Page History
Shortcuts
In a production environment only shortcuts should be used instead of exposed flows. By default, all exposed flows can be started externally. Please read Create a shortcut in the Java Runtime on on how to create a shortcut. Disabling starting all exposed flows can be done by setting the blueriq.production.shortcuts-only to true in
| Include Page | ||||
|---|---|---|---|---|
|
Example in
:Include Page _PropertiesFileJava _PropertiesFileJava
blueriq.production.shortcuts-only=true
AQ_StartProject
By default shortcuts can be accessed externally via the url (e.q. http://localhost:91/Runtime/server/start/<SHORTCUT_NAME>). When using shortcuts in combination with AQ_StartProject you should be aware that this shortcut can also be accessed externally. To prevent this from happening, you should set the property privateAccess to true. The reason for this is that via the AQ_StartProject, parameters are passed to the shortcut application and are picked up via the AQ_GetRequestParameters service. The AQ_GetRequestParameters does not distinguish on how parameters are send, by the AQ_StartProject service or the end user threw the URL. For more information about passing parameters via the AQ_StartProject, please read AQ_StartProject#Security.
Example shortcut in
| Include Page | ||||
|---|---|---|---|---|
|
blueriq.shortcut.<SHORTCUT_NAME>.flow=<FLOW>blueriq.shortcut.<SHORTCUT_NAME>.languageCode=<LANGUAGE>blueriq.shortcut.<SHORTCUT_NAME>.project=<PROJECT>blueriq.shortcut.<SHORTCUT_NAME>.theme=<THEME>blueriq.shortcut.<SHORTCUT_NAME>.ui=<MVC>blueriq.shortcut.<SHORTCUT_NAME>.version=<VERSION>blueriq.shortcut.<SHORTCUT_NAME>.privateAccess=true
AQ_GetRequestParameters
The AQ_GetRequestParameters service is able to retrieve parameters from the URL. You should treat these parameters as "dirty", which means you should validate these parameters before using them.
Overview
Content Tools