framework/common/webcommon/WEB-INF/common-store-controller.xml
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file is subject to the terms and conditions defined in the
files 'LICENSE' and 'NOTICE', which are part of this source
code package.
-->
<!--
SCIPIO: Factors out the framework-level definitions common to most stores.
This is based on common-controller but is specifically tailored
to frontend stores/shops.
NOTE: This should only contain framework-level definitions, and not business-related logic,
similar to common-controller.xml. High-level factoring should be factored out somewhere
else (similar to commonext).
-->
<site-conf xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/site-conf.xsd">
<include location="component://common/webcommon/WEB-INF/base-controller.xml"/>
<!-- Social Logins - requires Social Authentication Addons -->
<include location="component://auth-facebook/webapp/facebook/WEB-INF/auth-facebook-controller.xml" optional="true" order="pre-local" />
<include location="component://auth-google/webapp/google/WEB-INF/auth-google-controller.xml" optional="true" order="pre-local" />
<include location="component://auth-twitter/webapp/twitter/WEB-INF/auth-twitter-controller.xml" optional="true" order="pre-local" />
<include location="component://auth-linkedin/webapp/linkedin/WEB-INF/auth-linkedin-controller.xml" optional="true" order="pre-local" />
<description>SCIPIO: Common Framework-level Store Configuration File</description>
<errorpage>${_CONTROL_SERVPATH_}/error</errorpage> <!-- /error/error.jsp -->
<!-- SCIPIO: Cart synchronization service event handler wrapper: automatically wraps in a safe CartUpdate section
any service marked with the "shoppingCart.update" property, when called directly as an event (added 2018-11-26) -->
<handler name="shoppingCartSync" type="request-handler-wrapper" class="org.ofbiz.order.shoppingcart.CartSyncEventHandlerWrapper"/>
<firstvisit>
<event name="autoLoginCheck" type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="autoLoginCheck"/>
</firstvisit>
<preprocessor>
<!-- Events to run on every request before security (chains exempt) -->
<!-- SCIPIO: Not for frontend stores for now
<event name="check509CertLogin" type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="check509CertLogin"/>
<event name="checkRequestHeaderLogin" type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkRequestHeaderLogin"/>
<event name="checkServletRequestRemoteUserLogin" type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkServletRequestRemoteUserLogin"/>
-->
<event name="checkExternalLoginKey" type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkExternalLoginKey"/>
<!-- SCIPIO: Not for frontend stores for now
<event name="checkProtectedView" type="java" path="org.ofbiz.webapp.control.ProtectViewWorker" invoke="checkProtectedView"/>
<event name="extensionConnectLogin" type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="extensionConnectLogin"/>
-->
</preprocessor>
<postprocessor>
<!-- Events to run on every request after all other processing (chains exempt) -->
</postprocessor>
<!-- SCIPIO: New common settings -->
<common-settings>
<request-map-settings>
<response-settings>
<!-- SCIPIO: 2018-10-26: default view for view-last, view-last-noparam and view-home when not found by other means -->
<view-last default-view="main"/>
</response-settings>
</request-map-settings>
<view-map-settings default-view-access="public"/><!-- NOTE: default-view-access could change to "internal" in future -->
</common-settings>
<!-- SCIPIO: NOTE: 2018-07-09: Most requests changed to https true (now the framework default when unspecified) -->
<!-- Security Request Mappings -->
<request-map uri="checkLogin" edit="false">
<description>Verify a user is logged in.</description>
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="storeCheckLogin"/>
<response name="success" type="view-last"/>
<response name="error" type="view" value="login"/>
</request-map>
<!-- SCIPIO: Not for frontend stores for now
<request-map uri="ajaxCheckLogin" edit="false">
<description>Verify a user is logged in.</description>
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="extensionCheckLogin"/>
<response name="success" type="view" value="main"/>
<response name="error" type="view" value="ajaxLogin"/>
</request-map>
-->
<request-map uri="login">
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="storeLogin"/>
<response name="success" type="view" value="main"/>
<response name="requirePasswordChange" type="view" value="requirePasswordChange"/>
<response name="error" type="view" value="login"/>
</request-map>
<request-map uri="error">
<security https="true" auth="false"/><!-- SCIPIO: 2018-07-09: added security elem -->
<response name="success" type="view" value="error"/>
</request-map>
<request-map uri="logout">
<security https="true" auth="false"/><!-- SCIPIO: now auth false to prevent needless errors from double logouts, etc. -->
<!-- SCIPIO: NOTE: invoke="logout" does NOT clear autoLoginUser or its cookies; if you want
this request to also clear autoLoginUser, override this with invoke="autoLoginRemove" in your controller -->
<event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="logout"/>
<response name="success" type="request-redirect" value="checkLogin" save-request="messages"/><!-- SCIPIO: only transfer error messages -->
<response name="error" type="view" value="main"/>
</request-map>
<request-map uri="autoLogout">
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="autoLoginRemove"/>
<response name="success" type="request-redirect" value="checkLogin" save-request="messages"/><!-- SCIPIO: only transfer error messages -->
<response name="error" type="view" value="main"/>
</request-map>
<request-map uri="forgotPassword">
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="forgotPassword"/>
<response name="success" type="view" value="login"/>
<response name="error" type="view" value="login"/>
</request-map>
<request-map uri="changepassword">
<security https="true" auth="true"/>
<response name="success" type="view" value="changepassword"/>
</request-map>
<request-map uri="updatePassword">
<security https="true" auth="true"/>
<event type="simple" path="component://securityext/script/org/ofbiz/securityext/login/LoginSimpleEvents.xml" invoke="updatePassword"/>
<response name="success" type="view" value="changepassword"/>
<response name="error" type="view" value="changepassword"/>
</request-map>
<!-- SCIPIO: 20-12-04: Introduced new password recovery related request-maps that operate
without requiring a user logged in but a verification hash being passed. -->
<request-map uri="changePassword">
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="changePassword"/>
<response name="success" type="view" value="changepassword" save-last-view="true"/>
<response name="error" type="view" value="login"/>
</request-map>
<request-map uri="updatePasswordFromHash">
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="updatePassword"/>
<response name="success" type="view" value="main"/>
<response name="error" type="view-last" value="changepassword"/>
</request-map>
<!-- SCIPIO: Do NOT allow this for frontend stores for now
<request-map uri="view">
<security https="true" auth="false"/><!- - SCIPIO: 2018-07-09: set https true - ->
<response name="success" type="request" value="main"/>
</request-map>
<request-map uri="views">
<security https="true" auth="false"/>
<response name="success" type="request" value="main"/>
</request-map>
-->
<!-- Common Mappings used for locales and timezones -->
<!-- SCIPIO: Not for frotend for now
<request-map uri="ListLocales"><security https="true" auth="false"/><response name="success" type="view" value="ListLocales" save-last-view="true"/></request-map>
-->
<request-map uri="setSessionLocale">
<security https="true" auth="false"/><!-- SCIPIO: 2018-07-09: set https true -->
<event type="java" path="org.ofbiz.common.CommonEvents" invoke="setSessionLocale"/>
<response name="success" type="view-last" value="main"/>
<response name="error" type="view" value="main"/>
</request-map>
<!-- SCIPIO: Not for frotend for now
<request-map uri="ListTimezones"><security https="true" auth="false"/><response name="success" type="view" value="ListTimezones" save-last-view="true"/></request-map>
<request-map uri="setSessionTimeZone">
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.common.CommonEvents" invoke="setSessionTimeZone"/>
<response name="success" type="view-last" value="main"/>
<response name="error" type="request" value="main"/>
</request-map>
-->
<!-- User preference mapping -->
<!-- SCIPIO: Not for frotend for now
<request-map uri="setUserPreference">
<security https="true" auth="true"/>
<event type="service" invoke="setUserPreference"/>
<response name="success" type="view-last" value="main"/>
<response name="error" type="request" value="main"/>
</request-map>
<request-map uri="ajaxSetUserPreference">
<security https="true" auth="true"/>
<event type="service" invoke="setUserPreference"/>
<response name="success" type="none"/>
</request-map>
<request-map uri="ajaxAutocompleteOptions">
<security https="true" auth="true"/>
<response name="success" type="view" value="ajaxAutocompleteOptions"/>
</request-map>
-->
<!-- Online help system mapping -->
<!-- SCIPIO: Not for frotend for now
<request-map uri="help">
<security https="true" auth="true"/>
<response name="success" type="view" value="help"/>
</request-map>
-->
<!-- Visual theme mapping -->
<!-- SCIPIO: Not for frotend for now
<request-map uri="ListVisualThemes">
<security https="true" auth="true"/>
<response name="success" type="view" value="ListVisualThemes" save-last-view="true"/>
</request-map>
-->
<request-map uri="main">
<security https="true" auth="false"/><!-- SCIPIO: 2018-07-09: set https true -->
<response name="success" type="view" value="main"/>
</request-map>
<request-map uri="robots.txt">
<security https="true" auth="false"/><!-- SCIPIO: 2018-07-09: set https true -->
<event type="java" path="org.ofbiz.common.CommonEvents" invoke="getRobots"/>
<response name="success" type="none"/>
</request-map>
<!-- SCIPIO: Not for frontend stores for now
<request-map uri="viewBlocked">
<security https="true" auth="false"/><!- - SCIPIO: 2018-07-09: added security elem - ->
<response name="success" type="view" value="viewBlocked"/>
</request-map>
<request-map uri="LookupTimeDuration">
<security https="true" auth="false"/><!- - SCIPIO: 2018-07-09: added security elem - ->
<response name="success" type="view" value="LookupTimeDuration"/>
</request-map>
-->
<!-- home/last/current mappings -->
<!-- SCIPIO: Not for frontend stores for now
<request-map uri="backHome">
<security https="true" auth="true"/>
<response name="success" type="view-home"/>
</request-map>
<request-map uri="backLast">
<security https="true" auth="true"/>
<response name="success" type="view-last"/>
</request-map>
-->
<!-- Common json response events, chain these after events to send json reponses -->
<!-- Standard json response, For security reason (OFBIZ-5409) tries to keep only the initially called service attributes -->
<request-map uri="json">
<security direct-request="false"/>
<event type="java" path="org.ofbiz.common.CommonEvents" invoke="jsonResponseFromRequestAttributes"/>
<response name="success" type="none"/>
</request-map>
<!-- SCIPIO: version of "json" that will only output attributes specifically requested in "scipioOutParams" map or "scipioOutAttrNames" list -->
<request-map uri="jsonExplicit">
<security direct-request="false"/>
<event type="java" path="org.ofbiz.common.CommonEvents" invoke="jsonResponseFromRequestAttributesExplicit"/>
<response name="success" type="none"/>
</request-map>
<!-- SCIPIO: Not for frontend stores for now
<request-map uri="showHelp">
<security https="true" auth="true"/>
<response name="success" type="view" value="showHelp"/>
</request-map>
<request-map uri="showHelpPublic">
<security https="true" auth="false"/><!- - SCIPIO: 2018-07-09: set https true - ->
<response name="success" type="view" value="showHelp"/>
</request-map>
<request-map uri="authview">
<security https="true" auth="true"/>
<response name="success" type="view" value="main"/>
</request-map>
-->
<!-- Common captcha image request, the captcha code is stored in the session using _CAPTCHA_CODE_ as the key -->
<!-- SCIPIO: Not for frontend stores for now
<request-map uri="captcha.jpg">
<security https="true" auth="false"/><!- - SCIPIO: 2018-07-09: set https true - ->
<event type="java" path="org.ofbiz.common.CommonEvents" invoke="getCaptcha"/>
<response name="success" type="none"/>
</request-map>
-->
<!-- Lookup requests -->
<!-- SCIPIO: Not for frontend stores for now
<request-map uri="LookupGeo"><security https="true" auth="true"/><response name="success" type="view" value="LookupGeo"/></request-map>
<request-map uri="LookupGeoName"><security https="true" auth="true"/><response name="success" type="view" value="LookupGeoName"/></request-map>
<request-map uri="LookupLocale"><security https="true" auth="true"/><response name="success" type="view" value="LookupLocale"/></request-map>
-->
<!--========================== AJAX events =====================-->
<!-- Get states related to a country -->
<!-- SCIPIO: Not for frontend stores for now
<request-map uri="getAssociatedStateList" track-serverhit="false"><!- - SCIPIO: 2018-08-28: don't track for now, concurrent ServerHits on some pages (TODO: REVIEW) - ->
<security https="true" auth="false"/>
<event type="service" invoke="getAssociatedStateList"/>
<response name="success" type="request" value="json"/>
<response name="error" type="request" value="json"/>
</request-map>
<request-map uri="getFileUploadProgressStatus">
<security https="true" auth="true"/>
<event type="service" invoke="getFileUploadProgressStatus"/>
<response name="success" type="request" value="json"/>
<response name="error" type="request" value="json"/>
</request-map>
-->
<!-- Common JavaScript uiLabel Request, to receive uiLabels within regular JS Code -->
<!-- SCIPIO: Not for frontend stores for now
<request-map uri="getJSONuiLabelArray">
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.common.CommonEvents" invoke="getJSONuiLabelArray"/>
<response name="success" type="none" />
<response name="error" type="none" />
</request-map>
<request-map uri="getJSONuiLabel">
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.common.CommonEvents" invoke="getJSONuiLabel"/>
<response name="success" type="none" />
<response name="error" type="none" />
</request-map>
-->
<!-- Check if an UomConversion exists -->
<!-- SCIPIO: Not for frontend stores for now
<request-map uri="checkUomConversion">
<security https="true" auth="false"/>
<event type="service" invoke="checkUomConversion"/>
<response name="success" type="request" value="json"/>
<response name="error" type="request" value="json"/>
</request-map>
<request-map uri="getRelatedGeos">
<security https="true" auth="true"/>
<event type="service" invoke="getRelatedGeos"/>
<response name="success" type="request" value="json"/>
<response name="error" type="request" value="json"/>
</request-map>
<request-map uri="getServerTimestamp">
<security https="true" auth="true"/>
<event type="service" invoke="getServerTimestamp"/>
<response name="success" type="request" value="json"/>
<response name="error" type="request" value="json"/>
</request-map>
<request-map uri="getServerTimeZone">
<security https="true" auth="true"/>
<event type="service" invoke="getServerTimeZone"/>
<response name="success" type="request" value="json"/>
<response name="error" type="request" value="json"/>
</request-map>
<request-map uri="getServerTimestampAsLong">
<security https="true" auth="true"/>
<event type="service" invoke="getServerTimestampAsLong"/>
<response name="success" type="request" value="json"/>
<response name="error" type="request" value="json"/>
</request-map>
-->
<request-map uri="qrcode" track-serverhit="false"><!-- SCIPIO: 2018-11-07: Don't track due to ajax --><!-- SCIPIO: now needed in shops -->
<security auth="false" https="true" />
<event type="java" path="org.ofbiz.common.qrcode.QRCodeEvents" invoke="serveQRCodeImage"/>
<response name="success" type="none" />
<response name="error" type="none" />
</request-map>
<!--========================== AJAX events =====================-->
<!-- View Mappings -->
<!-- SCIPIO: NOTE: the store should override most of these -->
<view-map name="error" type="screen" page="component://common/widget/CommonScreens.xml#error"/>
<view-map name="main" type="none"/>
<view-map name="login" type="screen" page="component://common/widget/CommonScreens.xml#login"/>
<!-- SCIPIO: Not for frontend stores for now
<view-map name="ajaxLogin" type="screen" page="component://common/widget/CommonScreens.xml#ajaxNotLoggedIn"/>
-->
<view-map name="requirePasswordChange" type="screen" page="component://common/widget/CommonScreens.xml#requirePasswordChange"/>
<view-map name="forgotPassword" type="screen" page="component://common/widget/CommonScreens.xml#forgotPassword"/>
<view-map name="changepassword" type="none" />
<!-- SCIPIO: Not for frontend stores for now
<view-map name="EventMessages" type="screen" page="component://common/widget/CommonScreens.xml#EventMessages"/>
-->
<!-- SCIPIO: Not for frontend stores for now
<view-map name="ListLocales" type="screen" page="component://common/widget/CommonScreens.xml#ListLocales"/>
<view-map name="LookupTimeDuration" type="screen" page="component://common/widget/LookupScreens.xml#TimeDuration"/>
<view-map name="ListTimezones" type="screen" page="component://common/widget/CommonScreens.xml#ListTimezones"/>
<view-map name="ListVisualThemes" type="screen" page="component://common/widget/CommonScreens.xml#ListVisualThemes"/>
-->
<!-- SCIPIO: Not for frontend stores for now
<view-map name="ajaxAutocompleteOptions" type="screen" page="component://common/widget/CommonScreens.xml#ajaxAutocompleteOptions"/>
-->
<!-- SCIPIO: Not for frontend stores for now
<view-map name="help" type="screen" page="component://common/widget/CommonScreens.xml#help"/>
<view-map name="showHelp" type="screen" page="component://common/widget/HelpScreens.xml#ShowHelp"/>
<view-map name="ShowDocument" type="screen" page="component://common/widget/HelpScreens.xml#showDocument"/>
-->
<!-- SCIPIO: Not for frontend stores for now
<view-map name="viewBlocked" type="screen" page="component://common/widget/CommonScreens.xml#viewBlocked"/>
-->
<!-- SCIPIO: Not for frontend stores for now
<view-map name="LookupGeo" type="screen" page="component://common/widget/LookupScreens.xml#LookupGeo"/>
<view-map name="LookupGeoName" type="screen" page="component://common/widget/LookupScreens.xml#LookupGeoName"/>
<view-map name="LookupLocale" type="screen" page="component://common/widget/LookupScreens.xml#LookupLocale"/>
-->
</site-conf>