false"/>
<response name="success" type="view" value="requirePasswordChange"/>
</request-map>
<request-map uri="changePassword">
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="changePassword"/>
<response name="success" type="view" value="requirePasswordChange"/>
<response name="error" type="view" value="login"/>
</request-map>
<request-map uri="updatePassword">
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="updatePassword"/>
<response name="success" type="view" value="main"/>
<response name="error" type="view" value="requirePasswordChange"/>
</request-map>
<request-map uri="view">
<security https="true" auth="false"/><!-- SCIPIO: 2018-07-09: set https true -->
<response name="success" type="request" value="main"/>
</request-map>
<request-map uri="views">
<security https="true" auth="false"/>
<response name="success" type="request" value="main"/>
</request-map>
<!-- Common Mappings used for locales and timezones -->
<request-map uri="ListLocales"><security https="true" auth="false"/><response name="success" type="view" value="ListLocales" save-last-view="true"/></request-map>
<request-map uri="setSessionLocale">
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.common.CommonEvents" invoke="setSessionLocale"/>
<response name="success" type="view-last" value="main"/>
<response name="error" type="request" value="main"/>
</request-map>
<request-map uri="ListTimezones"><security https="true" auth="false"/><response name="success" type="view" value="ListTimezones" save-last-view="true"/></request-map>
<request-map uri="setSessionTimeZone">
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.common.CommonEvents" invoke="setSessionTimeZone"/>
<response name="success" type="view-last" value="main"/>
<response name="error" type="request" value="main"/>
</request-map>
<!-- User preference mapping -->
<request-map uri="setUserPreference">
<security https="true" auth="true"/>
<event type="service" invoke="setUserPreference"/>
<response name="success" type="view-last" value="main"/>
<response name="error" type="request" value="main"/>
</request-map>
<request-map uri="ajaxSetUserPreference">
<security https="true" auth="true"/>
<event type="service" invoke="setUserPreference"/>
<response name="success" type="none"/>
</request-map>
<request-map uri="ajaxAutocompleteOptions">
<security https="true" auth="true"/>
<response name="success" type="view" value="ajaxAutocompleteOptions"/>
</request-map>
<!-- Online help system mapping -->
<request-map uri="help">
<security https="true" auth="true"/>
<response name="success" type="view" value="help"/>
</request-map>
<!-- Visual theme mapping -->
<request-map uri="ListVisualThemes">
<security https="true" auth="true"/>
<response name="success" type="view" value="ListVisualThemes" save-last-view="true"/>
</request-map>
<request-map uri="main">
<security https="true" auth="true"/><!-- SCIPIO: 2018-07-09: added security elem -->
<response name="success" type="view" value="main"/>
</request-map>
<request-map uri="viewBlocked">
<security https="true" auth="false"/><!-- SCIPIO: 2018-07-09: added security elem -->
<response name="success" type="view" value="viewBlocked"/>
</request-map>
<request-map uri="LookupTimeDuration">
<security https="true" auth="true"/><!-- SCIPIO: 2018-07-09: added security elem -->
<response name="success" type="view" value="LookupTimeDuration"/>
</request-map>
<!-- home/last/current mappings -->
<request-map uri="backHome">
<security https="true" auth="true"/>
<response name="success" type="view-home"/>
</request-map>
<request-map uri="backLast">
<security https="true" auth="true"/>
<response name="success" type="view-last"/>
</request-map>
<!-- Common json response events, chain these after events to send json responses -->
<!-- Standard json response, For security reason (OFBIZ-5409) tries to keep only the initially called service attributes -->
<request-map uri="json">
<security direct-request="false"/>
<event type="java" path="org.ofbiz.common.CommonEvents" invoke="jsonResponseFromRequestAttributes"/>
<response name="success" type="none"/>
</request-map>
<!-- SCIPIO: version of "json" that will only output attributes specifically requested in "scipioOutParams" map or "scipioOutAttrNames" list -->
<request-map uri="jsonExplicit">
<security direct-request="false"/>
<event type="java" path="org.ofbiz.common.CommonEvents" invoke="jsonResponseFromRequestAttributesExplicit"/>
<response name="success" type="none"/>
</request-map>
<!-- SCIPIO: specific view render request that outputs page output to json -->
<request-map uri="ajaxRender">
<security https="true" auth="true"/>
<event type="java" path="org.ofbiz.webapp.renderer.RenderEvents" invoke="renderViewToOutParams"/>
<response name="error" type="request" value="jsonExplicit"/>
<response name="success" type="request" value="jsonExplicit"/>
</request-map>
<!-- COPY THESE into your webapp controller if your webapp requires https="false" or auth="false" support
<request-map uri="ajaxRenderPlainNoAuth">
<security https="false" auth="false"/>
<event type="java" path="org.ofbiz.webapp.renderer.RenderEvents" invoke="renderViewToOutParams"/>
<response name="error" type="request" value="jsonExplicit"/>
<response name="success" type="request" value="jsonExplicit"/>
</request-map>
<request-map uri="ajaxRenderPlainAuth">
<security https="false" auth="true"/>
<event type="java" path="org.ofbiz.webapp.renderer.RenderEvents" invoke="renderViewToOutParams"/>
<response name="error" type="request" value="jsonExplicit"/>
<response name="success" type="request" value="jsonExplicit"/>
</request-map>
<request-map uri="ajaxRenderSecureNoAuth">
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.webapp.renderer.RenderEvents" invoke="renderViewToOutParams"/>
<response name="error" type="request" value="jsonExplicit"/>
<response name="success" type="request" value="jsonExplicit"/>
</request-map>-->
<request-map uri="ajaxRenderSecureAuth">
<security https="true" auth="true"/>
<event type="java" path="org.ofbiz.webapp.renderer.RenderEvents" invoke="renderViewToOutParams"/>
<response name="error" type="request" value="jsonExplicit"/>
<response name="success" type="request" value="jsonExplicit"/>
</request-map>
<request-map uri="showHelp">
<security https="true" auth="true"/>
<response name="success" type="view" value="showHelp"/>
</request-map>
<request-map uri="showHelpPublic">
<security https="true" auth="false"/><!-- SCIPIO: 2018-07-09: set https true -->
<response name="success" type="view" value="showHelp"/>
</request-map>
<request-map uri="authview">
<security https="true" auth="true"/>
<response name="success" type="view" value="main"/>
</request-map>
<!-- Common captcha image request, the captcha code is stored in the session using _CAPTCHA_CODE_ as the key -->
<request-map uri="captcha.jpg">
<security https="true" auth="false"/><!-- SCIPIO: 2018-07-09: set https true -->
<event type="java" path="org.ofbiz.common.CommonEvents" invoke="getCaptcha"/>
<response name="success" type="none"/>
</request-map>
<!-- Lookup requests -->
<request-map uri="LookupGeo"><security https="true" auth="true"/><response name="success" type="view" value="LookupGeo"/></request-map>
<request-map uri="LookupGeoName"><security https="true" auth="true"/><response name="success" type="view" value="LookupGeoName"/></request-map>
<request-map uri="LookupLocale"><security https="true" auth="true"/><response name="success" type="view" value="LookupLocale"/></request-map>
<!--========================== AJAX events =====================-->
<!-- Get states related to a country -->
<request-map uri="getAssociatedStateList" track-serverhit="false"><!-- SCIPIO: 2018-08-28: don't track for now, concurrent ServerHits on some pages (TODO: REVIEW) -->
<security https="true" auth="false"/>
<event type="service" invoke="getAssociatedStateList"/>
<response name="success" type="request" value="json"/>
<response name="error" type="request" value="json"/>
</request-map>
<request-map uri="getFileUploadProgressStatus">
<security https="true" auth="true"/>
<event type="service" invoke="getFileUploadProgressStatus"/>
<response name="success" type="request" value="json"/>
<response name="error" type="request" value="json"/>
</request-map>
<!-- Common JavaScript uiLabel Request, to receive uiLabels within regular JS Code -->
<request-map uri="getJSONuiLabelArray">
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.common.CommonEvents" invoke="getJSONuiLabelArray"/>
<response name="success" type="none" />
<response name="error" type="none" />
</request-map>
<request-map uri="getJSONuiLabel">
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.common.CommonEvents" invoke="getJSONuiLabel"/>
<response name="success" type="none" />
<response name="error" type="none" />
</request-map>
<!-- Check if an UomConversion exists -->
<request-map uri="checkUomConversion">
<security https="true" auth="false"/>
<event type="service" invoke="checkUomConversion"/>
<response name="success" type="request" value="json"/>
<response name="error" type="request" value="json"/>
</request-map>
<request-map uri="getRelatedGeos">
<security https="true" auth="true"/>
<event type="service" invoke="getRelatedGeos"/>
<response name="success" type="request" value="json"/>
<response name="error" type="request" value="json"/>
</request-map>
<request-map uri="getServerTimestamp">
<security https="true" auth="true"/>
<event type="service" invoke="getServerTimestamp"/>
<response name="success" type="request" value="json"/>
<response name="error" type="request" value="json"/>
</request-map>
<request-map uri="getServerTimeZone">
<security https="true" auth="true"/>
<event type="service" invoke="getServerTimeZone"/>
<response name="success" type="request" value="json"/>
<response name="error" type="request" value="json"/>
</request-map>
<request-map uri="getServerTimestampAsLong">
<security https="true" auth="true"/>
<event type="service" invoke="getServerTimestampAsLong"/>
<response name="success" type="request" value="json"/>
<response name="error" type="request" value="json"/>
</request-map>
<request-map uri="getServerTimestampAsString"><!-- SCIPIO: added 2018-08-28 -->
<security https="true" auth="true"/>
<event type="service" invoke="getServerTimestampAsString"/>
<response name="success" type="request" value="json"/>
<response name="error" type="request" value="json"/>
</request-map>
<request-map uri="qrcode" track-serverhit="false"><!-- SCIPIO: 2018-11-07: Don't track due to ajax -->
<security auth="true" https="true" /><!-- SCIPIO: 2018-07-09: set https true -->
<event type="java" path="org.ofbiz.common.qrcode.QRCodeEvents" invoke="serveQRCodeImage"/>
<response name="success" type="none" />
<response name="error" type="none" />
</request-map>
<!--========================== AJAX events =====================-->
<!-- View Mappings -->
<view-map name="error" type="screen" page="component://common/widget/CommonScreens.xml#error"/>
<view-map name="main" type="none"/>
<view-map name="login" type="screen" page="component://common/widget/CommonScreens.xml#login"/>
<view-map name="ajaxLogin" type="screen" page="component://common/widget/CommonScreens.xml#ajaxNotLoggedIn"/>
<view-map name="requirePasswordChange" type="screen" page="component://common/widget/CommonScreens.xml#requirePasswordChange"/>
<view-map name="forgotPassword" type="screen" page="component://common/widget/CommonScreens.xml#forgotPassword"/>
<view-map name="EventMessages" type="screen" page="component://common/widget/CommonScreens.xml#EventMessages"/>
<!-- SCIPIO: Some of these are moved to CommonScreens, otherwise wrong decorator settings will be used -->
<view-map name="ListLocales" type="screen" page="component://common/widget/CommonScreens.xml#ListLocales"/>
<view-map name="LookupTimeDuration" type="screen" page="component://common/widget/LookupScreens.xml#TimeDuration"/>
<view-map name="ListTimezones" type="screen" page="component://common/widget/CommonScreens.xml#ListTimezones"/>
<view-map name="ListVisualThemes" type="screen" page="component://common/widget/CommonScreens.xml#ListVisualThemes"/>
<view-map name="ajaxAutocompleteOptions" type="screen" page="component://common/widget/CommonScreens.xml#ajaxAutocompleteOptions"/>
<view-map name="help" type="screen" page="component://common/widget/CommonScreens.xml#help"/>
<view-map name="showHelp" type="screen" page="component://common/widget/HelpScreens.xml#ShowHelp"/>
<view-map name="ShowDocument" type="screen" page="component://common/widget/HelpScreens.xml#showDocument"/>
<view-map name="viewBlocked" type="screen" page="component://common/widget/CommonScreens.xml#viewBlocked"/>
<view-map name="LookupGeo" type="screen" page="component://common/widget/LookupScreens.xml#LookupGeo"/>
<view-map name="LookupGeoName" type="screen" page="component://common/widget/LookupScreens.xml#LookupGeoName"/>
<view-map name="LookupLocale" type="screen" page="component://common/widget/LookupScreens.xml#LookupLocale"/>
</site-conf>