[jira] [Commented] (OFBIZ-11306) POC for CSRF Token
[ https://issues.apache.org/jira/browse/OFBIZ-11306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17007861#comment-17007861 ] James Yong commented on OFBIZ-11306: Hi Jacques Uploaded an updated patch. Regards, James > POC for CSRF Token > -- > > Key: OFBIZ-11306 > URL: https://issues.apache.org/jira/browse/OFBIZ-11306 > Project: OFBiz > Issue Type: Improvement > Components: ALL APPLICATIONS >Affects Versions: Upcoming Branch >Reporter: James Yong >Assignee: Jacques Le Roux >Priority: Minor > Labels: CSRF > Fix For: Upcoming Branch > > Attachments: OFBIZ-11306-v2.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch > > > CRSF tokens are generated using CSRF Guard library and used in: > 1) In widget form where a hidden token field is auto-generated. > 2) In FTL form where a <@csrfTokenField> macro is used to generate the csrf > token field. > 3) In Ajax call where a <@csrfTokenAjax> macro is used to assign csrf token > to X-CSRF-Token in request header. > CSRF tokens are stored in the user sessions, and verified during POST request. > A new attribute i.e. csrf-token is added to the security tag to exempt CSRF > token check. > Certain request path, like LookupPartyName, can be exempt from CSRF token > check during Ajax POST call. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-11306) POC for CSRF Token
[ https://issues.apache.org/jira/browse/OFBIZ-11306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] James Yong updated OFBIZ-11306: --- Attachment: OFBIZ-11306.patch > POC for CSRF Token > -- > > Key: OFBIZ-11306 > URL: https://issues.apache.org/jira/browse/OFBIZ-11306 > Project: OFBiz > Issue Type: Improvement > Components: ALL APPLICATIONS >Affects Versions: Upcoming Branch >Reporter: James Yong >Assignee: Jacques Le Roux >Priority: Minor > Labels: CSRF > Fix For: Upcoming Branch > > Attachments: OFBIZ-11306-v2.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch > > > CRSF tokens are generated using CSRF Guard library and used in: > 1) In widget form where a hidden token field is auto-generated. > 2) In FTL form where a <@csrfTokenField> macro is used to generate the csrf > token field. > 3) In Ajax call where a <@csrfTokenAjax> macro is used to assign csrf token > to X-CSRF-Token in request header. > CSRF tokens are stored in the user sessions, and verified during POST request. > A new attribute i.e. csrf-token is added to the security tag to exempt CSRF > token check. > Certain request path, like LookupPartyName, can be exempt from CSRF token > check during Ajax POST call. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-11306) POC for CSRF Token
[ https://issues.apache.org/jira/browse/OFBIZ-11306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] James Yong updated OFBIZ-11306: --- Attachment: (was: OFBIZ-11306.patch) > POC for CSRF Token > -- > > Key: OFBIZ-11306 > URL: https://issues.apache.org/jira/browse/OFBIZ-11306 > Project: OFBiz > Issue Type: Improvement > Components: ALL APPLICATIONS >Affects Versions: Upcoming Branch >Reporter: James Yong >Assignee: Jacques Le Roux >Priority: Minor > Labels: CSRF > Fix For: Upcoming Branch > > Attachments: OFBIZ-11306-v2.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch > > > CRSF tokens are generated using CSRF Guard library and used in: > 1) In widget form where a hidden token field is auto-generated. > 2) In FTL form where a <@csrfTokenField> macro is used to generate the csrf > token field. > 3) In Ajax call where a <@csrfTokenAjax> macro is used to assign csrf token > to X-CSRF-Token in request header. > CSRF tokens are stored in the user sessions, and verified during POST request. > A new attribute i.e. csrf-token is added to the security tag to exempt CSRF > token check. > Certain request path, like LookupPartyName, can be exempt from CSRF token > check during Ajax POST call. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-11306) POC for CSRF Token
[ https://issues.apache.org/jira/browse/OFBIZ-11306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] James Yong updated OFBIZ-11306: --- Attachment: OFBIZ-11306.patch > POC for CSRF Token > -- > > Key: OFBIZ-11306 > URL: https://issues.apache.org/jira/browse/OFBIZ-11306 > Project: OFBiz > Issue Type: Improvement > Components: ALL APPLICATIONS >Affects Versions: Upcoming Branch >Reporter: James Yong >Assignee: Jacques Le Roux >Priority: Minor > Labels: CSRF > Fix For: Upcoming Branch > > Attachments: OFBIZ-11306-v2.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch > > > CRSF tokens are generated using CSRF Guard library and used in: > 1) In widget form where a hidden token field is auto-generated. > 2) In FTL form where a <@csrfTokenField> macro is used to generate the csrf > token field. > 3) In Ajax call where a <@csrfTokenAjax> macro is used to assign csrf token > to X-CSRF-Token in request header. > CSRF tokens are stored in the user sessions, and verified during POST request. > A new attribute i.e. csrf-token is added to the security tag to exempt CSRF > token check. > Certain request path, like LookupPartyName, can be exempt from CSRF token > check during Ajax POST call. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-11306) POC for CSRF Token
[ https://issues.apache.org/jira/browse/OFBIZ-11306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux updated OFBIZ-11306: Attachment: (was: OFBIZ-11306.patch) > POC for CSRF Token > -- > > Key: OFBIZ-11306 > URL: https://issues.apache.org/jira/browse/OFBIZ-11306 > Project: OFBiz > Issue Type: Improvement > Components: ALL APPLICATIONS >Affects Versions: Upcoming Branch >Reporter: James Yong >Assignee: Jacques Le Roux >Priority: Minor > Labels: CSRF > Fix For: Upcoming Branch > > Attachments: OFBIZ-11306-v2.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch > > > CRSF tokens are generated using CSRF Guard library and used in: > 1) In widget form where a hidden token field is auto-generated. > 2) In FTL form where a <@csrfTokenField> macro is used to generate the csrf > token field. > 3) In Ajax call where a <@csrfTokenAjax> macro is used to assign csrf token > to X-CSRF-Token in request header. > CSRF tokens are stored in the user sessions, and verified during POST request. > A new attribute i.e. csrf-token is added to the security tag to exempt CSRF > token check. > Certain request path, like LookupPartyName, can be exempt from CSRF token > check during Ajax POST call. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (OFBIZ-11306) POC for CSRF Token
[ https://issues.apache.org/jira/browse/OFBIZ-11306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17007293#comment-17007293 ] Jacques Le Roux edited comment on OFBIZ-11306 at 1/3/20 5:18 PM: - Thanks James, Your patch applied easily, I just had to fix 2 small conflicts when pulling today. I'll review and get back to you ASAP was (Author: jacques.le.roux): Thanks James, Your patch applied easily, I just had to fix 2 small conflicts when pulling today. So I attach an updated patch for those interested: [^OFBIZ-11306.patch] I'll review and get back to you ASAP > POC for CSRF Token > -- > > Key: OFBIZ-11306 > URL: https://issues.apache.org/jira/browse/OFBIZ-11306 > Project: OFBiz > Issue Type: Improvement > Components: ALL APPLICATIONS >Affects Versions: Upcoming Branch >Reporter: James Yong >Assignee: Jacques Le Roux >Priority: Minor > Labels: CSRF > Fix For: Upcoming Branch > > Attachments: OFBIZ-11306-v2.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch > > > CRSF tokens are generated using CSRF Guard library and used in: > 1) In widget form where a hidden token field is auto-generated. > 2) In FTL form where a <@csrfTokenField> macro is used to generate the csrf > token field. > 3) In Ajax call where a <@csrfTokenAjax> macro is used to assign csrf token > to X-CSRF-Token in request header. > CSRF tokens are stored in the user sessions, and verified during POST request. > A new attribute i.e. csrf-token is added to the security tag to exempt CSRF > token check. > Certain request path, like LookupPartyName, can be exempt from CSRF token > check during Ajax POST call. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11306) POC for CSRF Token
[ https://issues.apache.org/jira/browse/OFBIZ-11306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17007634#comment-17007634 ] Jacques Le Roux commented on OFBIZ-11306: - Hi James, Could you please update and create a patch with trunk HEAD, I have at least an issue with WebAppConfigurationException TIA > POC for CSRF Token > -- > > Key: OFBIZ-11306 > URL: https://issues.apache.org/jira/browse/OFBIZ-11306 > Project: OFBiz > Issue Type: Improvement > Components: ALL APPLICATIONS >Affects Versions: Upcoming Branch >Reporter: James Yong >Assignee: Jacques Le Roux >Priority: Minor > Labels: CSRF > Fix For: Upcoming Branch > > Attachments: OFBIZ-11306-v2.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch > > > CRSF tokens are generated using CSRF Guard library and used in: > 1) In widget form where a hidden token field is auto-generated. > 2) In FTL form where a <@csrfTokenField> macro is used to generate the csrf > token field. > 3) In Ajax call where a <@csrfTokenAjax> macro is used to assign csrf token > to X-CSRF-Token in request header. > CSRF tokens are stored in the user sessions, and verified during POST request. > A new attribute i.e. csrf-token is added to the security tag to exempt CSRF > token check. > Certain request path, like LookupPartyName, can be exempt from CSRF token > check during Ajax POST call. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11315) Add “--graph” option
[
https://issues.apache.org/jira/browse/OFBIZ-11315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17007584#comment-17007584
]
James Yong commented on OFBIZ-11315:
Agree with [~jleroux] that a standard patch should be used.
It makes it easier to review the full changes before applying the patch.
> Add “--graph” option
>
>
> Key: OFBIZ-11315
> URL: https://issues.apache.org/jira/browse/OFBIZ-11315
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Attachments: 0001-Implemented-Add-graph-option.patch,
> OFBIZ-11315-complete.patch,
> OFBIZ-11315_standard-no-prefix-format_0001-Implemented-Add-graph-option.patch,
> ofbiz.dot
>
>
> In order to inspect what components are loaded by OFBiz and their dependency
> relationship, it is convenient to have a visual graph representation.
> {code}
> gradlew "ofbiz --graph"
> {code}
> will output a {{ofbiz.dot}} file that can be processed with Graphviz:
> {code}
> cat ofbiz.dot | dot -T png -o ofbiz.png
> {code}
> Currently there is no dependency relationship specified by components but to
> check the kind of graph is produced it is possible to revert commit
> aae1c8a8f5fed7de717290c938297be62c0460fa
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-11315) Add “--graph” option
[
https://issues.apache.org/jira/browse/OFBIZ-11315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17007579#comment-17007579
]
Jacques Le Roux commented on OFBIZ-11315:
-
Thinking about it, I must add that the wiki graph is not only about loading
sequence of components but also (and more) about code and data dependencies. So
actually they don't compare.
> Add “--graph” option
>
>
> Key: OFBIZ-11315
> URL: https://issues.apache.org/jira/browse/OFBIZ-11315
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Attachments: 0001-Implemented-Add-graph-option.patch,
> OFBIZ-11315-complete.patch,
> OFBIZ-11315_standard-no-prefix-format_0001-Implemented-Add-graph-option.patch,
> ofbiz.dot
>
>
> In order to inspect what components are loaded by OFBiz and their dependency
> relationship, it is convenient to have a visual graph representation.
> {code}
> gradlew "ofbiz --graph"
> {code}
> will output a {{ofbiz.dot}} file that can be processed with Graphviz:
> {code}
> cat ofbiz.dot | dot -T png -o ofbiz.png
> {code}
> Currently there is no dependency relationship specified by components but to
> check the kind of graph is produced it is possible to revert commit
> aae1c8a8f5fed7de717290c938297be62c0460fa
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Comment Edited] (OFBIZ-11296) Use 'depends-on' everywhere
[
https://issues.apache.org/jira/browse/OFBIZ-11296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17007573#comment-17007573
]
Mathieu Lirzin edited comment on OFBIZ-11296 at 1/3/20 3:38 PM:
Hello I have included
[^OFBIZ-11296_ignore-depends-on-when-a-component-load.xml-is-prese.patch] which
fixes the regression where people were not able to add a custom
{{component-load.xml}} files in a directory without getting "depends-on"
attributes ignored. I will commit that fix in 3 days if nobody objects.
Regarding
[^OFBIZ-11296_0001-Improved-Use-depends-on-attribute-instead-of-compone.patch]
which replaces usages of {{component-load.xml}} files in framework/applications
directories with {{depends-on}} declarations and have been reverted because of
the "regression" described above, if [~mbrohl] (or others) does not provides a
convincing explanation (which has been asked multiple times) why they consider
the ability to mess with framework/applications {{component-load.xml}} a
feature and not an implementation detail, I will recommit it in 3 days too.
was (Author: mthl):
Hello I have included
[^OFBIZ-11296_ignore-depends-on-when-a-component-load.xml-is-prese.patch] which
fixes the regression where people we not able to add a custom
{{component-load.xml}} files in a directory without getting "depends-on"
attributes ignored. I will commit that fix in 3 days if nobody objects.
Regarding
[^OFBIZ-11296_0001-Improved-Use-depends-on-attribute-instead-of-compone.patch]
which replaces usages of {{component-load.xml}} files in framework/applications
directories with {{depends-on}} declarations and have been reverted because of
the "regression" described above, if [~mbrohl] (or others) does not provides a
convincing explanation (which has been asked multiple times) why they consider
to ability to mess with framework/applications {{component-load.xml}} a feature
and not an implementation detail, I will recommit it in 3 days too.
> Use 'depends-on' everywhere
> ---
>
> Key: OFBIZ-11296
> URL: https://issues.apache.org/jira/browse/OFBIZ-11296
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Fix For: Upcoming Branch
>
> Attachments:
> OFBIZ-11296_0001-Improved-Use-depends-on-attribute-instead-of-compone.patch,
> OFBIZ-11296_ignore-depends-on-when-a-component-load.xml-is-prese.patch
>
>
> We currently have two ways to define component loading order. Either
> by using ‘depends-on’ attribute in “component-config.xml” or by adding
> a “component-load.xml” file at the root of a component directory.
> “depends-on” is more flexible because it handles partial ordering when
> “component-load.xml” defines a total order which is not necessarily
> meaningful, so it is better to rely only “depends-on”.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-11296) Use 'depends-on' everywhere
[
https://issues.apache.org/jira/browse/OFBIZ-11296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17007573#comment-17007573
]
Mathieu Lirzin commented on OFBIZ-11296:
Hello I have included
[^OFBIZ-11296_ignore-depends-on-when-a-component-load.xml-is-prese.patch] which
fixes the regression where people we not able to add a custom
{{component-load.xml}} files in a directory without getting "depends-on"
attributes ignored. I will commit that fix in 3 days if nobody objects.
Regarding
[^OFBIZ-11296_0001-Improved-Use-depends-on-attribute-instead-of-compone.patch]
which replaces usages of {{component-load.xml}} files in framework/applications
directories with {{depends-on}} declarations and have been reverted because of
the "regression" described above, if [~mbrohl] (or others) does not provides a
convincing explanation (which has been asked multiple times) why they consider
to ability to mess with framework/applications {{component-load.xml}} a feature
and not an implementation detail, I will recommit it in 3 days too.
> Use 'depends-on' everywhere
> ---
>
> Key: OFBIZ-11296
> URL: https://issues.apache.org/jira/browse/OFBIZ-11296
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Fix For: Upcoming Branch
>
> Attachments:
> OFBIZ-11296_0001-Improved-Use-depends-on-attribute-instead-of-compone.patch,
> OFBIZ-11296_ignore-depends-on-when-a-component-load.xml-is-prese.patch
>
>
> We currently have two ways to define component loading order. Either
> by using ‘depends-on’ attribute in “component-config.xml” or by adding
> a “component-load.xml” file at the root of a component directory.
> “depends-on” is more flexible because it handles partial ordering when
> “component-load.xml” defines a total order which is not necessarily
> meaningful, so it is better to rely only “depends-on”.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (OFBIZ-11296) Use 'depends-on' everywhere
[ https://issues.apache.org/jira/browse/OFBIZ-11296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mathieu Lirzin updated OFBIZ-11296: --- Attachment: OFBIZ-11296_ignore-depends-on-when-a-component-load.xml-is-prese.patch > Use 'depends-on' everywhere > --- > > Key: OFBIZ-11296 > URL: https://issues.apache.org/jira/browse/OFBIZ-11296 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Mathieu Lirzin >Assignee: Mathieu Lirzin >Priority: Minor > Fix For: Upcoming Branch > > Attachments: > OFBIZ-11296_0001-Improved-Use-depends-on-attribute-instead-of-compone.patch, > OFBIZ-11296_ignore-depends-on-when-a-component-load.xml-is-prese.patch > > > We currently have two ways to define component loading order. Either > by using ‘depends-on’ attribute in “component-config.xml” or by adding > a “component-load.xml” file at the root of a component directory. > “depends-on” is more flexible because it handles partial ordering when > “component-load.xml” defines a total order which is not necessarily > meaningful, so it is better to rely only “depends-on”. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Reopened] (OFBIZ-11296) Use 'depends-on' everywhere
[ https://issues.apache.org/jira/browse/OFBIZ-11296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mathieu Lirzin reopened OFBIZ-11296: Assignee: Mathieu Lirzin > Use 'depends-on' everywhere > --- > > Key: OFBIZ-11296 > URL: https://issues.apache.org/jira/browse/OFBIZ-11296 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Mathieu Lirzin >Assignee: Mathieu Lirzin >Priority: Minor > Fix For: Upcoming Branch > > Attachments: > OFBIZ-11296_0001-Improved-Use-depends-on-attribute-instead-of-compone.patch > > > We currently have two ways to define component loading order. Either > by using ‘depends-on’ attribute in “component-config.xml” or by adding > a “component-load.xml” file at the root of a component directory. > “depends-on” is more flexible because it handles partial ordering when > “component-load.xml” defines a total order which is not necessarily > meaningful, so it is better to rely only “depends-on”. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11007) REST: adding segmented URI support
[
https://issues.apache.org/jira/browse/OFBIZ-11007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17007528#comment-17007528
]
Nicolas Malin commented on OFBIZ-11007:
---
Hello [~mthl],
Sure follows best practice given by the JAX-RS is better.
After a second analyze and crossed different vision with [~mleila] I propose to
change nothing and keep your first approach on uri resolution.
We can use this pattern :
{code:java}
entity/[cover]/{entityName}/{pkValues: .*}{code}
Example :
{code:java}
entity/list
entity/find/Party -> search
entity/find/Party/Company -> displaying form
entity/create/Party -> creation form
entity/edit/Party/Company -> edit form
entity/change/Party/Company -> call crud
entity/relations/Party {code}
I updated the patch [^OFBIZ-11007_refactor-entitymaint.patch] with this logic
> REST: adding segmented URI support
> --
>
> Key: OFBIZ-11007
> URL: https://issues.apache.org/jira/browse/OFBIZ-11007
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
> Environment:
>Reporter: Artemiy Rozovyk
>Assignee: Nicolas Malin
>Priority: Minor
> Labels: REST, URI
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-11007_refactor-entitymaint.patch,
> OFBIZ-11007_refactor-entitymaint.patch,
> OFBIZ-11007_refactor-entitymaint.patch, entitymaint_example.patch,
> restful_URIs.patch
>
>
> Following the discussion on making OFBiz RESTful OFBIZ-4274 i implemented the
> support of segmented URIs without interfering with current mechanisms of URI
> resolution nor with _overrideView()_ feature.
> Combined with work on associating URIs and HTTP methods done by [~mthl] in
> OFBIZ-10438 , we are now able to provide RESTful APIs as follows:
> {code:java}
>
> ...
>
> ...
>
> ...
> {code}
> After we matched a request-map having parametrized URI as in
> {code:java}
> uri="foo/bar/{baz}"
> {code}
> the value is available inside the request attributes with the corresponding
> key (here _"baz"_)
> The *restful_URIs.patch* allows segmented URI support.
> The *entitymaint_example.patch* is a modified _entitymaint_ part that serves
> as an example of possible application of new system.
> Any questions or comments are welcomed.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (OFBIZ-11007) REST: adding segmented URI support
[
https://issues.apache.org/jira/browse/OFBIZ-11007?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nicolas Malin updated OFBIZ-11007:
--
Attachment: OFBIZ-11007_refactor-entitymaint.patch
> REST: adding segmented URI support
> --
>
> Key: OFBIZ-11007
> URL: https://issues.apache.org/jira/browse/OFBIZ-11007
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
> Environment:
>Reporter: Artemiy Rozovyk
>Assignee: Nicolas Malin
>Priority: Minor
> Labels: REST, URI
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-11007_refactor-entitymaint.patch,
> OFBIZ-11007_refactor-entitymaint.patch,
> OFBIZ-11007_refactor-entitymaint.patch, entitymaint_example.patch,
> restful_URIs.patch
>
>
> Following the discussion on making OFBiz RESTful OFBIZ-4274 i implemented the
> support of segmented URIs without interfering with current mechanisms of URI
> resolution nor with _overrideView()_ feature.
> Combined with work on associating URIs and HTTP methods done by [~mthl] in
> OFBIZ-10438 , we are now able to provide RESTful APIs as follows:
> {code:java}
>
> ...
>
> ...
>
> ...
> {code}
> After we matched a request-map having parametrized URI as in
> {code:java}
> uri="foo/bar/{baz}"
> {code}
> the value is available inside the request attributes with the corresponding
> key (here _"baz"_)
> The *restful_URIs.patch* allows segmented URI support.
> The *entitymaint_example.patch* is a modified _entitymaint_ part that serves
> as an example of possible application of new system.
> Any questions or comments are welcomed.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-11315) Add “--graph” option
[
https://issues.apache.org/jira/browse/OFBIZ-11315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17007483#comment-17007483
]
Jacques Le Roux commented on OFBIZ-11315:
-
This is the result I got: [^ofbiz.dot] I could visualize it locally using
Grpahviz. It's raw for the moment compared to what is at
https://cwiki.apache.org/confluence/display/OFBIZ/Component+and+Component+Set+Dependencies
> Add “--graph” option
>
>
> Key: OFBIZ-11315
> URL: https://issues.apache.org/jira/browse/OFBIZ-11315
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Attachments: 0001-Implemented-Add-graph-option.patch,
> OFBIZ-11315-complete.patch,
> OFBIZ-11315_standard-no-prefix-format_0001-Implemented-Add-graph-option.patch,
> ofbiz.dot
>
>
> In order to inspect what components are loaded by OFBiz and their dependency
> relationship, it is convenient to have a visual graph representation.
> {code}
> gradlew "ofbiz --graph"
> {code}
> will output a {{ofbiz.dot}} file that can be processed with Graphviz:
> {code}
> cat ofbiz.dot | dot -T png -o ofbiz.png
> {code}
> Currently there is no dependency relationship specified by components but to
> check the kind of graph is produced it is possible to revert commit
> aae1c8a8f5fed7de717290c938297be62c0460fa
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (OFBIZ-11315) Add “--graph” option
[
https://issues.apache.org/jira/browse/OFBIZ-11315?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jacques Le Roux updated OFBIZ-11315:
Attachment: ofbiz.dot
> Add “--graph” option
>
>
> Key: OFBIZ-11315
> URL: https://issues.apache.org/jira/browse/OFBIZ-11315
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Attachments: 0001-Implemented-Add-graph-option.patch,
> OFBIZ-11315-complete.patch,
> OFBIZ-11315_standard-no-prefix-format_0001-Implemented-Add-graph-option.patch,
> ofbiz.dot
>
>
> In order to inspect what components are loaded by OFBiz and their dependency
> relationship, it is convenient to have a visual graph representation.
> {code}
> gradlew "ofbiz --graph"
> {code}
> will output a {{ofbiz.dot}} file that can be processed with Graphviz:
> {code}
> cat ofbiz.dot | dot -T png -o ofbiz.png
> {code}
> Currently there is no dependency relationship specified by components but to
> check the kind of graph is produced it is possible to revert commit
> aae1c8a8f5fed7de717290c938297be62c0460fa
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-11315) Add “--graph” option
[
https://issues.apache.org/jira/browse/OFBIZ-11315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17007477#comment-17007477
]
Mathieu Lirzin commented on OFBIZ-11315:
Hello [~jleroux] and [~pierresmits],
I have included
[^OFBIZ-11315_standard-no-prefix-format_0001-Implemented-Add-graph-option.patch]
which is using the standard format.
I am referencing this commit
[aae1c8a8f5fed7de717290c938297be62c0460fa|https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;a=commit;h=aae1c8a8f5fed7de717290c938297be62c0460fa]
in the description
> Add “--graph” option
>
>
> Key: OFBIZ-11315
> URL: https://issues.apache.org/jira/browse/OFBIZ-11315
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Attachments: 0001-Implemented-Add-graph-option.patch,
> OFBIZ-11315-complete.patch,
> OFBIZ-11315_standard-no-prefix-format_0001-Implemented-Add-graph-option.patch
>
>
> In order to inspect what components are loaded by OFBiz and their dependency
> relationship, it is convenient to have a visual graph representation.
> {code}
> gradlew "ofbiz --graph"
> {code}
> will output a {{ofbiz.dot}} file that can be processed with Graphviz:
> {code}
> cat ofbiz.dot | dot -T png -o ofbiz.png
> {code}
> Currently there is no dependency relationship specified by components but to
> check the kind of graph is produced it is possible to revert commit
> aae1c8a8f5fed7de717290c938297be62c0460fa
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (OFBIZ-11315) Add “--graph” option
[
https://issues.apache.org/jira/browse/OFBIZ-11315?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mathieu Lirzin updated OFBIZ-11315:
---
Attachment:
OFBIZ-11315_standard-no-prefix-format_0001-Implemented-Add-graph-option.patch
> Add “--graph” option
>
>
> Key: OFBIZ-11315
> URL: https://issues.apache.org/jira/browse/OFBIZ-11315
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Attachments: 0001-Implemented-Add-graph-option.patch,
> OFBIZ-11315-complete.patch,
> OFBIZ-11315_standard-no-prefix-format_0001-Implemented-Add-graph-option.patch
>
>
> In order to inspect what components are loaded by OFBiz and their dependency
> relationship, it is convenient to have a visual graph representation.
> {code}
> gradlew "ofbiz --graph"
> {code}
> will output a {{ofbiz.dot}} file that can be processed with Graphviz:
> {code}
> cat ofbiz.dot | dot -T png -o ofbiz.png
> {code}
> Currently there is no dependency relationship specified by components but to
> check the kind of graph is produced it is possible to revert commit
> aae1c8a8f5fed7de717290c938297be62c0460fa
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-11315) Add “--graph” option
[
https://issues.apache.org/jira/browse/OFBIZ-11315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17007439#comment-17007439
]
Jacques Le Roux commented on OFBIZ-11315:
-
As I did the whole thing, here is a complete patch with all changes from
OFBIZ-11296, OFBIZ-11314 and OFBIZ-11315(the one here)
[^OFBIZ-11315-complete.patch]
> Add “--graph” option
>
>
> Key: OFBIZ-11315
> URL: https://issues.apache.org/jira/browse/OFBIZ-11315
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Attachments: 0001-Implemented-Add-graph-option.patch,
> OFBIZ-11315-complete.patch
>
>
> In order to inspect what components are loaded by OFBiz and their dependency
> relationship, it is convenient to have a visual graph representation.
> {code}
> gradlew "ofbiz --graph"
> {code}
> will output a {{ofbiz.dot}} file that can be processed with Graphviz:
> {code}
> cat ofbiz.dot | dot -T png -o ofbiz.png
> {code}
> Currently there is no dependency relationship specified by components but to
> check the kind of graph is produced it is possible to revert commit
> aae1c8a8f5fed7de717290c938297be62c0460fa
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (OFBIZ-11315) Add “--graph” option
[
https://issues.apache.org/jira/browse/OFBIZ-11315?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jacques Le Roux updated OFBIZ-11315:
Attachment: OFBIZ-11315-complete.patch
> Add “--graph” option
>
>
> Key: OFBIZ-11315
> URL: https://issues.apache.org/jira/browse/OFBIZ-11315
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Attachments: 0001-Implemented-Add-graph-option.patch,
> OFBIZ-11315-complete.patch
>
>
> In order to inspect what components are loaded by OFBiz and their dependency
> relationship, it is convenient to have a visual graph representation.
> {code}
> gradlew "ofbiz --graph"
> {code}
> will output a {{ofbiz.dot}} file that can be processed with Graphviz:
> {code}
> cat ofbiz.dot | dot -T png -o ofbiz.png
> {code}
> Currently there is no dependency relationship specified by components but to
> check the kind of graph is produced it is possible to revert commit
> aae1c8a8f5fed7de717290c938297be62c0460fa
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-11315) Add “--graph” option
[
https://issues.apache.org/jira/browse/OFBIZ-11315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17007421#comment-17007421
]
Jacques Le Roux commented on OFBIZ-11315:
-
Pierre, look at OFBIZ-11296
> Add “--graph” option
>
>
> Key: OFBIZ-11315
> URL: https://issues.apache.org/jira/browse/OFBIZ-11315
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Attachments: 0001-Implemented-Add-graph-option.patch
>
>
> In order to inspect what components are loaded by OFBiz and their dependency
> relationship, it is convenient to have a visual graph representation.
> {code}
> gradlew "ofbiz --graph"
> {code}
> will output a {{ofbiz.dot}} file that can be processed with Graphviz:
> {code}
> cat ofbiz.dot | dot -T png -o ofbiz.png
> {code}
> Currently there is no dependency relationship specified by components but to
> check the kind of graph is produced it is possible to revert commit
> aae1c8a8f5fed7de717290c938297be62c0460fa
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-11315) Add “--graph” option
[
https://issues.apache.org/jira/browse/OFBIZ-11315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17007420#comment-17007420
]
Jacques Le Roux commented on OFBIZ-11315:
-
Hi Mathieu,
Looks quite interesting, looking forward! In the meantime could you please
provide a standard patch(diff format)?
> Add “--graph” option
>
>
> Key: OFBIZ-11315
> URL: https://issues.apache.org/jira/browse/OFBIZ-11315
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Attachments: 0001-Implemented-Add-graph-option.patch
>
>
> In order to inspect what components are loaded by OFBiz and their dependency
> relationship, it is convenient to have a visual graph representation.
> {code}
> gradlew "ofbiz --graph"
> {code}
> will output a {{ofbiz.dot}} file that can be processed with Graphviz:
> {code}
> cat ofbiz.dot | dot -T png -o ofbiz.png
> {code}
> Currently there is no dependency relationship specified by components but to
> check the kind of graph is produced it is possible to revert commit
> aae1c8a8f5fed7de717290c938297be62c0460fa
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-11315) Add “--graph” option
[
https://issues.apache.org/jira/browse/OFBIZ-11315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17007409#comment-17007409
]
Pierre Smits commented on OFBIZ-11315:
--
Hi Mathieu,
What is this commit *aae1c8a8f5fed7de717290c938297be62c0460fa* you're
referencing?
> Add “--graph” option
>
>
> Key: OFBIZ-11315
> URL: https://issues.apache.org/jira/browse/OFBIZ-11315
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Attachments: 0001-Implemented-Add-graph-option.patch
>
>
> In order to inspect what components are loaded by OFBiz and their dependency
> relationship, it is convenient to have a visual graph representation.
> {code}
> gradlew "ofbiz --graph"
> {code}
> will output a {{ofbiz.dot}} file that can be processed with Graphviz:
> {code}
> cat ofbiz.dot | dot -T png -o ofbiz.png
> {code}
> Currently there is no dependency relationship specified by components but to
> check the kind of graph is produced it is possible to revert commit
> aae1c8a8f5fed7de717290c938297be62c0460fa
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Comment Edited] (OFBIZ-11315) Add “--graph” option
[
https://issues.apache.org/jira/browse/OFBIZ-11315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17007404#comment-17007404
]
Mathieu Lirzin edited comment on OFBIZ-11315 at 1/3/20 10:54 AM:
-
I have included [^0001-Implemented-Add-graph-option.patch] which implements
that feature.
This patch must be applied after the ones from OFBIZ-11314 with {{git am
XXX.patch}}
was (Author: mthl):
I have included [^0001-Implemented-Add-graph-option.patch] which implements
that feature.
This patch must be applied after the one from OFBIZ-11314 with {{git am
XXX.patch}}
> Add “--graph” option
>
>
> Key: OFBIZ-11315
> URL: https://issues.apache.org/jira/browse/OFBIZ-11315
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Attachments: 0001-Implemented-Add-graph-option.patch
>
>
> In order to inspect what components are loaded by OFBiz and their dependency
> relationship, it is convenient to have a visual graph representation.
> {code}
> gradlew "ofbiz --graph"
> {code}
> will output a {{ofbiz.dot}} file that can be processed with Graphviz:
> {code}
> cat ofbiz.dot | dot -T png -o ofbiz.png
> {code}
> Currently there is no dependency relationship specified by components but to
> check the kind of graph is produced it is possible to revert commit
> aae1c8a8f5fed7de717290c938297be62c0460fa
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-11315) Add “--graph” option
[
https://issues.apache.org/jira/browse/OFBIZ-11315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17007404#comment-17007404
]
Mathieu Lirzin commented on OFBIZ-11315:
I have included [^0001-Implemented-Add-graph-option.patch] which implements
that feature.
This patch must be applied after the one from OFBIZ-11314 with {{git am
XXX.patch}}
> Add “--graph” option
>
>
> Key: OFBIZ-11315
> URL: https://issues.apache.org/jira/browse/OFBIZ-11315
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Attachments: 0001-Implemented-Add-graph-option.patch
>
>
> In order to inspect what components are loaded by OFBiz and their dependency
> relationship, it is convenient to have a visual graph representation.
> {code}
> gradlew "ofbiz --graph"
> {code}
> will output a {{ofbiz.dot}} file that can be processed with Graphviz:
> {code}
> cat ofbiz.dot | dot -T png -o ofbiz.png
> {code}
> Currently there is no dependency relationship specified by components but to
> check the kind of graph is produced it is possible to revert commit
> aae1c8a8f5fed7de717290c938297be62c0460fa
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (OFBIZ-11315) Add “--graph” option
[
https://issues.apache.org/jira/browse/OFBIZ-11315?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mathieu Lirzin updated OFBIZ-11315:
---
Attachment: 0001-Implemented-Add-graph-option.patch
> Add “--graph” option
>
>
> Key: OFBIZ-11315
> URL: https://issues.apache.org/jira/browse/OFBIZ-11315
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Attachments: 0001-Implemented-Add-graph-option.patch
>
>
> In order to inspect what components are loaded by OFBiz and their dependency
> relationship, it is convenient to have a visual graph representation.
> {code}
> gradlew "ofbiz --graph"
> {code}
> will output a {{ofbiz.dot}} file that can be processed with Graphviz:
> {code}
> cat ofbiz.dot | dot -T png -o ofbiz.png
> {code}
> Currently there is no dependency relationship specified by components but to
> check the kind of graph is produced it is possible to revert commit
> aae1c8a8f5fed7de717290c938297be62c0460fa
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (OFBIZ-11315) Add “--graph” option
[
https://issues.apache.org/jira/browse/OFBIZ-11315?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mathieu Lirzin updated OFBIZ-11315:
---
Description:
In order to inspect what components are loaded by OFBiz and their dependency
relationship, it is convenient to have a visual graph representation.
{code}
gradlew "ofbiz --graph"
{code}
will output a {{ofbiz.dot}} file that can be processed with Graphviz:
{code}
cat ofbiz.dot | dot -T png -o ofbiz.png
{code}
Currently there is no dependency relationship specified by components but to
check the kind of input produced it is possible to revert commit
aae1c8a8f5fed7de717290c938297be62c0460fa
was:
In order to inspect what components are loaded by OFBiz and their dependency
relationship, it is convenient to have a visual graph representation.
{code}
gradlew "ofbiz --graph"
{code}
will output a {{ofbiz.dot}} file that can be processed with Graphviz:
{code}
cat ofbiz.dot | dot -T png -o ofbiz.png
{code}
Currently there is not dependency relationship specified by components but to
check the kind of input produced it is possible to revert commit
aae1c8a8f5fed7de717290c938297be62c0460fa
> Add “--graph” option
>
>
> Key: OFBIZ-11315
> URL: https://issues.apache.org/jira/browse/OFBIZ-11315
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
>
> In order to inspect what components are loaded by OFBiz and their dependency
> relationship, it is convenient to have a visual graph representation.
> {code}
> gradlew "ofbiz --graph"
> {code}
> will output a {{ofbiz.dot}} file that can be processed with Graphviz:
> {code}
> cat ofbiz.dot | dot -T png -o ofbiz.png
> {code}
> Currently there is no dependency relationship specified by components but to
> check the kind of input produced it is possible to revert commit
> aae1c8a8f5fed7de717290c938297be62c0460fa
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (OFBIZ-11315) Add “--graph” option
[
https://issues.apache.org/jira/browse/OFBIZ-11315?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mathieu Lirzin updated OFBIZ-11315:
---
Description:
In order to inspect what components are loaded by OFBiz and their dependency
relationship, it is convenient to have a visual graph representation.
{code}
gradlew "ofbiz --graph"
{code}
will output a {{ofbiz.dot}} file that can be processed with Graphviz:
{code}
cat ofbiz.dot | dot -T png -o ofbiz.png
{code}
Currently there is not dependency relationship specified by components but to
check the kind of input produced it is possible to revert commit
aae1c8a8f5fed7de717290c938297be62c0460fa
was:
In order to inspect what components are loaded by OFBiz and their dependency
relationship, it is convenient to have a visual graph representation.
{code}
gradlew "ofbiz --graph"
{code}
will output a {{ofbiz.dot}} file that can be processed with Graphviz:
{{cat ofbiz.dot | dot -T png -o ofbiz.png}}
Currently there is not dependency relationship specified by components but to
check the kind of input produced it is possible to revert commit
aae1c8a8f5fed7de717290c938297be62c0460fa
> Add “--graph” option
>
>
> Key: OFBIZ-11315
> URL: https://issues.apache.org/jira/browse/OFBIZ-11315
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
>
> In order to inspect what components are loaded by OFBiz and their dependency
> relationship, it is convenient to have a visual graph representation.
> {code}
> gradlew "ofbiz --graph"
> {code}
> will output a {{ofbiz.dot}} file that can be processed with Graphviz:
> {code}
> cat ofbiz.dot | dot -T png -o ofbiz.png
> {code}
> Currently there is not dependency relationship specified by components but to
> check the kind of input produced it is possible to revert commit
> aae1c8a8f5fed7de717290c938297be62c0460fa
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (OFBIZ-11315) Add “--graph” option
[
https://issues.apache.org/jira/browse/OFBIZ-11315?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mathieu Lirzin updated OFBIZ-11315:
---
Description:
In order to inspect what components are loaded by OFBiz and their dependency
relationship, it is convenient to have a visual graph representation.
{code}
gradlew "ofbiz --graph"
{code}
will output a {{ofbiz.dot}} file that can be processed with Graphviz:
{code}
cat ofbiz.dot | dot -T png -o ofbiz.png
{code}
Currently there is no dependency relationship specified by components but to
check the kind of graph is produced it is possible to revert commit
aae1c8a8f5fed7de717290c938297be62c0460fa
was:
In order to inspect what components are loaded by OFBiz and their dependency
relationship, it is convenient to have a visual graph representation.
{code}
gradlew "ofbiz --graph"
{code}
will output a {{ofbiz.dot}} file that can be processed with Graphviz:
{code}
cat ofbiz.dot | dot -T png -o ofbiz.png
{code}
Currently there is no dependency relationship specified by components but to
check the kind of input produced it is possible to revert commit
aae1c8a8f5fed7de717290c938297be62c0460fa
> Add “--graph” option
>
>
> Key: OFBIZ-11315
> URL: https://issues.apache.org/jira/browse/OFBIZ-11315
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
>
> In order to inspect what components are loaded by OFBiz and their dependency
> relationship, it is convenient to have a visual graph representation.
> {code}
> gradlew "ofbiz --graph"
> {code}
> will output a {{ofbiz.dot}} file that can be processed with Graphviz:
> {code}
> cat ofbiz.dot | dot -T png -o ofbiz.png
> {code}
> Currently there is no dependency relationship specified by components but to
> check the kind of graph is produced it is possible to revert commit
> aae1c8a8f5fed7de717290c938297be62c0460fa
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Created] (OFBIZ-11315) Add “--graph” option
Mathieu Lirzin created OFBIZ-11315:
--
Summary: Add “--graph” option
Key: OFBIZ-11315
URL: https://issues.apache.org/jira/browse/OFBIZ-11315
Project: OFBiz
Issue Type: New Feature
Components: framework
Affects Versions: Trunk
Reporter: Mathieu Lirzin
Assignee: Mathieu Lirzin
In order to inspect what components are loaded by OFBiz and their dependency
relationship, it is convenient to have a visual graph representation.
{code}
gradlew "ofbiz --graph"
{code}
will output a {{ofbiz.dot}} file that can be processed with Graphviz:
{{cat ofbiz.dot | dot -T png -o ofbiz.png}}
Currently there is not dependency relationship specified by components but to
check the kind of input produced it is possible to revert commit
aae1c8a8f5fed7de717290c938297be62c0460fa
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-11314) Avoid stack overflow in the presence of cycles in controller inclusion
[ https://issues.apache.org/jira/browse/OFBIZ-11314?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17007334#comment-17007334 ] Mathieu Lirzin commented on OFBIZ-11314: I have updated [^0001-Improved-Rewrite-Digraph.patch] to fix a false positive cycle detection. > Avoid stack overflow in the presence of cycles in controller inclusion > -- > > Key: OFBIZ-11314 > URL: https://issues.apache.org/jira/browse/OFBIZ-11314 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Mathieu Lirzin >Assignee: Mathieu Lirzin >Priority: Minor > Attachments: 0001-Improved-Rewrite-Digraph.patch, > 0001-Improved-Rewrite-Digraph.patch, > 0002-Improved-Detect-inclusion-cycles-in-controller-confi.patch > > > The inclusion of controller configuration files can lead to inclusion cycles > which are not safely handled, because they can lead to infinite recursion > that end up in stack overflow exception. > A very basic form of cycle is controllers A and B which includes each other. > I would be better to check the inclusion cycles and report an appropriate > error. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-11314) Avoid stack overflow in the presence of cycles in controller inclusion
[ https://issues.apache.org/jira/browse/OFBIZ-11314?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mathieu Lirzin updated OFBIZ-11314: --- Attachment: 0001-Improved-Rewrite-Digraph.patch > Avoid stack overflow in the presence of cycles in controller inclusion > -- > > Key: OFBIZ-11314 > URL: https://issues.apache.org/jira/browse/OFBIZ-11314 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Mathieu Lirzin >Assignee: Mathieu Lirzin >Priority: Minor > Attachments: 0001-Improved-Rewrite-Digraph.patch, > 0001-Improved-Rewrite-Digraph.patch, > 0002-Improved-Detect-inclusion-cycles-in-controller-confi.patch > > > The inclusion of controller configuration files can lead to inclusion cycles > which are not safely handled, because they can lead to infinite recursion > that end up in stack overflow exception. > A very basic form of cycle is controllers A and B which includes each other. > I would be better to check the inclusion cycles and report an appropriate > error. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Closed] (OFBIZ-6993) Cannot find the declaration of element 'web-app' in version 3.0 files.
[
https://issues.apache.org/jira/browse/OFBIZ-6993?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jacques Le Roux closed OFBIZ-6993.
--
Resolution: Fixed
I think all is OK here, closing
> Cannot find the declaration of element 'web-app' in version 3.0 files.
> --
>
> Key: OFBIZ-6993
> URL: https://issues.apache.org/jira/browse/OFBIZ-6993
> Project: OFBiz
> Issue Type: Bug
> Components: ALL COMPONENTS
>Affects Versions: Trunk, Release Branch 15.12
>Reporter: Forrest Rae
>Assignee: Mathieu Lirzin
>Priority: Major
> Fix For: Release Branch 17.12, Release Branch 18.12
>
> Attachments:
> 0001-Fixed-when-it-comes-to-web.xml-we-should-rely-solely.patch, web-app.patch
>
>
> Been seeing the error below in the logs. Strangely, I've not been able to
> catch the exception in a debugger, but was able to isolate it to the
> definition of the web-app with version 3.0. The error disapears when you
> change the definition from
> {code:xml}
>
> {code}
> to this:
> {code:xml}
> xmlns="http://java.sun.com/xml/ns/javaee";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
> http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd";>
> {code}
> I only tested on 15.12 and Trunk, but it probably affects any release running
> Tomcat 7.0.48 or higher. Here is the error:
> {noformat}
> [java] Apr 07, 2016 4:06:29 PM org.apache.tomcat.util.digester.Digester
> error
> [java] SEVERE: Parse Error at line 22 column 24: cvc-elt.1.a: Cannot
> find the declaration of element 'web-app'.
> [java] org.xml.sax.SAXParseException; lineNumber: 22; columnNumber: 24;
> cvc-elt.1.a: Cannot find the declaration of element 'web-app'.
> [java] at
> org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown
> Source)
> [java] at org.apache.xerces.util.ErrorHandlerWrapper.error(Unknown
> Source)
> [java] at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown
> Source)
> [java] at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown
> Source)
> [java] at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown
> Source)
> [java] at
> org.apache.xerces.impl.xs.XMLSchemaValidator.handleStartElement(Unknown
> Source)
> [java] at
> org.apache.xerces.impl.xs.XMLSchemaValidator.startElement(Unknown Source)
> [java] at
> org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanStartElementAfterName(Unknown
> Source)
> [java] at
> org.apache.xerces.impl.XMLNSDocumentScannerImpl$NSContentDispatcher.scanRootElementHook(Unknown
> Source)
> [java] at
> org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown
> Source)
> [java] at
> org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
> Source)
> [java] at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
> Source)
> [java] at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
> Source)
> [java] at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
> [java] at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown
> Source)
> [java] at
> org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
> [java] at
> org.apache.tomcat.util.digester.Digester.parse(Digester.java:1555)
> [java] at
> org.ofbiz.webapp.WebAppUtil.parseWebXmlFile(WebAppUtil.java:160)
> [java] at org.ofbiz.webapp.WebAppUtil.getWebXml(WebAppUtil.java:131)
> [java] at
> org.ofbiz.webapp.WebAppUtil.getControlServletPath(WebAppUtil.java:67)
> [java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> [java] at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> [java] at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> [java] at java.lang.reflect.Method.invoke(Method.java:498)
> [java] at
> freemarker.ext.beans.BeansWrapper.invokeMethod(BeansWrapper.java:1458)
> [java] at
> freemarker.ext.beans.SimpleMethodModel.exec(SimpleMethodModel.java:71)
> [java] at freemarker.core.MethodCall._eval(MethodCall.java:62)
> [java] at freemarker.core.Expression.eval(Expression.java:78)
> [java] at freemarker.core.Assignment.accept(Assignment.java:70)
> [java] at freemarker.core.Environment.visit(Environment.java:312)
> [java] at freemarker.core.MixedContent.accept(MixedContent.java:62)
> [java] at
> freemarker.core.Environment.visitByHiddingParent(Environment.java:333)
> [java] at
> freemarker.core.IteratorBlock$Context.runLoop(IteratorBlo
[jira] [Commented] (OFBIZ-11306) POC for CSRF Token
[ https://issues.apache.org/jira/browse/OFBIZ-11306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17007300#comment-17007300 ] Jacques Le Roux commented on OFBIZ-11306: - Your patch looks good at 1st glance. I'll have to review more of course, but it seems to get into the right direction to me, much appreciated, thanks! > POC for CSRF Token > -- > > Key: OFBIZ-11306 > URL: https://issues.apache.org/jira/browse/OFBIZ-11306 > Project: OFBiz > Issue Type: Improvement > Components: ALL APPLICATIONS >Affects Versions: Upcoming Branch >Reporter: James Yong >Assignee: Jacques Le Roux >Priority: Minor > Labels: CSRF > Fix For: Upcoming Branch > > Attachments: OFBIZ-11306-v2.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch > > > CRSF tokens are generated using CSRF Guard library and used in: > 1) In widget form where a hidden token field is auto-generated. > 2) In FTL form where a <@csrfTokenField> macro is used to generate the csrf > token field. > 3) In Ajax call where a <@csrfTokenAjax> macro is used to assign csrf token > to X-CSRF-Token in request header. > CSRF tokens are stored in the user sessions, and verified during POST request. > A new attribute i.e. csrf-token is added to the security tag to exempt CSRF > token check. > Certain request path, like LookupPartyName, can be exempt from CSRF token > check during Ajax POST call. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11306) POC for CSRF Token
[ https://issues.apache.org/jira/browse/OFBIZ-11306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17007299#comment-17007299 ] ASF subversion and git services commented on OFBIZ-11306: - Commit a60990010553864175f59cac051a6ca5c7f56742 in ofbiz-framework's branch refs/heads/trunk from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=a609900 ] Fixed: POC for CSRF Token (OFBIZ-11306) While reviewing I found this non related fix (FindPayGrade should be plural) Better to commit it apart > POC for CSRF Token > -- > > Key: OFBIZ-11306 > URL: https://issues.apache.org/jira/browse/OFBIZ-11306 > Project: OFBiz > Issue Type: Improvement > Components: ALL APPLICATIONS >Affects Versions: Upcoming Branch >Reporter: James Yong >Assignee: Jacques Le Roux >Priority: Minor > Labels: CSRF > Fix For: Upcoming Branch > > Attachments: OFBIZ-11306-v2.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch > > > CRSF tokens are generated using CSRF Guard library and used in: > 1) In widget form where a hidden token field is auto-generated. > 2) In FTL form where a <@csrfTokenField> macro is used to generate the csrf > token field. > 3) In Ajax call where a <@csrfTokenAjax> macro is used to assign csrf token > to X-CSRF-Token in request header. > CSRF tokens are stored in the user sessions, and verified during POST request. > A new attribute i.e. csrf-token is added to the security tag to exempt CSRF > token check. > Certain request path, like LookupPartyName, can be exempt from CSRF token > check during Ajax POST call. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11306) POC for CSRF Token
[ https://issues.apache.org/jira/browse/OFBIZ-11306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17007293#comment-17007293 ] Jacques Le Roux commented on OFBIZ-11306: - Thanks James, Your patch applied easily, I just had to fix 2 small conflicts when pulling today. So I attach and updated patch for those interested: [^OFBIZ-11306.patch] I'll review and get back to you ASAP > POC for CSRF Token > -- > > Key: OFBIZ-11306 > URL: https://issues.apache.org/jira/browse/OFBIZ-11306 > Project: OFBiz > Issue Type: Improvement > Components: ALL APPLICATIONS >Affects Versions: Upcoming Branch >Reporter: James Yong >Assignee: Jacques Le Roux >Priority: Minor > Labels: CSRF > Fix For: Upcoming Branch > > Attachments: OFBIZ-11306-v2.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch > > > CRSF tokens are generated using CSRF Guard library and used in: > 1) In widget form where a hidden token field is auto-generated. > 2) In FTL form where a <@csrfTokenField> macro is used to generate the csrf > token field. > 3) In Ajax call where a <@csrfTokenAjax> macro is used to assign csrf token > to X-CSRF-Token in request header. > CSRF tokens are stored in the user sessions, and verified during POST request. > A new attribute i.e. csrf-token is added to the security tag to exempt CSRF > token check. > Certain request path, like LookupPartyName, can be exempt from CSRF token > check during Ajax POST call. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (OFBIZ-11306) POC for CSRF Token
[ https://issues.apache.org/jira/browse/OFBIZ-11306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17007293#comment-17007293 ] Jacques Le Roux edited comment on OFBIZ-11306 at 1/3/20 8:16 AM: - Thanks James, Your patch applied easily, I just had to fix 2 small conflicts when pulling today. So I attach an updated patch for those interested: [^OFBIZ-11306.patch] I'll review and get back to you ASAP was (Author: jacques.le.roux): Thanks James, Your patch applied easily, I just had to fix 2 small conflicts when pulling today. So I attach and updated patch for those interested: [^OFBIZ-11306.patch] I'll review and get back to you ASAP > POC for CSRF Token > -- > > Key: OFBIZ-11306 > URL: https://issues.apache.org/jira/browse/OFBIZ-11306 > Project: OFBiz > Issue Type: Improvement > Components: ALL APPLICATIONS >Affects Versions: Upcoming Branch >Reporter: James Yong >Assignee: Jacques Le Roux >Priority: Minor > Labels: CSRF > Fix For: Upcoming Branch > > Attachments: OFBIZ-11306-v2.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch > > > CRSF tokens are generated using CSRF Guard library and used in: > 1) In widget form where a hidden token field is auto-generated. > 2) In FTL form where a <@csrfTokenField> macro is used to generate the csrf > token field. > 3) In Ajax call where a <@csrfTokenAjax> macro is used to assign csrf token > to X-CSRF-Token in request header. > CSRF tokens are stored in the user sessions, and verified during POST request. > A new attribute i.e. csrf-token is added to the security tag to exempt CSRF > token check. > Certain request path, like LookupPartyName, can be exempt from CSRF token > check during Ajax POST call. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-11306) POC for CSRF Token
[ https://issues.apache.org/jira/browse/OFBIZ-11306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux updated OFBIZ-11306: Attachment: OFBIZ-11306.patch > POC for CSRF Token > -- > > Key: OFBIZ-11306 > URL: https://issues.apache.org/jira/browse/OFBIZ-11306 > Project: OFBiz > Issue Type: Improvement > Components: ALL APPLICATIONS >Affects Versions: Upcoming Branch >Reporter: James Yong >Assignee: Jacques Le Roux >Priority: Minor > Labels: CSRF > Fix For: Upcoming Branch > > Attachments: OFBIZ-11306-v2.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch > > > CRSF tokens are generated using CSRF Guard library and used in: > 1) In widget form where a hidden token field is auto-generated. > 2) In FTL form where a <@csrfTokenField> macro is used to generate the csrf > token field. > 3) In Ajax call where a <@csrfTokenAjax> macro is used to assign csrf token > to X-CSRF-Token in request header. > CSRF tokens are stored in the user sessions, and verified during POST request. > A new attribute i.e. csrf-token is added to the security tag to exempt CSRF > token check. > Certain request path, like LookupPartyName, can be exempt from CSRF token > check during Ajax POST call. -- This message was sent by Atlassian Jira (v8.3.4#803005)
