Hi Girish, I wanted to try out some REST calls using Swagger-ui ( https://localhost:8443/docs/swagger-ui.html) but don't know how to authenticate to get a JWT.
Apologies if I missed the instructions elsewhere but please could you advise on how to authenticate against the REST api? Thanks, Dan. On Fri, 31 Jul 2020 at 09:34, Girish Vasmatkar < girish.vasmat...@hotwaxsystems.com> wrote: > Greetings! > > I have created a PR to add a REST component - > https://github.com/apache/ofbiz-plugins/pull/35 . Please take a look > and let me know what you think and let me know if you face any issues. I > intend to merge it in a week from now. > > With the PR (https://github.com/apache/ofbiz-framework/pull/214) to add > "action" attribute to the service definition now merged, this above > component should be able to expose exportable (export=true) and > actionable(action=GET|POST) services via REST. > > Once the changes for nested attributes (OFBIZ-11902 > <https://issues.apache.org/jira/browse/OFBIZ-11902>) are done, I will also > be making corresponding changes in the GraphQL plugin to account for nested > attributes. OFBIZ-11902 > <https://issues.apache.org/jira/browse/OFBIZ-11902> will > help in defining complex GraphQL mutations. > > I am parallelly also working on designing an XML DSL for REST that should > allow tying up REST resources with OFBiz services. > > Best, > Girish > > > > On Thu, Jul 9, 2020 at 6:27 PM Shi Jinghai <huaru...@hotmail.com> wrote: > > > Hi Girish, > > > > Yes, you got it. > > > > Web browser will popup a login dialog when response code is 401: > > setResponseHeader("WWW-Authenticate", "Bearer realm=\"authentication > > required\""); > > > > The popup is skipped and then react/vue/angular can handle the response: > > setResponseHeader("WWW-Authenticate", "OFBiz realm=\"authentication > > required\""); > > > > > > 发件人: Girish Vasmatkar<mailto:girish.vasmat...@hotwaxsystems.com> > > 发送时间: 2020年7月9日 14:54 > > 收件人: dev@ofbiz.apache.org<mailto:dev@ofbiz.apache.org> > > 主题: Re: REST implementation > > > > Hi Shi > > > > Thanks for taking a look at it. I have a question on "WWW-Authenticate" > > header so please clarify and I can make appropriate changes accordingly - > > > > All I am finding is that to prevent the pop-up, either return 403 (which > I > > do not want to do) or not include "WWW-Authenticate" header at all (not > > inclined to do this as well because then we would be violating the spec). > > Do you mean to NOT start the value of the header with "Bearer" ? > > so instead of below > > > > *WWW-Authenticate: Bearer realm="Access to OFBiz", charset="UTF-8"* > > > > should we change it to > > > > *WWW-Authenticate: xBearer realm="Access to OFBiz", charset="UTF-8"* > > > > I did not test it, but I can just change it like this without testing if > > you can please confirm it will prevent the browser dialog. > > > > Thanks again for the review. > > > > Best, > > Girish > > > > On Wed, Jul 8, 2020 at 8:45 PM Shi Jinghai <huaru...@hotmail.com> wrote: > > > > > Hi Girish, > > > > > > Excellent. > > > > > > Only one suggestion from my quick view, when response code is 401, the > > > "WWW-Authenticate" header should be set to start with a word NOT > “Bearer > > > …”, this can prevent web browser from popping up a login dialog. > > > > > > Kind Regards, > > > > > > Shi Jinghai > > > > > > 发件人: Girish Vasmatkar<mailto:girish.vasmat...@hotwaxsystems.com> > > > 发送时间: 2020年7月8日 20:47 > > > 收件人: dev@ofbiz.apache.org<mailto:dev@ofbiz.apache.org> > > > 主题: Re: REST implementation > > > > > > Hi Folks > > > > > > I have added support for OpenApi Integration. The updated code can be > > found > > > here : https://github.com/girishvasmatkar/ofbiz-rest-impl. Please go > > > through the changes and test at your end and let me know your thoughts. > > > > > > I am planning to do some refactoring and then raise initial PR for the > > > plug-in if the changes look good to everyone. > > > > > > Best, > > > Girish > > > > > > > > > On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer < > > > cars...@dcs-verkaufssysteme.de> wrote: > > > > > > > Hi Girish, > > > > > > > > Thanks to clarify :) > > > > What caught me on the OpenAPI integration is the snippet quoted below > > and > > > > I realize I should have read it in context. Actually then it is > aligned > > > > with my view. > > > > > > > > Warm regards > > > > > > > > Carsten > > > > > > > > >>>>> Initial implementation does not contain OpenApi integration > yet. > > > And > > > > > > > > > > > > > > > > > > > -- Daniel Watford