[
https://issues.apache.org/jira/browse/OFBIZ-13193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18078723#comment-18078723
]
Jacques Le Roux commented on OFBIZ-13193:
-----------------------------------------
As we can see above, INFRA-27893 is closed (striked out). The graph is now
visible, that should help.
> Circular dependency: base and common components have compile-time
> dependencies on webapp and widget
> -----------------------------------------------------------------------------------------------------
>
> Key: OFBIZ-13193
> URL: https://issues.apache.org/jira/browse/OFBIZ-13193
> Project: OFBiz
> Issue Type: Improvement
> Components: framework/base, framework/common
> Affects Versions: 24.09.05
> Reporter: aldous liu
> Priority: Major
> Labels: Architecture
> Attachments: issue.txt
>
> Original Estimate: 672h
> Remaining Estimate: 672h
>
> Problem:
> The framework foundation components (base, common, security) have hard
> compile-time imports from the higher-level UI components (webapp, widget).
> This violates the layered architecture principle and prevents building a
> headless / non-web / embedded OFBiz distribution where the web layer is
> excluded from the classpath.
> Current dependency graph (ideal → actual):
> Expected: Actual:
> base base ──────────────> widget
> ├─ entity │ └──────────────> webapp
> ├─ security │
> ├─ common common ────────────> widget
> ├─ service │ └──────────────> webapp
> │ │
> ├─ webapp (UI layer) security ──────────> webapp
> └─ widget (UI layer)
> Affected files with wrong-way imports:
> framework/base should not depend on UI:
>
> ┌──────────────────────────────────────────────┬───────────────────────────────────────────────────────────────────┐
> │ File │ Imports
> from removed component │
>
> ├──────────────────────────────────────────────┼───────────────────────────────────────────────────────────────────┤
> │ │
> webapp.control.ConfigXMLReader, webapp.control.SameSiteFilter, │
> │ base/.../util/UtilHttp.java │
> webapp.event.FileUploadProgressListener, │
> │ │
> widget.renderer.VisualTheme │
>
> ├──────────────────────────────────────────────┼───────────────────────────────────────────────────────────────────┤
> │ base/.../util/UtilHtml.java │ widget.model.ThemeFactory
> │
>
> ├──────────────────────────────────────────────┼───────────────────────────────────────────────────────────────────┤
> │ base/.../util/template/FreeMarkerWorker.java │ widget.model.ModelWidget
> │
>
> ├──────────────────────────────────────────────┼───────────────────────────────────────────────────────────────────┤
> │ base/.../util/string/UelFunctions.java │
> widget.renderer.ScreenRenderer │
>
> └──────────────────────────────────────────────┴───────────────────────────────────────────────────────────────────┘
> framework/common should not depend on UI:
>
> ┌────────────────────────────────────────────┬─────────────────────────────────────────────────────────────────────┐
> │ File │ Imports
> from removed component │
>
> ├────────────────────────────────────────────┼─────────────────────────────────────────────────────────────────────┤
> │ common/.../CommonEvents.java │ webapp.control.JWTManager,
> webapp.control.LoginWorker, │
> │ │ widget.model.*,
> widget.renderer.VisualTheme │
>
> ├────────────────────────────────────────────┼─────────────────────────────────────────────────────────────────────┤
> │ common/.../login/LoginServices.java │ webapp.control.LoginWorker
> │
>
> ├────────────────────────────────────────────┼─────────────────────────────────────────────────────────────────────┤
> │ common/.../email/EmailServices.java │ webapp.view.ApacheFopWorker,
> widget.model.ThemeFactory, │
> │ │ widget.renderer.*
> │
>
> ├────────────────────────────────────────────┼─────────────────────────────────────────────────────────────────────┤
> │ common/.../email/NotificationServices.java │ webapp.OfbizUrlBuilder,
> webapp.WebAppUtil │
>
> ├────────────────────────────────────────────┼─────────────────────────────────────────────────────────────────────┤
> │ common/.../UrlServletHelper.java │ webapp.WebAppUtil,
> webapp.website.WebSiteWorker │
>
> ├────────────────────────────────────────────┼─────────────────────────────────────────────────────────────────────┤
> │ common/.../scripting/ContextHelper.java │ widget.renderer.VisualTheme
> │
>
> └────────────────────────────────────────────┴─────────────────────────────────────────────────────────────────────┘
> framework/security should not depend on UI:
>
> ┌────────────────────────────────────────┬─────────────────────────────────────────────────────────────────────────┐
> │ File │ Imports from
> removed component │
>
> ├────────────────────────────────────────┼─────────────────────────────────────────────────────────────────────────┤
> │ security/.../SecurityUtil.java │ webapp.control.JWTManager
> │
>
> ├────────────────────────────────────────┼─────────────────────────────────────────────────────────────────────────┤
> │ security/.../CsrfUtil.java │ webapp.control.ConfigXMLReader,
> webapp.control.RequestHandler, │
> │ │
> webapp.control.RequestHandlerException │
>
> ├────────────────────────────────────────┼─────────────────────────────────────────────────────────────────────────┤
> │ security/.../CsrfDefenseStrategy.java │
> webapp.control.RequestHandlerExceptionAllowExternalRequests │
>
> ├────────────────────────────────────────┼─────────────────────────────────────────────────────────────────────────┤
> │ security/.../ICsrfDefenseStrategy.java │
> webapp.control.RequestHandlerExceptionAllowExternalRequests │
>
> └────────────────────────────────────────┴─────────────────────────────────────────────────────────────────────────┘
> Practical impact:
> When a user wants to embed OFBiz as a headless backend (Entity Engine +
> Service Engine only, no Tomcat/Servlet
> container), they cannot exclude webapp and widget from the Gradle build
> because:
> 1. activeComponents() in common.gradle reads component-load.xml to
> determine both the compile-time source set AND the
> runtime component list
> 2. Removing webapp/widget from component-load.xml causes 15+ compilation
> errors across base, common, and security
> Workaround:
> Keep webapp and widget in component-load.xml (so they compile), but accept
> that unwanted entity tables (BrowserType,
> PlatformType, Visit, ServerHit, WebSite, etc.) will be created in the
> database by the entity engine.
> Suggested resolution:
> 1. Move VisualTheme, ThemeFactory, ModelWidget from widget to common (or
> create a theme-api interface in base)
> 2. Move JWTManager from webapp to security
> 3. Extract LoginWorker core auth logic to security — the
> webapp.control.LoginWorker should be an HTTP-specific wrapper
> 4. Remove CsrfUtil / CsrfDefenseStrategy from security — CSRF is a
> web-layer concern; these classes should live in
> webapp
> 5. Remove UrlServletHelper from common — it's purely servlet-related
> 6. Refactor UtilHttp.java to extract the widget/webapp-specific parts into
> webapp
> 7. Refactor CommonEvents.java to extract widget/theme-related methods
> This separation would allow headless deployments to exclude the webapp and
> widget components entirely at both compile
> time and runtime.
> OFBiz Version: 24.09.05 (trunk)
> Component(s): framework/base, framework/common, framework/security,
> framework/webapp, framework/widget
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
