Thursday, January 31, 2013

On redirect removing properties from request


Removing parameters from request when redirecting in commerce is an interesting problem and this is not something that needs to be implemented in regular flows.
In the scenario when you have logonId and logonPassword  passed into form post, removing logonId/logonPassword from request properties in perform execute or creating a new request property and setting in command context does not fix the issue.

responseProp.put(ECConstants.EC_VIEWTASKNAME,ECConstants.EC_GENERIC_REDIRECTVIEW);
responseProp.put(ECConstants.EC_REDIRECTURL,"RedirectViewSample");
setResponseProperties(responseProp);

Solution: OverRide setViewInputProperties and remove the properties from request to the redirect view.

   public void setViewInputProperties(TypedProperty reqProperties){
        reqProperties.remove("logonId");
        reqProperties.remove("logonPassword");       
        this.viewReqProperties = reqProperties;
    }

2 comments:

  1. You can also place extra parameters that will clear out parameters on a redirect. Example:
    /Logon?logonId=foo&logonPassword=bar&logonId*=&logonPassword*=
    This will erase logonId & password from the redirect response. This can also be accomplished with:
    /Logon?logonId=foo&logonPassword=bar&logon*=

    Also, if you are going to alter the ViewInputProperties it should be done inside of the getViewInputProperties() method as this is called during the merging of the request properties prior to the redirect. Therefore if the command has altered the input properties (although unlikely) it will fix the results.

    Reference:
    http://pic.dhe.ibm.com/infocenter/wchelp/v7r0m0/topic/com.ibm.commerce.developer.doc/concepts/csdprogrammingguide06.htm

    ReplyDelete
  2. Beside that, it is likewise difficult to dispose of the infection in light of the fact that your PC could wind up slamming en route. You will simply exacerbate your issue on the off chance that you attempt to stay away from the infection utilizing manual means. https://how-to-remove.org/malware/sniffers/

    ReplyDelete