OFBiz › OFBiz - User

Authorization and SSO server for ofbiz offer

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

8 messages Options

rhodebump

Authorization and SSO server for ofbiz offer

Hi,
My name is Phillip Rhodes, and I have been a java developer since '96,
and have integrated apps with Oracle 11i ERP systems, Tibco, Vertex, sso
and all kinds of interesting projects...

I have a project called "authsum" , think of it as "sum of authorizations"
http://www.authsum.org/

Good summary architecture diagram:
http://www.authsum.org/overview/index.html

In summary, it's a SSO/Identity server. It communicates with client
applications via a JDBC or Web services api to figure out what
authorizations a user has. The authorizations are stored in a lucene
index, so it's fast (given how enterprises can have complicated
group/role structures).

Anyway, just wanted to know if it would be possible to bolt this into
ofbiz. I would be willing to give the authsum code the same license
(apache). Unfortunately, it uses hibernate/spring/tapestry (open source
products) .

It would also "complicate things" because it consists of 4 different
webapps that can be run in a distributed environment. But it also has a
SSO so that it could provide SSO across ofbiz/registration/user
admin/CMS/etc...

Just putting a feeler out.
Phillip

Jacques Le Roux

Re: Authorization and SSO server for ofbiz offer

Administrator

Phillip,

Just about licence : only Hibernate is really a problem since it's LGPL licenced

BTW you may consider using Entity Engine in place of Hibernate/Spring/Tapestry because I can't see how all that would fit in OFBiz
:o)

It's up to you...

Jacques

----- Original Message -----
From: "Phillip Rhodes" <[hidden email]>
To: <[hidden email]>
Sent: Tuesday, December 19, 2006 4:57 AM
Subject: Authorization and SSO server for ofbiz offer

> Hi,
> My name is Phillip Rhodes, and I have been a java developer since '96,
> and have integrated apps with Oracle 11i ERP systems, Tibco, Vertex, sso
> and all kinds of interesting projects...
>
> I have a project called "authsum" , think of it as "sum of authorizations"
> http://www.authsum.org/
>
> Good summary architecture diagram:
> http://www.authsum.org/overview/index.html
>
> In summary, it's a SSO/Identity server. It communicates with client
> applications via a JDBC or Web services api to figure out what
> authorizations a user has. The authorizations are stored in a lucene
> index, so it's fast (given how enterprises can have complicated
> group/role structures).
>
> Anyway, just wanted to know if it would be possible to bolt this into
> ofbiz. I would be willing to give the authsum code the same license
> (apache). Unfortunately, it uses hibernate/spring/tapestry (open source
> products) .
>
> It would also "complicate things" because it consists of 4 different
> webapps that can be run in a distributed environment. But it also has a
> SSO so that it could provide SSO across ofbiz/registration/user
> admin/CMS/etc...
>
> Just putting a feeler out.
> Phillip
>

rhodebump

Re: Authorization and SSO server for ofbiz offer

Is springframework a problem?

I could switch out hibernate to something else, since most of the fun is in
lucene.

Do you understand what authsum could bring to ofbiz? It could tell you what
customers you can place an order on behalf of in a split second.

Phillip
----- Original Message -----
From: "Jacques Le Roux" <[hidden email]>
To: <[hidden email]>
Sent: Tuesday, December 19, 2006 4:08 AM
Subject: Re: Authorization and SSO server for ofbiz offer

> Phillip,
>
> Just about licence : only Hibernate is really a problem since it's LGPL
> licenced
>
> BTW you may consider using Entity Engine in place of
> Hibernate/Spring/Tapestry because I can't see how all that would fit in
> OFBiz
> :o)
>
> It's up to you...
>
> Jacques
>
> ----- Original Message -----
> From: "Phillip Rhodes" <[hidden email]>
> To: <[hidden email]>
> Sent: Tuesday, December 19, 2006 4:57 AM
> Subject: Authorization and SSO server for ofbiz offer
>
>
>> Hi,
>> My name is Phillip Rhodes, and I have been a java developer since '96,
>> and have integrated apps with Oracle 11i ERP systems, Tibco, Vertex, sso
>> and all kinds of interesting projects...
>>
>> I have a project called "authsum" , think of it as "sum of
>> authorizations"
>> http://www.authsum.org/
>>
>> Good summary architecture diagram:
>> http://www.authsum.org/overview/index.html
>>
>> In summary, it's a SSO/Identity server. It communicates with client
>> applications via a JDBC or Web services api to figure out what
>> authorizations a user has. The authorizations are stored in a lucene
>> index, so it's fast (given how enterprises can have complicated
>> group/role structures).
>>
>> Anyway, just wanted to know if it would be possible to bolt this into
>> ofbiz. I would be willing to give the authsum code the same license
>> (apache). Unfortunately, it uses hibernate/spring/tapestry (open source
>> products) .
>>
>> It would also "complicate things" because it consists of 4 different
>> webapps that can be run in a distributed environment. But it also has a
>> SSO so that it could provide SSO across ofbiz/registration/user
>> admin/CMS/etc...
>>
>> Just putting a feeler out.
>> Phillip
>>
>

Torsten Schlabach-2

Re: Authorization and SSO server for ofbiz offer

Hi Philip!

Thanks for the heads up. You project is probably something I have been
looking for for quite some time.

On the question about the fit with OFBiz:

Does OFBiz provide any means for delegating both authentication and / or
authoriation to somewhere outside it's own database right now? Does
OFBiz use JAAS for example? Could I use objects in some LDAP directory
to authenticate and / or authorize users in OFBiz?

I don't think I'd have that much of a voice here, but to me, introducing
the option to delegate AAA for OFBiz to any existing system makes all
the sense in the world. People just have too many passwords to remember.

Just my 2 cents.

Regards,
Torsten

spamsucks schrieb:

> Is springframework a problem?
>
> I could switch out hibernate to something else, since most of the fun is
> in lucene.
>
> Do you understand what authsum could bring to ofbiz? It could tell you
> what customers you can place an order on behalf of in a split second.
>
>
> Phillip
> ----- Original Message ----- From: "Jacques Le Roux"
> <[hidden email]>
> To: <[hidden email]>
> Sent: Tuesday, December 19, 2006 4:08 AM
> Subject: Re: Authorization and SSO server for ofbiz offer
>
>
>> Phillip,
>>
>> Just about licence : only Hibernate is really a problem since it's
>> LGPL licenced
>>
>> BTW you may consider using Entity Engine in place of
>> Hibernate/Spring/Tapestry because I can't see how all that would fit
>> in OFBiz
>> :o)
>>
>> It's up to you...
>>
>> Jacques
>>
>> ----- Original Message ----- From: "Phillip Rhodes"
>> <[hidden email]>
>> To: <[hidden email]>
>> Sent: Tuesday, December 19, 2006 4:57 AM
>> Subject: Authorization and SSO server for ofbiz offer
>>
>>
>>> Hi,
>>> My name is Phillip Rhodes, and I have been a java developer since '96,
>>> and have integrated apps with Oracle 11i ERP systems, Tibco, Vertex, sso
>>> and all kinds of interesting projects...
>>>
>>> I have a project called "authsum" , think of it as "sum of
>>> authorizations"
>>> http://www.authsum.org/
>>>
>>> Good summary architecture diagram:
>>> http://www.authsum.org/overview/index.html
>>>
>>> In summary, it's a SSO/Identity server. It communicates with client
>>> applications via a JDBC or Web services api to figure out what
>>> authorizations a user has. The authorizations are stored in a lucene
>>> index, so it's fast (given how enterprises can have complicated
>>> group/role structures).
>>>
>>> Anyway, just wanted to know if it would be possible to bolt this into
>>> ofbiz. I would be willing to give the authsum code the same license
>>> (apache). Unfortunately, it uses hibernate/spring/tapestry (open source
>>> products) .
>>>
>>> It would also "complicate things" because it consists of 4 different
>>> webapps that can be run in a distributed environment. But it also has a
>>> SSO so that it could provide SSO across ofbiz/registration/user
>>> admin/CMS/etc...
>>>
>>> Just putting a feeler out.
>>> Phillip
>>>
>>
>

Cameron Smith-6

Re: Authorization and SSO server for ofbiz offer

In reply to this post by rhodebump

Talking only about the technology frameworks here....

1. Hibernate: the obvious choice would to swap it with OFBiz Entity Engine, since they do very similar things, and the basic ideas are very similar. I have never used the EE outside of OFBiz but it must be doable as Atlassian JIRA which must have to be hard as f*ck, uses the EE as its persistence engine.

2. Spring: I have been using Spring plus OFBiz together for while, without problems. I load the ApplicationContext from my webapp. I do LESS THINGS with Spring, as OFBiz provides many of them (ex. declarative caching, Transaction mgt). But I reckon it still adds value. If you ported authsum to run as an optional module in the hot-deploy directory, (the mode used by OpenTAPS modules), then the core OFBiz itself has no dependency on Spring. People who want authsum funcionality could, for instance, simply...
a. Stick a configured authsum module into hot-deploy
b. Alter a few tags in some central OFBiz config file to point its security system at authsum.
c. Restart.

3. Lucene. No experience here.

Whatever, you probably WOULD need to refactor some of the core OFBiz security stuff to make it a bit more pluggable, but I don't think this would be a huge job.

cameron

----- Original Message ----
From: spamsucks <[hidden email]>
To: [hidden email]; Jacques Le Roux <[hidden email]>
Sent: Wednesday, 20 December, 2006 4:25:23 PM
Subject: Re: Authorization and SSO server for ofbiz offer

Is springframework a problem?

I could switch out hibernate to something else, since most of the fun is in
lucene.

Do you understand what authsum could bring to ofbiz? It could tell you what
customers you can place an order on behalf of in a split second.

Phillip
----- Original Message -----
From: "Jacques Le Roux" <[hidden email]>
To: <[hidden email]>
Sent: Tuesday, December 19, 2006 4:08 AM
Subject: Re: Authorization and SSO server for ofbiz offer

___________________________________________________________
All New Yahoo! Mail – Tired of Vi@gr@! come-ons? Let our SpamGuard protect you. http://uk.docs.yahoo.com/nowyoucan.html

Jacques Le Roux

Re: Authorization and SSO server for ofbiz offer

Administrator

Can't say best, just one point : Lucene API is already used in OFBiz to index words search I guess (in content module)

BTW Cameron what kinds of values is adding Spring to you ? Or is it because your application was already using it and hence it's
easier to let it like that ?

Thanks

Jacques

From: "Cameron Smith" <[hidden email]>
> Talking only about the technology frameworks here....
>
> 1. Hibernate: the obvious choice would to swap it with OFBiz Entity Engine, since they do very similar things, and the basic
ideas are very similar. I have never used the EE outside of OFBiz but it must be doable as Atlassian JIRA which must have to be
hard as f*ck, uses the EE as its persistence engine.
>
> 2. Spring: I have been using Spring plus OFBiz together for while, without problems. I load the ApplicationContext from my
webapp. I do LESS THINGS with Spring, as OFBiz provides many of them (ex. declarative caching, Transaction mgt). But I reckon it
still adds value. If you ported authsum to run as an optional module in the hot-deploy directory, (the mode used by OpenTAPS
modules), then the core OFBiz itself has no dependency on Spring. People who want authsum funcionality could, for instance,
simply...
> a. Stick a configured authsum module into hot-deploy
> b. Alter a few tags in some central OFBiz config file to point its security system at authsum.
> c. Restart.
>
> 3. Lucene. No experience here.
>
> Whatever, you probably WOULD need to refactor some of the core OFBiz security stuff to make it a bit more pluggable, but I don't
think this would be a huge job.

>
> cameron
>
> ----- Original Message ----
> From: spamsucks <[hidden email]>
> To: [hidden email]; Jacques Le Roux <[hidden email]>
> Sent: Wednesday, 20 December, 2006 4:25:23 PM
> Subject: Re: Authorization and SSO server for ofbiz offer
>
> Is springframework a problem?
>
> I could switch out hibernate to something else, since most of the fun is in
> lucene.
>
> Do you understand what authsum could bring to ofbiz? It could tell you what
> customers you can place an order on behalf of in a split second.
>
>
> Phillip
> ----- Original Message -----
> From: "Jacques Le Roux" <[hidden email]>
> To: <[hidden email]>
> Sent: Tuesday, December 19, 2006 4:08 AM
> Subject: Re: Authorization and SSO server for ofbiz offer
>
>
> > Phillip,
> >
> > Just about licence : only Hibernate is really a problem since it's LGPL
> > licenced
> >
> > BTW you may consider using Entity Engine in place of
> > Hibernate/Spring/Tapestry because I can't see how all that would fit in
> > OFBiz
> > :o)
> >
> > It's up to you...
> >
> > Jacques
> >
> > ----- Original Message -----
> > From: "Phillip Rhodes" <[hidden email]>
> > To: <[hidden email]>
> > Sent: Tuesday, December 19, 2006 4:57 AM
> > Subject: Authorization and SSO server for ofbiz offer
> >
> >
> >> Hi,
> >> My name is Phillip Rhodes, and I have been a java developer since '96,
> >> and have integrated apps with Oracle 11i ERP systems, Tibco, Vertex, sso
> >> and all kinds of interesting projects...
> >>
> >> I have a project called "authsum" , think of it as "sum of
> >> authorizations"
> >> http://www.authsum.org/
> >>
> >> Good summary architecture diagram:
> >> http://www.authsum.org/overview/index.html
> >>
> >> In summary, it's a SSO/Identity server. It communicates with client
> >> applications via a JDBC or Web services api to figure out what
> >> authorizations a user has. The authorizations are stored in a lucene
> >> index, so it's fast (given how enterprises can have complicated
> >> group/role structures).
> >>
> >> Anyway, just wanted to know if it would be possible to bolt this into
> >> ofbiz. I would be willing to give the authsum code the same license
> >> (apache). Unfortunately, it uses hibernate/spring/tapestry (open source
> >> products) .
> >>
> >> It would also "complicate things" because it consists of 4 different
> >> webapps that can be run in a distributed environment. But it also has a
> >> SSO so that it could provide SSO across ofbiz/registration/user
> >> admin/CMS/etc...
> >>
> >> Just putting a feeler out.
> >> Phillip
> >>
> >
>
>
>
>
>
>
>
>
> ___________________________________________________________
> All New Yahoo! Mail – Tired of Vi@gr@! come-ons? Let our SpamGuard protect you. http://uk.docs.yahoo.com/nowyoucan.html

Cameron Smith-6

Re: Authorization and SSO server for ofbiz offer

In reply to this post by rhodebump

Here are the things I consider to be added value from Spring. I have no doubt that some of them, had we not come from a Spring-tastic background, could have been substituted via "pure OFBiz" things with a bit of work. We just took the path of least resistance for us.

1. Centralized configuration and syntax of all extra bits and custom modules and components, whether 3rd party or in-house. This encourages refactoring and modularization of code. It also makes dumb config errors easy to spot for developers.
2. Much easier automated integration testing. OFBiz is not big on automated testing, as I have pointed out in a previous post a while back. Spring makes it simple for our automated tests to use the exact same config with only certain components swapped with test-specific versions.
3. Security. We use Acegi (the wierdly named Spring security module), and have just pointed it at OFBiz user_login table. We're in the middle of plugging it more correctly into the OFBiz security module. It has a much more flexible API to do just about anything.

cameron

----- Original Message ----
From: Jacques Le Roux <[hidden email]>
To: Cameron Smith <[hidden email]>; [hidden email]
Sent: Thursday, 21 December, 2006 12:06:43 AM
Subject: Re: Authorization and SSO server for ofbiz offer

Can't say best, just one point : Lucene API is already used in OFBiz to index words search I guess (in content module)

BTW Cameron what kinds of values is adding Spring to you ? Or is it because your application was already using it and hence it's
easier to let it like that ?

Thanks

Jacques

From: "Cameron Smith" <[hidden email]>
> Talking only about the technology frameworks here....
>
> 1. Hibernate: the obvious choice would to swap it with OFBiz Entity Engine, since they do very similar things, and the basic
ideas are very similar. I have never used the EE outside of OFBiz but it must be doable as Atlassian JIRA which must have to be
hard as f*ck, uses the EE as its persistence engine.
>
> 2. Spring: I have been using Spring plus OFBiz together for while, without problems. I load the ApplicationContext from my
webapp. I do LESS THINGS with Spring, as OFBiz provides many of them (ex. declarative caching, Transaction mgt). But I reckon it
still adds value. If you ported authsum to run as an optional module in the hot-deploy directory, (the mode used by OpenTAPS
modules), then the core OFBiz itself has no dependency on Spring. People who want authsum funcionality could, for instance,
simply...
> a. Stick a configured authsum module into hot-deploy
> b. Alter a few tags in some central OFBiz config file to point its security system at authsum.
> c. Restart.
>
> 3. Lucene. No experience here.
>
> Whatever, you probably WOULD need to refactor some of the core OFBiz security stuff to make it a bit more pluggable, but I don't
think this would be a huge job.

___________________________________________________________
The all-new Yahoo! Mail goes wherever you go - free your email address from your Internet provider. http://uk.docs.yahoo.com/nowyoucan.html

Jacques Le Roux

Re: Authorization and SSO server for ofbiz offer

Administrator

Thanks Cameron to share this.

Jacques

----- Original Message -----
From: "Cameron Smith" <[hidden email]>
To: <[hidden email]>
Sent: Thursday, December 21, 2006 10:35 AM
Subject: Re: Authorization and SSO server for ofbiz offer

> Here are the things I consider to be added value from Spring. I have no doubt that some of them, had we not come from a
Spring-tastic background, could have been substituted via "pure OFBiz" things with a bit of work. We just took the path of least
resistance for us.
>
> 1. Centralized configuration and syntax of all extra bits and custom modules and components, whether 3rd party or in-house. This
encourages refactoring and modularization of code. It also makes dumb config errors easy to spot for developers.
> 2. Much easier automated integration testing. OFBiz is not big on automated testing, as I have pointed out in a previous post a
while back. Spring makes it simple for our automated tests to use the exact same config with only certain components swapped with
test-specific versions.
> 3. Security. We use Acegi (the wierdly named Spring security module), and have just pointed it at OFBiz user_login table. We're
in the middle of plugging it more correctly into the OFBiz security module. It has a much more flexible API to do just about
anything.

>
> cameron
>
> ----- Original Message ----
> From: Jacques Le Roux <[hidden email]>
> To: Cameron Smith <[hidden email]>; [hidden email]
> Sent: Thursday, 21 December, 2006 12:06:43 AM
> Subject: Re: Authorization and SSO server for ofbiz offer
>
> Can't say best, just one point : Lucene API is already used in OFBiz to index words search I guess (in content module)
>
> BTW Cameron what kinds of values is adding Spring to you ? Or is it because your application was already using it and hence it's
> easier to let it like that ?
>
> Thanks
>
> Jacques
>
> From: "Cameron Smith" <[hidden email]>
> > Talking only about the technology frameworks here....
> >
> > 1. Hibernate: the obvious choice would to swap it with OFBiz Entity Engine, since they do very similar things, and the basic
> ideas are very similar. I have never used the EE outside of OFBiz but it must be doable as Atlassian JIRA which must have to be
> hard as f*ck, uses the EE as its persistence engine.
> >
> > 2. Spring: I have been using Spring plus OFBiz together for while, without problems. I load the ApplicationContext from my
> webapp. I do LESS THINGS with Spring, as OFBiz provides many of them (ex. declarative caching, Transaction mgt). But I reckon

> still adds value. If you ported authsum to run as an optional module in the hot-deploy directory, (the mode used by OpenTAPS
> modules), then the core OFBiz itself has no dependency on Spring. People who want authsum funcionality could, for instance,
> simply...
> > a. Stick a configured authsum module into hot-deploy
> > b. Alter a few tags in some central OFBiz config file to point its security system at authsum.
> > c. Restart.
> >
> > 3. Lucene. No experience here.
> >
> > Whatever, you probably WOULD need to refactor some of the core OFBiz security stuff to make it a bit more pluggable, but I don't
> think this would be a huge job.
> >
> > cameron
> >
> > ----- Original Message ----
> > From: spamsucks <[hidden email]>
> > To: [hidden email]; Jacques Le Roux <[hidden email]>
> > Sent: Wednesday, 20 December, 2006 4:25:23 PM
> > Subject: Re: Authorization and SSO server for ofbiz offer
> >
> > Is springframework a problem?
> >
> > I could switch out hibernate to something else, since most of the fun is in
> > lucene.
> >
> > Do you understand what authsum could bring to ofbiz? It could tell you what
> > customers you can place an order on behalf of in a split second.
> >
> >
> > Phillip
> > ----- Original Message -----
> > From: "Jacques Le Roux" <[hidden email]>
> > To: <[hidden email]>
> > Sent: Tuesday, December 19, 2006 4:08 AM
> > Subject: Re: Authorization and SSO server for ofbiz offer
> >
> >
> > > Phillip,
> > >
> > > Just about licence : only Hibernate is really a problem since it's LGPL
> > > licenced
> > >
> > > BTW you may consider using Entity Engine in place of
> > > Hibernate/Spring/Tapestry because I can't see how all that would fit in
> > > OFBiz
> > > :o)
> > >
> > > It's up to you...
> > >
> > > Jacques
> > >
> > > ----- Original Message -----
> > > From: "Phillip Rhodes" <[hidden email]>
> > > To: <[hidden email]>
> > > Sent: Tuesday, December 19, 2006 4:57 AM
> > > Subject: Authorization and SSO server for ofbiz offer
> > >
> > >
> > >> Hi,
> > >> My name is Phillip Rhodes, and I have been a java developer since '96,
> > >> and have integrated apps with Oracle 11i ERP systems, Tibco, Vertex, sso
> > >> and all kinds of interesting projects...
> > >>
> > >> I have a project called "authsum" , think of it as "sum of
> > >> authorizations"
> > >> http://www.authsum.org/
> > >>
> > >> Good summary architecture diagram:
> > >> http://www.authsum.org/overview/index.html
> > >>
> > >> In summary, it's a SSO/Identity server. It communicates with client
> > >> applications via a JDBC or Web services api to figure out what
> > >> authorizations a user has. The authorizations are stored in a lucene
> > >> index, so it's fast (given how enterprises can have complicated
> > >> group/role structures).
> > >>
> > >> Anyway, just wanted to know if it would be possible to bolt this into
> > >> ofbiz. I would be willing to give the authsum code the same license
> > >> (apache). Unfortunately, it uses hibernate/spring/tapestry (open source
> > >> products) .
> > >>
> > >> It would also "complicate things" because it consists of 4 different
> > >> webapps that can be run in a distributed environment. But it also has a
> > >> SSO so that it could provide SSO across ofbiz/registration/user
> > >> admin/CMS/etc...
> > >>
> > >> Just putting a feeler out.
> > >> Phillip
> > >>
> > >
> >
> >
> >
> >
> >
> >
> >
> >
> > ___________________________________________________________
> > All New Yahoo! Mail – Tired of Vi@gr@! come-ons? Let our SpamGuard protect you. http://uk.docs.yahoo.com/nowyoucan.html
>
>
>
>
>
>
>
> ___________________________________________________________
> The all-new Yahoo! Mail goes wherever you go - free your email address from your Internet provider.

http://uk.docs.yahoo.com/nowyoucan.html