Clone Tools
  • last updated a few minutes ago
Constraints: committers
Constraints: files
Constraints: dates
Improved: Add security.internal.sso.enabled and security.token.key SystemProperties


This comes handy when testing, from examples component, the internal SSO feature

which allows a token based login between OFBiz instances

The SSOJWTDemoData.xml inadvertently slipped in w/ previous commit

Reverted: "Improved: Use ‘depends-on’ attribute instead of “component-load.xml”" (OFBIZ-11296)

This reverts commit eeabe69813a1d9f42911dec70a912574046ef49b.

  1. … 24 more files in changeset.
Improved: Use ‘depends-on’ attribute instead of “component-load.xml” (OFBIZ-11296)

We currently have two ways to define component loading order. Either

by using ‘depends-on’ attribute in “component-config.xml” or by adding

a “component-load.xml” file at the root of a component directory.

“depends-on” is more flexible because it handles partial ordering when

“component-load.xml” defines a total order which is not necessarily

meaningful, so it is better to rely only “depends-on”.

This removes the usage of “component-load.xml” to use ‘depends-on’

instead. The dependency declarations correspond to the total ordering

previously defined but will need to be refined in the future to relax

unnecessary dependency declarations.

Only “framework/base/config/component-load.xml” which defines the

top-level directories order (framework, applications, themes and

plugins) is kept.

  1. … 24 more files in changeset.
Improved: Remove redundant "dtd" directory from classpath (OFBIZ-11161)

the "dtd" directories are already present as resources distributed

inside OFBiz jar, so there is no need to augment the classpath to find

the XML schema inside those directories.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-framework/trunk@1865796 13f79535-47bb-0310-9956-ffa450edef68

  1. … 10 more files in changeset.
Reverted: commit r1825436, inconsistency in results between me and buildbot

WIP, to investigate

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-framework/trunk@1825438 13f79535-47bb-0310-9956-ffa450edef68

Fixed: a bug in loading seed-only data into the system

When calling OFBiz with the command gradlew "ofbiz -l readers=seed-initial"

the system crashes. The reason is because of a faulty dependency of

"seed-initial" data in the entityext component to "seed" data in the security

component. The fix is simply to change the type of reader for the requested

data in SecurityPermissionSeedData.xml from "seed" to "seed-initial"

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-framework/trunk@1825436 13f79535-47bb-0310-9956-ffa450edef68

Better name for the PasswordSecurityData.xml (now PasswordSecurityDemoData.xml) thanks to Scott's suggestion on dev ML

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/trunk@1755390 13f79535-47bb-0310-9956-ffa450edef68

  1. … 2 more files in changeset.
Fixes "Remove warnings regarding missing component lib folders" - https://issues.apache.org/jira/browse/OFBIZ-7776 - by cleaning/clearing the references to non existent/empty dirs.


* Also removes empty framework/base/lib/scripting and useless applications\content\lib\uno\README (miss doc in wiki)

* When jpim-0.1.jar will be (hopefully) replaced we can drop lib ref in framework/base/ofbiz-component.xml

* I wonder if we should let the geronimo component alone with only 2 classes, could we not put that in entity or entityext?

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/trunk@1755306 13f79535-47bb-0310-9956-ffa450edef68

  1. … 45 more files in changeset.
A modified patch from Harsha Chadhar for "New feature to reclaim a user account - Using Security Questions" https://issues.apache.org/jira/browse/OFBIZ-4983

jleroux: the issue description is quite lengthy so I will summarise it here, please refer to the Jira issue for details.

"When a customer creates an account on eCommerce site, s/he will also need to answer a security question. This security question then can be used by the user to reclaim her/his account in case s/he forgets her/his password. If the user correctly answers the required security question while reclaiming her/his account, her/his password will be sent through email notification. This part would work in the same way as the existing functionality of email password (forget password)."

The description was actually more ambitious (several questions, possibility for users to create own questions) but AFAIK these parts have not been implemented.

Apart updating the patch which did not merge, I got 2 majors issues (and few others I will not report here) I bypassed with workarounds.

Unlike Harsha, and as I reported earlier in the issue, I never got the username (userLoginId) back when using hidden parameters in the request body (not in requestParameters, ie UtilHttp.getParameterMap(request)), nor actually any parameters. This is maybe due to my OS (Windows7 was XP before) or my email client (Outlook Express then, now Thunderbird) or even my SMTP configuration (I used my ISP SMTP server) but most probably because I did it all on my sole machine (localhost). I tried to understand what was happening to request body parameters with http://www.telerik.com/fiddler, but finally gave up because it's even more complicated when https is in the picture. So I decided to rather use parameters in the URL (Query string). It's a bit less safe, though the password is OFBiz encrypted, and should be replaced. But it's safe enough because only the user should receive this message and even if the message is sniffed during its journey it should be hard to decrypt the password!

Harsha used the SecurityExtUiLabels.xml (created by ashish at r1618415) in securityext component but there is already a SecurityextUiLabels.xml in common component. Since I use Windows OFBiz was unable to retrieve the labels from SecurityExtUiLabels.xml since I guess it looked into a SecurityextUiLabels.xml. So I renamed a SecurityExtUiLabels.xml to EmailPassword.xml.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/trunk@1716915 13f79535-47bb-0310-9956-ffa450edef68

  1. … 24 more files in changeset.
split up securitypermissions as seed data and securitygroups as demo data with a single exception: the creation of a super security group which has general access to the system and which is used with the 'ant create-admin-user-login' command.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/trunk@1352431 13f79535-47bb-0310-9956-ffa450edef68

  1. … 126 more files in changeset.
reverted recent security file changes revisions: 1350847,1350843,1350840,1348534,1347908,1347213,1346264, need more investigation

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/trunk@1351206 13f79535-47bb-0310-9956-ffa450edef68

  1. … 42 more files in changeset.
Some security data is really seed data, added informational messages to indicate security data is not loaded when selected seed

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/trunk@1350840 13f79535-47bb-0310-9956-ffa450edef68

  1. … 3 more files in changeset.
introduced a new data-reader : 'security'

Security is now by default not loaded because not part of seed anymore this will make all component hidden and not accessible .

It is still loaded as part of the reader 'demo'

to load the security files:

./ant load-readers -Ddata-readers=security

Now it is possible to load only a selection of the security files in your hot-deploy component as follows:

<entity-resource type=data reader-name=seed loader=main location=../../framework/security/data/SecurityData.xml/>

<entity-resource type=data reader-name=seed loader=main location=../../framework/webtools/data/WebtoolsSecurityData.xml/>

<entity-resource type=data reader-name=seed loader=main location=../../applications/party/data/PartySecurityData.xml/>

This will enable only standard groups, the party and the webtools application.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/trunk@1346255 13f79535-47bb-0310-9956-ffa450edef68

  1. … 34 more files in changeset.
Moved some security related demo data from the applications/securityext folder to the framework/security folder. This change accommodates logging in as admin in a framework-only demo installation.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/trunk@1050053 13f79535-47bb-0310-9956-ffa450edef68

  1. … 5 more files in changeset.
2d part and end of an effort to remove trailing spaces [ \t]+$ => "" (empty) Should be easier to review when committing changes with trailing spaces removed automatically by anyedit or such tool (please refer to http://docs.ofbiz.org/x/mg)

Of course this effort to remove trailing spaces has no functional implications.

Actually, I was doing a 1st commit and as it's long to upload, I got conflicts with r763135

In the meantime I did some refactoring also in *.java and *.groovy files :

){ => ) {

if( => if (

while( => while (

}else => } else

else{ => else {

switch( => switch (

try{ => try {

}catch => } catch

catch( => catch (

}finally{ => } finally {

So these changes are also in this commit, should not be a problem anyway.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/trunk@763175 13f79535-47bb-0310-9956-ffa450edef68

  1. … 2212 more files in changeset.
More entitygroups gone, all of framework

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/trunk@672910 13f79535-47bb-0310-9956-ffa450edef68

  1. … 15 more files in changeset.
Did a big search/replace to change all xsd file refs from www.ofbiz.org to ofbiz.apache.org

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/trunk@539504 13f79535-47bb-0310-9956-ffa450edef68

  1. … 633 more files in changeset.
A (large) patch from Scott Gray "Update ASL header" (https://issues.apache.org/jira/browse/OFBIZ-637). I put also some svn:ignore for shark build and lib diretories and assetmaint/build

I did some by hand lately, too much to remember. They were files with old header but without copyright. A 1st attempt I suppose, will have to check this after this commit.

I add some problems to commit this patch in one piece because it's so huge (specially with Eclipse I had to turn to Tortoise) !

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/trunk@499486 13f79535-47bb-0310-9956-ffa450edef68

  1. … 1794 more files in changeset.
License change from MIT to ASL2.0 for the files of the security component. Thanks to Scott Gray for the patch (Apache OFBIZ-87).

git-svn-id: https://svn.apache.org/repos/asf/incubator/ofbiz/trunk@423841 13f79535-47bb-0310-9956-ffa450edef68

  1. … 11 more files in changeset.
Initial OFBiz import from revision 7923 of the old svn.ofbiz.org SVN repository.

git-svn-id: https://svn.apache.org/repos/asf/incubator/ofbiz/trunk@418498 13f79535-47bb-0310-9956-ffa450edef68

    • -0
    • +35
  1. … 3258 more files in changeset.