[jira] [Commented] (OFBIZ-5312) Proposal: URL-Generation Changes
[ https://issues.apache.org/jira/browse/OFBIZ-5312?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13800439#comment-13800439 ] Parimal Gain commented on OFBIZ-5312: - Hi Jacques, Latest patch for this issue contains lots of file with duplicate entry, some file are repeating 3 times and some files are repeating 4 times, I have reviewed a 2-3 file and found no difference but couldn't look to all file, so is these file added to verify with Jinghai purposely or its added mistakenly Proposal: URL-Generation Changes Key: OFBIZ-5312 URL: https://issues.apache.org/jira/browse/OFBIZ-5312 Project: OFBiz Issue Type: New Feature Components: specialpurpose/ecommerce Affects Versions: SVN trunk Reporter: Jacques Le Roux Assignee: Jacques Le Roux Priority: Minor Labels: changes, ecommerce, friendly, seo, url Fix For: SVN trunk Attachments: OFBIZ-5312 - ofbiz-ecommerce-seo.patch, OFBIZ-5312 - ofbiz-ecommerce-seo.patch, OFBIZ-5312 - ofbiz-ecommerce-seo.patch, OFBIZ-5312 - ofbiz-ecommerce-seo.patch, OFBIZ-5312 - ofbiz-ecommerce-seo.patch, OFBIZ-5312 - ofbiz-ecommerce-seo.patch, SeoContextFilter.java.patch [This was proposed by Paul Piper in Nabble 7 months ago|http://ofbiz.135035.n4.nabble.com/Proposal-URL-Generation-Changes-td4639289.html]. Here is quoted Paul's proposal {quote} Hey Everyone, over at ilscipio (www.ilscipio.com) we developed a set of functional OFBiz changes that we believe the entire community could benefit from. The changes have been implemented in parts in Syracus (www.syracus.net) for a while now, but we figured that some of which are too crucial for ofbiz' success in the long run, so we are considering the contribution (as we did with the SOLR component). As you are probably aware, OFBiz has a pretty uncommon way of generating URLs. Most of this has to do with the fact that OFBiz uses a servlet (ControlServlet) to handle all requests. The servlet is mounted at /control, so that it won't interfere with other servlets. Though functionally valid, this has the sideeffect that all urls are actually created on /control, which is neither pretty, nor good by any measures of SEO. It also means that a few 302 redirects are necessary to forward the user from / to /control/main. It also makes requests more complicated, since many forwards are necessary whenever somebody wants to move away from this implementation. Since this is hurtful to many of the implementers, I wanted to discuss whether or not you guys would be interested in the changes we have made. The functional changes contain: * Removal of /control out of all the urls * SEO-friendly URLS * Configurable product/category and other URLs * Frontpage mapping from /main to / It was tested on our end and contains all necessary improvements (Transforms, Sample Configuration, Servlets Filters) for it to be applicable. If interested, I would create a new JIRA ticket for this and after a few minor internal discussions, we will gladly provide the rest of you with it. Regards, Paul {quote} There is even a patch, mostly done by Jinghai Shi, that I attach here. Even if it has been already used in [Syracus|http://syracus.net/] since early this year, some help would be needed to test it thoroughly in OFBiz. Then we should discuss if it's the way to go. I believe it is. Who needs a /control/ or /main by default in ecommerce urls? Would you not prefer http://localhost:8080/ecommerce/ over http://localhost:8080/ecommerce/control/main ? -- This message was sent by Atlassian JIRA (v6.1#6144)
buildbot success in ASF Buildbot on ofbiz-trunk
The Buildbot has detected a restored build on builder ofbiz-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/ofbiz-trunk/builds/4099 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: portunus_ubuntu Build Reason: scheduler Build Source Stamp: [branch ofbiz/trunk] 1534062 Blamelist: hansbak Build succeeded! sincerely, -The Buildbot
buildbot failure in ASF Buildbot on ofbiz-trunk-ARM
The Buildbot has detected a new failure on builder ofbiz-trunk-ARM while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/ofbiz-trunk-ARM/builds/650 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cal-2_ubuntu_ARM Build Reason: scheduler Build Source Stamp: [branch ofbiz/trunk] 1534062 Blamelist: hansbak BUILD FAILED: failed compile_1 sincerely, -The Buildbot
[jira] [Updated] (OFBIZ-5312) Proposal: URL-Generation Changes
[ https://issues.apache.org/jira/browse/OFBIZ-5312?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux updated OFBIZ-5312: --- Attachment: OFBIZ-5312 - ofbiz-ecommerce-seo.patch Hi Parimal, You are right, I don't clearly understand why. When I generate the patch, using any Subversion client, the entries are indeed duplicated. Fortunately, using the cmd line worked cleanly, here is a new patch attached, please check Proposal: URL-Generation Changes Key: OFBIZ-5312 URL: https://issues.apache.org/jira/browse/OFBIZ-5312 Project: OFBiz Issue Type: New Feature Components: specialpurpose/ecommerce Affects Versions: SVN trunk Reporter: Jacques Le Roux Assignee: Jacques Le Roux Priority: Minor Labels: changes, ecommerce, friendly, seo, url Fix For: SVN trunk Attachments: OFBIZ-5312 - ofbiz-ecommerce-seo.patch, OFBIZ-5312 - ofbiz-ecommerce-seo.patch, OFBIZ-5312 - ofbiz-ecommerce-seo.patch, OFBIZ-5312 - ofbiz-ecommerce-seo.patch, OFBIZ-5312 - ofbiz-ecommerce-seo.patch, OFBIZ-5312 - ofbiz-ecommerce-seo.patch, OFBIZ-5312 - ofbiz-ecommerce-seo.patch, SeoContextFilter.java.patch [This was proposed by Paul Piper in Nabble 7 months ago|http://ofbiz.135035.n4.nabble.com/Proposal-URL-Generation-Changes-td4639289.html]. Here is quoted Paul's proposal {quote} Hey Everyone, over at ilscipio (www.ilscipio.com) we developed a set of functional OFBiz changes that we believe the entire community could benefit from. The changes have been implemented in parts in Syracus (www.syracus.net) for a while now, but we figured that some of which are too crucial for ofbiz' success in the long run, so we are considering the contribution (as we did with the SOLR component). As you are probably aware, OFBiz has a pretty uncommon way of generating URLs. Most of this has to do with the fact that OFBiz uses a servlet (ControlServlet) to handle all requests. The servlet is mounted at /control, so that it won't interfere with other servlets. Though functionally valid, this has the sideeffect that all urls are actually created on /control, which is neither pretty, nor good by any measures of SEO. It also means that a few 302 redirects are necessary to forward the user from / to /control/main. It also makes requests more complicated, since many forwards are necessary whenever somebody wants to move away from this implementation. Since this is hurtful to many of the implementers, I wanted to discuss whether or not you guys would be interested in the changes we have made. The functional changes contain: * Removal of /control out of all the urls * SEO-friendly URLS * Configurable product/category and other URLs * Frontpage mapping from /main to / It was tested on our end and contains all necessary improvements (Transforms, Sample Configuration, Servlets Filters) for it to be applicable. If interested, I would create a new JIRA ticket for this and after a few minor internal discussions, we will gladly provide the rest of you with it. Regards, Paul {quote} There is even a patch, mostly done by Jinghai Shi, that I attach here. Even if it has been already used in [Syracus|http://syracus.net/] since early this year, some help would be needed to test it thoroughly in OFBiz. Then we should discuss if it's the way to go. I believe it is. Who needs a /control/ or /main by default in ecommerce urls? Would you not prefer http://localhost:8080/ecommerce/ over http://localhost:8080/ecommerce/control/main ? -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (OFBIZ-4041) Materialized views
[ https://issues.apache.org/jira/browse/OFBIZ-4041?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13800536#comment-13800536 ] Jacques Le Roux commented on OFBIZ-4041: Hi Daniel, Remember a few days you said :D. Do you think you ever will get a chance to work on it, or should I take over? Materialized views -- Key: OFBIZ-4041 URL: https://issues.apache.org/jira/browse/OFBIZ-4041 Project: OFBiz Issue Type: New Feature Components: framework Affects Versions: SVN trunk Reporter: Marc Morin Assignee: Jacques Le Roux Attachments: OFBIZ-4041.patch, OFBIZ-4041-V2.patch, OFBIZ-4041-V2.patch We make extensive use of view entities in our ofbiz application. We have noticed that when there is a large dataset and under some complex views, the query performance was not the best (not a index issue, just complex joins, etc...). With some commercial databases like Oracle, etc... we would have used materialized view semantics available for these dbms, but we are using PostgreSQL. So, we have extended the entity layer in Ofbiz to perform the materialization. This is pretty slick as all you need to do is the following: view-entity name=myView materialize=true.../view-entity and the system will do the following: - create a backing entity called myView that has the same fields as the view - backing entity has all the indexes inherited from the component entities - relations (fk,...) inherited from the component entities. - perform all the ECA actions automatically on all entities used in the view (direct members and nested members if case of view on views). (This is an eager update strategy only). So, the application doesn't change, it still accesses myView, but now, it's result is returned from the backing entity instead of the complex SQL statement. We're pretty excited about this feature!!! Really pushes Ofbiz framework to next level and allows materialized views to be more broadly used on dbms that don't naturally support it. We are prepared to contribute this feature back to the community if desired. A note of caution about it though we have added a visitor pattern to the model entities and this feature makes use of it. It would need to come with it. -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Closed] (OFBIZ-5220) request-redirect does not pass all parameters if none are specified with response-parameter
[ https://issues.apache.org/jira/browse/OFBIZ-5220?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux closed OFBIZ-5220. -- Resolution: Won't Fix Assignee: Jacques Le Roux request-redirect does not pass all parameters if none are specified with response-parameter --- Key: OFBIZ-5220 URL: https://issues.apache.org/jira/browse/OFBIZ-5220 Project: OFBiz Issue Type: Bug Components: framework Affects Versions: SVN trunk Environment: All Reporter: Skip Dever Assignee: Jacques Le Roux Attachments: OFBIZ-5220 - request-redirect does not pass all parameters if none are specified with response-parameter.patch, OFBIZ-5220 - request-redirect does not pass all parameters if none are specified with response-parameter.patch, RequestHandler.java Original Estimate: 0h Remaining Estimate: 0h The xsd documentation says Automatically redirect all current request parameters to the new request or only redirected ... This is broken. If you specify a request-redirect from a form (where the parameters are not in the url), these parameters are not passed on to the redirected url. -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Updated] (OFBIZ-4274) Implement a REST Servlet
[ https://issues.apache.org/jira/browse/OFBIZ-4274?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux updated OFBIZ-4274: --- Description: Implement a REST servlet that will map REST requests to OFBiz services. Details are in the comments. [here is the discussion which took place on the dev ML|http://markmail.org/message/ai6q2fbksowaayn4] was: Implement a REST servlet that will map REST requests to OFBiz services. Details are in the comments. Implement a REST Servlet Key: OFBIZ-4274 URL: https://issues.apache.org/jira/browse/OFBIZ-4274 Project: OFBiz Issue Type: New Feature Components: framework Reporter: Adrian Crum Priority: Minor Attachments: rest-conf.xml, RestExampleSchema.xsd, RestXmlRepresentation.xml Implement a REST servlet that will map REST requests to OFBiz services. Details are in the comments. [here is the discussion which took place on the dev ML|http://markmail.org/message/ai6q2fbksowaayn4] -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Comment Edited] (OFBIZ-4274) Implement a REST Servlet
[ https://issues.apache.org/jira/browse/OFBIZ-4274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13274230#comment-13274230 ] Jacques Le Roux edited comment on OFBIZ-4274 at 10/21/13 1:32 PM: -- Not directly related and not even to OFBiz, but for those interested by this issue here is an [article which pertains to REST|http://lukaszbudnik.blogspot.fr/2012/05/cxf-jax-rs-on-apache-tomee.html?q=rest] was (Author: jacques.le.roux): Not directly related and not even to OFBiz, but for those interested by this issue here is an [article which pertains to REST|http://jee-bpel-soa.blogspot.fr/2012/05/cxf-jax-rs-on-apache-tomee.html?utm_source=twitterfeedutm_medium=twitter] Implement a REST Servlet Key: OFBIZ-4274 URL: https://issues.apache.org/jira/browse/OFBIZ-4274 Project: OFBiz Issue Type: New Feature Components: framework Reporter: Adrian Crum Priority: Minor Attachments: rest-conf.xml, RestExampleSchema.xsd, RestXmlRepresentation.xml Implement a REST servlet that will map REST requests to OFBiz services. Details are in the comments. [here is the discussion which took place on the dev ML|http://markmail.org/message/ai6q2fbksowaayn4] -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (OFBIZ-4274) Implement a REST Servlet
[ https://issues.apache.org/jira/browse/OFBIZ-4274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13800754#comment-13800754 ] Jacques Le Roux commented on OFBIZ-4274: options is the way HATEOAS will be implemented? Implement a REST Servlet Key: OFBIZ-4274 URL: https://issues.apache.org/jira/browse/OFBIZ-4274 Project: OFBiz Issue Type: New Feature Components: framework Reporter: Adrian Crum Priority: Minor Attachments: rest-conf.xml, RestExampleSchema.xsd, RestXmlRepresentation.xml Implement a REST servlet that will map REST requests to OFBiz services. Details are in the comments. [here is the discussion which took place on the dev ML|http://markmail.org/message/ai6q2fbksowaayn4] -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (OFBIZ-5368) Incorrect OrderShipment quantity when adding shipment items
[ https://issues.apache.org/jira/browse/OFBIZ-5368?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13800758#comment-13800758 ] Christian Carlow commented on OFBIZ-5368: - In my opinion, the shipment and invoicing system need major work and rework. Incorrect OrderShipment quantity when adding shipment items --- Key: OFBIZ-5368 URL: https://issues.apache.org/jira/browse/OFBIZ-5368 Project: OFBiz Issue Type: Bug Affects Versions: Release Branch 12.04 Reporter: Christian Carlow The OrderShipment quantity is not calculated correctly when creating shipment items. To reproduce: 1. Click the Create New Ship Group for Shipment for an order ship group. 2. Navigate to the Shipment Plan page and add a quantity of 1 for an order item ship group 3. Navigate to the Order Item page and add a quantity of 1 for the same order item ship group used in the previous step After step 3 the OrderShipment record for the ship group should be 2 but it remains 1 which was set when the ship group was added in step 2. -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (OFBIZ-5368) Incorrect OrderShipment quantity when adding shipment items
[ https://issues.apache.org/jira/browse/OFBIZ-5368?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13800757#comment-13800757 ] Christian Carlow commented on OFBIZ-5368: - Seems like an item issuance creation should be prevented if the same Order Item has been already planned in the shipment because if you try to plan an Order Item that already has issuances records then an error message is generated that says that the Order Item has already been added to the shipment. Incorrect OrderShipment quantity when adding shipment items --- Key: OFBIZ-5368 URL: https://issues.apache.org/jira/browse/OFBIZ-5368 Project: OFBiz Issue Type: Bug Affects Versions: Release Branch 12.04 Reporter: Christian Carlow The OrderShipment quantity is not calculated correctly when creating shipment items. To reproduce: 1. Click the Create New Ship Group for Shipment for an order ship group. 2. Navigate to the Shipment Plan page and add a quantity of 1 for an order item ship group 3. Navigate to the Order Item page and add a quantity of 1 for the same order item ship group used in the previous step After step 3 the OrderShipment record for the ship group should be 2 but it remains 1 which was set when the ship group was added in step 2. -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Comment Edited] (OFBIZ-5368) Incorrect OrderShipment quantity when adding shipment items
[ https://issues.apache.org/jira/browse/OFBIZ-5368?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13800757#comment-13800757 ] Christian Carlow edited comment on OFBIZ-5368 at 10/21/13 3:56 PM: --- Seems like an item issuance creation should be prevented if the same Order Item has been already planned in the shipment because if you try to plan an Order Item that already has issuances records then this error message is displayed: Error:br/ Not adding Order Item to plan for shipment [10180] because the order item is already in the shipment (order [WSCO10262], order item [1]) br/ br/ was (Author: ofbizzer): Seems like an item issuance creation should be prevented if the same Order Item has been already planned in the shipment because if you try to plan an Order Item that already has issuances records then an error message is generated that says that the Order Item has already been added to the shipment. Incorrect OrderShipment quantity when adding shipment items --- Key: OFBIZ-5368 URL: https://issues.apache.org/jira/browse/OFBIZ-5368 Project: OFBiz Issue Type: Bug Affects Versions: Release Branch 12.04 Reporter: Christian Carlow The OrderShipment quantity is not calculated correctly when creating shipment items. To reproduce: 1. Click the Create New Ship Group for Shipment for an order ship group. 2. Navigate to the Shipment Plan page and add a quantity of 1 for an order item ship group 3. Navigate to the Order Item page and add a quantity of 1 for the same order item ship group used in the previous step After step 3 the OrderShipment record for the ship group should be 2 but it remains 1 which was set when the ship group was added in step 2. -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Updated] (OFBIZ-5348) Add ability to edit and remove itemIssuances from shipments
[ https://issues.apache.org/jira/browse/OFBIZ-5348?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Christian Carlow updated OFBIZ-5348: Summary: Add ability to edit and remove itemIssuances from shipments (was: Should ItemIssuances be changed after being created?) Add ability to edit and remove itemIssuances from shipments --- Key: OFBIZ-5348 URL: https://issues.apache.org/jira/browse/OFBIZ-5348 Project: OFBiz Issue Type: Improvement Affects Versions: Release Branch 12.04 Reporter: Christian Carlow Does anyone have a reason why itemIssuances should not be changed after being created? How are OrderItem quantities issued to shipments supposed to be corrected if entered incorrectly? If I issue 2 of an order item to a shipment but only meant to issue 1, how else would one go about correcting the issue quantity? Improving the Order Item page of the Facility - Shipments app to allow negative quantities could provide issue correction functionality but then additional logic would be required to prevent canceling issue quantities of shipments already shipped. Anyone have any other ideas about how to solve this problem? -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (OFBIZ-4274) Implement a REST Servlet
[ https://issues.apache.org/jira/browse/OFBIZ-4274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13800771#comment-13800771 ] Adrian Crum commented on OFBIZ-4274: No, response-hyperlink. Implement a REST Servlet Key: OFBIZ-4274 URL: https://issues.apache.org/jira/browse/OFBIZ-4274 Project: OFBiz Issue Type: New Feature Components: framework Reporter: Adrian Crum Priority: Minor Attachments: rest-conf.xml, RestExampleSchema.xsd, RestXmlRepresentation.xml Implement a REST servlet that will map REST requests to OFBiz services. Details are in the comments. [here is the discussion which took place on the dev ML|http://markmail.org/message/ai6q2fbksowaayn4] -- This message was sent by Atlassian JIRA (v6.1#6144)
buildbot failure in ASF Buildbot on ofbiz-trunk
The Buildbot has detected a new failure on builder ofbiz-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/ofbiz-trunk/builds/4102 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: portunus_ubuntu Build Reason: scheduler Build Source Stamp: [branch ofbiz/trunk] 1534276 Blamelist: jleroux BUILD FAILED: failed compile_1 sincerely, -The Buildbot
buildbot success in ASF Buildbot on ofbiz-trunk-ARM
The Buildbot has detected a restored build on builder ofbiz-trunk-ARM while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/ofbiz-trunk-ARM/builds/652 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cal-2_ubuntu_ARM Build Reason: scheduler Build Source Stamp: [branch ofbiz/trunk] 1534264 Blamelist: adrianc Build succeeded! sincerely, -The Buildbot
OfbizJsBsfEngine.java
Hi, Does someone still know when and why OfbizJsBsfEngine.java was removed from the repo? I guess it has been there once, in pre ASF era at least I'm curious, because we refer to it as it was there in 3 places Jacques
buildbot failure in ASF Buildbot on ofbiz-trunk-ARM
The Buildbot has detected a new failure on builder ofbiz-trunk-ARM while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/ofbiz-trunk-ARM/builds/653 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cal-2_ubuntu_ARM Build Reason: scheduler Build Source Stamp: [branch ofbiz/trunk] 1534276 Blamelist: jleroux BUILD FAILED: failed compile_1 sincerely, -The Buildbot
Re: OfbizJsBsfEngine.java
Hi Jacques, I found this: https://svn.atlassian.com/svn/public/atlassian/ofbiz-patched/tags/atlassian-2008-04-23/core/src/share/org/ofbiz/core/util/OfbizJsBsfEngine.java I trust it will help you. Regards, Pierre Smits *ORRTIZ.COM http://www.orrtiz.com* Services Solutions for Cloud- Based Manufacturing, Professional Services and Retail Trade http://www.orrtiz.com On Mon, Oct 21, 2013 at 6:53 PM, Jacques Le Roux jacques.le.r...@les7arts.com wrote: Hi, Does someone still know when and why OfbizJsBsfEngine.java was removed from the repo? I guess it has been there once, in pre ASF era at least I'm curious, because we refer to it as it was there in 3 places Jacques
Re: svn commit: r1534276 - /ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java
This commit breaks the embedded Catalina startup. Adrian Crum Sandglass Software www.sandglass-software.com On 10/21/2013 10:01 AM, jler...@apache.org wrote: Author: jleroux Date: Mon Oct 21 17:01:03 2013 New Revision: 1534276 URL: http://svn.apache.org/r1534276 Log: No functional change, fixes this message in Eclipse The method getContextPath() is undefined for the type ServletContext which does not prevent to compile though. Compiled with Oracle JVM 1.6.0.45 Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java?rev=1534276r1=1534275r2=1534276view=diff == --- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java (original) +++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java Mon Oct 21 17:01:03 2013 @@ -70,7 +70,7 @@ public class ControlServlet extends Http @Override public void init(ServletConfig config) throws ServletException { super.init(config); -if (Debug.infoOn()) Debug.logInfo(LOADING WEBAPP [ + config.getServletContext().getContextPath().substring(1) + ] + config.getServletContext().getServletContextName() + , located at + config.getServletContext().getRealPath(/), module); +if (Debug.infoOn()) Debug.logInfo(LOADING WEBAPP [ + ((HttpServletRequest) config.getServletContext()).getContextPath().substring(1) + ] + config.getServletContext().getServletContextName() + , located at + config.getServletContext().getRealPath(/), module); // configure custom BSF engines configureBsf();
Re: OfbizJsBsfEngine.java
Thanks Pierre, Yes I found that also. My question is more is if it has been commited in OFBiz repo in pre ASF era, and if yes why it has been removed Jacques Pierre Smits wrote: Hi Jacques, I found this: https://svn.atlassian.com/svn/public/atlassian/ofbiz-patched/tags/atlassian-2008-04-23/core/src/share/org/ofbiz/core/util/OfbizJsBsfEngine.java I trust it will help you. Regards, Pierre Smits *ORRTIZ.COM http://www.orrtiz.com* Services Solutions for Cloud- Based Manufacturing, Professional Services and Retail Trade http://www.orrtiz.com On Mon, Oct 21, 2013 at 6:53 PM, Jacques Le Roux jacques.le.r...@les7arts.com wrote: Hi, Does someone still know when and why OfbizJsBsfEngine.java was removed from the repo? I guess it has been there once, in pre ASF era at least I'm curious, because we refer to it as it was there in 3 places Jacques
[jira] [Comment Edited] (OFBIZ-5254) Services allow arbitrary HTML for parameters with allow-html set to safe
[ https://issues.apache.org/jira/browse/OFBIZ-5254?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13798892#comment-13798892 ] Jacques Le Roux edited comment on OFBIZ-5254 at 10/21/13 11:02 PM: --- == CLARIFY == Hans, if you use allow-html=any there are no worries for those characters. All characters are allowed and since those are generated by OFBiz email templates or such allow-html=any is OK. If this was your only concern then I will carefully put back allow-html=any where it should be used. Summary: for email services (and all secured one where OFBiz generates the content) the only difference will be that the useless log warnings from ESAPI will not show. Please read my comments above for more details.. was (Author: jacques.le.roux): Hans, if you use any there are no worries for those characters. All are allowed and since those are generated by OFBiz email templates or such allow-html=any is OK. If this was your only concern then I will carefully put back allow-html=any where it should be used. Summary: for email services (and all secured one where OFBiz generates the content) the only difference will be that the useless log warnings from ESAPI will not show. Please read my comments above for more details.. Services allow arbitrary HTML for parameters with allow-html set to safe -- Key: OFBIZ-5254 URL: https://issues.apache.org/jira/browse/OFBIZ-5254 Project: OFBiz Issue Type: Bug Components: framework Affects Versions: SVN trunk Reporter: Christoph Neuroth Assignee: Jacques Le Roux Labels: security For any given service with allow-html=safe parameters, the parameter data is not properly validated. See Model.Service.java:588: {code} StringUtil.checkStringForHtmlSafeOnly(modelParam.name, value, errorMessageList); {code} Looking at that method: {code} public static String checkStringForHtmlSafeOnly(String valueName, String value, ListString errorMessageList) { ValidationErrorList vel = new ValidationErrorList(); value = defaultWebValidator.getValidSafeHTML(valueName, value, Integer.MAX_VALUE, true, vel); errorMessageList.addAll(UtilGenerics.checkList(vel.errors(), String.class)); return value; } {code} you can see that it expects the defaultWebValidator.getValidSafeHTML would add all validation errors to the given ValidationErrorList, but if you look at the implementation of ESAPI that is not the case. First, consider the overloaded getValidSafeHTML that takes the ValidationErrorList: {code}public String getValidSafeHTML(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException { try { return getValidSafeHTML(context, input, maxLength, allowNull); } catch (ValidationException e) { errors.addError(context, e); } return input; } {code} Then, step into that method to see that ValidationExceptions are only thrown for things like exceeding the maximum length - not for policy violations that can be cleaned, such as tags that are not allowed by the policy: {code} AntiSamy as = new AntiSamy(); CleanResults test = as.scan(input, antiSamyPolicy); List errors = test.getErrorMessages(); if ( errors.size() 0 ) { // just create new exception to get it logged and intrusion detected new ValidationException( Invalid HTML input: context= + context, Invalid HTML input: context= + context + , errors= + errors, context ); } {code} I guess that is an expected, although maybe not clearly documented behavior of ESAPI: Non-cleanable violations throw the exception and therefore will fail the ofbiz service, while non-allowed tags are cleaned. However, if you consider ModelService:588 and following lines again: {code} StringUtil.checkStringForHtmlSafeOnly(modelParam.name, value, errorMessageList); //(...) if (errorMessageList.size() 0) { throw new ServiceValidationException(errorMessageList, this, mode); } {code} the cleaned return value is ignored. Therefore, you will see an IntrusionDetection in the logs, giving you a false sense of security but the unfiltered HTML will still go into the service. So, if you want the service to fail if non-allowed HTML is encountered, you should use isValidSafeHTML instead. If you want the incoming HTML to be filtered, you should
Re: svn commit: r1534404 - /ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java
The problem is you are trying to cast a javax.servlet.ServletContext to a javax.servlet.http.HttpServletRequest. Try changing the cast to (ServletContext). Adrian Crum Sandglass Software www.sandglass-software.com On 10/21/2013 3:48 PM, jler...@apache.org wrote: Author: jleroux Date: Mon Oct 21 22:48:29 2013 New Revision: 1534404 URL: http://svn.apache.org/r1534404 Log: No functional change, fixes this message in Eclipse The method getContextPath() is undefined for the type ServletContext which does not prevent to compile though. Compiled with Oracle JVM 1.6.0.45 As reported by Adrian in dev ML this commit breaks the embedded Catalina startup. java.lang.ClassCastException: org.apache.catalina.core.ApplicationContextFacade cannot be cast to javax.servlet.http.HttpServletRequest Before Oracle JVM 1.6.0.45 you could not even compile, interesting... I wonder what will happen when we will jump in Java 8, which we will need to do a day or another anyway... Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java?rev=1534404r1=1534403r2=1534404view=diff == --- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java (original) +++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java Mon Oct 21 22:48:29 2013 @@ -70,7 +70,7 @@ public class ControlServlet extends Http @Override public void init(ServletConfig config) throws ServletException { super.init(config); -if (Debug.infoOn()) Debug.logInfo(LOADING WEBAPP [ + ((HttpServletRequest) config.getServletContext()).getContextPath().substring(1) + ] + config.getServletContext().getServletContextName() + , located at + config.getServletContext().getRealPath(/), module); +if (Debug.infoOn()) Debug.logInfo(LOADING WEBAPP [ + config.getServletContext().getContextPath().substring(1) + ] + config.getServletContext().getServletContextName() + , located at + config.getServletContext().getRealPath(/), module); // configure custom BSF engines configureBsf();
buildbot success in ASF Buildbot on ofbiz-trunk
The Buildbot has detected a restored build on builder ofbiz-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/ofbiz-trunk/builds/4105 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: portunus_ubuntu Build Reason: scheduler Build Source Stamp: [branch ofbiz/trunk] 1534404 Blamelist: jleroux Build succeeded! sincerely, -The Buildbot
buildbot success in ASF Buildbot on ofbiz-trunk-ARM
The Buildbot has detected a restored build on builder ofbiz-trunk-ARM while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/ofbiz-trunk-ARM/builds/656 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cal-2_ubuntu_ARM Build Reason: scheduler Build Source Stamp: [branch ofbiz/trunk] 1534404 Blamelist: jleroux Build succeeded! sincerely, -The Buildbot
[jira] [Commented] (OFBIZ-5254) Services allow arbitrary HTML for parameters with allow-html set to safe
[ https://issues.apache.org/jira/browse/OFBIZ-5254?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13801399#comment-13801399 ] Hans Bakker commented on OFBIZ-5254: sounds fine Jacques and thanks taking care of of this. Regards, Hans Services allow arbitrary HTML for parameters with allow-html set to safe -- Key: OFBIZ-5254 URL: https://issues.apache.org/jira/browse/OFBIZ-5254 Project: OFBiz Issue Type: Bug Components: framework Affects Versions: SVN trunk Reporter: Christoph Neuroth Assignee: Jacques Le Roux Labels: security For any given service with allow-html=safe parameters, the parameter data is not properly validated. See Model.Service.java:588: {code} StringUtil.checkStringForHtmlSafeOnly(modelParam.name, value, errorMessageList); {code} Looking at that method: {code} public static String checkStringForHtmlSafeOnly(String valueName, String value, ListString errorMessageList) { ValidationErrorList vel = new ValidationErrorList(); value = defaultWebValidator.getValidSafeHTML(valueName, value, Integer.MAX_VALUE, true, vel); errorMessageList.addAll(UtilGenerics.checkList(vel.errors(), String.class)); return value; } {code} you can see that it expects the defaultWebValidator.getValidSafeHTML would add all validation errors to the given ValidationErrorList, but if you look at the implementation of ESAPI that is not the case. First, consider the overloaded getValidSafeHTML that takes the ValidationErrorList: {code}public String getValidSafeHTML(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException { try { return getValidSafeHTML(context, input, maxLength, allowNull); } catch (ValidationException e) { errors.addError(context, e); } return input; } {code} Then, step into that method to see that ValidationExceptions are only thrown for things like exceeding the maximum length - not for policy violations that can be cleaned, such as tags that are not allowed by the policy: {code} AntiSamy as = new AntiSamy(); CleanResults test = as.scan(input, antiSamyPolicy); List errors = test.getErrorMessages(); if ( errors.size() 0 ) { // just create new exception to get it logged and intrusion detected new ValidationException( Invalid HTML input: context= + context, Invalid HTML input: context= + context + , errors= + errors, context ); } {code} I guess that is an expected, although maybe not clearly documented behavior of ESAPI: Non-cleanable violations throw the exception and therefore will fail the ofbiz service, while non-allowed tags are cleaned. However, if you consider ModelService:588 and following lines again: {code} StringUtil.checkStringForHtmlSafeOnly(modelParam.name, value, errorMessageList); //(...) if (errorMessageList.size() 0) { throw new ServiceValidationException(errorMessageList, this, mode); } {code} the cleaned return value is ignored. Therefore, you will see an IntrusionDetection in the logs, giving you a false sense of security but the unfiltered HTML will still go into the service. So, if you want the service to fail if non-allowed HTML is encountered, you should use isValidSafeHTML instead. If you want the incoming HTML to be filtered, you should use the return value of getValidSafeHTML. Some additional notes on this: * When changing this, it should be properly documented as users may well be relying on this behavior - for example, we send full HTML mails to our customers for their ecommerce purchases and require HTML to go through - so maybe for services like the communicationEvents allowing only safe HTML might not be desired. * The ESAPI code samples above are from version 1.4.4. I was really surprised to find a JAR that is not only outdated, but patched and built by a third party, without even indicating that in the filename in OfBiz trunk. This has been there for years (see OFBIZ-3135) and should really be replaced with an official, up to date version since that issue was fixed upstream years ago. -- This message was sent by Atlassian JIRA (v6.1#6144)
buildbot failure in ASF Buildbot on ofbiz-trunk-ARM
The Buildbot has detected a new failure on builder ofbiz-trunk-ARM while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/ofbiz-trunk-ARM/builds/657 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cal-2_ubuntu_ARM Build Reason: scheduler Build Source Stamp: [branch ofbiz/trunk] 1534478 Blamelist: hansbak BUILD FAILED: failed compile_1 sincerely, -The Buildbot
buildbot success in ASF Buildbot on ofbiz-trunk-ARM
The Buildbot has detected a restored build on builder ofbiz-trunk-ARM while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/ofbiz-trunk-ARM/builds/658 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cal-2_ubuntu_ARM Build Reason: scheduler Build Source Stamp: [branch ofbiz/trunk] 1534488 Blamelist: adrianc Build succeeded! sincerely, -The Buildbot