[jira] [Commented] (OFBIZ-4274) Implement a REST Servlet
[
https://issues.apache.org/jira/browse/OFBIZ-4274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17014159#comment-17014159
]
Nicolas Malin commented on OFBIZ-4274:
--
[~mbrohl], I think we already have all element for the authentification. I will
check if it's possible to use jwt system easily because at this time we have
the event to validate a autentification by Bearer
{code:java}
{code}
With the OFBIZ-11007, I will try to create a call example with curl to update a
Party through webtools
> Implement a REST Servlet
>
>
> Key: OFBIZ-4274
> URL: https://issues.apache.org/jira/browse/OFBIZ-4274
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
>Reporter: Adrian Crum
>Priority: Major
> Labels: REST, URI
> Attachments: RestExampleSchema.xsd, RestXmlRepresentation.xml,
> rest-conf.xml, swagger-pos-openapi.png
>
>
> Implement a REST servlet that will map REST requests to OFBiz services.
> Details are in the comments.
> [here is the discussion which took place on the dev
> ML|http://markmail.org/message/ai6q2fbksowaayn4]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (OFBIZ-11306) POC for CSRF Token
[ https://issues.apache.org/jira/browse/OFBIZ-11306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux updated OFBIZ-11306: Description: CRSF tokens are generated using SecureRandom class. 1) In widget form where a hidden token field is auto-generated. 2) In FTL form where a <@csrfTokenField> macro is used to generate the csrf token field. 3) In Ajax call where a <@csrfTokenAjax> macro is used to assign csrf token to X-CSRF-Token in request header. CSRF tokens are stored in the user sessions, and verified during POST request. A new attribute i.e. csrf-token is added to the security tag to exempt CSRF token check. Certain request path, like LookupPartyName, can be exempt from CSRF token check during Ajax POST call. was: CRSF tokens are generated using CSRF Guard library and used in: 1) In widget form where a hidden token field is auto-generated. 2) In FTL form where a <@csrfTokenField> macro is used to generate the csrf token field. 3) In Ajax call where a <@csrfTokenAjax> macro is used to assign csrf token to X-CSRF-Token in request header. CSRF tokens are stored in the user sessions, and verified during POST request. A new attribute i.e. csrf-token is added to the security tag to exempt CSRF token check. Certain request path, like LookupPartyName, can be exempt from CSRF token check during Ajax POST call. > POC for CSRF Token > -- > > Key: OFBIZ-11306 > URL: https://issues.apache.org/jira/browse/OFBIZ-11306 > Project: OFBiz > Issue Type: Improvement > Components: ALL APPLICATIONS >Affects Versions: Upcoming Branch >Reporter: James Yong >Assignee: Jacques Le Roux >Priority: Minor > Labels: CSRF > Fix For: Upcoming Branch > > Attachments: OFBIZ-11306-v2.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306_Plugins.patch, OFBIZ-11306_Plugins.patch, > OFBIZ-11306_Plugins.patch, OFBIZ-11306_Plugins.patch, > OFBIZ-11306_Plugins.patch > > > CRSF tokens are generated using SecureRandom class. > 1) In widget form where a hidden token field is auto-generated. > 2) In FTL form where a <@csrfTokenField> macro is used to generate the csrf > token field. > 3) In Ajax call where a <@csrfTokenAjax> macro is used to assign csrf token > to X-CSRF-Token in request header. > CSRF tokens are stored in the user sessions, and verified during POST request. > A new attribute i.e. csrf-token is added to the security tag to exempt CSRF > token check. > Certain request path, like LookupPartyName, can be exempt from CSRF token > check during Ajax POST call. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11007) REST: adding segmented URI support
[
https://issues.apache.org/jira/browse/OFBIZ-11007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17014132#comment-17014132
]
Nicolas Malin commented on OFBIZ-11007:
---
[~jleroux] Thanks to spot the checkstyle issue, I will commit a global
correction on this file
[~mthl] ok I propose to change the variable restMethod to _method on other
ticket
> REST: adding segmented URI support
> --
>
> Key: OFBIZ-11007
> URL: https://issues.apache.org/jira/browse/OFBIZ-11007
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
> Environment:
>Reporter: Artemiy Rozovyk
>Assignee: Nicolas Malin
>Priority: Minor
> Labels: REST, URI
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-11007_refactor-entitymaint.patch,
> OFBIZ-11007_refactor-entitymaint.patch,
> OFBIZ-11007_refactor-entitymaint.patch, entitymaint_example.patch,
> restful_URIs.patch
>
>
> Following the discussion on making OFBiz RESTful OFBIZ-4274 i implemented the
> support of segmented URIs without interfering with current mechanisms of URI
> resolution nor with _overrideView()_ feature.
> Combined with work on associating URIs and HTTP methods done by [~mthl] in
> OFBIZ-10438 , we are now able to provide RESTful APIs as follows:
> {code:java}
>
> ...
>
> ...
>
> ...
> {code}
> After we matched a request-map having parametrized URI as in
> {code:java}
> uri="foo/bar/{baz}"
> {code}
> the value is available inside the request attributes with the corresponding
> key (here _"baz"_)
> The *restful_URIs.patch* allows segmented URI support.
> The *entitymaint_example.patch* is a modified _entitymaint_ part that serves
> as an example of possible application of new system.
> Any questions or comments are welcomed.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-4274) Implement a REST Servlet
[
https://issues.apache.org/jira/browse/OFBIZ-4274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17014496#comment-17014496
]
Nicolas Malin commented on OFBIZ-4274:
--
I confirm the step is now closer, with adding a missing request uri and a
filter call :
{code:java}
diff --git framework/common/webcommon/WEB-INF/common-controller.xml
framework/common/webcommon/WEB-INF/common-controller.xml
index 80407c67cc..b7720187cf 100644
--- framework/common/webcommon/WEB-INF/common-controller.xml
+++ framework/common/webcommon/WEB-INF/common-controller.xml
@@ -105,6 +105,14 @@ under the License.
+
+Verify the user to return an authentication
token
+
+
+
+
+
+
diff --git framework/webtools/webapp/webtools/WEB-INF/web.xml
framework/webtools/webapp/webtools/WEB-INF/web.xml
index 9604febb37..f47d48c69f 100644
--- framework/webtools/webapp/webtools/WEB-INF/web.xml
+++ framework/webtools/webapp/webtools/WEB-INF/web.xml
@@ -45,6 +45,11 @@ under the License.
component://webtools/widget/CommonScreens.xml
+
+JWTFilter
+TokenFilter
+
org.apache.ofbiz.webapp.control.TokenFilter
+
ControlFilter
ControlFilter
@@ -63,6 +68,10 @@ under the License.
ContextFilter
org.apache.ofbiz.webapp.control.ContextFilter
+
+TokenFilter
+/*
+
ControlFilter
/* {code}
We can use this sequence :
{code:java}
$ curl -k -XPOST -d USERNAME=admin -d PASSWORD=ofbiz
https://localhost:8443/webtools/control/getAuthenticationToken
$ curl -k -XGET -H "Authorization: Bearer ${previousToken}"
https://localhost:8443/webtools/control/entity/find/Party/Company
{code}
> Implement a REST Servlet
>
>
> Key: OFBIZ-4274
> URL: https://issues.apache.org/jira/browse/OFBIZ-4274
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
>Reporter: Adrian Crum
>Priority: Major
> Labels: REST, URI
> Attachments: RestExampleSchema.xsd, RestXmlRepresentation.xml,
> rest-conf.xml, swagger-pos-openapi.png
>
>
> Implement a REST servlet that will map REST requests to OFBiz services.
> Details are in the comments.
> [here is the discussion which took place on the dev
> ML|http://markmail.org/message/ai6q2fbksowaayn4]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-11319) processorder is submitted as GET instead of POST
[ https://issues.apache.org/jira/browse/OFBIZ-11319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17014351#comment-17014351 ] James Yong commented on OFBIZ-11319: I would suggest to leave those task files for reference until we have a replacement. There are newer bpm workflow engines under Apache licensing and also support orchestration of web services. Updated the patch for anonymous checkout of shopping cart. > processorder is submitted as GET instead of POST > > > Key: OFBIZ-11319 > URL: https://issues.apache.org/jira/browse/OFBIZ-11319 > Project: OFBiz > Issue Type: Bug > Components: ecommerce >Affects Versions: Trunk >Reporter: James Yong >Assignee: James Yong >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-11319_Plugins.patch, OFBIZ-11319_Plugins.patch > > > During checkout of shopping cart, it is observed that the processorder of the > form action is submitted as GET instead of POST -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11319) processorder is submitted as GET instead of POST
[ https://issues.apache.org/jira/browse/OFBIZ-11319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17014382#comment-17014382 ] James Yong commented on OFBIZ-11319: Hi Jacques, With regard to backporting the patch, do I also use Git? What are the Git URLs for the OFBiz releases? > processorder is submitted as GET instead of POST > > > Key: OFBIZ-11319 > URL: https://issues.apache.org/jira/browse/OFBIZ-11319 > Project: OFBiz > Issue Type: Bug > Components: ecommerce >Affects Versions: Trunk >Reporter: James Yong >Assignee: James Yong >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-11319_Plugins.patch, OFBIZ-11319_Plugins.patch > > > During checkout of shopping cart, it is observed that the processorder of the > form action is submitted as GET which is incorrect. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11319) processorder is submitted as GET instead of POST
[ https://issues.apache.org/jira/browse/OFBIZ-11319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17014369#comment-17014369 ] ASF subversion and git services commented on OFBIZ-11319: - Commit ffb54c218080e2083d4c0aa81e988765084db8f7 in ofbiz-plugins's branch refs/heads/trunk from James Yong [ https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=ffb54c2 ] Fixed: processorder is submitted as GET instead of POST (OFBIZ-11319) During checkout of shopping cart, it is observed that the processorder of the form action is submitted as GET which is incorrect. Thanks: Jacques for the review > processorder is submitted as GET instead of POST > > > Key: OFBIZ-11319 > URL: https://issues.apache.org/jira/browse/OFBIZ-11319 > Project: OFBiz > Issue Type: Bug > Components: ecommerce >Affects Versions: Trunk >Reporter: James Yong >Assignee: James Yong >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-11319_Plugins.patch, OFBIZ-11319_Plugins.patch > > > During checkout of shopping cart, it is observed that the processorder of the > form action is submitted as GET which is incorrect. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-11319) processorder is submitted as GET instead of POST
[ https://issues.apache.org/jira/browse/OFBIZ-11319?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] James Yong updated OFBIZ-11319: --- Description: During checkout of shopping cart, it is observed that the processorder of the form action is submitted as GET which is incorrect. (was: During checkout of shopping cart, it is observed that the processorder of the form action is submitted as GET instead of POST ) > processorder is submitted as GET instead of POST > > > Key: OFBIZ-11319 > URL: https://issues.apache.org/jira/browse/OFBIZ-11319 > Project: OFBiz > Issue Type: Bug > Components: ecommerce >Affects Versions: Trunk >Reporter: James Yong >Assignee: James Yong >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-11319_Plugins.patch, OFBIZ-11319_Plugins.patch > > > During checkout of shopping cart, it is observed that the processorder of the > form action is submitted as GET which is incorrect. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-11319) processorder is submitted as GET instead of POST
[ https://issues.apache.org/jira/browse/OFBIZ-11319?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] James Yong updated OFBIZ-11319: --- Attachment: OFBIZ-11319_Plugins.patch > processorder is submitted as GET instead of POST > > > Key: OFBIZ-11319 > URL: https://issues.apache.org/jira/browse/OFBIZ-11319 > Project: OFBiz > Issue Type: Bug > Components: ecommerce >Affects Versions: Trunk >Reporter: James Yong >Assignee: James Yong >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-11319_Plugins.patch, OFBIZ-11319_Plugins.patch > > > During checkout of shopping cart, it is observed that the processorder of the > form action is submitted as GET instead of POST -- This message was sent by Atlassian Jira (v8.3.4#803005)
