Author: jleroux
Date: Thu Nov 22 15:07:19 2018
New Revision: 1847177
URL: http://svn.apache.org/viewvc?rev=1847177&view=rev
Log:
Documented: no functional changes
Formats too long lines in wa-cross-domains-SSO.adoc
Fixes references in bt-creating reports.adoc
Fixes text in bt-report master creation.adoc
Modified:
ofbiz/ofbiz-framework/trunk/framework/webapp/src/docs/asciidoc/_include/wa-cross-domains-SSO.adoc
ofbiz/ofbiz-plugins/trunk/birt/src/docs/asciidoc/_include/bt-creating
reports.adoc
ofbiz/ofbiz-plugins/trunk/birt/src/docs/asciidoc/_include/bt-report master
creation.adoc
Modified:
ofbiz/ofbiz-framework/trunk/framework/webapp/src/docs/asciidoc/_include/wa-cross-domains-SSO.adoc
URL:
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/docs/asciidoc/_include/wa-cross-domains-SSO.adoc?rev=1847177&r1=1847176&r2=1847177&view=diff
==============================================================================
---
ofbiz/ofbiz-framework/trunk/framework/webapp/src/docs/asciidoc/_include/wa-cross-domains-SSO.adoc
(original)
+++
ofbiz/ofbiz-framework/trunk/framework/webapp/src/docs/asciidoc/_include/wa-cross-domains-SSO.adoc
Thu Nov 22 15:07:19 2018
@@ -18,11 +18,14 @@ under the License.
////
==== Cross-domains Single Sign On (SSO)
-In some cases you need to split the OFBiz applications on different servers,
and possibly in production on different domains. This can happen for different
reasons, most often for performance reason.
+In some cases you need to split the OFBiz applications on different servers,
and possibly in production on different domains.
+This can happen for different reasons, most often for performance reason.
-As it's annoying to give each time a credential when changing from an OFBiz
application to another on the same server, the same applies when changing from
an OFBiz application to another on another domain.
+As it's annoying to give each time a credential when changing from an OFBiz
application to another on the same server,
+the same applies when changing from an OFBiz application to another on another
domain.
-To prevent that on the same server, the ExternalLoginKey mechanism is used.
The cross-domains SSO feature allows to navigate from a domain to another with
automated SSO.
+To prevent that on the same server, the ExternalLoginKey mechanism is used.
+The cross-domains SSO feature allows to navigate from a domain to another with
automated SSO.
It based on 3 technologies:
@@ -36,28 +39,43 @@ Ajax:: Ajax, now well known I guess, in
The mechanism is simple.
.On the source side:
-. When an user log in in an application (webApp) a webappName.securedLoginId
cookie is created. This cookie will be used by the mechanism to know the
current logged in user. _Note that all webappName.securedLoginId cookies are
deleted when the user session is closed or time out. Hence (apart also using an
intrinsically secured cookie) the mechanim is secured, even on shared machines.
Of course if people are sharing a machine during their sessions, things could
get complicated. This unlikely later case is not taken in account._
+. When an user log in in an application (webApp) a webappName.securedLoginId
cookie is created.
+This cookie will be used by the mechanism to know the current logged in user.
+_Note that all webappName.securedLoginId cookies are deleted when the user
session is closed or time out.
+Hence (apart also using an intrinsically secured cookie) the mechanim is
secured, even on shared machines.
+Of course if people are sharing a machine during their sessions, things could
get complicated.
+This unlikely later case is not taken in account._
+
+. The user is given a JavaScript link which passes the URL to reach and the
calling webapp name to
+the sendJWT() Ajax function.
-. The user is given a JavaScript link which passes the URL to reach and the
calling webapp name to the sendJWT() Ajax function.
+. The sendJWT() Ajax function calls the loadJWT() Ajax function which in turn
calls
+the CommonEvents::loadJWT method through the common controller.
-. The sendJWT() Ajax function calls the loadJWT() Ajax function which in turn
calls the CommonEvents::loadJWT method through the common controller.
+. The CommonEvents::loadJWT method uses the calling webapp name to retrieve
the userLoginId from the secured
+webappName.securedLoginId cookie, creates a JWT containing the userLoginId,
and returns it to the loadJWT() Ajax function.
-. The CommonEvents::loadJWT method uses the calling webapp name to retrieve
the userLoginId from the secured webappName.securedLoginId cookie, creates a
JWT containing the userLoginId, and returns it to the loadJWT() Ajax function.
-
-. Then the sendJWT() Ajax function sends an Authorization header containing
the JWT to the URL to reach. At this stage, if all things are correct, the flow
leaves the source side.
+. Then the sendJWT() Ajax function sends an Authorization header containing
the JWT to the URL to reach.
+At this stage, if all things are correct, the flow leaves the source side.
.On the server side:
-. A CORS policy is needed. _Without it, the Authorization token containing the
JWT will be rejected. It's a simple policy but you need to strictly define the
authorized domains. Never use the lazy "*" for domains (ie all domains), else
the
https://en.wikipedia.org/wiki/Cross-origin_resource_sharing#Preflight_example[preflight
request] will not work._ Here is an example for Apache HTTPD (domain value is
"https://localhost:8443"; for official OFBiz demo):
-
-* Header set Access-Control-Allow-Origin domain
-* Header set Access-Control-Allow-Headers "Authorization"
-* Header set Access-Control-Allow-Credentials "true"
+. A CORS policy is needed. _Without it, the Authorization token containing the
JWT will be rejected.
+It's a simple policy but you need to strictly define the authorized domains.
Never use the lazy "*" for domains
+(ie all domains), else the
https://en.wikipedia.org/wiki/Cross-origin_resource_sharing#Preflight_example[preflight
request] will not work._
+Here is an example for Apache HTTPD (domain value is "https://localhost:8443";
for official OFBiz demo):
+
+[source,]
+----
+Header set Access-Control-Allow-Origin domain
+Header set Access-Control-Allow-Headers "Authorization"
+Header set Access-Control-Allow-Credentials "true"
+----
-. The checkJWTLogin preprocessor, similar to the checkExternalLoginKey,
intercepts the JWT, checks it and if all is OK signs the user on. That's it !
+. The checkJWTLogin preprocessor, similar to the checkExternalLoginKey,
intercepts the JWT, checks it and
+if all is OK signs the user on. That's it !
-In the example component, the FormWidgetExamples screen contains 2 new fields
in the LinksExampleForm which demonstrate the use from a local instance to the
trunk demo instance.
+In the example component, the FormWidgetExamples screen contains 2 new fields
in the LinksExampleForm which
+demonstrate the use from a local instance to the trunk demo instance.
If you are interested in more details you may refer to
https://issues.apache.org/jira/browse/OFBIZ-10307
-
-
Modified: ofbiz/ofbiz-plugins/trunk/birt/src/docs/asciidoc/_include/bt-creating
reports.adoc
URL:
http://svn.apache.org/viewvc/ofbiz/ofbiz-plugins/trunk/birt/src/docs/asciidoc/_include/bt-creating%20reports.adoc?rev=1847177&r1=1847176&r2=1847177&view=diff
==============================================================================
--- ofbiz/ofbiz-plugins/trunk/birt/src/docs/asciidoc/_include/bt-creating
reports.adoc (original)
+++ ofbiz/ofbiz-plugins/trunk/birt/src/docs/asciidoc/_include/bt-creating
reports.adoc Thu Nov 22 15:07:19 2018
@@ -10,7 +10,7 @@ A flexible report is an OFBiz content of
* OFBiz framework
* The Birt plugin
-* The BIRT Report Designer: <<bt-using the birt report
designer.adoc#_using_the_birt_report_designer,Using the Birt Report Designer>>
+* The BIRT Report Designer: <<#_using_the_birt_report_designer,Using the Birt
Report Designer>>
==== Report creation
@@ -37,7 +37,7 @@ This first panel allows you to change th
==== The .rptdesign report file: download, edit, upload and publish it
-To really use the report you need to download the .rptdesign file from the
server in a location from where you can edit it with the BIRT Report Designer.
So you need to install first the BIRT Report Designer. Then you can edit the
.rptdesign file in the BIRT Report Designer. For that refer to <<bt-using the
birt report designer.adoc#_using_the_birt_report_designer,Using the Birt Report
Designer>>.
+To really use the report you need to download the .rptdesign file from the
server in a location from where you can edit it with the BIRT Report Designer.
So you need to install first the BIRT Report Designer. Then you can edit the
.rptdesign file in the BIRT Report Designer. For that refer to
<<#_using_the_birt_report_designer,Using the Birt Report Designer>>.
===== Editing the downloaded file
Modified: ofbiz/ofbiz-plugins/trunk/birt/src/docs/asciidoc/_include/bt-report
master creation.adoc
URL:
http://svn.apache.org/viewvc/ofbiz/ofbiz-plugins/trunk/birt/src/docs/asciidoc/_include/bt-report%20master%20creation.adoc?rev=1847177&r1=1847176&r2=1847177&view=diff
==============================================================================
--- ofbiz/ofbiz-plugins/trunk/birt/src/docs/asciidoc/_include/bt-report master
creation.adoc (original)
+++ ofbiz/ofbiz-plugins/trunk/birt/src/docs/asciidoc/_include/bt-report master
creation.adoc Thu Nov 22 15:07:19 2018
@@ -55,9 +55,9 @@ Your Report Master is created ! You can
==== Report Master based on a service
-Create in plugins/birt/src/org/ofbiz/birt/birt/BirtMasterReportServices.java 2
dedicated services (see examples there)
+In
plugins/birt/src/main/java/org/apache/ofbiz/birt/flexible/BirtMasterReportServices.java
there is 2 sets of dedicated services (see examples there)
-. The first one, which name will return 4 items:
+. In each set the first service, will return 4 items:
** an object of type Map<String, String> called dataMap. *Keys*: data field
names. *Values*: data types (OFBiz types).
** an object of type Map<String, String> called fieldDisplayLabels. *Keys*:
data field names. *Values*: the names displayed to the user. This output is
optional, should it be missing, the keys will be displayed.
** an object of type Map<String, String> called filterMap. *Keys*: data
filtering field names (exact names used for the form fields). *Values*: data
type (OFBiz type). This output is optional, if missing, filters can not be
displayed on the report.
@@ -66,14 +66,16 @@ Create in plugins/birt/src/org/ofbiz/bir
[source,java]
----
- Map<String, Object> parameters = (Map<String, Object>)
reportContext.getParameterValue("parameters");
+ Map<String, Object> parameters =
UtilGenerics.checkMap(reportContext.getParameterValue("parameters"));
----
This Map will give access fields of the filtering form.
-This service will return a list called list of type List+++<GenericValue>+++,
containing the data. A Map<String, Object> would also do.+++</GenericValue>+++
+This service will return a list of type List<GenericValue>, containing the
data. A Map<String, Object> would also do.
+
+Then,
. create the parent form in the file
plugins/birt/widget/birt/BirtMasterForms.xml.
-Field names created here must be then names used on the Map parameters of the
previous service, and also corresponding to the map filterMap.
+Field names created here must be the names used on the Map parameters of the
previous service, and also corresponding to the map filterMap.
[source,xml]
----
