date:20131021

The Buildbot has detected a restored build on builder ofbiz-trunk while 
building ASF Buildbot.
Full details are available at:
 http://ci.apache.org/builders/ofbiz-trunk/builds/4099

Buildbot URL: http://ci.apache.org/

Buildslave for this Build: portunus_ubuntu

Build Reason: scheduler
Build Source Stamp: [branch ofbiz/trunk] 1534062
Blamelist: hansbak

Build succeeded!

sincerely,
 -The Buildbot

buildbot failure in ASF Buildbot on ofbiz-trunk-ARM

The Buildbot has detected a new failure on builder ofbiz-trunk-ARM while 
building ASF Buildbot.
Full details are available at:
 http://ci.apache.org/builders/ofbiz-trunk-ARM/builds/650

Buildbot URL: http://ci.apache.org/

Buildslave for this Build: bb-cal-2_ubuntu_ARM

Build Reason: scheduler
Build Source Stamp: [branch ofbiz/trunk] 1534062
Blamelist: hansbak

BUILD FAILED: failed compile_1

sincerely,
 -The Buildbot

[jira] [Updated] (OFBIZ-5312) Proposal: URL-Generation Changes

[
https://issues.apache.org/jira/browse/OFBIZ-5312?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jacques Le Roux updated OFBIZ-5312:
---

Attachment: OFBIZ-5312 - ofbiz-ecommerce-seo.patch

Hi Parimal,

You are right, I don't clearly understand why. When I generate the patch, using
any Subversion client, the entries are indeed duplicated. Fortunately, using
the cmd line worked cleanly, here is a new patch attached, please check

Proposal: URL-Generation Changes

Key: OFBIZ-5312
URL: https://issues.apache.org/jira/browse/OFBIZ-5312
Project: OFBiz
Issue Type: New Feature
Components: specialpurpose/ecommerce
Affects Versions: SVN trunk
Reporter: Jacques Le Roux
Assignee: Jacques Le Roux
Priority: Minor
Labels: changes, ecommerce, friendly, seo, url
Fix For: SVN trunk

Attachments: OFBIZ-5312 - ofbiz-ecommerce-seo.patch, OFBIZ-5312 -
ofbiz-ecommerce-seo.patch, OFBIZ-5312 - ofbiz-ecommerce-seo.patch, OFBIZ-5312
- ofbiz-ecommerce-seo.patch, OFBIZ-5312 - ofbiz-ecommerce-seo.patch,
OFBIZ-5312 - ofbiz-ecommerce-seo.patch, OFBIZ-5312 -
ofbiz-ecommerce-seo.patch, SeoContextFilter.java.patch

[This was proposed by Paul Piper in Nabble 7 months
ago|http://ofbiz.135035.n4.nabble.com/Proposal-URL-Generation-Changes-td4639289.html].
Here is quoted Paul's proposal
{quote}
Hey Everyone,
over at ilscipio (www.ilscipio.com) we developed a set of functional OFBiz
changes that we believe the entire community could benefit from. The changes
have been implemented in parts in Syracus (www.syracus.net) for a while now,
but we figured that some of which are too crucial for ofbiz' success in the
long run, so we are considering the contribution (as we did with the SOLR
component).
As you are probably aware, OFBiz has a pretty uncommon way of generating
URLs. Most of this has to do with the fact that OFBiz uses a servlet
(ControlServlet) to handle all requests. The servlet is mounted at /control,
so that it won't interfere with other servlets. Though functionally valid,
this has the sideeffect that all urls are actually created on /control, which
is neither pretty, nor good by any measures of SEO. It also means that a few
302 redirects are necessary to forward the user from / to /control/main. It
also makes requests more complicated, since many forwards are necessary
whenever somebody wants to move away from this implementation.
Since this is hurtful to many of the implementers, I wanted to discuss
whether or not you guys would be interested in the changes we have made. The
functional changes contain:
* Removal of /control out of all the urls
* SEO-friendly URLS
* Configurable product/category and other URLs
* Frontpage mapping from /main to /
It was tested on our end and contains all necessary improvements (Transforms,
Sample Configuration, Servlets Filters) for it to be applicable.
If interested, I would create a new JIRA ticket for this and after a few
minor internal discussions, we will gladly provide the rest of you with it.
Regards,
Paul
{quote}
There is even a patch, mostly done by Jinghai Shi, that I attach here. Even
if it has been already used in [Syracus|http://syracus.net/] since early this
year, some help would be needed to test it thoroughly in OFBiz.
Then we should discuss if it's the way to go. I believe it is. Who needs a
/control/ or /main by default in ecommerce urls? Would you not prefer
http://localhost:8080/ecommerce/ over
http://localhost:8080/ecommerce/control/main ?

--
This message was sent by Atlassian JIRA
(v6.1#6144)

[jira] [Commented] (OFBIZ-4041) Materialized views

[
https://issues.apache.org/jira/browse/OFBIZ-4041?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13800536#comment-13800536
]

Jacques Le Roux commented on OFBIZ-4041:

Hi Daniel,

Remember a few days you said :D. Do you think you ever will get a chance to
work on it, or should I take over?

Materialized views
--

Key: OFBIZ-4041
URL: https://issues.apache.org/jira/browse/OFBIZ-4041
Project: OFBiz
Issue Type: New Feature
Components: framework
Affects Versions: SVN trunk
Reporter: Marc Morin
Assignee: Jacques Le Roux
Attachments: OFBIZ-4041.patch, OFBIZ-4041-V2.patch,
OFBIZ-4041-V2.patch

We make extensive use of view entities in our ofbiz application. We have
noticed that when there is a large dataset and under some complex views, the
query performance was not the best (not a index issue, just complex joins,
etc...).
With some commercial databases like Oracle, etc... we would have used
materialized view semantics available for these dbms, but we are using
PostgreSQL.
So, we have extended the entity layer in Ofbiz to perform the
materialization. This is pretty slick as all you need to do is the following:
view-entity name=myView materialize=true.../view-entity
and the system will do the following:
- create a backing entity called myView that has the same fields as the view
- backing entity has all the indexes inherited from the component entities
- relations (fk,...) inherited from the component entities.
- perform all the ECA actions automatically on all entities used in the view
(direct members and nested members if case of view on views). (This is an
eager update strategy only).
So, the application doesn't change, it still accesses myView, but now, it's
result is returned from the backing entity instead of the complex SQL
statement.
We're pretty excited about this feature!!! Really pushes Ofbiz framework to
next level and allows materialized views to be more broadly used on dbms that
don't naturally support it.
We are prepared to contribute this feature back to the community if desired.
A note of caution about it though we have added a visitor pattern to the
model entities and this feature makes use of it. It would need to come with
it.

--
This message was sent by Atlassian JIRA
(v6.1#6144)

[jira] [Closed] (OFBIZ-5220) request-redirect does not pass all parameters if none are specified with response-parameter


 [ 
https://issues.apache.org/jira/browse/OFBIZ-5220?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jacques Le Roux closed OFBIZ-5220.
--

Resolution: Won't Fix
  Assignee: Jacques Le Roux

 request-redirect does not pass all parameters if none are specified with 
 response-parameter
 ---

 Key: OFBIZ-5220
 URL: https://issues.apache.org/jira/browse/OFBIZ-5220
 Project: OFBiz
  Issue Type: Bug
  Components: framework
Affects Versions: SVN trunk
 Environment: All
Reporter: Skip Dever
Assignee: Jacques Le Roux
 Attachments: OFBIZ-5220 - request-redirect does not pass all 
 parameters if none are specified with response-parameter.patch, OFBIZ-5220 - 
 request-redirect does not pass all parameters if none are specified with 
 response-parameter.patch, RequestHandler.java

   Original Estimate: 0h
  Remaining Estimate: 0h

 The xsd documentation says Automatically redirect all current request 
 parameters to the new request or only redirected ...
 This is broken.  If you specify a request-redirect from a form (where the 
 parameters are not in the url), these parameters are not passed on to the 
 redirected url. 



--
This message was sent by Atlassian JIRA
(v6.1#6144)

[jira] [Updated] (OFBIZ-4274) Implement a REST Servlet


 [ 
https://issues.apache.org/jira/browse/OFBIZ-4274?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jacques Le Roux updated OFBIZ-4274:
---

Description: 
Implement a REST servlet that will map REST requests to OFBiz services. Details 
are in the comments.

[here is the discussion which took place on the dev 
ML|http://markmail.org/message/ai6q2fbksowaayn4]


  was:
Implement a REST servlet that will map REST requests to OFBiz services. Details 
are in the comments.



 Implement a REST Servlet
 

 Key: OFBIZ-4274
 URL: https://issues.apache.org/jira/browse/OFBIZ-4274
 Project: OFBiz
  Issue Type: New Feature
  Components: framework
Reporter: Adrian Crum
Priority: Minor
 Attachments: rest-conf.xml, RestExampleSchema.xsd, 
 RestXmlRepresentation.xml


 Implement a REST servlet that will map REST requests to OFBiz services. 
 Details are in the comments.
 [here is the discussion which took place on the dev 
 ML|http://markmail.org/message/ai6q2fbksowaayn4]



--
This message was sent by Atlassian JIRA
(v6.1#6144)

[jira] [Comment Edited] (OFBIZ-4274) Implement a REST Servlet


[ 
https://issues.apache.org/jira/browse/OFBIZ-4274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13274230#comment-13274230
 ] 

Jacques Le Roux edited comment on OFBIZ-4274 at 10/21/13 1:32 PM:
--

Not directly related and not even to OFBiz, but for those interested by this 
issue here is an [article which pertains to 
REST|http://lukaszbudnik.blogspot.fr/2012/05/cxf-jax-rs-on-apache-tomee.html?q=rest]


was (Author: jacques.le.roux):
Not directly related and not even to OFBiz, but for those interested by this 
issue here is an [article which pertains to 
REST|http://jee-bpel-soa.blogspot.fr/2012/05/cxf-jax-rs-on-apache-tomee.html?utm_source=twitterfeedutm_medium=twitter]

 Implement a REST Servlet
 

 Key: OFBIZ-4274
 URL: https://issues.apache.org/jira/browse/OFBIZ-4274
 Project: OFBiz
  Issue Type: New Feature
  Components: framework
Reporter: Adrian Crum
Priority: Minor
 Attachments: rest-conf.xml, RestExampleSchema.xsd, 
 RestXmlRepresentation.xml


 Implement a REST servlet that will map REST requests to OFBiz services. 
 Details are in the comments.
 [here is the discussion which took place on the dev 
 ML|http://markmail.org/message/ai6q2fbksowaayn4]



--
This message was sent by Atlassian JIRA
(v6.1#6144)

[jira] [Commented] (OFBIZ-4274) Implement a REST Servlet


[ 
https://issues.apache.org/jira/browse/OFBIZ-4274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13800754#comment-13800754
 ] 

Jacques Le Roux commented on OFBIZ-4274:


options is the way HATEOAS will be implemented?

 Implement a REST Servlet
 

 Key: OFBIZ-4274
 URL: https://issues.apache.org/jira/browse/OFBIZ-4274
 Project: OFBiz
  Issue Type: New Feature
  Components: framework
Reporter: Adrian Crum
Priority: Minor
 Attachments: rest-conf.xml, RestExampleSchema.xsd, 
 RestXmlRepresentation.xml


 Implement a REST servlet that will map REST requests to OFBiz services. 
 Details are in the comments.
 [here is the discussion which took place on the dev 
 ML|http://markmail.org/message/ai6q2fbksowaayn4]



--
This message was sent by Atlassian JIRA
(v6.1#6144)

[jira] [Commented] (OFBIZ-5368) Incorrect OrderShipment quantity when adding shipment items


[ 
https://issues.apache.org/jira/browse/OFBIZ-5368?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13800758#comment-13800758
 ] 

Christian Carlow commented on OFBIZ-5368:
-

In my opinion, the shipment and invoicing system need major work and rework.

 Incorrect OrderShipment quantity when adding shipment items
 ---

 Key: OFBIZ-5368
 URL: https://issues.apache.org/jira/browse/OFBIZ-5368
 Project: OFBiz
  Issue Type: Bug
Affects Versions: Release Branch 12.04
Reporter: Christian Carlow

 The OrderShipment quantity is not calculated correctly when creating shipment 
 items.
 To reproduce:
 1.  Click the Create New Ship Group for Shipment for an order ship group.
 2.  Navigate to the Shipment Plan page and add a quantity of 1 for an order 
 item ship group
 3.  Navigate to the Order Item page and add a quantity of 1 for the same 
 order item ship group used in the previous step
 After step 3 the OrderShipment record for the ship group should be 2 but it 
 remains 1 which was set when the ship group was added in step 2.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

[jira] [Commented] (OFBIZ-5368) Incorrect OrderShipment quantity when adding shipment items


[ 
https://issues.apache.org/jira/browse/OFBIZ-5368?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13800757#comment-13800757
 ] 

Christian Carlow commented on OFBIZ-5368:
-

Seems like an item issuance creation should be prevented if the same Order Item 
has been already planned in the shipment because if you try to plan an Order 
Item that already has issuances records then an error message is generated that 
says that the Order Item has already been added to the shipment.

 Incorrect OrderShipment quantity when adding shipment items
 ---

 Key: OFBIZ-5368
 URL: https://issues.apache.org/jira/browse/OFBIZ-5368
 Project: OFBiz
  Issue Type: Bug
Affects Versions: Release Branch 12.04
Reporter: Christian Carlow

 The OrderShipment quantity is not calculated correctly when creating shipment 
 items.
 To reproduce:
 1.  Click the Create New Ship Group for Shipment for an order ship group.
 2.  Navigate to the Shipment Plan page and add a quantity of 1 for an order 
 item ship group
 3.  Navigate to the Order Item page and add a quantity of 1 for the same 
 order item ship group used in the previous step
 After step 3 the OrderShipment record for the ship group should be 2 but it 
 remains 1 which was set when the ship group was added in step 2.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

[jira] [Comment Edited] (OFBIZ-5368) Incorrect OrderShipment quantity when adding shipment items


[ 
https://issues.apache.org/jira/browse/OFBIZ-5368?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13800757#comment-13800757
 ] 

Christian Carlow edited comment on OFBIZ-5368 at 10/21/13 3:56 PM:
---

Seems like an item issuance creation should be prevented if the same Order Item 
has been already planned in the shipment because if you try to plan an Order 
Item that already has issuances records then this error message is displayed:

Error:br/ Not adding Order Item to plan for shipment [10180] because the 
order item is already in the shipment (order [WSCO10262], order item [1]) 
br/ br/


was (Author: ofbizzer):
Seems like an item issuance creation should be prevented if the same Order Item 
has been already planned in the shipment because if you try to plan an Order 
Item that already has issuances records then an error message is generated that 
says that the Order Item has already been added to the shipment.

 Incorrect OrderShipment quantity when adding shipment items
 ---

 Key: OFBIZ-5368
 URL: https://issues.apache.org/jira/browse/OFBIZ-5368
 Project: OFBiz
  Issue Type: Bug
Affects Versions: Release Branch 12.04
Reporter: Christian Carlow

 The OrderShipment quantity is not calculated correctly when creating shipment 
 items.
 To reproduce:
 1.  Click the Create New Ship Group for Shipment for an order ship group.
 2.  Navigate to the Shipment Plan page and add a quantity of 1 for an order 
 item ship group
 3.  Navigate to the Order Item page and add a quantity of 1 for the same 
 order item ship group used in the previous step
 After step 3 the OrderShipment record for the ship group should be 2 but it 
 remains 1 which was set when the ship group was added in step 2.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

[jira] [Updated] (OFBIZ-5348) Add ability to edit and remove itemIssuances from shipments


 [ 
https://issues.apache.org/jira/browse/OFBIZ-5348?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Christian Carlow updated OFBIZ-5348:


Summary: Add ability to edit and remove itemIssuances from shipments  (was: 
Should ItemIssuances be changed after being created?)

 Add ability to edit and remove itemIssuances from shipments
 ---

 Key: OFBIZ-5348
 URL: https://issues.apache.org/jira/browse/OFBIZ-5348
 Project: OFBiz
  Issue Type: Improvement
Affects Versions: Release Branch 12.04
Reporter: Christian Carlow

 Does anyone have a reason why itemIssuances should not be changed after being 
 created?
 How are OrderItem quantities issued to shipments supposed to be corrected if 
 entered incorrectly?
 If I issue 2 of an order item to a shipment but only meant to issue 1, how 
 else would one go about correcting the issue quantity?
 Improving the Order Item page of the Facility - Shipments app to allow 
 negative quantities could provide issue correction functionality but then 
 additional logic would be required to prevent canceling issue quantities of 
 shipments already shipped.
 Anyone have any other ideas about how to solve this problem?



--
This message was sent by Atlassian JIRA
(v6.1#6144)

[jira] [Commented] (OFBIZ-4274) Implement a REST Servlet

2013-10-21 Thread Adrian Crum (JIRA)


[ 
https://issues.apache.org/jira/browse/OFBIZ-4274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13800771#comment-13800771
 ] 

Adrian Crum commented on OFBIZ-4274:


No, response-hyperlink.


 Implement a REST Servlet
 

 Key: OFBIZ-4274
 URL: https://issues.apache.org/jira/browse/OFBIZ-4274
 Project: OFBiz
  Issue Type: New Feature
  Components: framework
Reporter: Adrian Crum
Priority: Minor
 Attachments: rest-conf.xml, RestExampleSchema.xsd, 
 RestXmlRepresentation.xml


 Implement a REST servlet that will map REST requests to OFBiz services. 
 Details are in the comments.
 [here is the discussion which took place on the dev 
 ML|http://markmail.org/message/ai6q2fbksowaayn4]



--
This message was sent by Atlassian JIRA
(v6.1#6144)

buildbot failure in ASF Buildbot on ofbiz-trunk

The Buildbot has detected a new failure on builder ofbiz-trunk while building 
ASF Buildbot.
Full details are available at:
 http://ci.apache.org/builders/ofbiz-trunk/builds/4102

Buildbot URL: http://ci.apache.org/

Buildslave for this Build: portunus_ubuntu

Build Reason: scheduler
Build Source Stamp: [branch ofbiz/trunk] 1534276
Blamelist: jleroux

BUILD FAILED: failed compile_1

sincerely,
 -The Buildbot

buildbot success in ASF Buildbot on ofbiz-trunk-ARM

The Buildbot has detected a restored build on builder ofbiz-trunk-ARM while 
building ASF Buildbot.
Full details are available at:
 http://ci.apache.org/builders/ofbiz-trunk-ARM/builds/652

Buildbot URL: http://ci.apache.org/

Buildslave for this Build: bb-cal-2_ubuntu_ARM

Build Reason: scheduler
Build Source Stamp: [branch ofbiz/trunk] 1534264
Blamelist: adrianc

Build succeeded!

sincerely,
 -The Buildbot

OfbizJsBsfEngine.java

2013-10-21 Thread Jacques Le Roux

Hi,

Does someone still know when and why OfbizJsBsfEngine.java was removed from the 
repo?
I guess it has been there once, in pre ASF era at least

I'm curious, because we refer to it as it was there in 3 places

Jacques

buildbot failure in ASF Buildbot on ofbiz-trunk-ARM

The Buildbot has detected a new failure on builder ofbiz-trunk-ARM while 
building ASF Buildbot.
Full details are available at:
 http://ci.apache.org/builders/ofbiz-trunk-ARM/builds/653

Buildbot URL: http://ci.apache.org/

Buildslave for this Build: bb-cal-2_ubuntu_ARM

Build Reason: scheduler
Build Source Stamp: [branch ofbiz/trunk] 1534276
Blamelist: jleroux

BUILD FAILED: failed compile_1

sincerely,
 -The Buildbot

Re: OfbizJsBsfEngine.java

2013-10-21 Thread Pierre Smits

Hi Jacques,

I found this:
https://svn.atlassian.com/svn/public/atlassian/ofbiz-patched/tags/atlassian-2008-04-23/core/src/share/org/ofbiz/core/util/OfbizJsBsfEngine.java

I trust it will help you.

Regards,

Pierre Smits

*ORRTIZ.COM http://www.orrtiz.com*
Services  Solutions for Cloud-
Based Manufacturing, Professional
Services and Retail  Trade
http://www.orrtiz.com


On Mon, Oct 21, 2013 at 6:53 PM, Jacques Le Roux 
jacques.le.r...@les7arts.com wrote:

 Hi,

 Does someone still know when and why OfbizJsBsfEngine.java was removed
 from the repo?
 I guess it has been there once, in pre ASF era at least

 I'm curious, because we refer to it as it was there in 3 places

 Jacques

Re: svn commit: r1534276 - /ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java

2013-10-21 Thread Adrian Crum


This commit breaks the embedded Catalina startup.

Adrian Crum
Sandglass Software
www.sandglass-software.com

On 10/21/2013 10:01 AM, jler...@apache.org wrote:

Author: jleroux
Date: Mon Oct 21 17:01:03 2013
New Revision: 1534276

URL: http://svn.apache.org/r1534276
Log:
No functional change, fixes this message in Eclipse The method getContextPath() is 
undefined for the type ServletContext which does not prevent to compile though. 
Compiled with Oracle JVM 1.6.0.45

Modified:
 
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java

Modified: 
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java?rev=1534276r1=1534275r2=1534276view=diff
==
--- 
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java 
(original)
+++ 
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java 
Mon Oct 21 17:01:03 2013
@@ -70,7 +70,7 @@ public class ControlServlet extends Http
  @Override
  public void init(ServletConfig config) throws ServletException {
  super.init(config);
-if (Debug.infoOn()) Debug.logInfo(LOADING WEBAPP [ + 
config.getServletContext().getContextPath().substring(1) + ]  + 
config.getServletContext().getServletContextName() + , located at  + 
config.getServletContext().getRealPath(/), module);
+if (Debug.infoOn()) Debug.logInfo(LOADING WEBAPP [ + ((HttpServletRequest) 
config.getServletContext()).getContextPath().substring(1) + ]  + 
config.getServletContext().getServletContextName() + , located at  + 
config.getServletContext().getRealPath(/), module);

  // configure custom BSF engines
  configureBsf();

Re: OfbizJsBsfEngine.java

2013-10-21 Thread Jacques Le Roux

Thanks Pierre,

Yes I found that also. My question is more is if it has been commited in OFBiz 
repo in pre ASF era, and if yes why it has been removed

Jacques

Pierre Smits wrote:
 Hi Jacques,
 
 I found this:
 https://svn.atlassian.com/svn/public/atlassian/ofbiz-patched/tags/atlassian-2008-04-23/core/src/share/org/ofbiz/core/util/OfbizJsBsfEngine.java
 
 I trust it will help you.
 
 Regards,
 
 Pierre Smits
 
 *ORRTIZ.COM http://www.orrtiz.com*
 Services  Solutions for Cloud-
 Based Manufacturing, Professional
 Services and Retail  Trade
 http://www.orrtiz.com
 
 
 On Mon, Oct 21, 2013 at 6:53 PM, Jacques Le Roux 
 jacques.le.r...@les7arts.com wrote:
 
 Hi,
 
 Does someone still know when and why OfbizJsBsfEngine.java was removed
 from the repo?
 I guess it has been there once, in pre ASF era at least
 
 I'm curious, because we refer to it as it was there in 3 places
 
 Jacques

[jira] [Comment Edited] (OFBIZ-5254) Services allow arbitrary HTML for parameters with allow-html set to safe


[ 
https://issues.apache.org/jira/browse/OFBIZ-5254?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13798892#comment-13798892
 ] 

Jacques Le Roux edited comment on OFBIZ-5254 at 10/21/13 11:02 PM:
---

== CLARIFY ==
Hans, if you use allow-html=any there are no worries for those characters. 
All characters are allowed and since those are generated by OFBiz email 
templates or such allow-html=any is OK. If this was your only concern then I 
will carefully put back allow-html=any where it should be used. 

Summary: for email services (and all secured one where OFBiz generates the 
content) the only difference will be that the useless log warnings from ESAPI 
will not show. Please read my comments above for more details..


was (Author: jacques.le.roux):
Hans, if you use any there are no worries for those characters. All are allowed 
and since those are generated by OFBiz email templates or such allow-html=any 
is OK. If this was your only concern then I will carefully put back 
allow-html=any where it should be used. 

Summary: for email services (and all secured one where OFBiz generates the 
content) the only difference will be that the useless log warnings from ESAPI 
will not show. Please read my comments above for more details..

 Services allow arbitrary HTML for parameters with allow-html set to safe
 --

 Key: OFBIZ-5254
 URL: https://issues.apache.org/jira/browse/OFBIZ-5254
 Project: OFBiz
  Issue Type: Bug
  Components: framework
Affects Versions: SVN trunk
Reporter: Christoph Neuroth
Assignee: Jacques Le Roux
  Labels: security

 For any given service with allow-html=safe parameters, the parameter data is 
 not properly validated. See Model.Service.java:588:
 {code}
 
 StringUtil.checkStringForHtmlSafeOnly(modelParam.name, value, 
 errorMessageList);
 {code}
 Looking at that method:
 {code}
 public static String checkStringForHtmlSafeOnly(String valueName, String 
 value, ListString errorMessageList) {
 ValidationErrorList vel = new ValidationErrorList();
 value = defaultWebValidator.getValidSafeHTML(valueName, value, 
 Integer.MAX_VALUE, true, vel);
 errorMessageList.addAll(UtilGenerics.checkList(vel.errors(), 
 String.class));
 return value;
 }
 {code}
 you can see that it expects the defaultWebValidator.getValidSafeHTML would 
 add all validation errors to the given ValidationErrorList, but if you look 
 at the implementation of ESAPI that is not the case. First, consider the 
 overloaded getValidSafeHTML that takes the ValidationErrorList:
 {code}public String getValidSafeHTML(String context, String input, 
 int maxLength, boolean allowNull, ValidationErrorList errors) throws 
 IntrusionException {
   try {
   return getValidSafeHTML(context, input, maxLength, 
 allowNull);
   } catch (ValidationException e) {
   errors.addError(context, e);
   }
   return input;
   }
 {code}
 Then, step into that method to see that ValidationExceptions are only thrown 
 for things like exceeding the maximum length - not for policy violations that 
 can be cleaned, such as tags that are not allowed by the policy:
 {code}
   AntiSamy as = new AntiSamy();
   CleanResults test = as.scan(input, antiSamyPolicy);
   List errors = test.getErrorMessages();
   if ( errors.size()  0 ) {
   // just create new exception to get it logged 
 and intrusion detected
   new ValidationException( Invalid HTML input: 
 context= + context, Invalid HTML input: context= + context + , errors= + 
 errors, context );
   }
 {code}
 I guess that is an expected, although maybe not clearly documented behavior 
 of ESAPI: Non-cleanable violations throw the exception and therefore will 
 fail the ofbiz service, while non-allowed tags are cleaned. However, if you 
 consider ModelService:588 and following lines again:
 {code}
 StringUtil.checkStringForHtmlSafeOnly(modelParam.name, value, 
 errorMessageList);
 //(...)
 if (errorMessageList.size()  0) {
 throw new ServiceValidationException(errorMessageList, this, 
 mode);
 }
 {code}
 the cleaned return value is ignored. Therefore, you will see an 
 IntrusionDetection in the logs, giving you a false sense of security but 
 the unfiltered HTML will still go into the service. So, if you want the 
 service to fail if non-allowed HTML is encountered, you should use 
 isValidSafeHTML instead. If you want the incoming HTML to be filtered, you 
 should

Re: svn commit: r1534404 - /ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java

2013-10-21 Thread Adrian Crum

The problem is you are trying to cast a javax.servlet.ServletContext to 
a javax.servlet.http.HttpServletRequest. Try changing the cast to 
(ServletContext).


Adrian Crum
Sandglass Software
www.sandglass-software.com

On 10/21/2013 3:48 PM, jler...@apache.org wrote:

Author: jleroux
Date: Mon Oct 21 22:48:29 2013
New Revision: 1534404

URL: http://svn.apache.org/r1534404
Log:
No functional change, fixes this message in Eclipse The method getContextPath() is 
undefined for the type ServletContext which does not prevent to compile though. Compiled 
with Oracle JVM 1.6.0.45
As reported by Adrian in dev ML this commit breaks the embedded Catalina 
startup.

  java.lang.ClassCastException: 
org.apache.catalina.core.ApplicationContextFacade cannot be cast to 
javax.servlet.http.HttpServletRequest

Before Oracle JVM 1.6.0.45 you could not even compile, interesting... I wonder 
what will happen when we will jump in Java 8, which we will need to do a day or 
another anyway...

Modified:
 
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java

Modified: 
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java?rev=1534404r1=1534403r2=1534404view=diff
==
--- 
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java 
(original)
+++ 
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java 
Mon Oct 21 22:48:29 2013
@@ -70,7 +70,7 @@ public class ControlServlet extends Http
  @Override
  public void init(ServletConfig config) throws ServletException {
  super.init(config);
-if (Debug.infoOn()) Debug.logInfo(LOADING WEBAPP [ + ((HttpServletRequest) 
config.getServletContext()).getContextPath().substring(1) + ]  + 
config.getServletContext().getServletContextName() + , located at  + 
config.getServletContext().getRealPath(/), module);
+if (Debug.infoOn()) Debug.logInfo(LOADING WEBAPP [ + 
config.getServletContext().getContextPath().substring(1) + ]  + 
config.getServletContext().getServletContextName() + , located at  + 
config.getServletContext().getRealPath(/), module);

  // configure custom BSF engines
  configureBsf();

buildbot success in ASF Buildbot on ofbiz-trunk

The Buildbot has detected a restored build on builder ofbiz-trunk while 
building ASF Buildbot.
Full details are available at:
 http://ci.apache.org/builders/ofbiz-trunk/builds/4105

Buildbot URL: http://ci.apache.org/

Buildslave for this Build: portunus_ubuntu

Build Reason: scheduler
Build Source Stamp: [branch ofbiz/trunk] 1534404
Blamelist: jleroux

Build succeeded!

sincerely,
 -The Buildbot

buildbot success in ASF Buildbot on ofbiz-trunk-ARM

The Buildbot has detected a restored build on builder ofbiz-trunk-ARM while 
building ASF Buildbot.
Full details are available at:
 http://ci.apache.org/builders/ofbiz-trunk-ARM/builds/656

Buildbot URL: http://ci.apache.org/

Buildslave for this Build: bb-cal-2_ubuntu_ARM

Build Reason: scheduler
Build Source Stamp: [branch ofbiz/trunk] 1534404
Blamelist: jleroux

Build succeeded!

sincerely,
 -The Buildbot

[jira] [Commented] (OFBIZ-5254) Services allow arbitrary HTML for parameters with allow-html set to safe

2013-10-21 Thread Hans Bakker (JIRA)


[ 
https://issues.apache.org/jira/browse/OFBIZ-5254?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13801399#comment-13801399
 ] 

Hans Bakker commented on OFBIZ-5254:


sounds fine Jacques and thanks taking care of of this.

Regards,
Hans

 Services allow arbitrary HTML for parameters with allow-html set to safe
 --

 Key: OFBIZ-5254
 URL: https://issues.apache.org/jira/browse/OFBIZ-5254
 Project: OFBiz
  Issue Type: Bug
  Components: framework
Affects Versions: SVN trunk
Reporter: Christoph Neuroth
Assignee: Jacques Le Roux
  Labels: security

 For any given service with allow-html=safe parameters, the parameter data is 
 not properly validated. See Model.Service.java:588:
 {code}
 
 StringUtil.checkStringForHtmlSafeOnly(modelParam.name, value, 
 errorMessageList);
 {code}
 Looking at that method:
 {code}
 public static String checkStringForHtmlSafeOnly(String valueName, String 
 value, ListString errorMessageList) {
 ValidationErrorList vel = new ValidationErrorList();
 value = defaultWebValidator.getValidSafeHTML(valueName, value, 
 Integer.MAX_VALUE, true, vel);
 errorMessageList.addAll(UtilGenerics.checkList(vel.errors(), 
 String.class));
 return value;
 }
 {code}
 you can see that it expects the defaultWebValidator.getValidSafeHTML would 
 add all validation errors to the given ValidationErrorList, but if you look 
 at the implementation of ESAPI that is not the case. First, consider the 
 overloaded getValidSafeHTML that takes the ValidationErrorList:
 {code}public String getValidSafeHTML(String context, String input, 
 int maxLength, boolean allowNull, ValidationErrorList errors) throws 
 IntrusionException {
   try {
   return getValidSafeHTML(context, input, maxLength, 
 allowNull);
   } catch (ValidationException e) {
   errors.addError(context, e);
   }
   return input;
   }
 {code}
 Then, step into that method to see that ValidationExceptions are only thrown 
 for things like exceeding the maximum length - not for policy violations that 
 can be cleaned, such as tags that are not allowed by the policy:
 {code}
   AntiSamy as = new AntiSamy();
   CleanResults test = as.scan(input, antiSamyPolicy);
   List errors = test.getErrorMessages();
   if ( errors.size()  0 ) {
   // just create new exception to get it logged 
 and intrusion detected
   new ValidationException( Invalid HTML input: 
 context= + context, Invalid HTML input: context= + context + , errors= + 
 errors, context );
   }
 {code}
 I guess that is an expected, although maybe not clearly documented behavior 
 of ESAPI: Non-cleanable violations throw the exception and therefore will 
 fail the ofbiz service, while non-allowed tags are cleaned. However, if you 
 consider ModelService:588 and following lines again:
 {code}
 StringUtil.checkStringForHtmlSafeOnly(modelParam.name, value, 
 errorMessageList);
 //(...)
 if (errorMessageList.size()  0) {
 throw new ServiceValidationException(errorMessageList, this, 
 mode);
 }
 {code}
 the cleaned return value is ignored. Therefore, you will see an 
 IntrusionDetection in the logs, giving you a false sense of security but 
 the unfiltered HTML will still go into the service. So, if you want the 
 service to fail if non-allowed HTML is encountered, you should use 
 isValidSafeHTML instead. If you want the incoming HTML to be filtered, you 
 should use the return value of getValidSafeHTML.
 Some additional notes on this:
 * When changing this, it should be properly documented as users may well be 
 relying on this behavior - for example, we send full HTML mails to our 
 customers for their ecommerce purchases and require HTML to go through - so 
 maybe for services like the communicationEvents allowing only safe HTML might 
 not be desired.
 * The ESAPI code samples above are from version 1.4.4. I was really surprised 
 to find a JAR that is not only outdated, but patched and built by a third 
 party, without even indicating that in the filename in OfBiz trunk. This has 
 been there for years (see OFBIZ-3135) and should really be replaced with an 
 official, up to date version since that issue was fixed upstream years ago.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

buildbot failure in ASF Buildbot on ofbiz-trunk-ARM

The Buildbot has detected a new failure on builder ofbiz-trunk-ARM while 
building ASF Buildbot.
Full details are available at:
 http://ci.apache.org/builders/ofbiz-trunk-ARM/builds/657

Buildbot URL: http://ci.apache.org/

Buildslave for this Build: bb-cal-2_ubuntu_ARM

Build Reason: scheduler
Build Source Stamp: [branch ofbiz/trunk] 1534478
Blamelist: hansbak

BUILD FAILED: failed compile_1

sincerely,
 -The Buildbot

buildbot success in ASF Buildbot on ofbiz-trunk-ARM