You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by Hans Bakker <ma...@antwebsystems.com> on 2013/11/02 10:22:59 UTC

Re: svn commit: r1497892 - in /ofbiz/trunk/framework: common/webcommon/WEB-INF/common-controller.xml webapp/src/org/ofbiz/webapp/control/LoginCheck.java webapp/src/org/ofbiz/webapp/control/LoginWorker.java

Hi Adam,

perhaps a bit late....yes i am interested in the openid client and 
server implementation and i would appreciate if you could commit 
it.....if the community is not in favor i would appreciate to receive 
your your patches

regards,
Hans

On 06/29/2013 02:10 AM, Adam Heath wrote:
> I have a component that allows ofbiz to use an external install of 
> JaSig CAS, and has both an openid client *and* server implementation.  
> Is the rest of the community interested in such a component?
>
> On 06/28/2013 02:08 PM, doogie@apache.org wrote:
>> Author: doogie
>> Date: Fri Jun 28 19:08:32 2013
>> New Revision: 1497892
>>
>> URL: http://svn.apache.org/r1497892
>> Log:
>> FEATURE: Add extension points to the controller login workflow; this
>> allows other components to automatically insert themselves, without
>> having to modify any existing files.  This can be used for integrating
>> with Jasig CAS, or with OpenID.
>>
>> Added:
>> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginCheck.java
>> Modified:
>> ofbiz/trunk/framework/common/webcommon/WEB-INF/common-controller.xml
>> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
>>
>> Modified: 
>> ofbiz/trunk/framework/common/webcommon/WEB-INF/common-controller.xml
>> URL: 
>> http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/webcommon/WEB-INF/common-controller.xml?rev=1497892&r1=1497891&r2=1497892&view=diff
>> ============================================================================== 
>>
>> --- 
>> ofbiz/trunk/framework/common/webcommon/WEB-INF/common-controller.xml 
>> (original)
>> +++ 
>> ofbiz/trunk/framework/common/webcommon/WEB-INF/common-controller.xml 
>> Fri Jun 28 19:08:32 2013
>> @@ -32,6 +32,7 @@ under the License.
>>           <event name="checkServletRequestRemoteUserLogin" 
>> type="java" path="org.ofbiz.webapp.control.LoginWorker" 
>> invoke="checkServletRequestRemoteUserLogin"/>
>>           <event name="checkExternalLoginKey" type="java" 
>> path="org.ofbiz.webapp.control.LoginWorker" 
>> invoke="checkExternalLoginKey"/>
>>           <event name="checkProtectedView" type="java" 
>> path="org.ofbiz.webapp.control.ProtectViewWorker" 
>> invoke="checkProtectedView"/>
>> +<event name="extensionConnectLogin" type="java" 
>> path="org.ofbiz.webapp.control.LoginWorker" 
>> invoke="extensionConnectLogin"/>
>>       </preprocessor>
>>       <postprocessor>
>>           <!-- Events to run on every request after all other 
>> processing (chains exempt) -->
>> @@ -41,14 +42,14 @@ under the License.
>>       <request-map uri="checkLogin" edit="false">
>>           <description>Verify a user is logged in.</description>
>>           <security https="true" auth="false"/>
>> -<event type="java" path="org.ofbiz.webapp.control.LoginWorker" 
>> invoke="checkLogin"/>
>> +<event type="java" path="org.ofbiz.webapp.control.LoginWorker" 
>> invoke="extensionCheckLogin"/>
>>           <response name="success" type="view" value="main"/>
>>           <response name="error" type="view" value="login"/>
>>       </request-map>
>>       <request-map uri="ajaxCheckLogin" edit="false">
>>           <description>Verify a user is logged in.</description>
>>           <security https="true" auth="false"/>
>> -<event type="java" path="org.ofbiz.webapp.control.LoginWorker" 
>> invoke="checkLogin"/>
>> +<event type="java" path="org.ofbiz.webapp.control.LoginWorker" 
>> invoke="extensionCheckLogin"/>
>>           <response name="success" type="view" value="main"/>
>>           <response name="error" type="view" value="ajaxLogin"/>
>>       </request-map>
>>
>> Added: 
>> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginCheck.java
>> URL: 
>> http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginCheck.java?rev=1497892&view=auto
>> ============================================================================== 
>>
>> --- 
>> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginCheck.java 
>> (added)
>> +++ 
>> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginCheck.java 
>> Fri Jun 28 19:08:32 2013
>> @@ -0,0 +1,28 @@
>> +/******************************************************************************* 
>>
>> + * Licensed to the Apache Software Foundation (ASF) under one
>> + * or more contributor license agreements.  See the NOTICE file
>> + * distributed with this work for additional information
>> + * regarding copyright ownership.  The ASF licenses this file
>> + * to you under the Apache License, Version 2.0 (the
>> + * "License"); you may not use this file except in compliance
>> + * with the License.  You may obtain a copy of the License at
>> + *
>> + * http://www.apache.org/licenses/LICENSE-2.0
>> + *
>> + * Unless required by applicable law or agreed to in writing,
>> + * software distributed under the License is distributed on an
>> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
>> + * KIND, either express or implied.  See the License for the
>> + * specific language governing permissions and limitations
>> + * under the License.
>> + 
>> *******************************************************************************/
>> +package org.ofbiz.webapp.control;
>> +
>> +import javax.servlet.http.HttpServletRequest;
>> +import javax.servlet.http.HttpServletResponse;
>> +
>> +public interface LoginCheck {
>> +    boolean isEnabled();
>> +    String associate(HttpServletRequest request, HttpServletResponse 
>> response);
>> +    String check(HttpServletRequest request, HttpServletResponse 
>> response);
>> +}
>>
>> Modified: 
>> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
>> URL: 
>> http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java?rev=1497892&r1=1497891&r2=1497892&view=diff
>> ============================================================================== 
>>
>> --- 
>> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java 
>> (original)
>> +++ 
>> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java 
>> Fri Jun 28 19:08:32 2013
>> @@ -25,6 +25,7 @@ import java.security.cert.X509Certificat
>>   import java.sql.Timestamp;
>>   import java.util.List;
>>   import java.util.Map;
>> +import java.util.ServiceLoader;
>>   import java.util.regex.Matcher;
>>   import java.util.regex.Pattern;
>>
>> @@ -246,6 +247,56 @@ public class LoginWorker {
>>           return userLogin;
>>       }
>>
>> +    /** This WebEvent allows for java 'services' to hook into the 
>> login path.
>> +     * This method loads all instances of {@link LoginCheck}, and 
>> calls the
>> +     * {@link LoginCheck#associate} method.  The first 
>> implementation to return
>> +     * a non-null value gets that value returned to the caller.  
>> Returning
>> +     * "none" will abort processing, while anything else gets looked 
>> up in
>> +     * outer view dispatch.  This event is called when the current 
>> request
>> +     * needs to have a validly logged in user; it is a wrapper 
>> around {@link
>> +     * #checkLogin}.
>> +     *
>> +     * @param request The HTTP request object for the current JSP or 
>> Servlet request.
>> +     * @param response The HTTP response object for the current JSP 
>> or Servlet request.
>> +     * @return String
>> +     */
>> +    public static String extensionCheckLogin(HttpServletRequest 
>> request, HttpServletResponse response) {
>> +        for (LoginCheck check: ServiceLoader.load(LoginCheck.class)) {
>> +            if (!check.isEnabled()) {
>> +                continue;
>> +            }
>> +            String result = check.associate(request, response);
>> +            if (result != null) {
>> +                return result;
>> +            }
>> +        }
>> +        return checkLogin(request, response);
>> +    }
>> +
>> +    /** This WebEvent allows for java 'services' to hook into the 
>> login path.
>> +     * This method loads all instances of {@link LoginCheck}, and 
>> calls the
>> +     * {@link LoginCheck#check} method.  The first implementation to 
>> return
>> +     * a non-null value gets that value returned to the caller.  
>> Returning
>> +     * "none" will abort processing, while anything else gets looked 
>> up in
>> +     * outer view dispatch; for preprocessors, only "success" makes 
>> sense.
>> +     *
>> +     * @param request The HTTP request object for the current JSP or 
>> Servlet request.
>> +     * @param response The HTTP response object for the current JSP 
>> or Servlet request.
>> +     * @return String
>> +     */
>> +    public static String extensionConnectLogin(HttpServletRequest 
>> request, HttpServletResponse response) {
>> +        for (LoginCheck check: ServiceLoader.load(LoginCheck.class)) {
>> +            if (!check.isEnabled()) {
>> +                continue;
>> +            }
>> +            String result = check.check(request, response);
>> +            if (result != null) {
>> +                return result;
>> +            }
>> +        }
>> +        return "success";
>> +    }
>> +
>>       /**
>>        * An HTTP WebEvent handler that checks to see is a userLogin 
>> is logged in.
>>        * If not, the user is forwarded to the login page.
>>
>>
>