Item13613: JHotDrawPlugin no longer works in Foswiki 2.0 because of the changed rest

pencil
Priority: Normal
Current State: Closed
Released In: n/a
Target Release: n/a
Applies To: Extension
Component: JHotDrawPlugin
Branches: master
Reported By: KennethLavrsen
Waiting For: KennethLavrsen
Last Change By: KennethLavrsen
As I am testing 2.0 I now run into my next show stopper problem

JHotDrawPlugin which saves though the rest interface will not work.

I have tried many things to make it work.

  • Note I use ApacheLogin - that I cannot change
  • I have tried to add and remove the rest script from the apache config for auth scripts
  • I have tried to enable {LegacyRESTSecurity}. That changes the failure from not allowing GET on rest to failing the strikeone check. The plugin works fine with strikeone on 1.1.9
  • I have tried to change {Session}{AcceptUserPwParam} to ^(rest|view)(auth)?$

And it still fails.

I think it has become very confusing with all these {LegacyRESTSecurity} and {Session}{AcceptUserPwParam} settings with poor explanations of when to apply what and why. I certainly do not understand what is going on.

A lot of the strikeone stuff in the JHotDrawPlugin is javascript so I am a bit lost how to attack it.

-- KennethLavrsen - 11 Aug 2015

I tried more experiments. I tried to disable {Validation}{ExpireKeyOnUse}. Then it worked. Then I enabled it again. And it still worked. I cannot get the error back now. It can have something to do with how Java caches passwords.

Under all circumstances - the plugin should be updated to work with the new way to handle rest so you do not need to enable a legacy setting. Where is that new thing documented?

-- KennethLavrsen - 11 Aug 2015

OK. It is documented in EmptyPlugin.

I think I can do this change to fix the GET thing. Is this new syntax for defining the rest handler backwards compatible?

-- KennethLavrsen - 11 Aug 2015

I am adding this

    Foswiki::Func::registerRESTHandler(
        'edit',
        \&_restEdit,
        authenticate => 1,  # Set to 0 if handler should be useable by WikiGuest
        validate     => 1,  # Set to 0 to disable StrikeOne CSRF protection
        http_allow => 'GET,POST', # Set to 'GET,POST' to allow use HTTP GET and POST
        description => 'Edit handler for JHotDrawPlugin'
    );
    Foswiki::Func::registerRESTHandler(
        'upload',
        \&_restUpload,
        validate     => 1,  # Set to 0 to disable StrikeOne CSRF protection
        http_allow => 'POST', # Set to 'GET,POST' to allow use HTTP GET and POST
        description => 'Upload handler for JHotDrawPlugin'
    );

-- KennethLavrsen - 11 Aug 2015

I have to disable the validate parts because they fail in 1.1.9

It is not backwards compatible

-- KennethLavrsen - 11 Aug 2015

 
Topic revision: r3 - 11 Aug 2015, KennethLavrsen - This page was cached on 23 Nov 2020 - 16:29.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy