You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by Adam Heath <do...@brainfood.com> on 2013/06/28 21:10:48 UTC
Re: svn commit: r1497892 - in /ofbiz/trunk/framework: common/webcommon/WEB-INF/common-controller.xml
webapp/src/org/ofbiz/webapp/control/LoginCheck.java webapp/src/org/ofbiz/webapp/control/LoginWorker.java
I have a component that allows ofbiz to use an external install of JaSig
CAS, and has both an openid client *and* server implementation. Is the
rest of the community interested in such a component?
On 06/28/2013 02:08 PM, doogie@apache.org wrote:
> Author: doogie
> Date: Fri Jun 28 19:08:32 2013
> New Revision: 1497892
>
> URL: http://svn.apache.org/r1497892
> Log:
> FEATURE: Add extension points to the controller login workflow; this
> allows other components to automatically insert themselves, without
> having to modify any existing files. This can be used for integrating
> with Jasig CAS, or with OpenID.
>
> Added:
> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginCheck.java
> Modified:
> ofbiz/trunk/framework/common/webcommon/WEB-INF/common-controller.xml
> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
>
> Modified: ofbiz/trunk/framework/common/webcommon/WEB-INF/common-controller.xml
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/webcommon/WEB-INF/common-controller.xml?rev=1497892&r1=1497891&r2=1497892&view=diff
> ==============================================================================
> --- ofbiz/trunk/framework/common/webcommon/WEB-INF/common-controller.xml (original)
> +++ ofbiz/trunk/framework/common/webcommon/WEB-INF/common-controller.xml Fri Jun 28 19:08:32 2013
> @@ -32,6 +32,7 @@ under the License.
> <event name="checkServletRequestRemoteUserLogin" type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkServletRequestRemoteUserLogin"/>
> <event name="checkExternalLoginKey" type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkExternalLoginKey"/>
> <event name="checkProtectedView" type="java" path="org.ofbiz.webapp.control.ProtectViewWorker" invoke="checkProtectedView"/>
> +<event name="extensionConnectLogin" type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="extensionConnectLogin"/>
> </preprocessor>
> <postprocessor>
> <!-- Events to run on every request after all other processing (chains exempt) -->
> @@ -41,14 +42,14 @@ under the License.
> <request-map uri="checkLogin" edit="false">
> <description>Verify a user is logged in.</description>
> <security https="true" auth="false"/>
> -<event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkLogin"/>
> +<event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="extensionCheckLogin"/>
> <response name="success" type="view" value="main"/>
> <response name="error" type="view" value="login"/>
> </request-map>
> <request-map uri="ajaxCheckLogin" edit="false">
> <description>Verify a user is logged in.</description>
> <security https="true" auth="false"/>
> -<event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkLogin"/>
> +<event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="extensionCheckLogin"/>
> <response name="success" type="view" value="main"/>
> <response name="error" type="view" value="ajaxLogin"/>
> </request-map>
>
> Added: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginCheck.java
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginCheck.java?rev=1497892&view=auto
> ==============================================================================
> --- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginCheck.java (added)
> +++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginCheck.java Fri Jun 28 19:08:32 2013
> @@ -0,0 +1,28 @@
> +/*******************************************************************************
> + * Licensed to the Apache Software Foundation (ASF) under one
> + * or more contributor license agreements. See the NOTICE file
> + * distributed with this work for additional information
> + * regarding copyright ownership. The ASF licenses this file
> + * to you under the Apache License, Version 2.0 (the
> + * "License"); you may not use this file except in compliance
> + * with the License. You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing,
> + * software distributed under the License is distributed on an
> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
> + * KIND, either express or implied. See the License for the
> + * specific language governing permissions and limitations
> + * under the License.
> + *******************************************************************************/
> +package org.ofbiz.webapp.control;
> +
> +import javax.servlet.http.HttpServletRequest;
> +import javax.servlet.http.HttpServletResponse;
> +
> +public interface LoginCheck {
> + boolean isEnabled();
> + String associate(HttpServletRequest request, HttpServletResponse response);
> + String check(HttpServletRequest request, HttpServletResponse response);
> +}
>
> Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java?rev=1497892&r1=1497891&r2=1497892&view=diff
> ==============================================================================
> --- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java (original)
> +++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java Fri Jun 28 19:08:32 2013
> @@ -25,6 +25,7 @@ import java.security.cert.X509Certificat
> import java.sql.Timestamp;
> import java.util.List;
> import java.util.Map;
> +import java.util.ServiceLoader;
> import java.util.regex.Matcher;
> import java.util.regex.Pattern;
>
> @@ -246,6 +247,56 @@ public class LoginWorker {
> return userLogin;
> }
>
> + /** This WebEvent allows for java 'services' to hook into the login path.
> + * This method loads all instances of {@link LoginCheck}, and calls the
> + * {@link LoginCheck#associate} method. The first implementation to return
> + * a non-null value gets that value returned to the caller. Returning
> + * "none" will abort processing, while anything else gets looked up in
> + * outer view dispatch. This event is called when the current request
> + * needs to have a validly logged in user; it is a wrapper around {@link
> + * #checkLogin}.
> + *
> + * @param request The HTTP request object for the current JSP or Servlet request.
> + * @param response The HTTP response object for the current JSP or Servlet request.
> + * @return String
> + */
> + public static String extensionCheckLogin(HttpServletRequest request, HttpServletResponse response) {
> + for (LoginCheck check: ServiceLoader.load(LoginCheck.class)) {
> + if (!check.isEnabled()) {
> + continue;
> + }
> + String result = check.associate(request, response);
> + if (result != null) {
> + return result;
> + }
> + }
> + return checkLogin(request, response);
> + }
> +
> + /** This WebEvent allows for java 'services' to hook into the login path.
> + * This method loads all instances of {@link LoginCheck}, and calls the
> + * {@link LoginCheck#check} method. The first implementation to return
> + * a non-null value gets that value returned to the caller. Returning
> + * "none" will abort processing, while anything else gets looked up in
> + * outer view dispatch; for preprocessors, only "success" makes sense.
> + *
> + * @param request The HTTP request object for the current JSP or Servlet request.
> + * @param response The HTTP response object for the current JSP or Servlet request.
> + * @return String
> + */
> + public static String extensionConnectLogin(HttpServletRequest request, HttpServletResponse response) {
> + for (LoginCheck check: ServiceLoader.load(LoginCheck.class)) {
> + if (!check.isEnabled()) {
> + continue;
> + }
> + String result = check.check(request, response);
> + if (result != null) {
> + return result;
> + }
> + }
> + return "success";
> + }
> +
> /**
> * An HTTP WebEvent handler that checks to see is a userLogin is logged in.
> * If not, the user is forwarded to the login page.
>
>
Re: svn commit: r1497892 - in /ofbiz/trunk/framework: common/webcommon/WEB-INF/common-controller.xml
webapp/src/org/ofbiz/webapp/control/LoginCheck.java webapp/src/org/ofbiz/webapp/control/LoginWorker.java
Posted by Hans Bakker <ma...@antwebsystems.com>.
Hi Adam,
perhaps a bit late....yes i am interested in the openid client and
server implementation and i would appreciate if you could commit
it.....if the community is not in favor i would appreciate to receive
your your patches
regards,
Hans
On 06/29/2013 02:10 AM, Adam Heath wrote:
> I have a component that allows ofbiz to use an external install of
> JaSig CAS, and has both an openid client *and* server implementation.
> Is the rest of the community interested in such a component?
>
> On 06/28/2013 02:08 PM, doogie@apache.org wrote:
>> Author: doogie
>> Date: Fri Jun 28 19:08:32 2013
>> New Revision: 1497892
>>
>> URL: http://svn.apache.org/r1497892
>> Log:
>> FEATURE: Add extension points to the controller login workflow; this
>> allows other components to automatically insert themselves, without
>> having to modify any existing files. This can be used for integrating
>> with Jasig CAS, or with OpenID.
>>
>> Added:
>> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginCheck.java
>> Modified:
>> ofbiz/trunk/framework/common/webcommon/WEB-INF/common-controller.xml
>> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
>>
>> Modified:
>> ofbiz/trunk/framework/common/webcommon/WEB-INF/common-controller.xml
>> URL:
>> http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/webcommon/WEB-INF/common-controller.xml?rev=1497892&r1=1497891&r2=1497892&view=diff
>> ==============================================================================
>>
>> ---
>> ofbiz/trunk/framework/common/webcommon/WEB-INF/common-controller.xml
>> (original)
>> +++
>> ofbiz/trunk/framework/common/webcommon/WEB-INF/common-controller.xml
>> Fri Jun 28 19:08:32 2013
>> @@ -32,6 +32,7 @@ under the License.
>> <event name="checkServletRequestRemoteUserLogin"
>> type="java" path="org.ofbiz.webapp.control.LoginWorker"
>> invoke="checkServletRequestRemoteUserLogin"/>
>> <event name="checkExternalLoginKey" type="java"
>> path="org.ofbiz.webapp.control.LoginWorker"
>> invoke="checkExternalLoginKey"/>
>> <event name="checkProtectedView" type="java"
>> path="org.ofbiz.webapp.control.ProtectViewWorker"
>> invoke="checkProtectedView"/>
>> +<event name="extensionConnectLogin" type="java"
>> path="org.ofbiz.webapp.control.LoginWorker"
>> invoke="extensionConnectLogin"/>
>> </preprocessor>
>> <postprocessor>
>> <!-- Events to run on every request after all other
>> processing (chains exempt) -->
>> @@ -41,14 +42,14 @@ under the License.
>> <request-map uri="checkLogin" edit="false">
>> <description>Verify a user is logged in.</description>
>> <security https="true" auth="false"/>
>> -<event type="java" path="org.ofbiz.webapp.control.LoginWorker"
>> invoke="checkLogin"/>
>> +<event type="java" path="org.ofbiz.webapp.control.LoginWorker"
>> invoke="extensionCheckLogin"/>
>> <response name="success" type="view" value="main"/>
>> <response name="error" type="view" value="login"/>
>> </request-map>
>> <request-map uri="ajaxCheckLogin" edit="false">
>> <description>Verify a user is logged in.</description>
>> <security https="true" auth="false"/>
>> -<event type="java" path="org.ofbiz.webapp.control.LoginWorker"
>> invoke="checkLogin"/>
>> +<event type="java" path="org.ofbiz.webapp.control.LoginWorker"
>> invoke="extensionCheckLogin"/>
>> <response name="success" type="view" value="main"/>
>> <response name="error" type="view" value="ajaxLogin"/>
>> </request-map>
>>
>> Added:
>> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginCheck.java
>> URL:
>> http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginCheck.java?rev=1497892&view=auto
>> ==============================================================================
>>
>> ---
>> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginCheck.java
>> (added)
>> +++
>> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginCheck.java
>> Fri Jun 28 19:08:32 2013
>> @@ -0,0 +1,28 @@
>> +/*******************************************************************************
>>
>> + * Licensed to the Apache Software Foundation (ASF) under one
>> + * or more contributor license agreements. See the NOTICE file
>> + * distributed with this work for additional information
>> + * regarding copyright ownership. The ASF licenses this file
>> + * to you under the Apache License, Version 2.0 (the
>> + * "License"); you may not use this file except in compliance
>> + * with the License. You may obtain a copy of the License at
>> + *
>> + * http://www.apache.org/licenses/LICENSE-2.0
>> + *
>> + * Unless required by applicable law or agreed to in writing,
>> + * software distributed under the License is distributed on an
>> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
>> + * KIND, either express or implied. See the License for the
>> + * specific language governing permissions and limitations
>> + * under the License.
>> +
>> *******************************************************************************/
>> +package org.ofbiz.webapp.control;
>> +
>> +import javax.servlet.http.HttpServletRequest;
>> +import javax.servlet.http.HttpServletResponse;
>> +
>> +public interface LoginCheck {
>> + boolean isEnabled();
>> + String associate(HttpServletRequest request, HttpServletResponse
>> response);
>> + String check(HttpServletRequest request, HttpServletResponse
>> response);
>> +}
>>
>> Modified:
>> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
>> URL:
>> http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java?rev=1497892&r1=1497891&r2=1497892&view=diff
>> ==============================================================================
>>
>> ---
>> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
>> (original)
>> +++
>> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
>> Fri Jun 28 19:08:32 2013
>> @@ -25,6 +25,7 @@ import java.security.cert.X509Certificat
>> import java.sql.Timestamp;
>> import java.util.List;
>> import java.util.Map;
>> +import java.util.ServiceLoader;
>> import java.util.regex.Matcher;
>> import java.util.regex.Pattern;
>>
>> @@ -246,6 +247,56 @@ public class LoginWorker {
>> return userLogin;
>> }
>>
>> + /** This WebEvent allows for java 'services' to hook into the
>> login path.
>> + * This method loads all instances of {@link LoginCheck}, and
>> calls the
>> + * {@link LoginCheck#associate} method. The first
>> implementation to return
>> + * a non-null value gets that value returned to the caller.
>> Returning
>> + * "none" will abort processing, while anything else gets looked
>> up in
>> + * outer view dispatch. This event is called when the current
>> request
>> + * needs to have a validly logged in user; it is a wrapper
>> around {@link
>> + * #checkLogin}.
>> + *
>> + * @param request The HTTP request object for the current JSP or
>> Servlet request.
>> + * @param response The HTTP response object for the current JSP
>> or Servlet request.
>> + * @return String
>> + */
>> + public static String extensionCheckLogin(HttpServletRequest
>> request, HttpServletResponse response) {
>> + for (LoginCheck check: ServiceLoader.load(LoginCheck.class)) {
>> + if (!check.isEnabled()) {
>> + continue;
>> + }
>> + String result = check.associate(request, response);
>> + if (result != null) {
>> + return result;
>> + }
>> + }
>> + return checkLogin(request, response);
>> + }
>> +
>> + /** This WebEvent allows for java 'services' to hook into the
>> login path.
>> + * This method loads all instances of {@link LoginCheck}, and
>> calls the
>> + * {@link LoginCheck#check} method. The first implementation to
>> return
>> + * a non-null value gets that value returned to the caller.
>> Returning
>> + * "none" will abort processing, while anything else gets looked
>> up in
>> + * outer view dispatch; for preprocessors, only "success" makes
>> sense.
>> + *
>> + * @param request The HTTP request object for the current JSP or
>> Servlet request.
>> + * @param response The HTTP response object for the current JSP
>> or Servlet request.
>> + * @return String
>> + */
>> + public static String extensionConnectLogin(HttpServletRequest
>> request, HttpServletResponse response) {
>> + for (LoginCheck check: ServiceLoader.load(LoginCheck.class)) {
>> + if (!check.isEnabled()) {
>> + continue;
>> + }
>> + String result = check.check(request, response);
>> + if (result != null) {
>> + return result;
>> + }
>> + }
>> + return "success";
>> + }
>> +
>> /**
>> * An HTTP WebEvent handler that checks to see is a userLogin
>> is logged in.
>> * If not, the user is forwarded to the login page.
>>
>>
>