Administrator
|
I get that we have this information at
https://localhost:8443/docs/swagger-ui.html like with https://localhost:8443/docs/swagger-ui.html#/Exported%20Services/findProductById So I guess we can put a link to that, rigth? Also there is no [hidden email] (at OpenApiResource::buildOpenApiContact) I'd suggest [hidden email] For "Terms of service" I suggest a link to ASL2 and to remove the below direct link to it. BTW thanks Girish, this is really a great step forward :) Jacques Le 02/08/2020 à 09:40, Jacques Le Roux a écrit : > Hi Girish, > > I'm just starting to review so I may miss things. Just a question for now. We have an option at > > https://demo-trunk.ofbiz.apache.org/webtools/control/ServiceList?sel_service_name=testScv > > to (Show wsdl <https://demo-trunk.ofbiz.apache.org:443/webtools/control/ServiceList?sel_service_name=testScv&show_wsdl=true>) > > Would it be possible to have the same for REST? > > Thanks > > Jacques > > Le 31/07/2020 à 10:32, Girish Vasmatkar a écrit : >> Greetings! >> >> I have created a PR to add a REST component - >> https://github.com/apache/ofbiz-plugins/pull/35 . Please take a look >> and let me know what you think and let me know if you face any issues. I >> intend to merge it in a week from now. >> >> With the PR (https://github.com/apache/ofbiz-framework/pull/214) to add >> "action" attribute to the service definition now merged, this above >> component should be able to expose exportable (export=true) and >> actionable(action=GET|POST) services via REST. >> >> Once the changes for nested attributes (OFBIZ-11902 >> <https://issues.apache.org/jira/browse/OFBIZ-11902>) are done, I will also >> be making corresponding changes in the GraphQL plugin to account for nested >> attributes. OFBIZ-11902 >> <https://issues.apache.org/jira/browse/OFBIZ-11902> will >> help in defining complex GraphQL mutations. >> >> I am parallelly also working on designing an XML DSL for REST that should >> allow tying up REST resources with OFBiz services. >> >> Best, >> Girish >> >> >> >> On Thu, Jul 9, 2020 at 6:27 PM Shi Jinghai <[hidden email]> wrote: >> >>> Hi Girish, >>> >>> Yes, you got it. >>> >>> Web browser will popup a login dialog when response code is 401: >>> setResponseHeader("WWW-Authenticate", "Bearer realm=\"authentication >>> required\""); >>> >>> The popup is skipped and then react/vue/angular can handle the response: >>> setResponseHeader("WWW-Authenticate", "OFBiz realm=\"authentication >>> required\""); >>> >>> >>> 发件人: Girish Vasmatkar<mailto:[hidden email]> >>> 发送时间: 2020年7月9日 14:54 >>> 收件人: [hidden email]<mailto:[hidden email]> >>> 主题: Re: REST implementation >>> >>> Hi Shi >>> >>> Thanks for taking a look at it. I have a question on "WWW-Authenticate" >>> header so please clarify and I can make appropriate changes accordingly - >>> >>> All I am finding is that to prevent the pop-up, either return 403 (which I >>> do not want to do) or not include "WWW-Authenticate" header at all (not >>> inclined to do this as well because then we would be violating the spec). >>> Do you mean to NOT start the value of the header with "Bearer" ? >>> so instead of below >>> >>> *WWW-Authenticate: Bearer realm="Access to OFBiz", charset="UTF-8"* >>> >>> should we change it to >>> >>> *WWW-Authenticate: xBearer realm="Access to OFBiz", charset="UTF-8"* >>> >>> I did not test it, but I can just change it like this without testing if >>> you can please confirm it will prevent the browser dialog. >>> >>> Thanks again for the review. >>> >>> Best, >>> Girish >>> >>> On Wed, Jul 8, 2020 at 8:45 PM Shi Jinghai <[hidden email]> wrote: >>> >>>> Hi Girish, >>>> >>>> Excellent. >>>> >>>> Only one suggestion from my quick view, when response code is 401, the >>>> "WWW-Authenticate" header should be set to start with a word NOT “Bearer >>>> …”, this can prevent web browser from popping up a login dialog. >>>> >>>> Kind Regards, >>>> >>>> Shi Jinghai >>>> >>>> 发件人: Girish Vasmatkar<mailto:[hidden email]> >>>> 发送时间: 2020年7月8日 20:47 >>>> 收件人: [hidden email]<mailto:[hidden email]> >>>> 主题: Re: REST implementation >>>> >>>> Hi Folks >>>> >>>> I have added support for OpenApi Integration. The updated code can be >>> found >>>> here : https://github.com/girishvasmatkar/ofbiz-rest-impl. Please go >>>> through the changes and test at your end and let me know your thoughts. >>>> >>>> I am planning to do some refactoring and then raise initial PR for the >>>> plug-in if the changes look good to everyone. >>>> >>>> Best, >>>> Girish >>>> >>>> >>>> On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer < >>>> [hidden email]> wrote: >>>> >>>>> Hi Girish, >>>>> >>>>> Thanks to clarify :) >>>>> What caught me on the OpenAPI integration is the snippet quoted below >>> and >>>>> I realize I should have read it in context. Actually then it is aligned >>>>> with my view. >>>>> >>>>> Warm regards >>>>> >>>>> Carsten >>>>> >>>>>>>>>> Initial implementation does not contain OpenApi integration yet. >>>> And >>>>> >>>> >>> |
Administrator
|
At https://localhost:8443/rest/ I get a 404 and in log
javax.ws.rs.NotFoundException: HTTP 404 Not Found at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:250) at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248) at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244) at org.glassfish.jersey.internal.Errors.process(Errors.java:292) at org.glassfish.jersey.internal.Errors.process(Errors.java:274) at org.glassfish.jersey.internal.Errors.process(Errors.java:244) at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265) at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:232) at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:680) at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394) at org.glassfish.jersey.servlet.ServletContainer.serviceImpl(ServletContainer.java:386) at org.glassfish.jersey.servlet.ServletContainer.doFilter(ServletContainer.java:561) at org.glassfish.jersey.servlet.ServletContainer.doFilter(ServletContainer.java:502) at org.glassfish.jersey.servlet.ServletContainer.doFilter(ServletContainer.java:439) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1589) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) Normal? Le 02/08/2020 à 11:14, Jacques Le Roux a écrit : > I get that we have this information at > > https://localhost:8443/docs/swagger-ui.html > > like with > > https://localhost:8443/docs/swagger-ui.html#/Exported%20Services/findProductById > > So I guess we can put a link to that, rigth? > > Also there is no [hidden email] (at OpenApiResource::buildOpenApiContact) I'd suggest [hidden email] > > For "Terms of service" I suggest a link to ASL2 and to remove the below direct link to it. > > BTW thanks Girish, this is really a great step forward :) > > Jacques > > > Le 02/08/2020 à 09:40, Jacques Le Roux a écrit : >> Hi Girish, >> >> I'm just starting to review so I may miss things. Just a question for now. We have an option at >> >> https://demo-trunk.ofbiz.apache.org/webtools/control/ServiceList?sel_service_name=testScv >> >> to (Show wsdl <https://demo-trunk.ofbiz.apache.org:443/webtools/control/ServiceList?sel_service_name=testScv&show_wsdl=true>) >> >> Would it be possible to have the same for REST? >> >> Thanks >> >> Jacques >> >> Le 31/07/2020 à 10:32, Girish Vasmatkar a écrit : >>> Greetings! >>> >>> I have created a PR to add a REST component - >>> https://github.com/apache/ofbiz-plugins/pull/35 . Please take a look >>> and let me know what you think and let me know if you face any issues. I >>> intend to merge it in a week from now. >>> >>> With the PR (https://github.com/apache/ofbiz-framework/pull/214) to add >>> "action" attribute to the service definition now merged, this above >>> component should be able to expose exportable (export=true) and >>> actionable(action=GET|POST) services via REST. >>> >>> Once the changes for nested attributes (OFBIZ-11902 >>> <https://issues.apache.org/jira/browse/OFBIZ-11902>) are done, I will also >>> be making corresponding changes in the GraphQL plugin to account for nested >>> attributes. OFBIZ-11902 >>> <https://issues.apache.org/jira/browse/OFBIZ-11902> will >>> help in defining complex GraphQL mutations. >>> >>> I am parallelly also working on designing an XML DSL for REST that should >>> allow tying up REST resources with OFBiz services. >>> >>> Best, >>> Girish >>> >>> >>> >>> On Thu, Jul 9, 2020 at 6:27 PM Shi Jinghai <[hidden email]> wrote: >>> >>>> Hi Girish, >>>> >>>> Yes, you got it. >>>> >>>> Web browser will popup a login dialog when response code is 401: >>>> setResponseHeader("WWW-Authenticate", "Bearer realm=\"authentication >>>> required\""); >>>> >>>> The popup is skipped and then react/vue/angular can handle the response: >>>> setResponseHeader("WWW-Authenticate", "OFBiz realm=\"authentication >>>> required\""); >>>> >>>> >>>> 发件人: Girish Vasmatkar<mailto:[hidden email]> >>>> 发送时间: 2020年7月9日 14:54 >>>> 收件人: [hidden email]<mailto:[hidden email]> >>>> 主题: Re: REST implementation >>>> >>>> Hi Shi >>>> >>>> Thanks for taking a look at it. I have a question on "WWW-Authenticate" >>>> header so please clarify and I can make appropriate changes accordingly - >>>> >>>> All I am finding is that to prevent the pop-up, either return 403 (which I >>>> do not want to do) or not include "WWW-Authenticate" header at all (not >>>> inclined to do this as well because then we would be violating the spec). >>>> Do you mean to NOT start the value of the header with "Bearer" ? >>>> so instead of below >>>> >>>> *WWW-Authenticate: Bearer realm="Access to OFBiz", charset="UTF-8"* >>>> >>>> should we change it to >>>> >>>> *WWW-Authenticate: xBearer realm="Access to OFBiz", charset="UTF-8"* >>>> >>>> I did not test it, but I can just change it like this without testing if >>>> you can please confirm it will prevent the browser dialog. >>>> >>>> Thanks again for the review. >>>> >>>> Best, >>>> Girish >>>> >>>> On Wed, Jul 8, 2020 at 8:45 PM Shi Jinghai <[hidden email]> wrote: >>>> >>>>> Hi Girish, >>>>> >>>>> Excellent. >>>>> >>>>> Only one suggestion from my quick view, when response code is 401, the >>>>> "WWW-Authenticate" header should be set to start with a word NOT “Bearer >>>>> …”, this can prevent web browser from popping up a login dialog. >>>>> >>>>> Kind Regards, >>>>> >>>>> Shi Jinghai >>>>> >>>>> 发件人: Girish Vasmatkar<mailto:[hidden email]> >>>>> 发送时间: 2020年7月8日 20:47 >>>>> 收件人: [hidden email]<mailto:[hidden email]> >>>>> 主题: Re: REST implementation >>>>> >>>>> Hi Folks >>>>> >>>>> I have added support for OpenApi Integration. The updated code can be >>>> found >>>>> here : https://github.com/girishvasmatkar/ofbiz-rest-impl. Please go >>>>> through the changes and test at your end and let me know your thoughts. >>>>> >>>>> I am planning to do some refactoring and then raise initial PR for the >>>>> plug-in if the changes look good to everyone. >>>>> >>>>> Best, >>>>> Girish >>>>> >>>>> >>>>> On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer < >>>>> [hidden email]> wrote: >>>>> >>>>>> Hi Girish, >>>>>> >>>>>> Thanks to clarify :) >>>>>> What caught me on the OpenAPI integration is the snippet quoted below >>>> and >>>>>> I realize I should have read it in context. Actually then it is aligned >>>>>> with my view. >>>>>> >>>>>> Warm regards >>>>>> >>>>>> Carsten >>>>>> >>>>>>>>>>> Initial implementation does not contain OpenApi integration yet. >>>>> And >>>>>> >>>>> >>>> |
In reply to this post by grv
Hi Girish,
I wanted to try out some REST calls using Swagger-ui ( https://localhost:8443/docs/swagger-ui.html) but don't know how to authenticate to get a JWT. Apologies if I missed the instructions elsewhere but please could you advise on how to authenticate against the REST api? Thanks, Dan. On Fri, 31 Jul 2020 at 09:34, Girish Vasmatkar < [hidden email]> wrote: > Greetings! > > I have created a PR to add a REST component - > https://github.com/apache/ofbiz-plugins/pull/35 . Please take a look > and let me know what you think and let me know if you face any issues. I > intend to merge it in a week from now. > > With the PR (https://github.com/apache/ofbiz-framework/pull/214) to add > "action" attribute to the service definition now merged, this above > component should be able to expose exportable (export=true) and > actionable(action=GET|POST) services via REST. > > Once the changes for nested attributes (OFBIZ-11902 > <https://issues.apache.org/jira/browse/OFBIZ-11902>) are done, I will also > be making corresponding changes in the GraphQL plugin to account for nested > attributes. OFBIZ-11902 > <https://issues.apache.org/jira/browse/OFBIZ-11902> will > help in defining complex GraphQL mutations. > > I am parallelly also working on designing an XML DSL for REST that should > allow tying up REST resources with OFBiz services. > > Best, > Girish > > > > On Thu, Jul 9, 2020 at 6:27 PM Shi Jinghai <[hidden email]> wrote: > > > Hi Girish, > > > > Yes, you got it. > > > > Web browser will popup a login dialog when response code is 401: > > setResponseHeader("WWW-Authenticate", "Bearer realm=\"authentication > > required\""); > > > > The popup is skipped and then react/vue/angular can handle the response: > > setResponseHeader("WWW-Authenticate", "OFBiz realm=\"authentication > > required\""); > > > > > > 发件人: Girish Vasmatkar<mailto:[hidden email]> > > 发送时间: 2020年7月9日 14:54 > > 收件人: [hidden email]<mailto:[hidden email]> > > 主题: Re: REST implementation > > > > Hi Shi > > > > Thanks for taking a look at it. I have a question on "WWW-Authenticate" > > header so please clarify and I can make appropriate changes accordingly - > > > > All I am finding is that to prevent the pop-up, either return 403 (which > I > > do not want to do) or not include "WWW-Authenticate" header at all (not > > inclined to do this as well because then we would be violating the spec). > > Do you mean to NOT start the value of the header with "Bearer" ? > > so instead of below > > > > *WWW-Authenticate: Bearer realm="Access to OFBiz", charset="UTF-8"* > > > > should we change it to > > > > *WWW-Authenticate: xBearer realm="Access to OFBiz", charset="UTF-8"* > > > > I did not test it, but I can just change it like this without testing if > > you can please confirm it will prevent the browser dialog. > > > > Thanks again for the review. > > > > Best, > > Girish > > > > On Wed, Jul 8, 2020 at 8:45 PM Shi Jinghai <[hidden email]> wrote: > > > > > Hi Girish, > > > > > > Excellent. > > > > > > Only one suggestion from my quick view, when response code is 401, the > > > "WWW-Authenticate" header should be set to start with a word NOT > “Bearer > > > …”, this can prevent web browser from popping up a login dialog. > > > > > > Kind Regards, > > > > > > Shi Jinghai > > > > > > 发件人: Girish Vasmatkar<mailto:[hidden email]> > > > 发送时间: 2020年7月8日 20:47 > > > 收件人: [hidden email]<mailto:[hidden email]> > > > 主题: Re: REST implementation > > > > > > Hi Folks > > > > > > I have added support for OpenApi Integration. The updated code can be > > found > > > here : https://github.com/girishvasmatkar/ofbiz-rest-impl. Please go > > > through the changes and test at your end and let me know your thoughts. > > > > > > I am planning to do some refactoring and then raise initial PR for the > > > plug-in if the changes look good to everyone. > > > > > > Best, > > > Girish > > > > > > > > > On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer < > > > [hidden email]> wrote: > > > > > > > Hi Girish, > > > > > > > > Thanks to clarify :) > > > > What caught me on the OpenAPI integration is the snippet quoted below > > and > > > > I realize I should have read it in context. Actually then it is > aligned > > > > with my view. > > > > > > > > Warm regards > > > > > > > > Carsten > > > > > > > > >>>>> Initial implementation does not contain OpenApi integration > yet. > > > And > > > > > > > > > > > > > > > > > > > -- Daniel Watford |
In reply to this post by Jacques Le Roux
Hi Jacques
Thanks for taking a look at this. Since, REST does not define any WSDL, rather WADL, we can try to show it, however, since it is a component as a starting point, it would probably be good if we can show WADL, if and when it gets included in the framework. Because request coming to webtools (show_wadl=true) will eventually be handled by the REST component to fetch WADL. Also, as you figured out, Swagger is there too to describe the service details. Also, I will make the changes as you suggested in the OpenAPI configuration. On 404, yes, that's normal because there is no resource at the ROOT at the moment. This can however be a good addition if this URL can return all resource definitions. I will make note of it and try to implement it. Best Regards, Girish On Sun, Aug 2, 2020 at 2:47 PM Jacques Le Roux <[hidden email]> wrote: > At https://localhost:8443/rest/ I get a 404 and in log > > javax.ws.rs.NotFoundException: HTTP 404 Not Found > at > org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:250) > at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248) > at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244) > at org.glassfish.jersey.internal.Errors.process(Errors.java:292) > at org.glassfish.jersey.internal.Errors.process(Errors.java:274) > at org.glassfish.jersey.internal.Errors.process(Errors.java:244) > at > org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265) > at > org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:232) > at > org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:680) > at > org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394) > at > org.glassfish.jersey.servlet.ServletContainer.serviceImpl(ServletContainer.java:386) > at > org.glassfish.jersey.servlet.ServletContainer.doFilter(ServletContainer.java:561) > at > org.glassfish.jersey.servlet.ServletContainer.doFilter(ServletContainer.java:502) > at > org.glassfish.jersey.servlet.ServletContainer.doFilter(ServletContainer.java:439) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > at > org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) > at > org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) > at > org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373) > at > org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) > at > org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) > at org.apache.tomcat.util.net > .NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1589) > at org.apache.tomcat.util.net > .SocketProcessorBase.run(SocketProcessorBase.java:49) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > at java.lang.Thread.run(Thread.java:748) > > Normal? > > Le 02/08/2020 à 11:14, Jacques Le Roux a écrit : > > I get that we have this information at > > > > https://localhost:8443/docs/swagger-ui.html > > > > like with > > > > > https://localhost:8443/docs/swagger-ui.html#/Exported%20Services/findProductById > > > > So I guess we can put a link to that, rigth? > > > > Also there is no [hidden email] (at > OpenApiResource::buildOpenApiContact) I'd suggest [hidden email] > > > > For "Terms of service" I suggest a link to ASL2 and to remove the below > direct link to it. > > > > BTW thanks Girish, this is really a great step forward :) > > > > Jacques > > > > > > Le 02/08/2020 à 09:40, Jacques Le Roux a écrit : > >> Hi Girish, > >> > >> I'm just starting to review so I may miss things. Just a question for > now. We have an option at > >> > >> > https://demo-trunk.ofbiz.apache.org/webtools/control/ServiceList?sel_service_name=testScv > >> > >> to (Show wsdl < > https://demo-trunk.ofbiz.apache.org:443/webtools/control/ServiceList?sel_service_name=testScv&show_wsdl=true > >) > >> > >> Would it be possible to have the same for REST? > >> > >> Thanks > >> > >> Jacques > >> > >> Le 31/07/2020 à 10:32, Girish Vasmatkar a écrit : > >>> Greetings! > >>> > >>> I have created a PR to add a REST component - > >>> https://github.com/apache/ofbiz-plugins/pull/35 . Please take a look > >>> and let me know what you think and let me know if you face any issues. > I > >>> intend to merge it in a week from now. > >>> > >>> With the PR (https://github.com/apache/ofbiz-framework/pull/214) to > add > >>> "action" attribute to the service definition now merged, this above > >>> component should be able to expose exportable (export=true) and > >>> actionable(action=GET|POST) services via REST. > >>> > >>> Once the changes for nested attributes (OFBIZ-11902 > >>> <https://issues.apache.org/jira/browse/OFBIZ-11902>) are done, I will > also > >>> be making corresponding changes in the GraphQL plugin to account for > nested > >>> attributes. OFBIZ-11902 > >>> <https://issues.apache.org/jira/browse/OFBIZ-11902> will > >>> help in defining complex GraphQL mutations. > >>> > >>> I am parallelly also working on designing an XML DSL for REST that > should > >>> allow tying up REST resources with OFBiz services. > >>> > >>> Best, > >>> Girish > >>> > >>> > >>> > >>> On Thu, Jul 9, 2020 at 6:27 PM Shi Jinghai <[hidden email]> > wrote: > >>> > >>>> Hi Girish, > >>>> > >>>> Yes, you got it. > >>>> > >>>> Web browser will popup a login dialog when response code is 401: > >>>> setResponseHeader("WWW-Authenticate", "Bearer realm=\"authentication > >>>> required\""); > >>>> > >>>> The popup is skipped and then react/vue/angular can handle the > response: > >>>> setResponseHeader("WWW-Authenticate", "OFBiz realm=\"authentication > >>>> required\""); > >>>> > >>>> > >>>> 发件人: Girish Vasmatkar<mailto:[hidden email]> > >>>> 发送时间: 2020年7月9日 14:54 > >>>> 收件人: [hidden email]<mailto:[hidden email]> > >>>> 主题: Re: REST implementation > >>>> > >>>> Hi Shi > >>>> > >>>> Thanks for taking a look at it. I have a question on > "WWW-Authenticate" > >>>> header so please clarify and I can make appropriate changes > accordingly - > >>>> > >>>> All I am finding is that to prevent the pop-up, either return 403 > (which I > >>>> do not want to do) or not include "WWW-Authenticate" header at all > (not > >>>> inclined to do this as well because then we would be violating the > spec). > >>>> Do you mean to NOT start the value of the header with "Bearer" ? > >>>> so instead of below > >>>> > >>>> *WWW-Authenticate: Bearer realm="Access to OFBiz", charset="UTF-8"* > >>>> > >>>> should we change it to > >>>> > >>>> *WWW-Authenticate: xBearer realm="Access to OFBiz", charset="UTF-8"* > >>>> > >>>> I did not test it, but I can just change it like this without testing > if > >>>> you can please confirm it will prevent the browser dialog. > >>>> > >>>> Thanks again for the review. > >>>> > >>>> Best, > >>>> Girish > >>>> > >>>> On Wed, Jul 8, 2020 at 8:45 PM Shi Jinghai <[hidden email]> > wrote: > >>>> > >>>>> Hi Girish, > >>>>> > >>>>> Excellent. > >>>>> > >>>>> Only one suggestion from my quick view, when response code is 401, > the > >>>>> "WWW-Authenticate" header should be set to start with a word NOT > “Bearer > >>>>> …”, this can prevent web browser from popping up a login dialog. > >>>>> > >>>>> Kind Regards, > >>>>> > >>>>> Shi Jinghai > >>>>> > >>>>> 发件人: Girish Vasmatkar<mailto:[hidden email]> > >>>>> 发送时间: 2020年7月8日 20:47 > >>>>> 收件人: [hidden email]<mailto:[hidden email]> > >>>>> 主题: Re: REST implementation > >>>>> > >>>>> Hi Folks > >>>>> > >>>>> I have added support for OpenApi Integration. The updated code can be > >>>> found > >>>>> here : https://github.com/girishvasmatkar/ofbiz-rest-impl. Please go > >>>>> through the changes and test at your end and let me know your > thoughts. > >>>>> > >>>>> I am planning to do some refactoring and then raise initial PR for > the > >>>>> plug-in if the changes look good to everyone. > >>>>> > >>>>> Best, > >>>>> Girish > >>>>> > >>>>> > >>>>> On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer < > >>>>> [hidden email]> wrote: > >>>>> > >>>>>> Hi Girish, > >>>>>> > >>>>>> Thanks to clarify :) > >>>>>> What caught me on the OpenAPI integration is the snippet quoted > below > >>>> and > >>>>>> I realize I should have read it in context. Actually then it is > aligned > >>>>>> with my view. > >>>>>> > >>>>>> Warm regards > >>>>>> > >>>>>> Carsten > >>>>>> > >>>>>>>>>>> Initial implementation does not contain OpenApi integration > yet. > >>>>> And > >>>>>> > >>>>> > >>>> > |
In reply to this post by Daniel Watford
Hi Daniel
You can use the JWT token in the README of. Sorry, if it is not clearly documented, this will be improved upon further as I make more changes. https://github.com/girishvasmatkar/ofbiz-plugins/tree/trunk/ofbiz-rest-impl I need to implement an API endpoint that eventually generates a JWT token that can be issued to the client to make subsequent API calls. Until then, please use the once mentioned in the README examples. That JWT has userId claim value as admin assuming admin would have got himself authenticated and a JWT was issued to him. I will soon add an API endpoint to issue JWTs and will update README accordingly. I hope that answers your question. Best Regards, Girish On Sun, Aug 2, 2020 at 3:21 PM Daniel Watford <[hidden email]> wrote: > Hi Girish, > > I wanted to try out some REST calls using Swagger-ui ( > https://localhost:8443/docs/swagger-ui.html) but don't know how to > authenticate to get a JWT. > > Apologies if I missed the instructions elsewhere but please could you > advise on how to authenticate against the REST api? > > Thanks, > > Dan. > > On Fri, 31 Jul 2020 at 09:34, Girish Vasmatkar < > [hidden email]> wrote: > > > Greetings! > > > > I have created a PR to add a REST component - > > https://github.com/apache/ofbiz-plugins/pull/35 . Please take a look > > and let me know what you think and let me know if you face any issues. I > > intend to merge it in a week from now. > > > > With the PR (https://github.com/apache/ofbiz-framework/pull/214) to add > > "action" attribute to the service definition now merged, this above > > component should be able to expose exportable (export=true) and > > actionable(action=GET|POST) services via REST. > > > > Once the changes for nested attributes (OFBIZ-11902 > > <https://issues.apache.org/jira/browse/OFBIZ-11902>) are done, I will > also > > be making corresponding changes in the GraphQL plugin to account for > nested > > attributes. OFBIZ-11902 > > <https://issues.apache.org/jira/browse/OFBIZ-11902> will > > help in defining complex GraphQL mutations. > > > > I am parallelly also working on designing an XML DSL for REST that should > > allow tying up REST resources with OFBiz services. > > > > Best, > > Girish > > > > > > > > On Thu, Jul 9, 2020 at 6:27 PM Shi Jinghai <[hidden email]> wrote: > > > > > Hi Girish, > > > > > > Yes, you got it. > > > > > > Web browser will popup a login dialog when response code is 401: > > > setResponseHeader("WWW-Authenticate", "Bearer realm=\"authentication > > > required\""); > > > > > > The popup is skipped and then react/vue/angular can handle the > response: > > > setResponseHeader("WWW-Authenticate", "OFBiz realm=\"authentication > > > required\""); > > > > > > > > > 发件人: Girish Vasmatkar<mailto:[hidden email]> > > > 发送时间: 2020年7月9日 14:54 > > > 收件人: [hidden email]<mailto:[hidden email]> > > > 主题: Re: REST implementation > > > > > > Hi Shi > > > > > > Thanks for taking a look at it. I have a question on "WWW-Authenticate" > > > header so please clarify and I can make appropriate changes > accordingly - > > > > > > All I am finding is that to prevent the pop-up, either return 403 > (which > > I > > > do not want to do) or not include "WWW-Authenticate" header at all (not > > > inclined to do this as well because then we would be violating the > spec). > > > Do you mean to NOT start the value of the header with "Bearer" ? > > > so instead of below > > > > > > *WWW-Authenticate: Bearer realm="Access to OFBiz", charset="UTF-8"* > > > > > > should we change it to > > > > > > *WWW-Authenticate: xBearer realm="Access to OFBiz", charset="UTF-8"* > > > > > > I did not test it, but I can just change it like this without testing > if > > > you can please confirm it will prevent the browser dialog. > > > > > > Thanks again for the review. > > > > > > Best, > > > Girish > > > > > > On Wed, Jul 8, 2020 at 8:45 PM Shi Jinghai <[hidden email]> > wrote: > > > > > > > Hi Girish, > > > > > > > > Excellent. > > > > > > > > Only one suggestion from my quick view, when response code is 401, > the > > > > "WWW-Authenticate" header should be set to start with a word NOT > > “Bearer > > > > …”, this can prevent web browser from popping up a login dialog. > > > > > > > > Kind Regards, > > > > > > > > Shi Jinghai > > > > > > > > 发件人: Girish Vasmatkar<mailto:[hidden email]> > > > > 发送时间: 2020年7月8日 20:47 > > > > 收件人: [hidden email]<mailto:[hidden email]> > > > > 主题: Re: REST implementation > > > > > > > > Hi Folks > > > > > > > > I have added support for OpenApi Integration. The updated code can be > > > found > > > > here : https://github.com/girishvasmatkar/ofbiz-rest-impl. Please go > > > > through the changes and test at your end and let me know your > thoughts. > > > > > > > > I am planning to do some refactoring and then raise initial PR for > the > > > > plug-in if the changes look good to everyone. > > > > > > > > Best, > > > > Girish > > > > > > > > > > > > On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer < > > > > [hidden email]> wrote: > > > > > > > > > Hi Girish, > > > > > > > > > > Thanks to clarify :) > > > > > What caught me on the OpenAPI integration is the snippet quoted > below > > > and > > > > > I realize I should have read it in context. Actually then it is > > aligned > > > > > with my view. > > > > > > > > > > Warm regards > > > > > > > > > > Carsten > > > > > > > > > > >>>>> Initial implementation does not contain OpenApi integration > > yet. > > > > And > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > Daniel Watford > |
Hi Daniel and Girish,
I updated my OFBiz-CAS plugin several days ago, it’s an OAuth2 implement, and there’s an openapi-demo in the plugin: https://github.com/langhua/OFBiz-CAS/tree/ofbiz-17.12.03-cas-5.3.15.1 Hope it could be helpful to you. Kind Regards, Shi Jinghai 发送自 Windows 10 版邮件<https://go.microsoft.com/fwlink/?LinkId=550986>应用 发件人: Girish Vasmatkar<mailto:[hidden email]> 发送时间: 2020年8月2日 18:03 收件人: [hidden email]<mailto:[hidden email]> 主题: Re: REST implementation Hi Daniel You can use the JWT token in the README of. Sorry, if it is not clearly documented, this will be improved upon further as I make more changes. https://github.com/girishvasmatkar/ofbiz-plugins/tree/trunk/ofbiz-rest-impl I need to implement an API endpoint that eventually generates a JWT token that can be issued to the client to make subsequent API calls. Until then, please use the once mentioned in the README examples. That JWT has userId claim value as admin assuming admin would have got himself authenticated and a JWT was issued to him. I will soon add an API endpoint to issue JWTs and will update README accordingly. I hope that answers your question. Best Regards, Girish On Sun, Aug 2, 2020 at 3:21 PM Daniel Watford <[hidden email]> wrote: > Hi Girish, > > I wanted to try out some REST calls using Swagger-ui ( > https://localhost:8443/docs/swagger-ui.html) but don't know how to > authenticate to get a JWT. > > Apologies if I missed the instructions elsewhere but please could you > advise on how to authenticate against the REST api? > > Thanks, > > Dan. > > On Fri, 31 Jul 2020 at 09:34, Girish Vasmatkar < > [hidden email]> wrote: > > > Greetings! > > > > I have created a PR to add a REST component - > > https://github.com/apache/ofbiz-plugins/pull/35 . Please take a look > > and let me know what you think and let me know if you face any issues. I > > intend to merge it in a week from now. > > > > With the PR (https://github.com/apache/ofbiz-framework/pull/214) to add > > "action" attribute to the service definition now merged, this above > > component should be able to expose exportable (export=true) and > > actionable(action=GET|POST) services via REST. > > > > Once the changes for nested attributes (OFBIZ-11902 > > <https://issues.apache.org/jira/browse/OFBIZ-11902>) are done, I will > also > > be making corresponding changes in the GraphQL plugin to account for > nested > > attributes. OFBIZ-11902 > > <https://issues.apache.org/jira/browse/OFBIZ-11902> will > > help in defining complex GraphQL mutations. > > > > I am parallelly also working on designing an XML DSL for REST that should > > allow tying up REST resources with OFBiz services. > > > > Best, > > Girish > > > > > > > > On Thu, Jul 9, 2020 at 6:27 PM Shi Jinghai <[hidden email]> wrote: > > > > > Hi Girish, > > > > > > Yes, you got it. > > > > > > Web browser will popup a login dialog when response code is 401: > > > setResponseHeader("WWW-Authenticate", "Bearer realm=\"authentication > > > required\""); > > > > > > The popup is skipped and then react/vue/angular can handle the > response: > > > setResponseHeader("WWW-Authenticate", "OFBiz realm=\"authentication > > > required\""); > > > > > > > > > 发件人: Girish Vasmatkar<mailto:[hidden email]> > > > 发送时间: 2020年7月9日 14:54 > > > 收件人: [hidden email]<mailto:[hidden email]> > > > 主题: Re: REST implementation > > > > > > Hi Shi > > > > > > Thanks for taking a look at it. I have a question on "WWW-Authenticate" > > > header so please clarify and I can make appropriate changes > accordingly - > > > > > > All I am finding is that to prevent the pop-up, either return 403 > (which > > I > > > do not want to do) or not include "WWW-Authenticate" header at all (not > > > inclined to do this as well because then we would be violating the > spec). > > > Do you mean to NOT start the value of the header with "Bearer" ? > > > so instead of below > > > > > > *WWW-Authenticate: Bearer realm="Access to OFBiz", charset="UTF-8"* > > > > > > should we change it to > > > > > > *WWW-Authenticate: xBearer realm="Access to OFBiz", charset="UTF-8"* > > > > > > I did not test it, but I can just change it like this without testing > if > > > you can please confirm it will prevent the browser dialog. > > > > > > Thanks again for the review. > > > > > > Best, > > > Girish > > > > > > On Wed, Jul 8, 2020 at 8:45 PM Shi Jinghai <[hidden email]> > wrote: > > > > > > > Hi Girish, > > > > > > > > Excellent. > > > > > > > > Only one suggestion from my quick view, when response code is 401, > the > > > > "WWW-Authenticate" header should be set to start with a word NOT > > “Bearer > > > > …”, this can prevent web browser from popping up a login dialog. > > > > > > > > Kind Regards, > > > > > > > > Shi Jinghai > > > > > > > > 发件人: Girish Vasmatkar<mailto:[hidden email]> > > > > 发送时间: 2020年7月8日 20:47 > > > > 收件人: [hidden email]<mailto:[hidden email]> > > > > 主题: Re: REST implementation > > > > > > > > Hi Folks > > > > > > > > I have added support for OpenApi Integration. The updated code can be > > > found > > > > here : https://github.com/girishvasmatkar/ofbiz-rest-impl. Please go > > > > through the changes and test at your end and let me know your > thoughts. > > > > > > > > I am planning to do some refactoring and then raise initial PR for > the > > > > plug-in if the changes look good to everyone. > > > > > > > > Best, > > > > Girish > > > > > > > > > > > > On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer < > > > > [hidden email]> wrote: > > > > > > > > > Hi Girish, > > > > > > > > > > Thanks to clarify :) > > > > > What caught me on the OpenAPI integration is the snippet quoted > below > > > and > > > > > I realize I should have read it in context. Actually then it is > > aligned > > > > > with my view. > > > > > > > > > > Warm regards > > > > > > > > > > Carsten > > > > > > > > > > >>>>> Initial implementation does not contain OpenApi integration > > yet. > > > > And > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > Daniel Watford > |
In reply to this post by grv
Hi Girish,
I've been able to authenticate with the REST api using the token you mentioned. I find the REST service very interesting as I think it has the potential to drastically simplify some of the lookup-style functionality currently implemented. As an extension to your PR I tried out a couple of things that might be useful while you continue to explore REST service opportunities. Please see this branch: https://github.com/danwatford/ofbiz-framework/commits/rest-experiements-based-on-pr214 There are two commits on top of PR214. The first commit uses REST to look up State/Province values for a given country. This functionality is used when editing postal addresses. In this commit I've modified the editcontactmech form to use a REST endpoint to retrieve state/province information. If you have demo data loaded locally you can see the result here: https://localhost:8443/partymgr/control/editcontactmech?partyId=Company&contactMechId=10000 There wasn't too much of a saving here as the controller servlet is already configured to return JSON in response to these lookups, but making use of REST would sidestep the need to create controller.xml entries. The second commit uses REST to look up User Logins for the autocomplete field displayed here: https://localhost:8443/partymgr/control/main As you type into the User Login ID field REST calls are made to endpoint https://localhost:8443/rest/services/lookupUserLogin to search for matching user logins. The potential savings for this style of lookup are a reduction in complexity on the client and server side. At the moment AJAX lookup requests are processed as regular screen renderings, but with a decorator-loaded screen detecting that the ajaxLookup parameter is set and then triggering common/groovyScripts/FindAutocompleteOptions.groovy to run to perform the search. The search results are then encoded as a piece of javascript inside an HTML response. The client loads that HTML response into an automatically generated div, causing the javascript to execute and populate a global variable. The client then reads that global variable to generate the options to be displayed by the autocomplete widget. It is quite a convoluted chain of code to follow, but I imagine it was necessary at the time to make lookups work with the screen view rendering approach. Calling REST services instead will remove the need to generate javascript scripts embedded in HTML responses. Please note, the code written is very hacky at the moment and hardcoded to have ofbiz accessible at https://localhost:8443/. Notifying the client code of REST endpoints has been done by 'inappropriately reusing' other configuration items. Looking forward to seeing what comes next. Perhaps we could create a new ModelForm.RestLookupField to work similarly to ModelForm.LookupField, but making use of REST calls instead. Thanks, Dan. On Sun, 2 Aug 2020 at 11:03, Girish Vasmatkar < [hidden email]> wrote: > Hi Daniel > > You can use the JWT token in the README of. Sorry, if it is not clearly > documented, this will be improved upon further as I make more changes. > https://github.com/girishvasmatkar/ofbiz-plugins/tree/trunk/ofbiz-rest-impl > > I need to implement an API endpoint that eventually generates a JWT token > that can be issued to the client to make subsequent API calls. Until then, > please use the once mentioned in the README examples. That JWT has userId > claim value as admin assuming admin would have got himself authenticated > and a JWT was issued to him. > > I will soon add an API endpoint to issue JWTs and will update README > accordingly. I hope that answers your question. > > Best Regards, > Girish > > > > > > > > On Sun, Aug 2, 2020 at 3:21 PM Daniel Watford <[hidden email]> wrote: > > > Hi Girish, > > > > I wanted to try out some REST calls using Swagger-ui ( > > https://localhost:8443/docs/swagger-ui.html) but don't know how to > > authenticate to get a JWT. > > > > Apologies if I missed the instructions elsewhere but please could you > > advise on how to authenticate against the REST api? > > > > Thanks, > > > > Dan. > > > > On Fri, 31 Jul 2020 at 09:34, Girish Vasmatkar < > > [hidden email]> wrote: > > > > > Greetings! > > > > > > I have created a PR to add a REST component - > > > https://github.com/apache/ofbiz-plugins/pull/35 . Please take a look > > > and let me know what you think and let me know if you face any issues. > I > > > intend to merge it in a week from now. > > > > > > With the PR (https://github.com/apache/ofbiz-framework/pull/214) to > add > > > "action" attribute to the service definition now merged, this above > > > component should be able to expose exportable (export=true) and > > > actionable(action=GET|POST) services via REST. > > > > > > Once the changes for nested attributes (OFBIZ-11902 > > > <https://issues.apache.org/jira/browse/OFBIZ-11902>) are done, I will > > also > > > be making corresponding changes in the GraphQL plugin to account for > > nested > > > attributes. OFBIZ-11902 > > > <https://issues.apache.org/jira/browse/OFBIZ-11902> will > > > help in defining complex GraphQL mutations. > > > > > > I am parallelly also working on designing an XML DSL for REST that > should > > > allow tying up REST resources with OFBiz services. > > > > > > Best, > > > Girish > > > > > > > > > > > > On Thu, Jul 9, 2020 at 6:27 PM Shi Jinghai <[hidden email]> > wrote: > > > > > > > Hi Girish, > > > > > > > > Yes, you got it. > > > > > > > > Web browser will popup a login dialog when response code is 401: > > > > setResponseHeader("WWW-Authenticate", "Bearer realm=\"authentication > > > > required\""); > > > > > > > > The popup is skipped and then react/vue/angular can handle the > > response: > > > > setResponseHeader("WWW-Authenticate", "OFBiz realm=\"authentication > > > > required\""); > > > > > > > > > > > > 发件人: Girish Vasmatkar<mailto:[hidden email]> > > > > 发送时间: 2020年7月9日 14:54 > > > > 收件人: [hidden email]<mailto:[hidden email]> > > > > 主题: Re: REST implementation > > > > > > > > Hi Shi > > > > > > > > Thanks for taking a look at it. I have a question on > "WWW-Authenticate" > > > > header so please clarify and I can make appropriate changes > > accordingly - > > > > > > > > All I am finding is that to prevent the pop-up, either return 403 > > (which > > > I > > > > do not want to do) or not include "WWW-Authenticate" header at all > (not > > > > inclined to do this as well because then we would be violating the > > spec). > > > > Do you mean to NOT start the value of the header with "Bearer" ? > > > > so instead of below > > > > > > > > *WWW-Authenticate: Bearer realm="Access to OFBiz", charset="UTF-8"* > > > > > > > > should we change it to > > > > > > > > *WWW-Authenticate: xBearer realm="Access to OFBiz", charset="UTF-8"* > > > > > > > > I did not test it, but I can just change it like this without testing > > if > > > > you can please confirm it will prevent the browser dialog. > > > > > > > > Thanks again for the review. > > > > > > > > Best, > > > > Girish > > > > > > > > On Wed, Jul 8, 2020 at 8:45 PM Shi Jinghai <[hidden email]> > > wrote: > > > > > > > > > Hi Girish, > > > > > > > > > > Excellent. > > > > > > > > > > Only one suggestion from my quick view, when response code is 401, > > the > > > > > "WWW-Authenticate" header should be set to start with a word NOT > > > “Bearer > > > > > …”, this can prevent web browser from popping up a login dialog. > > > > > > > > > > Kind Regards, > > > > > > > > > > Shi Jinghai > > > > > > > > > > 发件人: Girish Vasmatkar<mailto:[hidden email]> > > > > > 发送时间: 2020年7月8日 20:47 > > > > > 收件人: [hidden email]<mailto:[hidden email]> > > > > > 主题: Re: REST implementation > > > > > > > > > > Hi Folks > > > > > > > > > > I have added support for OpenApi Integration. The updated code can > be > > > > found > > > > > here : https://github.com/girishvasmatkar/ofbiz-rest-impl. Please > go > > > > > through the changes and test at your end and let me know your > > thoughts. > > > > > > > > > > I am planning to do some refactoring and then raise initial PR for > > the > > > > > plug-in if the changes look good to everyone. > > > > > > > > > > Best, > > > > > Girish > > > > > > > > > > > > > > > On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer < > > > > > [hidden email]> wrote: > > > > > > > > > > > Hi Girish, > > > > > > > > > > > > Thanks to clarify :) > > > > > > What caught me on the OpenAPI integration is the snippet quoted > > below > > > > and > > > > > > I realize I should have read it in context. Actually then it is > > > aligned > > > > > > with my view. > > > > > > > > > > > > Warm regards > > > > > > > > > > > > Carsten > > > > > > > > > > > > >>>>> Initial implementation does not contain OpenApi integration > > > yet. > > > > > And > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > Daniel Watford > > > -- Daniel Watford |
Hi Shi and Dan
Thanks for the OAuth2 implementation and Dan, thanks for your evaluation. I have now included an endpoint for clients to authenticate themselves before start using the API. Also, since the endpoint is included in OpenAPI, the same can be executed directly from Swagger UI. curl -X POST "https://localhost:8443/rest/auth/token" -H "accept: application/json" -H "Authorization: Basic YWRtaW46b2ZiaXo=" This gets you the generated token with expiry as set in security.properties file. { "statusCode": 200, "statusDescription": "OK", "successMessage": "Token granted.", "data": { "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJ1c2VyTG9naW5JZCI6ImFkbWluIiwiaXNzIjoiQXBhY2hlT0ZCaXoiLCJleHAiOjE1OTY3MDk4MjAsImlhdCI6MTU5NjcwODAyMH0.9Hj4pkkeQowAMxPLrI_To0WTohxxgVR6FoViyx5HoboTACQZ4iqDyqiIBodkuCVsZwOTPT1RSAQJ0L_oSVMqBA", "token_type": "Bearer", "expires_in": "1800" } } The generated token can then be used to make API calls using Bearer Auth Scheme. I have updated README here : https://github.com/girishvasmatkar/ofbiz-plugins/blob/trunk/ofbiz-rest-impl/README.adoc Best, Girish On Wed, Aug 5, 2020 at 8:13 PM Daniel Watford <[hidden email]> wrote: > Hi Girish, > > I've been able to authenticate with the REST api using the token you > mentioned. > > I find the REST service very interesting as I think it has the potential to > drastically simplify some of the lookup-style functionality currently > implemented. > > As an extension to your PR I tried out a couple of things that might be > useful while you continue to explore REST service opportunities. > > Please see this branch: > > https://github.com/danwatford/ofbiz-framework/commits/rest-experiements-based-on-pr214 > > > There are two commits on top of PR214. > > The first commit uses REST to look up State/Province values for a given > country. This functionality is used when editing postal addresses. In this > commit I've modified the editcontactmech form to use a REST endpoint to > retrieve state/province information. If you have demo data loaded locally > you can see the result here: > > https://localhost:8443/partymgr/control/editcontactmech?partyId=Company&contactMechId=10000 > > There wasn't too much of a saving here as the controller servlet is already > configured to return JSON in response to these lookups, but making use of > REST would sidestep the need to create controller.xml entries. > > > The second commit uses REST to look up User Logins for the autocomplete > field displayed here: https://localhost:8443/partymgr/control/main > > As you type into the User Login ID field REST calls are made to endpoint > https://localhost:8443/rest/services/lookupUserLogin to search for > matching > user logins. > > The potential savings for this style of lookup are a reduction in > complexity on the client and server side. > > At the moment AJAX lookup requests are processed as regular screen > renderings, but with a decorator-loaded screen detecting that the > ajaxLookup parameter is set and then triggering > common/groovyScripts/FindAutocompleteOptions.groovy to run to perform the > search. The search results are then encoded as a piece of javascript inside > an HTML response. > The client loads that HTML response into an automatically generated div, > causing the javascript to execute and populate a global variable. > The client then reads that global variable to generate the options to be > displayed by the autocomplete widget. > > It is quite a convoluted chain of code to follow, but I imagine it was > necessary at the time to make lookups work with the screen view rendering > approach. Calling REST services instead will remove the need to generate > javascript scripts embedded in HTML responses. > > Please note, the code written is very hacky at the moment and hardcoded to > have ofbiz accessible at https://localhost:8443/. Notifying the client > code > of REST endpoints has been done by 'inappropriately reusing' other > configuration items. > > Looking forward to seeing what comes next. Perhaps we could create a new > ModelForm.RestLookupField to work similarly to ModelForm.LookupField, but > making use of REST calls instead. > > Thanks, > > Dan. > > > On Sun, 2 Aug 2020 at 11:03, Girish Vasmatkar < > [hidden email]> wrote: > > > Hi Daniel > > > > You can use the JWT token in the README of. Sorry, if it is not clearly > > documented, this will be improved upon further as I make more changes. > > > https://github.com/girishvasmatkar/ofbiz-plugins/tree/trunk/ofbiz-rest-impl > > > > I need to implement an API endpoint that eventually generates a JWT token > > that can be issued to the client to make subsequent API calls. Until > then, > > please use the once mentioned in the README examples. That JWT has userId > > claim value as admin assuming admin would have got himself authenticated > > and a JWT was issued to him. > > > > I will soon add an API endpoint to issue JWTs and will update README > > accordingly. I hope that answers your question. > > > > Best Regards, > > Girish > > > > > > > > > > > > > > > > On Sun, Aug 2, 2020 at 3:21 PM Daniel Watford <[hidden email]> wrote: > > > > > Hi Girish, > > > > > > I wanted to try out some REST calls using Swagger-ui ( > > > https://localhost:8443/docs/swagger-ui.html) but don't know how to > > > authenticate to get a JWT. > > > > > > Apologies if I missed the instructions elsewhere but please could you > > > advise on how to authenticate against the REST api? > > > > > > Thanks, > > > > > > Dan. > > > > > > On Fri, 31 Jul 2020 at 09:34, Girish Vasmatkar < > > > [hidden email]> wrote: > > > > > > > Greetings! > > > > > > > > I have created a PR to add a REST component - > > > > https://github.com/apache/ofbiz-plugins/pull/35 . Please take a look > > > > and let me know what you think and let me know if you face any > issues. > > I > > > > intend to merge it in a week from now. > > > > > > > > With the PR (https://github.com/apache/ofbiz-framework/pull/214) to > > add > > > > "action" attribute to the service definition now merged, this above > > > > component should be able to expose exportable (export=true) and > > > > actionable(action=GET|POST) services via REST. > > > > > > > > Once the changes for nested attributes (OFBIZ-11902 > > > > <https://issues.apache.org/jira/browse/OFBIZ-11902>) are done, I > will > > > also > > > > be making corresponding changes in the GraphQL plugin to account for > > > nested > > > > attributes. OFBIZ-11902 > > > > <https://issues.apache.org/jira/browse/OFBIZ-11902> will > > > > help in defining complex GraphQL mutations. > > > > > > > > I am parallelly also working on designing an XML DSL for REST that > > should > > > > allow tying up REST resources with OFBiz services. > > > > > > > > Best, > > > > Girish > > > > > > > > > > > > > > > > On Thu, Jul 9, 2020 at 6:27 PM Shi Jinghai <[hidden email]> > > wrote: > > > > > > > > > Hi Girish, > > > > > > > > > > Yes, you got it. > > > > > > > > > > Web browser will popup a login dialog when response code is 401: > > > > > setResponseHeader("WWW-Authenticate", "Bearer > realm=\"authentication > > > > > required\""); > > > > > > > > > > The popup is skipped and then react/vue/angular can handle the > > > response: > > > > > setResponseHeader("WWW-Authenticate", "OFBiz realm=\"authentication > > > > > required\""); > > > > > > > > > > > > > > > 发件人: Girish Vasmatkar<mailto:[hidden email]> > > > > > 发送时间: 2020年7月9日 14:54 > > > > > 收件人: [hidden email]<mailto:[hidden email]> > > > > > 主题: Re: REST implementation > > > > > > > > > > Hi Shi > > > > > > > > > > Thanks for taking a look at it. I have a question on > > "WWW-Authenticate" > > > > > header so please clarify and I can make appropriate changes > > > accordingly - > > > > > > > > > > All I am finding is that to prevent the pop-up, either return 403 > > > (which > > > > I > > > > > do not want to do) or not include "WWW-Authenticate" header at all > > (not > > > > > inclined to do this as well because then we would be violating the > > > spec). > > > > > Do you mean to NOT start the value of the header with "Bearer" ? > > > > > so instead of below > > > > > > > > > > *WWW-Authenticate: Bearer realm="Access to OFBiz", charset="UTF-8"* > > > > > > > > > > should we change it to > > > > > > > > > > *WWW-Authenticate: xBearer realm="Access to OFBiz", > charset="UTF-8"* > > > > > > > > > > I did not test it, but I can just change it like this without > testing > > > if > > > > > you can please confirm it will prevent the browser dialog. > > > > > > > > > > Thanks again for the review. > > > > > > > > > > Best, > > > > > Girish > > > > > > > > > > On Wed, Jul 8, 2020 at 8:45 PM Shi Jinghai <[hidden email]> > > > wrote: > > > > > > > > > > > Hi Girish, > > > > > > > > > > > > Excellent. > > > > > > > > > > > > Only one suggestion from my quick view, when response code is > 401, > > > the > > > > > > "WWW-Authenticate" header should be set to start with a word NOT > > > > “Bearer > > > > > > …”, this can prevent web browser from popping up a login dialog. > > > > > > > > > > > > Kind Regards, > > > > > > > > > > > > Shi Jinghai > > > > > > > > > > > > 发件人: Girish Vasmatkar<mailto:[hidden email]> > > > > > > 发送时间: 2020年7月8日 20:47 > > > > > > 收件人: [hidden email]<mailto:[hidden email]> > > > > > > 主题: Re: REST implementation > > > > > > > > > > > > Hi Folks > > > > > > > > > > > > I have added support for OpenApi Integration. The updated code > can > > be > > > > > found > > > > > > here : https://github.com/girishvasmatkar/ofbiz-rest-impl. > Please > > go > > > > > > through the changes and test at your end and let me know your > > > thoughts. > > > > > > > > > > > > I am planning to do some refactoring and then raise initial PR > for > > > the > > > > > > plug-in if the changes look good to everyone. > > > > > > > > > > > > Best, > > > > > > Girish > > > > > > > > > > > > > > > > > > On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer < > > > > > > [hidden email]> wrote: > > > > > > > > > > > > > Hi Girish, > > > > > > > > > > > > > > Thanks to clarify :) > > > > > > > What caught me on the OpenAPI integration is the snippet quoted > > > below > > > > > and > > > > > > > I realize I should have read it in context. Actually then it is > > > > aligned > > > > > > > with my view. > > > > > > > > > > > > > > Warm regards > > > > > > > > > > > > > > Carsten > > > > > > > > > > > > > > >>>>> Initial implementation does not contain OpenApi > integration > > > > yet. > > > > > > And > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > Daniel Watford > > > > > > > > -- > Daniel Watford > |
Free forum by Nabble | Edit this page |