OK, I'll create a branch in our svn, change the license to Apache and attach the code in JIRA later.
On Guy's implement and mine, here are the compares (just a discussion, not a judgement): Guy's implement: 1.1 Use CAS Client in web.xml which will filter every request. If no CAS ticket, the request will be forward to CAS login page. If pass CAS check, use OFBiz check login. 1.2 No matter what authentication source is used behind CAS. 1.3 Can use CAS 1.0, 2.0 and SAML 1.1 protocal to validate ticket. 1.4 Can create userLogin entity automatically. 1.5 Don't know user's securtiy group and role if the user is new to OFBiz. 1.6 No single sign out. 1.7 When CAS server fail, no alternative method to make user login OFBiz as no way to get password from CAS now (maybe later in CAS 4.0). My implement: 1.1 Use Handler class to authenticate user. 1.1.1 When use CAS, OFBiz check login. If not logged in, the handler will check CAS ticket. If the ticket is invalide or no ticket, the request will be forward to CAS login page. 1.2 Can authenticate user from OpenLDAP, ActiveDirectory, CAS-OpenLDAP and CAS-ActiveDirectory. 1.3 Only use CAS 1.0 protocal to validate ticket now. 1.4 Can create userLogin entity automatically and sysnc user's info from LDAP server to OFBiz entities. 1.5 Can create user's security group and role automatically and configruable. 1.6 Can sigle sign out. 1.7 When LDAP server fail, user can login by OFBiz directly (this is configurable). When CAS server fail, no alternative method to make user login OFBiz as no way to get password from CAS now (maybe later in CAS 4.0). I feel the scenes of the two implements are quite different. My implement is based on LDAP and CASifying is a bonus, that's why it's named in OFBiz-LDAP component. Guy's implement is real CAS intended. Regards, Shi Yusen/Beijing Langhua Ltd. 在 2008-08-26二的 11:56 +0200,Jacques Le Roux写道: > Shi, > > Sorry another time, I just read the end of your comment > https://issues.apache.org/jira/browse/OFBIZ-1689?focusedCommentId=12625267#action_12625267 > > It's now obvious that you want to contribute the code to OFBiz. > Then you just have to follow > http://docs.ofbiz.org/display/OFBADMIN/OFBiz+Contributors+Best+Practices > > BTW the JA-SIG's licence is OK for OFBiz as long as we respect the NOTICE > file use (and we do :o) > http://www.ja-sig.org/products/cas/overview/license/index.html > > I guess coordinating with Guy would be good > https://issues.apache.org/jira/browse/OFBIZ-1906 > > Jacques > > From: "Jacques Le Roux" <[EMAIL PROTECTED]> > > Sorry Shi, > > > > 2 points here > > > > 1st : it's a misunderstanding and it's my fault. I wrongly read that Guy > > would use your code. But it's not the case as he (and its > > team, or the place where he works, I guess as he used "we") wrote > > <<We have been integrating CAS with the latest code from head...>>. So I > > guess now they already have their own code, more or less > > working... > > > > 2d : as BJ pointed out, because the licence your work uses (LGPL), obviouly > > it can't be integrated in OFBiz > > http://docs.ofbiz.org/display/OFBIZ/About+Apache+Software+Fundation+Licence+and+more... > > > > But I'm not sure from your questions below if you want it integrated or > > not... > > > > Jacques > > PS : I post a copy on dev ML as it's always better to open up such > > discussion... with more brains... > > > > From: "Shi Yusen" <[EMAIL PROTECTED]> > >> Hi Jacques, > >> > >> Sorry for my bad English. May I ask what's the meaning? > >> 1. As long as I submit the code and select grant for apache license? > >> 2. As long as I remove my name in the source code? > >> > >> or others? > >> > >> Regards, > >> > >> Shi Yusen/Beijing Langhua Ltd. > >> > >> > >> 在 2008-08-26二的 09:20 +0200,Jacques Le Roux写道: > >>> We could help on this as long as the code submitted is not a copy of Shi's > >>> > >>> Jacques > >>> > >>> From: "BJ Freeman" <[EMAIL PROTECTED]> > >>> > The license of this component is LGPL. > >>> > can not be included in the svn > >>> > only apache license > >>> > there is a web.xml for each component in ofbiz > >>> > the structure is different > >>> > Log in and out go thru a single form and is handles thru the session. > >>> > > >>> > > >>> > Guy Gershoni sent the following on 8/25/2008 6:28 PM: > >>> >> Hi Shi, > >>> >> > >>> >> Just wondering if your code handles Single Sign Out. We have been > >>> >> integrating CAS with the latest code from head... if you use the CAS > >>> >> Java client (include it in the web.xml of apps you want to lock down) > >>> >> then you can work with the existing framework to log users in see... > >>> >> https://issues.apache.org/jira/browse/OFBIZ-1906. CAS will destroy > >>> >> the session and that is being caught by Ofbiz but there is a small bug > >>> >> that we are fixing to allow automatic logout. > >>> >> > >>> >> If we can get support from a commiter I would be happy to help get CAS > >>> >> fully functional in Ofbiz 5... it doesn't look like a lot of work. > >>> >> > >>> >> QUESTION: In the default install of Tomcat one has a /config/web.xml > >>> >> file that sets stuff up for all applications in the server... does a > >>> >> similar web.xml exist in the embedded Tomcat that comes with Ofbiz? > >>> >> > >>> >> Guy > >>> >> > >>> >> On Mon, Aug 25, 2008 at 5:49 PM, Shi Yusen (JIRA) <[EMAIL PROTECTED]> > >>> >> wrote: > >>> >>> [ > >>> >>> https://issues.apache.org/jira/browse/OFBIZ-1689?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12625267#action_12625267 > >>> >>> ] > >>> >>> > >>> >>> Shi Yusen commented on OFBIZ-1689: > >>> >>> ---------------------------------- > >>> >>> > >>> >>> OFBiz-LDAP component supports the following scenes: OFBiz-OpenLDAP, > >>> >>> OFBiz-ActiveDirectory, OFBiz-CAS-OpenLDAP and > >>> >>> OFBiz-CAS-ActiveDirectory. It's also possible to extend it to support > >>> >>> other SSO products such as TAM. > >>> >>> > >>> >>> The license of this component is LGPL. > >>> >>> > >>> >>> The latest version of this component is tested in Fedora Core 9, Sun > >>> >>> JDK 1.6, OFBiz 4.0, OpenLDAP 2.4.8, CAS 3.2.1.1. > >>> >>> > >>> >>> You can get the source code from: > >>> >>> > >>> >>> SVN: > >>> >>> > >>> >>> http://www.langhua.cn/langhua/ofbiz-components/OFBiz-LDAP/ > >>> >>> > >>> >>> Username: anon > >>> >>> > >>> >>> Password: anon > >>> >>> > >>> >>> > >>> >>> > >>> >>> ViewVC: > >>> >>> > >>> >>> http://www.langhua.cn/viewvc/ofbiz-components/OFBiz-LDAP/ > >>> >>> > >>> >>> > >>> >>> > >>> >>> You can download CAS 3.2.1.1 from http://www.ja-sig.org/products/cas/ > >>> >>> > >>> >>> > >>> >>> > >>> >>> User guide: > >>> >>> > >>> >>> 1. > >>> >>> > >>> >>> Use Eclipse SVN plugin download OFBiz-LDAP component from > >>> >>> http://www.langhua.cn/langhua/ofbiz-components/OFBiz-LDAP/branch/ofbiz4.0-cas3.2.1.1-openldap2.4.8/ > >>> >>> as a new Java project. > >>> >>> 2. Edit build.xml of the new project, change ofbiz.home property > >>> >>> to the path where your OFBiz is. > >>> >>> 3. > >>> >>> > >>> >>> Run ofbiz.copy of build.xml, OFBiz-LDAP component will be > >>> >>> deployed to {ofbiz.home}/specialpurpose/ldap/. > >>> >>> 4. Edit {ofbiz.home}/specialpurpose/build.xml, add ldap/build.xml: > >>> >>> > >>> >>> <filelist id="application-builds" dir="." files="pos/build.xml, > >>> >>> hhfacility/build.xml, assetmaint/build.xml, > >>> >>> ldap/build.xml"/> > >>> >>> > >>> >>> 5. > >>> >>> > >>> >>> Edit {ofbiz.home}/specialpurpose/component-load.xml, add > >>> >>> > >>> >>> <load-component > >>> >>> component-location="${ofbiz.home}/specialpurpose/ldap"/> > >>> >>> 6. > >>> >>> > >>> >>> If nessecery, change getPartyId and getSecurityGroup in > >>> >>> /cn/langhua/ofbiz/ldap/commons/A_OFBizAuthenticationHandler.java. > >>> >>> 7. > >>> >>> > >>> >>> Run build of {ofbiz.home}/build.xml. > >>> >>> 8. If CAS is deployed in tomcat in the same computer with OFBiz, > >>> >>> change tomcat's ssl port to another value such as 8444 > >>> >>> and > >>> >>> restart tomcat. > >>> >>> 9. Edit the configurations in > >>> >>> {ofbiz.home}/specialpurpose/ldap/config/ldap.xml. > >>> >>> 10. > >>> >>> > >>> >>> Change checkLogin, login and logout in every > >>> >>> WEB-INF/controller.xml: > >>> >>> > >>> >>> <!-- Security Mappings --> > >>> >>> > >>> >>> <request-map uri="checkLogin" edit="false"> > >>> >>> > >>> >>> <description>Verify a user is logged in.</description> > >>> >>> > >>> >>> <security https="true" auth="false"/> > >>> >>> > >>> >>> <event type="java" path="cn.langhua.ofbiz.ldap.LdapLoginWorker" > >>> >>> invoke="checkLogin" /> > >>> >>> > >>> >>> <response name="success" type="view" value="main" /> > >>> >>> > >>> >>> <response name="error" type="view" value="login" /> > >>> >>> > >>> >>> </request-map> > >>> >>> > >>> >>> > >>> >>> <request-map uri="login"> > >>> >>> > >>> >>> <security https="true" auth="false"/> > >>> >>> > >>> >>> <event type="java" path="cn.langhua.ofbiz.ldap.LdapLoginWorker" > >>> >>> invoke="login"/> > >>> >>> > >>> >>> <response name="success" type="view" value="main"/> > >>> >>> > >>> >>> <response name="error" type="view" value="login"/> > >>> >>> > >>> >>> </request-map> > >>> >>> > >>> >>> > >>> >>> <request-map uri="logout"> > >>> >>> > >>> >>> <security https="true" auth="true"/> > >>> >>> > >>> >>> <event type="java" path="cn.langhua.ofbiz.ldap.LdapLoginWorker" > >>> >>> invoke="logout"/> > >>> >>> > >>> >>> <response name="success" type="request" value="checkLogin"/> > >>> >>> > >>> >>> <response name="error" type="view" value="main"/> > >>> >>> > >>> >>> </request-map> > >>> >>> > >>> >>> <!-- End of Security Mappings --> > >>> >>> > >>> >>> > >>> >>> 11. Run OFBiz. Try to login OFBiz, you'll be redirect to CAS login > >>> >>> page. Input a correct username and password, you'll be > >>> >>> able > >>> >>> to login OFBiz. > >>> >>> 12. Click Logout in OFBiz, you'll be redirect to CAS logout page. > >>> >>> > >>> >>> > >>> >>> To BJ Freeman: > >>> >>> I think it should work for trunk though I haven't test it, last time > >>> >>> I downloaded the trunk, unfortunately I couldn't make > >>> >>> it > >>> >>> run. I'll try to test it in trunk again. > >>> >>> > >>> >>> To Jacques Le Roux: > >>> >>> I do like to contribute the source code to OFBiz. The OFBiz-LDAP > >>> >>> component includes a jar from ja-sig CAS, I'm not sure > >>> >>> whether > >>> >>> its license is acceptable for Apache. Here's the license of CAS: > >>> >>> http://www.ja-sig.org/products/cas/overview/license/index.html > >>> >>> > >>> >>>> CASifying OFBiz > >>> >>>> --------------- > >>> >>>> > >>> >>>> Key: OFBIZ-1689 > >>> >>>> URL: https://issues.apache.org/jira/browse/OFBIZ-1689 > >>> >>>> Project: OFBiz > >>> >>>> Issue Type: New Feature > >>> >>>> Components: ALL COMPONENTS > >>> >>>> Affects Versions: Release Branch 4.0 > >>> >>>> Reporter: Shi Yusen > >>> >>>> Assignee: Jacques Le Roux > >>> >>>> Priority: Trivial > >>> >>>> Fix For: Release Branch 4.0 > >>> >>>> > >>> >>>> Original Estimate: 336h > >>> >>>> Remaining Estimate: 336h > >>> >>>> > >>> >>>> I'll start my work on CASifying OFBiz, the method will be similar to > >>> >>>> this one: > >>> >>>> http://www.ja-sig.org/wiki/display/CASC/CASifying+OpenCms > >>> >>>> Please keep this issue open, I'll post my code to this issue when > >>> >>>> it's done. > >>> >>>> I'm eager to hear your suggestions on this topic. > >>> >>>> TIA > >>> >>>> Shi Yusen/Beijing Langhua Ltd. > >>> >>> -- > >>> >>> This message is automatically generated by JIRA. > >>> >>> - > >>> >>> You can reply to this email to add a comment to the issue online. > >>> >>> > >>> >>> > >>> >> > >>> >> > >>> >> > >>> > > >>> > >> > > >
