Hi Girish, I've been able to authenticate with the REST api using the token you mentioned.
I find the REST service very interesting as I think it has the potential to drastically simplify some of the lookup-style functionality currently implemented. As an extension to your PR I tried out a couple of things that might be useful while you continue to explore REST service opportunities. Please see this branch: https://github.com/danwatford/ofbiz-framework/commits/rest-experiements-based-on-pr214 There are two commits on top of PR214. The first commit uses REST to look up State/Province values for a given country. This functionality is used when editing postal addresses. In this commit I've modified the editcontactmech form to use a REST endpoint to retrieve state/province information. If you have demo data loaded locally you can see the result here: https://localhost:8443/partymgr/control/editcontactmech?partyId=Company&contactMechId=10000 There wasn't too much of a saving here as the controller servlet is already configured to return JSON in response to these lookups, but making use of REST would sidestep the need to create controller.xml entries. The second commit uses REST to look up User Logins for the autocomplete field displayed here: https://localhost:8443/partymgr/control/main As you type into the User Login ID field REST calls are made to endpoint https://localhost:8443/rest/services/lookupUserLogin to search for matching user logins. The potential savings for this style of lookup are a reduction in complexity on the client and server side. At the moment AJAX lookup requests are processed as regular screen renderings, but with a decorator-loaded screen detecting that the ajaxLookup parameter is set and then triggering common/groovyScripts/FindAutocompleteOptions.groovy to run to perform the search. The search results are then encoded as a piece of javascript inside an HTML response. The client loads that HTML response into an automatically generated div, causing the javascript to execute and populate a global variable. The client then reads that global variable to generate the options to be displayed by the autocomplete widget. It is quite a convoluted chain of code to follow, but I imagine it was necessary at the time to make lookups work with the screen view rendering approach. Calling REST services instead will remove the need to generate javascript scripts embedded in HTML responses. Please note, the code written is very hacky at the moment and hardcoded to have ofbiz accessible at https://localhost:8443/. Notifying the client code of REST endpoints has been done by 'inappropriately reusing' other configuration items. Looking forward to seeing what comes next. Perhaps we could create a new ModelForm.RestLookupField to work similarly to ModelForm.LookupField, but making use of REST calls instead. Thanks, Dan. On Sun, 2 Aug 2020 at 11:03, Girish Vasmatkar < girish.vasmat...@hotwaxsystems.com> wrote: > Hi Daniel > > You can use the JWT token in the README of. Sorry, if it is not clearly > documented, this will be improved upon further as I make more changes. > https://github.com/girishvasmatkar/ofbiz-plugins/tree/trunk/ofbiz-rest-impl > > I need to implement an API endpoint that eventually generates a JWT token > that can be issued to the client to make subsequent API calls. Until then, > please use the once mentioned in the README examples. That JWT has userId > claim value as admin assuming admin would have got himself authenticated > and a JWT was issued to him. > > I will soon add an API endpoint to issue JWTs and will update README > accordingly. I hope that answers your question. > > Best Regards, > Girish > > > > > > > > On Sun, Aug 2, 2020 at 3:21 PM Daniel Watford <d...@foomoo.co.uk> wrote: > > > Hi Girish, > > > > I wanted to try out some REST calls using Swagger-ui ( > > https://localhost:8443/docs/swagger-ui.html) but don't know how to > > authenticate to get a JWT. > > > > Apologies if I missed the instructions elsewhere but please could you > > advise on how to authenticate against the REST api? > > > > Thanks, > > > > Dan. > > > > On Fri, 31 Jul 2020 at 09:34, Girish Vasmatkar < > > girish.vasmat...@hotwaxsystems.com> wrote: > > > > > Greetings! > > > > > > I have created a PR to add a REST component - > > > https://github.com/apache/ofbiz-plugins/pull/35 . Please take a look > > > and let me know what you think and let me know if you face any issues. > I > > > intend to merge it in a week from now. > > > > > > With the PR (https://github.com/apache/ofbiz-framework/pull/214) to > add > > > "action" attribute to the service definition now merged, this above > > > component should be able to expose exportable (export=true) and > > > actionable(action=GET|POST) services via REST. > > > > > > Once the changes for nested attributes (OFBIZ-11902 > > > <https://issues.apache.org/jira/browse/OFBIZ-11902>) are done, I will > > also > > > be making corresponding changes in the GraphQL plugin to account for > > nested > > > attributes. OFBIZ-11902 > > > <https://issues.apache.org/jira/browse/OFBIZ-11902> will > > > help in defining complex GraphQL mutations. > > > > > > I am parallelly also working on designing an XML DSL for REST that > should > > > allow tying up REST resources with OFBiz services. > > > > > > Best, > > > Girish > > > > > > > > > > > > On Thu, Jul 9, 2020 at 6:27 PM Shi Jinghai <huaru...@hotmail.com> > wrote: > > > > > > > Hi Girish, > > > > > > > > Yes, you got it. > > > > > > > > Web browser will popup a login dialog when response code is 401: > > > > setResponseHeader("WWW-Authenticate", "Bearer realm=\"authentication > > > > required\""); > > > > > > > > The popup is skipped and then react/vue/angular can handle the > > response: > > > > setResponseHeader("WWW-Authenticate", "OFBiz realm=\"authentication > > > > required\""); > > > > > > > > > > > > 发件人: Girish Vasmatkar<mailto:girish.vasmat...@hotwaxsystems.com> > > > > 发送时间: 2020年7月9日 14:54 > > > > 收件人: dev@ofbiz.apache.org<mailto:dev@ofbiz.apache.org> > > > > 主题: Re: REST implementation > > > > > > > > Hi Shi > > > > > > > > Thanks for taking a look at it. I have a question on > "WWW-Authenticate" > > > > header so please clarify and I can make appropriate changes > > accordingly - > > > > > > > > All I am finding is that to prevent the pop-up, either return 403 > > (which > > > I > > > > do not want to do) or not include "WWW-Authenticate" header at all > (not > > > > inclined to do this as well because then we would be violating the > > spec). > > > > Do you mean to NOT start the value of the header with "Bearer" ? > > > > so instead of below > > > > > > > > *WWW-Authenticate: Bearer realm="Access to OFBiz", charset="UTF-8"* > > > > > > > > should we change it to > > > > > > > > *WWW-Authenticate: xBearer realm="Access to OFBiz", charset="UTF-8"* > > > > > > > > I did not test it, but I can just change it like this without testing > > if > > > > you can please confirm it will prevent the browser dialog. > > > > > > > > Thanks again for the review. > > > > > > > > Best, > > > > Girish > > > > > > > > On Wed, Jul 8, 2020 at 8:45 PM Shi Jinghai <huaru...@hotmail.com> > > wrote: > > > > > > > > > Hi Girish, > > > > > > > > > > Excellent. > > > > > > > > > > Only one suggestion from my quick view, when response code is 401, > > the > > > > > "WWW-Authenticate" header should be set to start with a word NOT > > > “Bearer > > > > > …”, this can prevent web browser from popping up a login dialog. > > > > > > > > > > Kind Regards, > > > > > > > > > > Shi Jinghai > > > > > > > > > > 发件人: Girish Vasmatkar<mailto:girish.vasmat...@hotwaxsystems.com> > > > > > 发送时间: 2020年7月8日 20:47 > > > > > 收件人: dev@ofbiz.apache.org<mailto:dev@ofbiz.apache.org> > > > > > 主题: Re: REST implementation > > > > > > > > > > Hi Folks > > > > > > > > > > I have added support for OpenApi Integration. The updated code can > be > > > > found > > > > > here : https://github.com/girishvasmatkar/ofbiz-rest-impl. Please > go > > > > > through the changes and test at your end and let me know your > > thoughts. > > > > > > > > > > I am planning to do some refactoring and then raise initial PR for > > the > > > > > plug-in if the changes look good to everyone. > > > > > > > > > > Best, > > > > > Girish > > > > > > > > > > > > > > > On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer < > > > > > cars...@dcs-verkaufssysteme.de> wrote: > > > > > > > > > > > Hi Girish, > > > > > > > > > > > > Thanks to clarify :) > > > > > > What caught me on the OpenAPI integration is the snippet quoted > > below > > > > and > > > > > > I realize I should have read it in context. Actually then it is > > > aligned > > > > > > with my view. > > > > > > > > > > > > Warm regards > > > > > > > > > > > > Carsten > > > > > > > > > > > > >>>>> Initial implementation does not contain OpenApi integration > > > yet. > > > > > And > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > Daniel Watford > > > -- Daniel Watford
