[jira] [Commented] (OFBIZ-6963) Single sign-on to OFBiz with CAS
[ https://issues.apache.org/jira/browse/OFBIZ-6963?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15763483#comment-15763483 ] james yong commented on OFBIZ-6963: --- As OFBiz is using gradle built system, I used the WAR Overlay approach to add the CAS SSO Server as a new component. However there are errors related to the tag library when using the new component. There are also other tag related errors, when running CAS SSO Server on recent pre-gradle OFBiz versions. Running CAS SSO Server directly under Tomcat works fine though. I decided not to continue with this JIRA due to the above mentioned problem. Since Jetty was dropped from OFBiz and only embedded Tomcat is used as the servlet container, I would like to suggest using Tomcat SSO instead. > Single sign-on to OFBiz with CAS > > > Key: OFBIZ-6963 > URL: https://issues.apache.org/jira/browse/OFBIZ-6963 > Project: OFBiz > Issue Type: Improvement > Components: ALL APPLICATIONS >Affects Versions: Trunk >Reporter: james yong > > OFBiz is made up of several web applications. > To allow the user to sign in only once, a unique token value is presented for > verification each time the user navigates to an unvisited web application. > This approach has the following limitations: > 1) You cannot work with multiple windows, as there is only 1 valid token > value at any time and other token values will be invalid in older-opened > windows. > 2) There is a need to refresh the whole page, so that all links will contain > the valid token value. > 3) Not easy to compose a page that get contents from different web > applications in OFBiz > Adding CAS SSO component as a core into OFBiz will remove the limitations > mentioned above. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-6963) Single sign-on to OFBiz with CAS
[ https://issues.apache.org/jira/browse/OFBIZ-6963?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15763469#comment-15763469 ] james yong commented on OFBIZ-6963: --- I was looking at running CAS CAS Server directly under OFBiz and using it as the default authentication provider. > Single sign-on to OFBiz with CAS > > > Key: OFBIZ-6963 > URL: https://issues.apache.org/jira/browse/OFBIZ-6963 > Project: OFBiz > Issue Type: Improvement > Components: ALL APPLICATIONS >Affects Versions: Trunk >Reporter: james yong > > OFBiz is made up of several web applications. > To allow the user to sign in only once, a unique token value is presented for > verification each time the user navigates to an unvisited web application. > This approach has the following limitations: > 1) You cannot work with multiple windows, as there is only 1 valid token > value at any time and other token values will be invalid in older-opened > windows. > 2) There is a need to refresh the whole page, so that all links will contain > the valid token value. > 3) Not easy to compose a page that get contents from different web > applications in OFBiz > Adding CAS SSO component as a core into OFBiz will remove the limitations > mentioned above. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (OFBIZ-8318) Error on scrum main page
[ https://issues.apache.org/jira/browse/OFBIZ-8318?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Brohl updated OFBIZ-8318: - Fix Version/s: (was: 16.11.01) 16.11.02 > Error on scrum main page > > > Key: OFBIZ-8318 > URL: https://issues.apache.org/jira/browse/OFBIZ-8318 > Project: OFBiz > Issue Type: Bug > Components: specialpurpose/scrum >Affects Versions: Trunk >Reporter: Amardeep Singh Jhajj >Assignee: Michael Brohl > Fix For: 16.11.02 > > Attachments: OFBIZ-8318-Screenshot.png, OFBIZ-8318.patch > > > Error on scrum main page: > org.xml.sax.SAXParseException; systemId: > file:/sandbox/ofbiz/specialpurpose/scrum/widget/scrumScreens.xml; lineNumber: > 2342; columnNumber: 107; Open quote is expected for attribute "name" > associated with an element type "include-form". > Please find attached screenshot for the error. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (OFBIZ-9151) Check and enhance the developers/committers best practices for the project
Michael Brohl created OFBIZ-9151: Summary: Check and enhance the developers/committers best practices for the project Key: OFBIZ-9151 URL: https://issues.apache.org/jira/browse/OFBIZ-9151 Project: OFBiz Issue Type: Improvement Components: Confluence Reporter: Michael Brohl Assignee: Michael Brohl Priority: Minor Check and add best practices regarding Javadoc, use of bug tracking tools (like PMD, FindBugs). Derived from the latest initiatives and the results, which shows that there is need for quality assurance and better guidelines to improve the code. Additional idea: provide some kind of checklist with the main points a committer has to check green before a contribution gets into the codebase. Also useful for the contributor. Can be used as simple reference in discussions also. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-9150) Create a tool to hashes all our OOTB passwords using PBKDF2_SHA512
[ https://issues.apache.org/jira/browse/OFBIZ-9150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15760601#comment-15760601 ] Jacques Le Roux commented on OFBIZ-9150: That's great news, thank you Junyuan! > Create a tool to hashes all our OOTB passwords using PBKDF2_SHA512 > -- > > Key: OFBIZ-9150 > URL: https://issues.apache.org/jira/browse/OFBIZ-9150 > Project: OFBiz > Issue Type: Sub-task > Components: framework >Reporter: Jacques Le Roux >Priority: Minor > > Currently we use SHA1 for our OOTB passwords hashes and they are not salted. > If you create new passwords they will still use SHA1 but they will be salted, > which is good. > But we should better provide SHA-512 OOTB hashes instead of SHA-1. And use > SHA-512 as default encrypting method (even for fields), with at least 10 000 > iterations, to lead our users to the best solution. > We should also provide a simple and easy documentation about that. So far we > have this discussion http://markmail.org/message/yqybsqzigrqbyxgf > I suggest to improve/enhance > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+secure+your+deployment -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-7468) Define constraints while adding new material to the task which is in completed/cancel status.
[ https://issues.apache.org/jira/browse/OFBIZ-7468?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15760507#comment-15760507 ] Swapnil Shah commented on OFBIZ-7468: - I reckon systemically allowing inventory pegging to cancelled jobs makes more sense only when issued/related components are physically consumed during production processing in real time. But possibly there can be some better ways to just correct reporting in accounting books or backward cost adjustment. In real time as well, if inbound material requirements are actually consumed at any stage of production processing then it must have been physically issued on shop floor first and system should be honoring this process. If its happening otherwise then it looks to be a case of business process re-engineering first before allowing system to honor such cases. We can definitely develop this feature as custom requirement but not sure if it can be considered as norm. Current OFbiz behavior also doesn't support it as it works something like as follows: 1) Production run(tasks) can only be cancelled before it moves into 'Confirmed' status (i.e. none of the tasks has started yet). Thereafter its not possible to mark the production run as cancelled. Nor is it possible to issue the components for task before starting it, What it essentially means is that if production run is cancelled then none of the task could have been started and hence nothing was physically consumed. That's one of the reason in this task we tried to prevent component from being added to cancelled task. 2) Once production run comes into 'Running' state (i.e. task(s) have been started) then its not possible to Cancel the production run. What it means is that issuance must be made in order to complete the production run(tasks).System provides flexibility to add components to Completed task as they have been physically consumed before completion. And its still intact. Also in none of the above cases system perform any backward cost transfer on production run upon any release/issuance or returns made after production run stands completed or cancelled. (We might need to define and finalize the generic workflow first before supporting this) > Define constraints while adding new material to the task which is in > completed/cancel status. > - > > Key: OFBIZ-7468 > URL: https://issues.apache.org/jira/browse/OFBIZ-7468 > Project: OFBiz > Issue Type: Improvement > Components: manufacturing >Affects Versions: Trunk >Reporter: Anuj Jain >Assignee: Anuj Jain > Attachments: OFBIZ-7468.patch, OFBIZ_7468_1.png, OFBIZ_7468_2.png, > OFBIZ_7468_3.png > > > Define actions on adding new material to the task which is in > completed/cancel status. > Actions suggested by Swapnil :- > # We can begin with simple constraint of allowing new material against the > only those routing task that has not cancelled yet within a production run > # Any completed taks for uncomplete Production Run should have WEGS created > in COMPLETED status and WEIA created as well by issuing the added item's qty. > # If production is already completed (aka all its routing task also > completed/cancelled) then don't allow new material to be added from Actual > Material screen -- This message was sent by Atlassian JIRA (v6.3.4#6332)
