buildbot exception in on ofbizTrunkFrameworkPlugins
The Buildbot has detected a build exception on builder ofbizTrunkFrameworkPlugins while building . Full details are available at: https://ci.apache.org/builders/ofbizTrunkFrameworkPlugins/builds/678 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: downstream Build Source Stamp: [branch ofbiz/ofbiz-framework/trunk] 1852882 Blamelist: mbrohl BUILD FAILED: exception shell_2 upload_1 Sincerely, -The Buildbot
buildbot success in on ofbizTrunkFramework
The Buildbot has detected a restored build on builder ofbizTrunkFramework while building . Full details are available at: https://ci.apache.org/builders/ofbizTrunkFramework/builds/656 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: lares_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'onTrunkFrameworkCommit' triggered this build Build Source Stamp: [branch ofbiz/ofbiz-framework/trunk] 1852882 Blamelist: mbrohl Build succeeded! Sincerely, -The Buildbot
svn commit: r1852884 - in /ofbiz/ofbiz-framework/branches/release18.12: ./ framework/common/webcommon/WEB-INF/ framework/security/config/ framework/webapp/src/main/java/org/apache/ofbiz/webapp/control
Author: mbrohl Date: Mon Feb 4 09:26:42 2019 New Revision: 1852884 URL: http://svn.apache.org/viewvc?rev=1852884=rev Log: Applied fix from trunk for revision: 1852882 === Fixed: Error parsing JWT (OFBIZ-10814) Fixes incorrect retrieval of the Authorization header JWT token. Fixes wrong API usage for the key parameter which assumed the key is provided in BAS64 format. Refactored the code to use helper methods for key and auth header retrieval. Javadoc corrections and enhancements. Modified: ofbiz/ofbiz-framework/branches/release18.12/ (props changed) ofbiz/ofbiz-framework/branches/release18.12/framework/common/webcommon/WEB-INF/common-controller.xml ofbiz/ofbiz-framework/branches/release18.12/framework/security/config/security.properties ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/JWTManager.java ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/TokenFilter.java ofbiz/ofbiz-framework/branches/release18.12/themes/common-theme/webapp/common/js/util/OfbizUtil.js Propchange: ofbiz/ofbiz-framework/branches/release18.12/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Feb 4 09:26:42 2019 @@ -10,4 +10,4 @@ /ofbiz/branches/json-integration-refactoring:1634077-1635900 /ofbiz/branches/multitenant20100310:921280-927264 /ofbiz/branches/release13.07:1547657 -/ofbiz/ofbiz-framework/trunk:1849931,1850015,1850023,1850530,1850647,1850685,1850694,1850711,1850914,1850918,1850921,1850948,1850953,1851006,1851013,1851068,1851074,1851130,1851158,1851200,1851224,1851247,1851254,1851315,1851319,1851350,1851353,1851433,1851500,1851805,1851885,1851998,1852503,1852587,1852818 +/ofbiz/ofbiz-framework/trunk:1849931,1850015,1850023,1850530,1850647,1850685,1850694,1850711,1850914,1850918,1850921,1850948,1850953,1851006,1851013,1851068,1851074,1851130,1851158,1851200,1851224,1851247,1851254,1851315,1851319,1851350,1851353,1851433,1851500,1851805,1851885,1851998,1852503,1852587,1852818,1852882 Modified: ofbiz/ofbiz-framework/branches/release18.12/framework/common/webcommon/WEB-INF/common-controller.xml URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release18.12/framework/common/webcommon/WEB-INF/common-controller.xml?rev=1852884=1852883=1852884=diff == --- ofbiz/ofbiz-framework/branches/release18.12/framework/common/webcommon/WEB-INF/common-controller.xml (original) +++ ofbiz/ofbiz-framework/branches/release18.12/framework/common/webcommon/WEB-INF/common-controller.xml Mon Feb 4 09:26:42 2019 @@ -31,7 +31,7 @@ under the License. - + Modified: ofbiz/ofbiz-framework/branches/release18.12/framework/security/config/security.properties URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release18.12/framework/security/config/security.properties?rev=1852884=1852883=1852884=diff == --- ofbiz/ofbiz-framework/branches/release18.12/framework/security/config/security.properties (original) +++ ofbiz/ofbiz-framework/branches/release18.12/framework/security/config/security.properties Mon Feb 4 09:26:42 2019 @@ -143,3 +143,10 @@ login.secret_key_string=Secret Key # -- Time To Live of the token send to the external server in seconds, 10 seconds seems plenty enough OOTB. Custom projects might want set a lower value. security.jwt.token.expireTime=10 + +# -- Enables the internal Single Sign On feature which allows a token based login between OFBiz instances +# -- To make this work you also have to configure a secret key with security.token.key +security.internal.sso.enabled=false + +# -- The secret key for the JWT token signature. Configuration in the SystemProperty entity is recommended for security reasons. +#security.token.key= Modified: ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java?rev=1852884=1852883=1852884=diff == --- ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java (original) +++ ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java Mon Feb 4 09:26:42 2019 @@ -18,29 +18,22 @@ */ package
svn commit: r1852883 - in /ofbiz/ofbiz-framework/branches/release18.12: ./ framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/JWTManager.java framework/webapp/src/main/java/org/apache/ofbi
Author: mbrohl Date: Mon Feb 4 09:26:12 2019 New Revision: 1852883 URL: http://svn.apache.org/viewvc?rev=1852883=rev Log: Applied fix from trunk for revision: 1849931 === Improved: Token Based Authentication (OFBIZ-9833) Just few typos and import ordering while reviewing for OFBIZ-4361 Modified: ofbiz/ofbiz-framework/branches/release18.12/ (props changed) ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/JWTManager.java ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/TokenFilter.java Propchange: ofbiz/ofbiz-framework/branches/release18.12/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Feb 4 09:26:12 2019 @@ -10,4 +10,4 @@ /ofbiz/branches/json-integration-refactoring:1634077-1635900 /ofbiz/branches/multitenant20100310:921280-927264 /ofbiz/branches/release13.07:1547657 -/ofbiz/ofbiz-framework/trunk:1850015,1850023,1850530,1850647,1850685,1850694,1850711,1850914,1850918,1850921,1850948,1850953,1851006,1851013,1851068,1851074,1851130,1851158,1851200,1851224,1851247,1851254,1851315,1851319,1851350,1851353,1851433,1851500,1851805,1851885,1851998,1852503,1852587,1852818 +/ofbiz/ofbiz-framework/trunk:1849931,1850015,1850023,1850530,1850647,1850685,1850694,1850711,1850914,1850918,1850921,1850948,1850953,1851006,1851013,1851068,1851074,1851130,1851158,1851200,1851224,1851247,1851254,1851315,1851319,1851350,1851353,1851433,1851500,1851805,1851885,1851998,1852503,1852587,1852818 Modified: ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/JWTManager.java URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/JWTManager.java?rev=1852883=1852882=1852883=diff == --- ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/JWTManager.java (original) +++ ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/JWTManager.java Mon Feb 4 09:26:12 2019 @@ -149,7 +149,7 @@ public class JWTManager { * * @param delegator * @param tokenMap Map name, value pairs to set as claims - * @param expirationtime the expiration time in seconds + * @param expireTime the expiration time in seconds * @return a JWT token */ public static String createJwt (Delegator delegator, Map claims, int expireTime) { Modified: ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/TokenFilter.java URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/TokenFilter.java?rev=1852883=1852882=1852883=diff == --- ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/TokenFilter.java (original) +++ ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/TokenFilter.java Mon Feb 4 09:26:12 2019 @@ -18,6 +18,20 @@ */ package org.apache.ofbiz.webapp.control; +import java.io.IOException; +import java.util.Locale; +import java.util.Map; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + import org.apache.ofbiz.base.util.Debug; import org.apache.ofbiz.base.util.UtilHttp; import org.apache.ofbiz.base.util.UtilMisc; @@ -30,19 +44,6 @@ import org.apache.ofbiz.entity.GenericVa import org.apache.ofbiz.entity.util.EntityQuery; import org.apache.ofbiz.service.ModelService; import org.apache.ofbiz.webapp.WebAppUtil; - -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import java.io.IOException; -import java.util.Locale; -import java.util.Map; public class TokenFilter implements Filter { public static final String module = TokenFilter.class.getName(); @@ -73,7 +74,7 @@ public class TokenFilter implements Filt try { GenericValue userLogin = EntityQuery.use(delegator).from("UserLogin").where("userLoginId",
svn commit: r1852882 - in /ofbiz/ofbiz-framework/trunk: framework/common/webcommon/WEB-INF/ framework/security/config/ framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ themes/common-the
Author: mbrohl Date: Mon Feb 4 09:22:19 2019 New Revision: 1852882 URL: http://svn.apache.org/viewvc?rev=1852882=rev Log: Fixed: Error parsing JWT (OFBIZ-10814) Fixes incorrect retrieval of the Authorization header JWT token. Fixes wrong API usage for the key parameter which assumed the key is provided in BAS64 format. Refactored the code to use helper methods for key and auth header retrieval. Javadoc corrections and enhancements. Modified: ofbiz/ofbiz-framework/trunk/framework/common/webcommon/WEB-INF/common-controller.xml ofbiz/ofbiz-framework/trunk/framework/security/config/security.properties ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/JWTManager.java ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/TokenFilter.java ofbiz/ofbiz-framework/trunk/themes/common-theme/webapp/common/js/util/OfbizUtil.js Modified: ofbiz/ofbiz-framework/trunk/framework/common/webcommon/WEB-INF/common-controller.xml URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/common/webcommon/WEB-INF/common-controller.xml?rev=1852882=1852881=1852882=diff == --- ofbiz/ofbiz-framework/trunk/framework/common/webcommon/WEB-INF/common-controller.xml (original) +++ ofbiz/ofbiz-framework/trunk/framework/common/webcommon/WEB-INF/common-controller.xml Mon Feb 4 09:22:19 2019 @@ -31,7 +31,7 @@ under the License. - + Modified: ofbiz/ofbiz-framework/trunk/framework/security/config/security.properties URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/security/config/security.properties?rev=1852882=1852881=1852882=diff == --- ofbiz/ofbiz-framework/trunk/framework/security/config/security.properties (original) +++ ofbiz/ofbiz-framework/trunk/framework/security/config/security.properties Mon Feb 4 09:22:19 2019 @@ -143,3 +143,10 @@ login.secret_key_string=Secret Key # -- Time To Live of the token send to the external server in seconds, 10 seconds seems plenty enough OOTB. Custom projects might want set a lower value. security.jwt.token.expireTime=10 + +# -- Enables the internal Single Sign On feature which allows a token based login between OFBiz instances +# -- To make this work you also have to configure a secret key with security.token.key +security.internal.sso.enabled=false + +# -- The secret key for the JWT token signature. Configuration in the SystemProperty entity is recommended for security reasons. +#security.token.key= Modified: ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java?rev=1852882=1852881=1852882=diff == --- ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java (original) +++ ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java Mon Feb 4 09:22:19 2019 @@ -18,29 +18,22 @@ */ package org.apache.ofbiz.webapp.control; -import java.util.Arrays; -import java.util.List; -import java.util.Map; -import java.util.UUID; -import java.util.concurrent.ConcurrentHashMap; - -import javax.servlet.ServletContext; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - import org.apache.ofbiz.base.util.Debug; import org.apache.ofbiz.entity.Delegator; import org.apache.ofbiz.entity.DelegatorFactory; -import org.apache.ofbiz.entity.GenericEntityException; import org.apache.ofbiz.entity.GenericValue; -import org.apache.ofbiz.entity.util.EntityQuery; import org.apache.ofbiz.service.LocalDispatcher; -import org.apache.ofbiz.service.ModelService; import org.apache.ofbiz.webapp.WebAppUtil; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import java.util.Map; +import java.util.UUID; +import java.util.concurrent.ConcurrentHashMap; + /** - * This class manages the authentication tokens that provide single sign-on authentication to the OFBiz applications. + * This class manages the single sign-on authentication through external login keys between OFBiz applications. */ public class ExternalLoginKeysManager { private static final String module = ExternalLoginKeysManager.class.getName(); @@ -105,11 +98,10 @@