Re: [DISCUSSION] turn off OOTB JWT authorization/SSO functionality

2019-01-22 Thread Jacques Le Roux
Hi Michael, It seems there is a consensus for disabling the JWT feature OOTB and it makes sense after testing with Postman. Rest inline: Le 22/01/2019 à 07:43, Michael Brohl a écrit : 2. the functionality to have a single sign on between two OFBiz instances will only be used in rare cases (I

Re: [DISCUSSION] turn off OOTB JWT authorization/SSO functionality

2019-01-22 Thread Michael Brohl
Hi Jacques, inline... Am 22.01.19 um 09:51 schrieb Jacques Le Roux: Hi Michael, It seems there is a consensus for disabling the JWT feature OOTB and it makes sense after testing with Postman. Thanks, Jacques. Rest inline: Le 22/01/2019 à 07:43, Michael Brohl a écrit : 2. the

Re: [DISCUSSION] turn off OOTB JWT authorization/SSO functionality

2019-01-22 Thread Jacques Le Roux
Le 22/01/2019 à 10:11, Michael Brohl a écrit : 3. if it is not used, it will still try to read the authorization header, key etc. *on every request* Yes, that's not a problem it's only few ms (if even) as long as there is no JWT passed. Else all the other pre-processors would also be

Re: svn commit: r1851805 - in /ofbiz/ofbiz-framework/trunk/framework/entityext: minilang/EntitySyncServices.xml servicedef/services.xml src/main/java/org/apache/ofbiz/entityext/synchronization/EntityS

2019-01-22 Thread Nicolas Malin
love :) On 22/01/2019 12:51, arunpati...@apache.org wrote: Author: arunpatidar Date: Tue Jan 22 11:51:46 2019 New Revision: 1851805 URL: http://svn.apache.org/viewvc?rev=1851805=rev Log: Fixed: EntitySync Push and Pull functionalities (OFBIZ-10818) Removed unneccessary service implementation

Re: svn commit: r1851203 - in /ofbiz/ofbiz-framework/branches/release17.12: ./ framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java framework/webapp/src/main/java/org/apache/ofbiz/web

2019-01-22 Thread Deepak Nigam
Hi Jacques, When there is one web app with the empty mount point (i.e. deployed on root), the auto-login cookie will not work for that particular webapp due to the change in the path of the cookie from "/" to "/" + applicationName. Because the system will try to find the cookie at the "/" but it

Re: [DISCUSSION] turn off OOTB JWT authorization/SSO functionality

2019-01-22 Thread Jacopo Cappellato
+1 to disabling it by default. We could consider, rather than adding a new configuration flag, to disable the feature if no secret is set in the configuration files (and do not provide a secret out of the box). Jacopo On Sat, Jan 19, 2019 at 12:57 PM Michael Brohl wrote: > Hi all, > > during

Re: git commit workflow for ofbiz

2019-01-22 Thread Jacopo Cappellato
+1 for Git! Jacopo On Sat, Jan 12, 2019 at 1:01 PM Michael Brohl wrote: > Hi all, > > I'd like to revive this discussion again. > > Personally, I am now working with git for a few years and almost all > customer and company related projects have moved to git over time. In > the beginning, I