Did you try what I said?
You can easily check by svn updating to r1819133 and removing the wrapper
in ContextFilter.java.
Maybe we need to revert Tomcat SSO then?
Jacques
Le 23/03/2018 à 03:39, Scott Gray a écrit :
Something else must be wrong Jacques, I can't understand what you're saying
in the ticket description or in your reply above but I do know the
following:
OFBiz is perfectly capable of knowing that
org.apache.catalina.connector.RequestFacade
implements the javax.servlet.http.HttpServletRequest and it should pass
type validation without errors.
Since we know that, this commit becomes unnecessary.
Regards
Scott
On 22 March 2018 at 16:06, Jacques Le Roux <jacques.le.r...@les7arts.com>
wrote:
Michael,
I commited http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/fra
mework/webapp/src/main/java/org/apache/ofbiz/webapp/contro
l/ContextFilter.java?r1=1813679&r2=1813678&pathrev=1813679
Where I added a wrapper. Then for "Tomcat SSO" (OFBIZ-10047) James
committed
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/fra
mework/common/servicedef/services.xml?r1=1819133&r2=1819132&
pathrev=1819133
If I had not committed the wrapper in ContextFilter.java beforehand, James
would not have been allowed to commit
<attribute name="request" mode="IN" type="javax.servlet.http.HttpServletRequest"
optional="true"/>
Because it's then rejected, because then the userLogin service actually
receive an org.apache.catalina.connector.RequestFacade (RequestFacade
implements HttpServletRequest.)
You can easily check by svn updating to r1819133 and removing the wrapper
in ContextFilter.java.
You are right that it ties OFBiz to Tomcat. We took this decision
sometimes ago and we no longer support other webapp servers OOTB, nor tools
like Jetty.
So OFBiz OOTB totally depends on Tomcat as the build.gradle file shows. So
I think it's safe to use a RequestFacade there.
If an user feels the need to use another webapp servers or Jetty, I think
changing that would not be the most of the worries (the rest being much
more frightening, I know I did it once with Geronimo).
Since the check is done at the service level, it's hard to do otherwise
But I must say I did not dig too much and it's maybe possible, we can
discuss that...
Jacques
Le 22/03/2018 à 16:22, Michael Brohl a écrit :
Mmhhh, Jacques,
I think this is problematic because it ties a special implementation for
Tomcat to the service. I didn't see this anywhere else.
The issue (https://issues.apache.org/jira/browse/OFBIZ-10304) is a bit
unclear and I don't get the purpose of this change.
Can you please explain more clearly which problem this changes solves and
why we'll need org.apache.catalina.connector.RequestFacade as the type?
Thanks,
Michael
Am 21.03.18 um 21:53 schrieb jler...@apache.org:
Author: jleroux
Date: Wed Mar 21 20:53:41 2018
New Revision: 1827439
URL: http://svn.apache.org/viewvc?rev=1827439&view=rev
Log:
Fixed: The "request" attribute type of the userLogin service is wrong
(OFBIZ-10304)
It should have been org.apache.catalina.connector.RequestFacade"
instead of javax.servlet.http.HttpServletRequest see the Jira for
details
Modified:
ofbiz/ofbiz-framework/trunk/framework/common/servicedef/services.xml
Modified: ofbiz/ofbiz-framework/trunk/framework/common/servicedef/serv
ices.xml
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/fra
mework/common/servicedef/services.xml?rev=1827439&r1=1827438
&r2=1827439&view=diff
============================================================
==================
--- ofbiz/ofbiz-framework/trunk/framework/common/servicedef/services.xml
(original)
+++ ofbiz/ofbiz-framework/trunk/framework/common/servicedef/services.xml
Wed Mar 21 20:53:41 2018
@@ -379,7 +379,7 @@ under the License.
<service name="userLogin" engine="java" location="
org.apache.ofbiz.common.login.LoginServices" invoke="userLogin">
<description>Used to Automatically Authenticate a
username/password; create a UserLogin object</description>
<implements service="authenticationInterface"/>
- <attribute name="request" mode="IN"
type="javax.servlet.http.HttpServletRequest" optional="true"/>
+ <attribute name="request" mode="IN"
type="org.apache.catalina.connector.RequestFacade" optional="true"/>
</service>
<service name="createUserLogin" engine="java" auth="false"
location="org.apache.ofbiz.common.login.LoginServices"
invoke="createUserLogin">
