[jira] [Commented] (OFBIZ-4274) Implement a REST Servlet
[ https://issues.apache.org/jira/browse/OFBIZ-4274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17014159#comment-17014159 ] Nicolas Malin commented on OFBIZ-4274: -- [~mbrohl], I think we already have all element for the authentification. I will check if it's possible to use jwt system easily because at this time we have the event to validate a autentification by Bearer {code:java} {code} With the OFBIZ-11007, I will try to create a call example with curl to update a Party through webtools > Implement a REST Servlet > > > Key: OFBIZ-4274 > URL: https://issues.apache.org/jira/browse/OFBIZ-4274 > Project: OFBiz > Issue Type: New Feature > Components: framework >Affects Versions: Trunk >Reporter: Adrian Crum >Priority: Major > Labels: REST, URI > Attachments: RestExampleSchema.xsd, RestXmlRepresentation.xml, > rest-conf.xml, swagger-pos-openapi.png > > > Implement a REST servlet that will map REST requests to OFBiz services. > Details are in the comments. > [here is the discussion which took place on the dev > ML|http://markmail.org/message/ai6q2fbksowaayn4] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-11306) POC for CSRF Token
[ https://issues.apache.org/jira/browse/OFBIZ-11306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux updated OFBIZ-11306: Description: CRSF tokens are generated using SecureRandom class. 1) In widget form where a hidden token field is auto-generated. 2) In FTL form where a <@csrfTokenField> macro is used to generate the csrf token field. 3) In Ajax call where a <@csrfTokenAjax> macro is used to assign csrf token to X-CSRF-Token in request header. CSRF tokens are stored in the user sessions, and verified during POST request. A new attribute i.e. csrf-token is added to the security tag to exempt CSRF token check. Certain request path, like LookupPartyName, can be exempt from CSRF token check during Ajax POST call. was: CRSF tokens are generated using CSRF Guard library and used in: 1) In widget form where a hidden token field is auto-generated. 2) In FTL form where a <@csrfTokenField> macro is used to generate the csrf token field. 3) In Ajax call where a <@csrfTokenAjax> macro is used to assign csrf token to X-CSRF-Token in request header. CSRF tokens are stored in the user sessions, and verified during POST request. A new attribute i.e. csrf-token is added to the security tag to exempt CSRF token check. Certain request path, like LookupPartyName, can be exempt from CSRF token check during Ajax POST call. > POC for CSRF Token > -- > > Key: OFBIZ-11306 > URL: https://issues.apache.org/jira/browse/OFBIZ-11306 > Project: OFBiz > Issue Type: Improvement > Components: ALL APPLICATIONS >Affects Versions: Upcoming Branch >Reporter: James Yong >Assignee: Jacques Le Roux >Priority: Minor > Labels: CSRF > Fix For: Upcoming Branch > > Attachments: OFBIZ-11306-v2.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306_Plugins.patch, OFBIZ-11306_Plugins.patch, > OFBIZ-11306_Plugins.patch, OFBIZ-11306_Plugins.patch, > OFBIZ-11306_Plugins.patch > > > CRSF tokens are generated using SecureRandom class. > 1) In widget form where a hidden token field is auto-generated. > 2) In FTL form where a <@csrfTokenField> macro is used to generate the csrf > token field. > 3) In Ajax call where a <@csrfTokenAjax> macro is used to assign csrf token > to X-CSRF-Token in request header. > CSRF tokens are stored in the user sessions, and verified during POST request. > A new attribute i.e. csrf-token is added to the security tag to exempt CSRF > token check. > Certain request path, like LookupPartyName, can be exempt from CSRF token > check during Ajax POST call. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11007) REST: adding segmented URI support
[ https://issues.apache.org/jira/browse/OFBIZ-11007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17014132#comment-17014132 ] Nicolas Malin commented on OFBIZ-11007: --- [~jleroux] Thanks to spot the checkstyle issue, I will commit a global correction on this file [~mthl] ok I propose to change the variable restMethod to _method on other ticket > REST: adding segmented URI support > -- > > Key: OFBIZ-11007 > URL: https://issues.apache.org/jira/browse/OFBIZ-11007 > Project: OFBiz > Issue Type: New Feature > Components: framework >Affects Versions: Trunk > Environment: >Reporter: Artemiy Rozovyk >Assignee: Nicolas Malin >Priority: Minor > Labels: REST, URI > Fix For: Upcoming Branch > > Attachments: OFBIZ-11007_refactor-entitymaint.patch, > OFBIZ-11007_refactor-entitymaint.patch, > OFBIZ-11007_refactor-entitymaint.patch, entitymaint_example.patch, > restful_URIs.patch > > > Following the discussion on making OFBiz RESTful OFBIZ-4274 i implemented the > support of segmented URIs without interfering with current mechanisms of URI > resolution nor with _overrideView()_ feature. > Combined with work on associating URIs and HTTP methods done by [~mthl] in > OFBIZ-10438 , we are now able to provide RESTful APIs as follows: > {code:java} > > ... > > ... > > ... > {code} > After we matched a request-map having parametrized URI as in > {code:java} > uri="foo/bar/{baz}" > {code} > the value is available inside the request attributes with the corresponding > key (here _"baz"_) > The *restful_URIs.patch* allows segmented URI support. > The *entitymaint_example.patch* is a modified _entitymaint_ part that serves > as an example of possible application of new system. > Any questions or comments are welcomed. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-4274) Implement a REST Servlet
[ https://issues.apache.org/jira/browse/OFBIZ-4274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17014496#comment-17014496 ] Nicolas Malin commented on OFBIZ-4274: -- I confirm the step is now closer, with adding a missing request uri and a filter call : {code:java} diff --git framework/common/webcommon/WEB-INF/common-controller.xml framework/common/webcommon/WEB-INF/common-controller.xml index 80407c67cc..b7720187cf 100644 --- framework/common/webcommon/WEB-INF/common-controller.xml +++ framework/common/webcommon/WEB-INF/common-controller.xml @@ -105,6 +105,14 @@ under the License. + +Verify the user to return an authentication token + + + + + + diff --git framework/webtools/webapp/webtools/WEB-INF/web.xml framework/webtools/webapp/webtools/WEB-INF/web.xml index 9604febb37..f47d48c69f 100644 --- framework/webtools/webapp/webtools/WEB-INF/web.xml +++ framework/webtools/webapp/webtools/WEB-INF/web.xml @@ -45,6 +45,11 @@ under the License. component://webtools/widget/CommonScreens.xml + +JWTFilter +TokenFilter + org.apache.ofbiz.webapp.control.TokenFilter + ControlFilter ControlFilter @@ -63,6 +68,10 @@ under the License. ContextFilter org.apache.ofbiz.webapp.control.ContextFilter + +TokenFilter +/* + ControlFilter /* {code} We can use this sequence : {code:java} $ curl -k -XPOST -d USERNAME=admin -d PASSWORD=ofbiz https://localhost:8443/webtools/control/getAuthenticationToken $ curl -k -XGET -H "Authorization: Bearer ${previousToken}" https://localhost:8443/webtools/control/entity/find/Party/Company {code} > Implement a REST Servlet > > > Key: OFBIZ-4274 > URL: https://issues.apache.org/jira/browse/OFBIZ-4274 > Project: OFBiz > Issue Type: New Feature > Components: framework >Affects Versions: Trunk >Reporter: Adrian Crum >Priority: Major > Labels: REST, URI > Attachments: RestExampleSchema.xsd, RestXmlRepresentation.xml, > rest-conf.xml, swagger-pos-openapi.png > > > Implement a REST servlet that will map REST requests to OFBiz services. > Details are in the comments. > [here is the discussion which took place on the dev > ML|http://markmail.org/message/ai6q2fbksowaayn4] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11319) processorder is submitted as GET instead of POST
[ https://issues.apache.org/jira/browse/OFBIZ-11319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17014351#comment-17014351 ] James Yong commented on OFBIZ-11319: I would suggest to leave those task files for reference until we have a replacement. There are newer bpm workflow engines under Apache licensing and also support orchestration of web services. Updated the patch for anonymous checkout of shopping cart. > processorder is submitted as GET instead of POST > > > Key: OFBIZ-11319 > URL: https://issues.apache.org/jira/browse/OFBIZ-11319 > Project: OFBiz > Issue Type: Bug > Components: ecommerce >Affects Versions: Trunk >Reporter: James Yong >Assignee: James Yong >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-11319_Plugins.patch, OFBIZ-11319_Plugins.patch > > > During checkout of shopping cart, it is observed that the processorder of the > form action is submitted as GET instead of POST -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11319) processorder is submitted as GET instead of POST
[ https://issues.apache.org/jira/browse/OFBIZ-11319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17014382#comment-17014382 ] James Yong commented on OFBIZ-11319: Hi Jacques, With regard to backporting the patch, do I also use Git? What are the Git URLs for the OFBiz releases? > processorder is submitted as GET instead of POST > > > Key: OFBIZ-11319 > URL: https://issues.apache.org/jira/browse/OFBIZ-11319 > Project: OFBiz > Issue Type: Bug > Components: ecommerce >Affects Versions: Trunk >Reporter: James Yong >Assignee: James Yong >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-11319_Plugins.patch, OFBIZ-11319_Plugins.patch > > > During checkout of shopping cart, it is observed that the processorder of the > form action is submitted as GET which is incorrect. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11319) processorder is submitted as GET instead of POST
[ https://issues.apache.org/jira/browse/OFBIZ-11319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17014369#comment-17014369 ] ASF subversion and git services commented on OFBIZ-11319: - Commit ffb54c218080e2083d4c0aa81e988765084db8f7 in ofbiz-plugins's branch refs/heads/trunk from James Yong [ https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=ffb54c2 ] Fixed: processorder is submitted as GET instead of POST (OFBIZ-11319) During checkout of shopping cart, it is observed that the processorder of the form action is submitted as GET which is incorrect. Thanks: Jacques for the review > processorder is submitted as GET instead of POST > > > Key: OFBIZ-11319 > URL: https://issues.apache.org/jira/browse/OFBIZ-11319 > Project: OFBiz > Issue Type: Bug > Components: ecommerce >Affects Versions: Trunk >Reporter: James Yong >Assignee: James Yong >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-11319_Plugins.patch, OFBIZ-11319_Plugins.patch > > > During checkout of shopping cart, it is observed that the processorder of the > form action is submitted as GET which is incorrect. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-11319) processorder is submitted as GET instead of POST
[ https://issues.apache.org/jira/browse/OFBIZ-11319?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] James Yong updated OFBIZ-11319: --- Description: During checkout of shopping cart, it is observed that the processorder of the form action is submitted as GET which is incorrect. (was: During checkout of shopping cart, it is observed that the processorder of the form action is submitted as GET instead of POST ) > processorder is submitted as GET instead of POST > > > Key: OFBIZ-11319 > URL: https://issues.apache.org/jira/browse/OFBIZ-11319 > Project: OFBiz > Issue Type: Bug > Components: ecommerce >Affects Versions: Trunk >Reporter: James Yong >Assignee: James Yong >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-11319_Plugins.patch, OFBIZ-11319_Plugins.patch > > > During checkout of shopping cart, it is observed that the processorder of the > form action is submitted as GET which is incorrect. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-11319) processorder is submitted as GET instead of POST
[ https://issues.apache.org/jira/browse/OFBIZ-11319?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] James Yong updated OFBIZ-11319: --- Attachment: OFBIZ-11319_Plugins.patch > processorder is submitted as GET instead of POST > > > Key: OFBIZ-11319 > URL: https://issues.apache.org/jira/browse/OFBIZ-11319 > Project: OFBiz > Issue Type: Bug > Components: ecommerce >Affects Versions: Trunk >Reporter: James Yong >Assignee: James Yong >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-11319_Plugins.patch, OFBIZ-11319_Plugins.patch > > > During checkout of shopping cart, it is observed that the processorder of the > form action is submitted as GET instead of POST -- This message was sent by Atlassian Jira (v8.3.4#803005)