Thank you Jacques! Perhaps we can build a cloud-ready (SAAS version) OFBiz and add such a common clause :)
-----邮件原件----- 发件人: Jacques Le Roux [mailto:jacques.le.r...@les7arts.com] 发送时间: 2018年8月22日 12:11 收件人: dev@ofbiz.apache.org 主题: Re: OFBIZ-10307: Navigate from a domain to another with automated signed in authentication Hi Jinghai, You maybe read it already, what did redislabs very recently might be affecting you https://redislabs.com/community/commons-clause/ Jacques Le 15/08/2018 à 14:37, Shi Jinghai a écrit : > Dear Jacques, > > On how to store the Tokens, as a token is a key, value is the UserLogin > entity and/or other info, a key-value db, Redis[1] is a good choice. Redis is > no.7 in db ranking in Aug 2018[2], becomes more and more popular. Goldman > Sachs invested Redis team in last year[3]. It's common view now in China that > Redis is better than any others including Gemfire of Pivotal, the railway > ticket system of China replaced its 3 Gemfire clusters with 3 Redis clusters > last year and then there are much less complains on how difficulties to buy > spring festival tickets. > > Mr. Dai Haipeng contributed a Redis component in Jira[4]. > > [1] https://redis.io/ > [2] https://db-engines.com/en/ranking > [3] > https://redislabs.com/press/redis-labs-secures-44-million-funding-led-goldman-sachs-private-capital-investing-strengthen-database-leadership/ > [4] https://issues.apache.org/jira/browse/OFBIZ-9829 > > BTW, I'll try to review the patches. > > Kind Regards, > > Shi Jinghai > > -----邮件原件----- > 发件人: Jacques Le Roux [mailto:jacques.le.r...@les7arts.com] > 发送时间: 2018年8月15日 15:09 > 收件人: dev@ofbiz.apache.org > 主题: OFBIZ-10307: Navigate from a domain to another with automated signed in > authentication > > Hi, > > Some time ago I created https://issues.apache.org/jira/browse/OFBIZ-10307. > > I asked for reviews but only Taher answered and he asked to know the goal of > this new feature. > > It was actually developed for a client who needed to get from one OFBiz > instance on a server (on a domain) to another OFBiz instance on another > server (on another domain) without having to sign up between the 2 while > keeping things secure. > > There could be many reasons why you want to split OFBiz application on > servers. In their case it was for performance issues. > > The technology used is as secure as possible. Like OAuth 2.0 it uses a token > but it does not need a middle authorization server (think to two-factor > authentication) because it's only for OFBiz instances of the same version. > > To commit this work we need 1st to agree an commit the work done by Deepak at > OFBIZ-9833 "Token Based Authentication" that I use in my last patch. > > For me there is only one question outstanding: how to store the Token secret. > But this should not prevent us to commit Deepak's work. > > It's now a long time (9 months) since I started this work. And my last patch > is ready for a month. > > I crossed several issues which are now all resolved. So please review and > answer to this thread. > > Without negative comments well argumented I'll commit both OFBIZ-9833 and > OFBIZ-10307 in a week. You can always test and review later, we use RTC. > > Also a veto on a commit is always possible... Of course, as ever, a good > consensus is preferred. > > Let me know if you need more information about the goal. For the technical > details I think I already provided them the in OFBIZ-10307. > > Jacques >