Page History
...
In a production environment only shortcuts should be used instead of exposed flows. By default, all exposed flows can be started externally. Please read Create a shortcut in the Java Runtime on how to create a shortcut. Disabling starting all exposed flows can be done by setting the blueriq.production.shortcuts-only
to true in
Include Page | ||||
---|---|---|---|---|
|
Example in
: Include Page _PropertiesFileJava _PropertiesFileJava
blueriq.production.shortcuts-only=true
AQ_StartProject
By default shortcuts can be accessed externally via the url (e.q. http://localhost:91/Runtime/server/start/<SHORTCUT_NAME>). When using shortcuts in combination with AQ_StartProject you should be aware that this shortcut can also be accessed externally. To prevent this for from happening, you should set the property privateAccess to true (e.q. (blueriq.shortcut.[name]
.privateAccess=true
). The reason for this is that via the AQ_StartProject, parameters are passed to the shortcut application and are picked up via the AQ_GetRequestParameters service. The AQ_GetRequestParametersdoes does not distinguish how the way parameters are send. For more information about the way passing parameters are send via the AQ_StartProject, please read AQ_StartProject#Security.
Example shortcut in application.properties
Include Page | ||||
---|---|---|---|---|
|
blueriq.shortcut.<SHORTCUT_NAME>.flow=<FLOW>
blueriq.shortcut.<SHORTCUT_NAME>.languageCode=<LANGUAGE>
blueriq.shortcut.<SHORTCUT_NAME>.project=<PROJECT>
blueriq.shortcut.<SHORTCUT_NAME>.theme=<THEME>
blueriq.shortcut.<SHORTCUT_NAME>.ui=<MVC>
blueriq.shortcut.<SHORTCUT_NAME>.version=<VERSION>
blueriq.shortcut.<SHORTCUT_NAME>.privateAccess=true
AQ_GetRequestParameters
The AQ_GetRequestParameters service is able to retrieve parameters from the URL. You should treat these parameters as "dirty", which means you should validate if these parameters before using them.
...