diff --git a/applications/accounting/webapp/accounting/WEB-INF/controller.xml b/applications/accounting/webapp/accounting/WEB-INF/controller.xml
index 717abfdad38..98023fbf5b9 100644
--- a/applications/accounting/webapp/accounting/WEB-INF/controller.xml
+++ b/applications/accounting/webapp/accounting/WEB-INF/controller.xml
@@ -2630,7 +2630,7 @@ under the License.
-
+
diff --git a/applications/content/webapp/content/WEB-INF/controller.xml b/applications/content/webapp/content/WEB-INF/controller.xml
index 1667d087b00..3f2b51c2ec0 100644
--- a/applications/content/webapp/content/WEB-INF/controller.xml
+++ b/applications/content/webapp/content/WEB-INF/controller.xml
@@ -49,6 +49,7 @@ under the License.
+
diff --git a/applications/order/webapp/ordermgr/WEB-INF/controller.xml b/applications/order/webapp/ordermgr/WEB-INF/controller.xml
index 633b50e80a8..6fd65ef329a 100644
--- a/applications/order/webapp/ordermgr/WEB-INF/controller.xml
+++ b/applications/order/webapp/ordermgr/WEB-INF/controller.xml
@@ -653,6 +653,7 @@ under the License.
+
@@ -673,6 +674,7 @@ under the License.
+
@@ -770,19 +772,19 @@ under the License.
-
+
-
+
-
+
@@ -885,13 +887,13 @@ under the License.
-
+
-
+
@@ -1003,20 +1005,20 @@ under the License.
-
+
-
+
-
+
@@ -1029,7 +1031,7 @@ under the License.
-
+
@@ -1037,7 +1039,7 @@ under the License.
-
+
@@ -2020,7 +2022,7 @@ under the License.
-
+
@@ -2037,7 +2039,7 @@ under the License.
-
+
@@ -2055,7 +2057,7 @@ under the License.
-
+
@@ -2063,9 +2065,9 @@ under the License.
-
-
-
+
+
+
diff --git a/applications/product/webapp/catalog/WEB-INF/controller.xml b/applications/product/webapp/catalog/WEB-INF/controller.xml
index b8a7c3558fe..edfbe0ba37c 100644
--- a/applications/product/webapp/catalog/WEB-INF/controller.xml
+++ b/applications/product/webapp/catalog/WEB-INF/controller.xml
@@ -45,6 +45,7 @@ under the License.
+
diff --git a/applications/product/webapp/facility/WEB-INF/controller.xml b/applications/product/webapp/facility/WEB-INF/controller.xml
index a196d4ed7d0..2a96e7328f3 100644
--- a/applications/product/webapp/facility/WEB-INF/controller.xml
+++ b/applications/product/webapp/facility/WEB-INF/controller.xml
@@ -1159,6 +1159,7 @@ under the License.
+
@@ -1435,7 +1436,7 @@ under the License.
-
+
diff --git a/applications/workeffort/webapp/workeffort/WEB-INF/controller.xml b/applications/workeffort/webapp/workeffort/WEB-INF/controller.xml
index 2ec3dbc49a6..220af8ea1cd 100644
--- a/applications/workeffort/webapp/workeffort/WEB-INF/controller.xml
+++ b/applications/workeffort/webapp/workeffort/WEB-INF/controller.xml
@@ -46,6 +46,7 @@ under the License.
+
diff --git a/framework/common/webcommon/WEB-INF/common-controller.xml b/framework/common/webcommon/WEB-INF/common-controller.xml
index f2f4d2d1eb7..fa7f592437a 100644
--- a/framework/common/webcommon/WEB-INF/common-controller.xml
+++ b/framework/common/webcommon/WEB-INF/common-controller.xml
@@ -182,14 +182,17 @@ under the License.
+
+
+
@@ -206,7 +209,7 @@ under the License.
-
+
@@ -245,7 +248,7 @@ under the License.
-
+
@@ -339,33 +342,32 @@ under the License.
-
-
-
+
+
+
-
+
-
-
+
+
-
-
-
+
+
+
-
-
+
+
-
+
-
-
+
diff --git a/framework/common/webcommon/WEB-INF/portal-controller.xml b/framework/common/webcommon/WEB-INF/portal-controller.xml
index 196c5e74ac4..6ccf3355016 100644
--- a/framework/common/webcommon/WEB-INF/portal-controller.xml
+++ b/framework/common/webcommon/WEB-INF/portal-controller.xml
@@ -23,6 +23,7 @@ under the License.
Portal ControlServlet Configuration File
+
@@ -161,7 +162,7 @@ under the License.
-
+
@@ -169,6 +170,6 @@ under the License.
-
+
diff --git a/framework/webapp/dtd/site-conf.xsd b/framework/webapp/dtd/site-conf.xsd
index 8f3bf3732c1..8f2927a3371 100644
--- a/framework/webapp/dtd/site-conf.xsd
+++ b/framework/webapp/dtd/site-conf.xsd
@@ -267,14 +267,14 @@ under the License.
-
+
If https=true, redirect to/use/generate the secured HTTPS protocol if necessary and possible.
-
+
If auth=true, when you hit the request if you are not logged in you will be forwarded to the login page.
@@ -776,6 +776,14 @@ under the License.
+
+
+
+ If auth=true, RequestHandler.renderView requires an active login to access the view-map.
+ If direct-view-rendering-with-auth=false, no active login is required.
+
+
+
diff --git a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ConfigXMLReader.java b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ConfigXMLReader.java
index 1ed0a0a8cd3..59c3b917566 100644
--- a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ConfigXMLReader.java
+++ b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ConfigXMLReader.java
@@ -1044,6 +1044,7 @@ public static class ViewMap {
private String strictTransportSecurity;
private String description;
private boolean noCache = false;
+ private boolean securityAuth = false;
/**
* Gets name.
@@ -1120,6 +1121,14 @@ public String getContentType() {
return contentType;
}
+ /**
+ * Is securityAuth boolean.
+ * @return the boolean
+ */
+ public boolean isSecurityAuth() {
+ return securityAuth;
+ }
+
/**
* Gets encoding.
* @return the encoding
@@ -1135,6 +1144,7 @@ public ViewMap(Element viewMapElement) {
this.info = viewMapElement.getAttribute("info");
this.contentType = viewMapElement.getAttribute("content-type");
this.noCache = "true".equals(viewMapElement.getAttribute("no-cache"));
+ this.securityAuth = "true".equals(viewMapElement.getAttribute("auth"));
this.encoding = viewMapElement.getAttribute("encoding");
this.xFrameOption = viewMapElement.getAttribute("x-frame-options");
this.strictTransportSecurity = viewMapElement.getAttribute("strict-transport-security");
diff --git a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
index 1e6f110c2b2..9085355f0c3 100644
--- a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
+++ b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
@@ -1195,6 +1195,22 @@ private void renderView(String view, boolean allowExtView, HttpServletRequest re
throw new RequestHandlerException("No definition found for view with name [" + view + "]");
}
+ // Perform security check.
+ if (viewMap.isSecurityAuth() && UtilValidate.isEmpty(userLogin)) {
+ ConfigXMLReader.Event checkLoginEvent = ccfg.getRequestMapMap().get("checkLogin").getEvent();
+ String checkLoginReturnString = null;
+
+ try {
+ checkLoginReturnString = this.runEvent(req, resp, checkLoginEvent, null, "security-auth");
+ } catch (EventHandlerException e) {
+ throw new RequestHandlerException(e.getMessage(), e);
+ }
+
+ if (!"success".equalsIgnoreCase(checkLoginReturnString)) {
+ throw new RequestHandlerException("An active login is required for view with name [" + view + "]");
+ }
+ }
+
String nextPage;
if (viewMap.getPage() == null) {
diff --git a/framework/webtools/webapp/webtools/WEB-INF/controller.xml b/framework/webtools/webapp/webtools/WEB-INF/controller.xml
index 65069b85eb9..043048466f7 100644
--- a/framework/webtools/webapp/webtools/WEB-INF/controller.xml
+++ b/framework/webtools/webapp/webtools/WEB-INF/controller.xml
@@ -99,13 +99,16 @@ under the License.
-->
-
+
-
+
+
+
+
@@ -116,17 +119,20 @@ under the License.
+
+
+
@@ -135,6 +141,7 @@ under the License.
+
@@ -563,7 +570,7 @@ under the License.
-
+
@@ -631,9 +638,9 @@ under the License.
-
+
-
+
@@ -704,7 +711,7 @@ under the License.
-
+