Item13613: JHotDrawPlugin no longer works in Foswiki 2.0 because of the changed rest

pencil
Priority: Normal
Current State: Closed
Released In: n/a
Target Release: n/a
Applies To: Extension
Component: JHotDrawPlugin
Branches: master
Reported By: KennethLavrsen
Waiting For: KennethLavrsen
Last Change By: KennethLavrsen
As I am testing 2.0 I now run into my next show stopper problem

JHotDrawPlugin which saves though the rest interface will not work.

I have tried many things to make it work.

  • Note I use ApacheLogin - that I cannot change
  • I have tried to add and remove the rest script from the apache config for auth scripts
  • I have tried to enable {LegacyRESTSecurity}. That changes the failure from not allowing GET on rest to failing the strikeone check. The plugin works fine with strikeone on 1.1.9
  • I have tried to change {Session}{AcceptUserPwParam} to ^(rest|view)(auth)?$

And it still fails.

I think it has become very confusing with all these {LegacyRESTSecurity} and {Session}{AcceptUserPwParam} settings with poor explanations of when to apply what and why. I certainly do not understand what is going on.

A lot of the strikeone stuff in the JHotDrawPlugin is javascript so I am a bit lost how to attack it.

-- KennethLavrsen - 11 Aug 2015

I tried more experiments. I tried to disable {Validation}{ExpireKeyOnUse}. Then it worked. Then I enabled it again. And it still worked. I cannot get the error back now. It can have something to do with how Java caches passwords.

Under all circumstances - the plugin should be updated to work with the new way to handle rest so you do not need to enable a legacy setting. Where is that new thing documented?

-- KennethLavrsen - 11 Aug 2015

OK. It is documented in EmptyPlugin.

I think I can do this change to fix the GET thing. Is this new syntax for defining the rest handler backwards compatible?

-- KennethLavrsen - 11 Aug 2015

I am adding this

    Foswiki::Func::registerRESTHandler(
        'edit',
        \&_restEdit,
        authenticate => 1,  # Set to 0 if handler should be useable by WikiGuest
        validate     => 1,  # Set to 0 to disable StrikeOne CSRF protection
        http_allow => 'GET,POST', # Set to 'GET,POST' to allow use HTTP GET and POST
        description => 'Edit handler for JHotDrawPlugin'
    );
    Foswiki::Func::registerRESTHandler(
        'upload',
        \&_restUpload,
        validate     => 1,  # Set to 0 to disable StrikeOne CSRF protection
        http_allow => 'POST', # Set to 'GET,POST' to allow use HTTP GET and POST
        description => 'Upload handler for JHotDrawPlugin'
    );

-- KennethLavrsen - 11 Aug 2015

I have to disable the validate parts because they fail in 1.1.9

It is not backwards compatible

-- KennethLavrsen - 11 Aug 2015

 
Topic revision: r3 - 11 Aug 2015, KennethLavrsen
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy