Here's what I was envisioning... 1. User downloads openmrs-standalone-1.9.-beta.zip, unzips, and double-clicks JAR. 2. From the standalone startup window that pops up, the user selects a "I rock! I want to help test 1.9!" option. 3. The user is directed to install the "Release Testing Helper" module in their production system if they haven't already (with a link to a wiki page with more details about the module and how to install it) and then to enter the URL of their production system into a text field. 4. If the URL is unreachable or the release testing helper module isn't detected, the user is returned to step #3 with appropriate tips/hints based on the error detected. 5. The user is presented with an OAuth-like screen saying that an OpenMRS Standalone instance wants to use your production data and, if this is okay, to authenticate as super user. 6. Upon successful authentication to the production server, the user gets a progress bar stating that data and modules are being transferred from the production machine to the standalone instance for testing (along with a reassurance like "nothing will be written or changed on your production system during this process"). 7. Installation of the standalone continues with metadata, sample data, and modules from the production system.
The trick is #5. In the ideal world, this would be a popup window from the standalone that presented an OAuth-like page on the production server; however, AFAIK Java fails to provide a decent embedded browser to do this. So, a suitable proxy would be a *local* JEditorPane that gathered credentials and then used those credentials without storing them to authenticate to the production server via the URL provided, doing HTTP(S) calls to communicate with the release testing helper module on the server. You could try to invoke a local browser and/or somehow get an embedded browser working in the standalone to do true OAuth, but I think it'll take more effort than it's worth. I believe JEditorPane only supports HTML 3.2 and doesn't support JavaScript, so you're better of using it to display something that looks like a simple web page and then do the HTTP(S) conversation underneath rather than trying to make a web page speak AJAX to a Swing application. The Standalone should not persist any credentials to the production system nor should it try to re-use them – i.e., it gets what it needs in one authenticated session based on what the user entered. If we need to go back to the production server after a long time or there's a chance the conversation might exceed the typical session timeout, then we should discuss how to create a longer-lasting OAuth-like token up front. Just my 2¢. Cheers, -Burke On Mon, Nov 7, 2011 at 8:42 PM, Darius Jazayeri <[email protected]> wrote: > Hi Wyclif, > > I was wondering if you could give a step-by-step overview of the process > you're envisioning as our target from this sprint. > > 1. User downloads standalone 1.9-beta, unzips it, and double clicks on the > JAR > ...(what happens here)... > N. User sees a login window to a standalone instance whose DB is populated > with data from an existing install. > > -Darius > _________________________________________ To unsubscribe from OpenMRS Developers' mailing list, send an e-mail to [email protected] with "SIGNOFF openmrs-devel-l" in the body (not the subject) of your e-mail. [mailto:[email protected]?body=SIGNOFF%20openmrs-devel-l]
