REST implementation

> Hi Girish,
>
> I'm just starting to review so I may miss things. Just a question for now. We have an option at
>
> https://demo-trunk.ofbiz.apache.org/webtools/control/ServiceList?sel_service_name=testScv
>
> to  (Show wsdl <https://demo-trunk.ofbiz.apache.org:443/webtools/control/ServiceList?sel_service_name=testScv&show_wsdl=true>)
>
> Would it be possible to have the same for REST?
>
> Thanks
>
> Jacques
>
> Le 31/07/2020 à 10:32, Girish Vasmatkar a écrit :
>> Greetings!
>>
>> I have created a PR to add a REST component -
>> https://github.com/apache/ofbiz-plugins/pull/35 . Please take a look
>> and let me know what you think and let me know if you face any issues. I
>> intend to merge it in a week from now.
>>
>> With the PR (https://github.com/apache/ofbiz-framework/pull/214) to add
>> "action" attribute to the service definition now merged, this above
>> component should be able to expose exportable (export=true) and
>> actionable(action=GET|POST) services via REST.
>>
>> Once the changes for nested attributes (OFBIZ-11902
>> <https://issues.apache.org/jira/browse/OFBIZ-11902>) are done, I will also
>> be making corresponding changes in the GraphQL plugin to account for nested
>> attributes. OFBIZ-11902
>> <https://issues.apache.org/jira/browse/OFBIZ-11902> will
>> help in defining complex GraphQL mutations.
>>
>> I am parallelly also working on designing an XML DSL for REST that should
>> allow tying up REST resources with OFBiz services.
>>
>> Best,
>> Girish
>>
>>
>>
>> On Thu, Jul 9, 2020 at 6:27 PM Shi Jinghai <[hidden email]> wrote:
>>
>>> Hi Girish,
>>>
>>> Yes, you got it.
>>>
>>> Web browser will popup a login dialog when response code is 401:
>>> setResponseHeader("WWW-Authenticate", "Bearer realm=\"authentication
>>> required\"");
>>>
>>> The popup is skipped and then react/vue/angular can handle the response:
>>> setResponseHeader("WWW-Authenticate", "OFBiz realm=\"authentication
>>> required\"");
>>>
>>>
>>> 发件人: Girish Vasmatkar<mailto:[hidden email]>
>>> 发送时间: 2020年7月9日 14:54
>>> 收件人: [hidden email]<mailto:[hidden email]>
>>> 主题: Re: REST implementation
>>>
>>> Hi Shi
>>>
>>> Thanks for taking a look at it. I have a question on "WWW-Authenticate"
>>> header so please clarify and I can make appropriate changes accordingly -
>>>
>>> All I am finding is that to prevent the pop-up, either return 403 (which I
>>> do not want to do) or not include "WWW-Authenticate" header at all (not
>>> inclined to do this as well because then we would be violating the spec).
>>> Do you mean to NOT start the value of the header with "Bearer" ?
>>> so instead of below
>>>
>>> *WWW-Authenticate: Bearer realm="Access to OFBiz", charset="UTF-8"*
>>>
>>> should we change it to
>>>
>>> *WWW-Authenticate: xBearer realm="Access to OFBiz", charset="UTF-8"*
>>>
>>> I did not test it, but I can just change it like this without testing if
>>> you can please confirm it will prevent the browser dialog.
>>>
>>> Thanks again for the review.
>>>
>>> Best,
>>> Girish
>>>
>>> On Wed, Jul 8, 2020 at 8:45 PM Shi Jinghai <[hidden email]> wrote:
>>>
>>>> Hi Girish,
>>>>
>>>> Excellent.
>>>>
>>>> Only one suggestion from my quick view, when response code is 401, the
>>>> "WWW-Authenticate" header should be set to start with a word NOT “Bearer
>>>> …”, this can prevent web browser from popping up a login dialog.
>>>>
>>>> Kind Regards,
>>>>
>>>> Shi Jinghai
>>>>
>>>> 发件人: Girish Vasmatkar<mailto:[hidden email]>
>>>> 发送时间: 2020年7月8日 20:47
>>>> 收件人: [hidden email]<mailto:[hidden email]>
>>>> 主题: Re: REST implementation
>>>>
>>>> Hi Folks
>>>>
>>>> I have added support for OpenApi Integration. The updated code can be
>>> found
>>>> here : https://github.com/girishvasmatkar/ofbiz-rest-impl. Please go
>>>> through the changes and test at your end and let me know your thoughts.
>>>>
>>>> I am planning to do some refactoring and then raise initial PR for the
>>>> plug-in if the changes look good to everyone.
>>>>
>>>> Best,
>>>> Girish
>>>>
>>>>
>>>> On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer <
>>>> [hidden email]> wrote:
>>>>
>>>>> Hi Girish,
>>>>>
>>>>> Thanks to clarify :)
>>>>> What caught me on the OpenAPI integration is the snippet quoted below
>>> and
>>>>> I realize I should have read it in context. Actually then it is aligned
>>>>> with my view.
>>>>>
>>>>> Warm regards
>>>>>
>>>>> Carsten
>>>>>
>>>>>>>>>> Initial implementation does not contain OpenApi integration yet.
>>>> And
>>>>>
>>>>
>>>

> I get that we have this information at
>
> https://localhost:8443/docs/swagger-ui.html
>
> like with
>
> https://localhost:8443/docs/swagger-ui.html#/Exported%20Services/findProductById
>
> So I guess we can put a link to that, rigth?
>
> Also there is no [hidden email] (at OpenApiResource::buildOpenApiContact) I'd suggest [hidden email]
>
> For "Terms of service" I suggest a link to ASL2 and to remove the below direct link to it.
>
> BTW thanks Girish, this is really a great step forward :)
>
> Jacques
>
>
> Le 02/08/2020 à 09:40, Jacques Le Roux a écrit :
>> Hi Girish,
>>
>> I'm just starting to review so I may miss things. Just a question for now. We have an option at
>>
>> https://demo-trunk.ofbiz.apache.org/webtools/control/ServiceList?sel_service_name=testScv
>>
>> to  (Show wsdl <https://demo-trunk.ofbiz.apache.org:443/webtools/control/ServiceList?sel_service_name=testScv&show_wsdl=true>)
>>
>> Would it be possible to have the same for REST?
>>
>> Thanks
>>
>> Jacques
>>
>> Le 31/07/2020 à 10:32, Girish Vasmatkar a écrit :
>>> Greetings!
>>>
>>> I have created a PR to add a REST component -
>>> https://github.com/apache/ofbiz-plugins/pull/35 . Please take a look
>>> and let me know what you think and let me know if you face any issues. I
>>> intend to merge it in a week from now.
>>>
>>> With the PR (https://github.com/apache/ofbiz-framework/pull/214) to add
>>> "action" attribute to the service definition now merged, this above
>>> component should be able to expose exportable (export=true) and
>>> actionable(action=GET|POST) services via REST.
>>>
>>> Once the changes for nested attributes (OFBIZ-11902
>>> <https://issues.apache.org/jira/browse/OFBIZ-11902>) are done, I will also
>>> be making corresponding changes in the GraphQL plugin to account for nested
>>> attributes. OFBIZ-11902
>>> <https://issues.apache.org/jira/browse/OFBIZ-11902> will
>>> help in defining complex GraphQL mutations.
>>>
>>> I am parallelly also working on designing an XML DSL for REST that should
>>> allow tying up REST resources with OFBiz services.
>>>
>>> Best,
>>> Girish
>>>
>>>
>>>
>>> On Thu, Jul 9, 2020 at 6:27 PM Shi Jinghai <[hidden email]> wrote:
>>>
>>>> Hi Girish,
>>>>
>>>> Yes, you got it.
>>>>
>>>> Web browser will popup a login dialog when response code is 401:
>>>> setResponseHeader("WWW-Authenticate", "Bearer realm=\"authentication
>>>> required\"");
>>>>
>>>> The popup is skipped and then react/vue/angular can handle the response:
>>>> setResponseHeader("WWW-Authenticate", "OFBiz realm=\"authentication
>>>> required\"");
>>>>
>>>>
>>>> 发件人: Girish Vasmatkar<mailto:[hidden email]>
>>>> 发送时间: 2020年7月9日 14:54
>>>> 收件人: [hidden email]<mailto:[hidden email]>
>>>> 主题: Re: REST implementation
>>>>
>>>> Hi Shi
>>>>
>>>> Thanks for taking a look at it. I have a question on "WWW-Authenticate"
>>>> header so please clarify and I can make appropriate changes accordingly -
>>>>
>>>> All I am finding is that to prevent the pop-up, either return 403 (which I
>>>> do not want to do) or not include "WWW-Authenticate" header at all (not
>>>> inclined to do this as well because then we would be violating the spec).
>>>> Do you mean to NOT start the value of the header with "Bearer" ?
>>>> so instead of below
>>>>
>>>> *WWW-Authenticate: Bearer realm="Access to OFBiz", charset="UTF-8"*
>>>>
>>>> should we change it to
>>>>
>>>> *WWW-Authenticate: xBearer realm="Access to OFBiz", charset="UTF-8"*
>>>>
>>>> I did not test it, but I can just change it like this without testing if
>>>> you can please confirm it will prevent the browser dialog.
>>>>
>>>> Thanks again for the review.
>>>>
>>>> Best,
>>>> Girish
>>>>
>>>> On Wed, Jul 8, 2020 at 8:45 PM Shi Jinghai <[hidden email]> wrote:
>>>>
>>>>> Hi Girish,
>>>>>
>>>>> Excellent.
>>>>>
>>>>> Only one suggestion from my quick view, when response code is 401, the
>>>>> "WWW-Authenticate" header should be set to start with a word NOT “Bearer
>>>>> …”, this can prevent web browser from popping up a login dialog.
>>>>>
>>>>> Kind Regards,
>>>>>
>>>>> Shi Jinghai
>>>>>
>>>>> 发件人: Girish Vasmatkar<mailto:[hidden email]>
>>>>> 发送时间: 2020年7月8日 20:47
>>>>> 收件人: [hidden email]<mailto:[hidden email]>
>>>>> 主题: Re: REST implementation
>>>>>
>>>>> Hi Folks
>>>>>
>>>>> I have added support for OpenApi Integration. The updated code can be
>>>> found
>>>>> here : https://github.com/girishvasmatkar/ofbiz-rest-impl. Please go
>>>>> through the changes and test at your end and let me know your thoughts.
>>>>>
>>>>> I am planning to do some refactoring and then raise initial PR for the
>>>>> plug-in if the changes look good to everyone.
>>>>>
>>>>> Best,
>>>>> Girish
>>>>>
>>>>>
>>>>> On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer <
>>>>> [hidden email]> wrote:
>>>>>
>>>>>> Hi Girish,
>>>>>>
>>>>>> Thanks to clarify :)
>>>>>> What caught me on the OpenAPI integration is the snippet quoted below
>>>> and
>>>>>> I realize I should have read it in context. Actually then it is aligned
>>>>>> with my view.
>>>>>>
>>>>>> Warm regards
>>>>>>
>>>>>> Carsten
>>>>>>
>>>>>>>>>>> Initial implementation does not contain OpenApi integration yet.
>>>>> And
>>>>>>
>>>>>
>>>>

> Greetings!
>
> I have created a PR to add a REST component -
> https://github.com/apache/ofbiz-plugins/pull/35 . Please take a look
> and let me know what you think and let me know if you face any issues. I
> intend to merge it in a week from now.
>
> With the PR (https://github.com/apache/ofbiz-framework/pull/214) to add
> "action" attribute to the service definition now merged, this above
> component should be able to expose exportable (export=true) and
> actionable(action=GET|POST) services via REST.
>
> Once the changes for nested attributes (OFBIZ-11902
> <https://issues.apache.org/jira/browse/OFBIZ-11902>) are done, I will also
> be making corresponding changes in the GraphQL plugin to account for nested
> attributes. OFBIZ-11902
> <https://issues.apache.org/jira/browse/OFBIZ-11902> will
> help in defining complex GraphQL mutations.
>
> I am parallelly also working on designing an XML DSL for REST that should
> allow tying up REST resources with OFBiz services.
>
> Best,
> Girish
>
>
>
> On Thu, Jul 9, 2020 at 6:27 PM Shi Jinghai <[hidden email]> wrote:
>
> > Hi Girish,
> >
> > Yes, you got it.
> >
> > Web browser will popup a login dialog when response code is 401:
> > setResponseHeader("WWW-Authenticate", "Bearer realm=\"authentication
> > required\"");
> >
> > The popup is skipped and then react/vue/angular can handle the response:
> > setResponseHeader("WWW-Authenticate", "OFBiz realm=\"authentication
> > required\"");
> >
> >
> > 发件人: Girish Vasmatkar<mailto:[hidden email]>
> > 发送时间: 2020年7月9日 14:54
> > 收件人: [hidden email]<mailto:[hidden email]>
> > 主题: Re: REST implementation
> >
> > Hi Shi
> >
> > Thanks for taking a look at it. I have a question on "WWW-Authenticate"
> > header so please clarify and I can make appropriate changes accordingly -
> >
> > All I am finding is that to prevent the pop-up, either return 403 (which
> I
> > do not want to do) or not include "WWW-Authenticate" header at all (not
> > inclined to do this as well because then we would be violating the spec).
> > Do you mean to NOT start the value of the header with "Bearer" ?
> > so instead of below
> >
> > *WWW-Authenticate: Bearer realm="Access to OFBiz", charset="UTF-8"*
> >
> > should we change it to
> >
> > *WWW-Authenticate: xBearer realm="Access to OFBiz", charset="UTF-8"*
> >
> > I did not test it, but I can just change it like this without testing if
> > you can please confirm it will prevent the browser dialog.
> >
> > Thanks again for the review.
> >
> > Best,
> > Girish
> >
> > On Wed, Jul 8, 2020 at 8:45 PM Shi Jinghai <[hidden email]> wrote:
> >
> > > Hi Girish,
> > >
> > > Excellent.
> > >
> > > Only one suggestion from my quick view, when response code is 401, the
> > > "WWW-Authenticate" header should be set to start with a word NOT
> “Bearer
> > > …”, this can prevent web browser from popping up a login dialog.
> > >
> > > Kind Regards,
> > >
> > > Shi Jinghai
> > >
> > > 发件人: Girish Vasmatkar<mailto:[hidden email]>
> > > 发送时间: 2020年7月8日 20:47
> > > 收件人: [hidden email]<mailto:[hidden email]>
> > > 主题: Re: REST implementation
> > >
> > > Hi Folks
> > >
> > > I have added support for OpenApi Integration. The updated code can be
> > found
> > > here : https://github.com/girishvasmatkar/ofbiz-rest-impl. Please go
> > > through the changes and test at your end and let me know your thoughts.
> > >
> > > I am planning to do some refactoring and then raise initial PR for the
> > > plug-in if the changes look good to everyone.
> > >
> > > Best,
> > > Girish
> > >
> > >
> > > On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer <
> > > [hidden email]> wrote:
> > >
> > > > Hi Girish,
> > > >
> > > > Thanks to clarify :)
> > > > What caught me on the OpenAPI integration is the snippet quoted below
> > and
> > > > I realize I should have read it in context. Actually then it is
> aligned
> > > > with my view.
> > > >
> > > > Warm regards
> > > >
> > > > Carsten
> > > >
> > > > >>>>> Initial implementation does not contain OpenApi integration
> yet.
> > > And
> > > >
> > > >
> > >
> > >
> >
> >
>

> At https://localhost:8443/rest/ I get a 404 and in log
>
> javax.ws.rs.NotFoundException: HTTP 404 Not Found
>          at
> org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:250)
>          at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
>          at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
>          at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
>          at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
>          at org.glassfish.jersey.internal.Errors.process(Errors.java:244)
>          at
> org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265)
>          at
> org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:232)
>          at
> org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:680)
>          at
> org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394)
>          at
> org.glassfish.jersey.servlet.ServletContainer.serviceImpl(ServletContainer.java:386)
>          at
> org.glassfish.jersey.servlet.ServletContainer.doFilter(ServletContainer.java:561)
>          at
> org.glassfish.jersey.servlet.ServletContainer.doFilter(ServletContainer.java:502)
>          at
> org.glassfish.jersey.servlet.ServletContainer.doFilter(ServletContainer.java:439)
>          at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>          at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>          at
> org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)
>          at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>          at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>          at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
>          at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
>          at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
>          at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
>          at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
>          at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
>          at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
>          at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
>          at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373)
>          at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
>          at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
>          at org.apache.tomcat.util.net
> .NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1589)
>          at org.apache.tomcat.util.net
> .SocketProcessorBase.run(SocketProcessorBase.java:49)
>          at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>          at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>          at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>          at java.lang.Thread.run(Thread.java:748)
>
> Normal?
>
> Le 02/08/2020 à 11:14, Jacques Le Roux a écrit :
> > I get that we have this information at
> >
> > https://localhost:8443/docs/swagger-ui.html
> >
> > like with
> >
> >
> https://localhost:8443/docs/swagger-ui.html#/Exported%20Services/findProductById
> >
> > So I guess we can put a link to that, rigth?
> >
> > Also there is no [hidden email] (at
> OpenApiResource::buildOpenApiContact) I'd suggest [hidden email]
> >
> > For "Terms of service" I suggest a link to ASL2 and to remove the below
> direct link to it.
> >
> > BTW thanks Girish, this is really a great step forward :)
> >
> > Jacques
> >
> >
> > Le 02/08/2020 à 09:40, Jacques Le Roux a écrit :
> >> Hi Girish,
> >>
> >> I'm just starting to review so I may miss things. Just a question for
> now. We have an option at
> >>
> >>
> https://demo-trunk.ofbiz.apache.org/webtools/control/ServiceList?sel_service_name=testScv
> >>
> >> to  (Show wsdl <
> https://demo-trunk.ofbiz.apache.org:443/webtools/control/ServiceList?sel_service_name=testScv&show_wsdl=true
> >)
> >>
> >> Would it be possible to have the same for REST?
> >>
> >> Thanks
> >>
> >> Jacques
> >>
> >> Le 31/07/2020 à 10:32, Girish Vasmatkar a écrit :
> >>> Greetings!
> >>>
> >>> I have created a PR to add a REST component -
> >>> https://github.com/apache/ofbiz-plugins/pull/35 . Please take a look
> >>> and let me know what you think and let me know if you face any issues.
> I
> >>> intend to merge it in a week from now.
> >>>
> >>> With the PR (https://github.com/apache/ofbiz-framework/pull/214) to
> add
> >>> "action" attribute to the service definition now merged, this above
> >>> component should be able to expose exportable (export=true) and
> >>> actionable(action=GET|POST) services via REST.
> >>>
> >>> Once the changes for nested attributes (OFBIZ-11902
> >>> <https://issues.apache.org/jira/browse/OFBIZ-11902>) are done, I will
> also
> >>> be making corresponding changes in the GraphQL plugin to account for
> nested
> >>> attributes. OFBIZ-11902
> >>> <https://issues.apache.org/jira/browse/OFBIZ-11902> will
> >>> help in defining complex GraphQL mutations.
> >>>
> >>> I am parallelly also working on designing an XML DSL for REST that
> should
> >>> allow tying up REST resources with OFBiz services.
> >>>
> >>> Best,
> >>> Girish
> >>>
> >>>
> >>>
> >>> On Thu, Jul 9, 2020 at 6:27 PM Shi Jinghai <[hidden email]>
> wrote:
> >>>
> >>>> Hi Girish,
> >>>>
> >>>> Yes, you got it.
> >>>>
> >>>> Web browser will popup a login dialog when response code is 401:
> >>>> setResponseHeader("WWW-Authenticate", "Bearer realm=\"authentication
> >>>> required\"");
> >>>>
> >>>> The popup is skipped and then react/vue/angular can handle the
> response:
> >>>> setResponseHeader("WWW-Authenticate", "OFBiz realm=\"authentication
> >>>> required\"");
> >>>>
> >>>>
> >>>> 发件人: Girish Vasmatkar<mailto:[hidden email]>
> >>>> 发送时间: 2020年7月9日 14:54
> >>>> 收件人: [hidden email]<mailto:[hidden email]>
> >>>> 主题: Re: REST implementation
> >>>>
> >>>> Hi Shi
> >>>>
> >>>> Thanks for taking a look at it. I have a question on
> "WWW-Authenticate"
> >>>> header so please clarify and I can make appropriate changes
> accordingly -
> >>>>
> >>>> All I am finding is that to prevent the pop-up, either return 403
> (which I
> >>>> do not want to do) or not include "WWW-Authenticate" header at all
> (not
> >>>> inclined to do this as well because then we would be violating the
> spec).
> >>>> Do you mean to NOT start the value of the header with "Bearer" ?
> >>>> so instead of below
> >>>>
> >>>> *WWW-Authenticate: Bearer realm="Access to OFBiz", charset="UTF-8"*
> >>>>
> >>>> should we change it to
> >>>>
> >>>> *WWW-Authenticate: xBearer realm="Access to OFBiz", charset="UTF-8"*
> >>>>
> >>>> I did not test it, but I can just change it like this without testing
> if
> >>>> you can please confirm it will prevent the browser dialog.
> >>>>
> >>>> Thanks again for the review.
> >>>>
> >>>> Best,
> >>>> Girish
> >>>>
> >>>> On Wed, Jul 8, 2020 at 8:45 PM Shi Jinghai <[hidden email]>
> wrote:
> >>>>
> >>>>> Hi Girish,
> >>>>>
> >>>>> Excellent.
> >>>>>
> >>>>> Only one suggestion from my quick view, when response code is 401,
> the
> >>>>> "WWW-Authenticate" header should be set to start with a word NOT
> “Bearer
> >>>>> …”, this can prevent web browser from popping up a login dialog.
> >>>>>
> >>>>> Kind Regards,
> >>>>>
> >>>>> Shi Jinghai
> >>>>>
> >>>>> 发件人: Girish Vasmatkar<mailto:[hidden email]>
> >>>>> 发送时间: 2020年7月8日 20:47
> >>>>> 收件人: [hidden email]<mailto:[hidden email]>
> >>>>> 主题: Re: REST implementation
> >>>>>
> >>>>> Hi Folks
> >>>>>
> >>>>> I have added support for OpenApi Integration. The updated code can be
> >>>> found
> >>>>> here : https://github.com/girishvasmatkar/ofbiz-rest-impl. Please go
> >>>>> through the changes and test at your end and let me know your
> thoughts.
> >>>>>
> >>>>> I am planning to do some refactoring and then raise initial PR for
> the
> >>>>> plug-in if the changes look good to everyone.
> >>>>>
> >>>>> Best,
> >>>>> Girish
> >>>>>
> >>>>>
> >>>>> On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer <
> >>>>> [hidden email]> wrote:
> >>>>>
> >>>>>> Hi Girish,
> >>>>>>
> >>>>>> Thanks to clarify :)
> >>>>>> What caught me on the OpenAPI integration is the snippet quoted
> below
> >>>> and
> >>>>>> I realize I should have read it in context. Actually then it is
> aligned
> >>>>>> with my view.
> >>>>>>
> >>>>>> Warm regards
> >>>>>>
> >>>>>> Carsten
> >>>>>>
> >>>>>>>>>>> Initial implementation does not contain OpenApi integration
> yet.
> >>>>> And
> >>>>>>
> >>>>>
> >>>>
>

> Hi Girish,
>
> I wanted to try out some REST calls using Swagger-ui (
> https://localhost:8443/docs/swagger-ui.html) but don't know how to
> authenticate to get a JWT.
>
> Apologies if I missed the instructions elsewhere but please could you
> advise on how to authenticate against the REST api?
>
> Thanks,
>
> Dan.
>
> On Fri, 31 Jul 2020 at 09:34, Girish Vasmatkar <
> [hidden email]> wrote:
>
> > Greetings!
> >
> > I have created a PR to add a REST component -
> > https://github.com/apache/ofbiz-plugins/pull/35 . Please take a look
> > and let me know what you think and let me know if you face any issues. I
> > intend to merge it in a week from now.
> >
> > With the PR (https://github.com/apache/ofbiz-framework/pull/214) to add
> > "action" attribute to the service definition now merged, this above
> > component should be able to expose exportable (export=true) and
> > actionable(action=GET|POST) services via REST.
> >
> > Once the changes for nested attributes (OFBIZ-11902
> > <https://issues.apache.org/jira/browse/OFBIZ-11902>) are done, I will
> also
> > be making corresponding changes in the GraphQL plugin to account for
> nested
> > attributes. OFBIZ-11902
> > <https://issues.apache.org/jira/browse/OFBIZ-11902> will
> > help in defining complex GraphQL mutations.
> >
> > I am parallelly also working on designing an XML DSL for REST that should
> > allow tying up REST resources with OFBiz services.
> >
> > Best,
> > Girish
> >
> >
> >
> > On Thu, Jul 9, 2020 at 6:27 PM Shi Jinghai <[hidden email]> wrote:
> >
> > > Hi Girish,
> > >
> > > Yes, you got it.
> > >
> > > Web browser will popup a login dialog when response code is 401:
> > > setResponseHeader("WWW-Authenticate", "Bearer realm=\"authentication
> > > required\"");
> > >
> > > The popup is skipped and then react/vue/angular can handle the
> response:
> > > setResponseHeader("WWW-Authenticate", "OFBiz realm=\"authentication
> > > required\"");
> > >
> > >
> > > 发件人: Girish Vasmatkar<mailto:[hidden email]>
> > > 发送时间: 2020年7月9日 14:54
> > > 收件人: [hidden email]<mailto:[hidden email]>
> > > 主题: Re: REST implementation
> > >
> > > Hi Shi
> > >
> > > Thanks for taking a look at it. I have a question on "WWW-Authenticate"
> > > header so please clarify and I can make appropriate changes
> accordingly -
> > >
> > > All I am finding is that to prevent the pop-up, either return 403
> (which
> > I
> > > do not want to do) or not include "WWW-Authenticate" header at all (not
> > > inclined to do this as well because then we would be violating the
> spec).
> > > Do you mean to NOT start the value of the header with "Bearer" ?
> > > so instead of below
> > >
> > > *WWW-Authenticate: Bearer realm="Access to OFBiz", charset="UTF-8"*
> > >
> > > should we change it to
> > >
> > > *WWW-Authenticate: xBearer realm="Access to OFBiz", charset="UTF-8"*
> > >
> > > I did not test it, but I can just change it like this without testing
> if
> > > you can please confirm it will prevent the browser dialog.
> > >
> > > Thanks again for the review.
> > >
> > > Best,
> > > Girish
> > >
> > > On Wed, Jul 8, 2020 at 8:45 PM Shi Jinghai <[hidden email]>
> wrote:
> > >
> > > > Hi Girish,
> > > >
> > > > Excellent.
> > > >
> > > > Only one suggestion from my quick view, when response code is 401,
> the
> > > > "WWW-Authenticate" header should be set to start with a word NOT
> > “Bearer
> > > > …”, this can prevent web browser from popping up a login dialog.
> > > >
> > > > Kind Regards,
> > > >
> > > > Shi Jinghai
> > > >
> > > > 发件人: Girish Vasmatkar<mailto:[hidden email]>
> > > > 发送时间: 2020年7月8日 20:47
> > > > 收件人: [hidden email]<mailto:[hidden email]>
> > > > 主题: Re: REST implementation
> > > >
> > > > Hi Folks
> > > >
> > > > I have added support for OpenApi Integration. The updated code can be
> > > found
> > > > here : https://github.com/girishvasmatkar/ofbiz-rest-impl. Please go
> > > > through the changes and test at your end and let me know your
> thoughts.
> > > >
> > > > I am planning to do some refactoring and then raise initial PR for
> the
> > > > plug-in if the changes look good to everyone.
> > > >
> > > > Best,
> > > > Girish
> > > >
> > > >
> > > > On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer <
> > > > [hidden email]> wrote:
> > > >
> > > > > Hi Girish,
> > > > >
> > > > > Thanks to clarify :)
> > > > > What caught me on the OpenAPI integration is the snippet quoted
> below
> > > and
> > > > > I realize I should have read it in context. Actually then it is
> > aligned
> > > > > with my view.
> > > > >
> > > > > Warm regards
> > > > >
> > > > > Carsten
> > > > >
> > > > > >>>>> Initial implementation does not contain OpenApi integration
> > yet.
> > > > And
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
>
>
> --
> Daniel Watford
>

> Hi Girish,
>
> I wanted to try out some REST calls using Swagger-ui (
> https://localhost:8443/docs/swagger-ui.html) but don't know how to
> authenticate to get a JWT.
>
> Apologies if I missed the instructions elsewhere but please could you
> advise on how to authenticate against the REST api?
>
> Thanks,
>
> Dan.
>
> On Fri, 31 Jul 2020 at 09:34, Girish Vasmatkar <
> [hidden email]> wrote:
>
> > Greetings!
> >
> > I have created a PR to add a REST component -
> > https://github.com/apache/ofbiz-plugins/pull/35 . Please take a look
> > and let me know what you think and let me know if you face any issues. I
> > intend to merge it in a week from now.
> >
> > With the PR (https://github.com/apache/ofbiz-framework/pull/214) to add
> > "action" attribute to the service definition now merged, this above
> > component should be able to expose exportable (export=true) and
> > actionable(action=GET|POST) services via REST.
> >
> > Once the changes for nested attributes (OFBIZ-11902
> > <https://issues.apache.org/jira/browse/OFBIZ-11902>) are done, I will
> also
> > be making corresponding changes in the GraphQL plugin to account for
> nested
> > attributes. OFBIZ-11902
> > <https://issues.apache.org/jira/browse/OFBIZ-11902> will
> > help in defining complex GraphQL mutations.
> >
> > I am parallelly also working on designing an XML DSL for REST that should
> > allow tying up REST resources with OFBiz services.
> >
> > Best,
> > Girish
> >
> >
> >
> > On Thu, Jul 9, 2020 at 6:27 PM Shi Jinghai <[hidden email]> wrote:
> >
> > > Hi Girish,
> > >
> > > Yes, you got it.
> > >
> > > Web browser will popup a login dialog when response code is 401:
> > > setResponseHeader("WWW-Authenticate", "Bearer realm=\"authentication
> > > required\"");
> > >
> > > The popup is skipped and then react/vue/angular can handle the
> response:
> > > setResponseHeader("WWW-Authenticate", "OFBiz realm=\"authentication
> > > required\"");
> > >
> > >
> > > 发件人: Girish Vasmatkar<mailto:[hidden email]>
> > > 发送时间: 2020年7月9日 14:54
> > > 收件人: [hidden email]<mailto:[hidden email]>
> > > 主题: Re: REST implementation
> > >
> > > Hi Shi
> > >
> > > Thanks for taking a look at it. I have a question on "WWW-Authenticate"
> > > header so please clarify and I can make appropriate changes
> accordingly -
> > >
> > > All I am finding is that to prevent the pop-up, either return 403
> (which
> > I
> > > do not want to do) or not include "WWW-Authenticate" header at all (not
> > > inclined to do this as well because then we would be violating the
> spec).
> > > Do you mean to NOT start the value of the header with "Bearer" ?
> > > so instead of below
> > >
> > > *WWW-Authenticate: Bearer realm="Access to OFBiz", charset="UTF-8"*
> > >
> > > should we change it to
> > >
> > > *WWW-Authenticate: xBearer realm="Access to OFBiz", charset="UTF-8"*
> > >
> > > I did not test it, but I can just change it like this without testing
> if
> > > you can please confirm it will prevent the browser dialog.
> > >
> > > Thanks again for the review.
> > >
> > > Best,
> > > Girish
> > >
> > > On Wed, Jul 8, 2020 at 8:45 PM Shi Jinghai <[hidden email]>
> wrote:
> > >
> > > > Hi Girish,
> > > >
> > > > Excellent.
> > > >
> > > > Only one suggestion from my quick view, when response code is 401,
> the
> > > > "WWW-Authenticate" header should be set to start with a word NOT
> > “Bearer
> > > > …”, this can prevent web browser from popping up a login dialog.
> > > >
> > > > Kind Regards,
> > > >
> > > > Shi Jinghai
> > > >
> > > > 发件人: Girish Vasmatkar<mailto:[hidden email]>
> > > > 发送时间: 2020年7月8日 20:47
> > > > 收件人: [hidden email]<mailto:[hidden email]>
> > > > 主题: Re: REST implementation
> > > >
> > > > Hi Folks
> > > >
> > > > I have added support for OpenApi Integration. The updated code can be
> > > found
> > > > here : https://github.com/girishvasmatkar/ofbiz-rest-impl. Please go
> > > > through the changes and test at your end and let me know your
> thoughts.
> > > >
> > > > I am planning to do some refactoring and then raise initial PR for
> the
> > > > plug-in if the changes look good to everyone.
> > > >
> > > > Best,
> > > > Girish
> > > >
> > > >
> > > > On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer <
> > > > [hidden email]> wrote:
> > > >
> > > > > Hi Girish,
> > > > >
> > > > > Thanks to clarify :)
> > > > > What caught me on the OpenAPI integration is the snippet quoted
> below
> > > and
> > > > > I realize I should have read it in context. Actually then it is
> > aligned
> > > > > with my view.
> > > > >
> > > > > Warm regards
> > > > >
> > > > > Carsten
> > > > >
> > > > > >>>>> Initial implementation does not contain OpenApi integration
> > yet.
> > > > And
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
>
>
> --
> Daniel Watford
>

> Hi Daniel
>
> You can use the JWT token in the README of. Sorry, if it is not clearly
> documented, this will be improved upon further as I make more changes.
> https://github.com/girishvasmatkar/ofbiz-plugins/tree/trunk/ofbiz-rest-impl
>
> I need to implement an API endpoint that eventually generates a JWT token
> that can be issued to the client to make subsequent API calls. Until then,
> please use the once mentioned in the README examples. That JWT has userId
> claim value as admin assuming admin would have got himself authenticated
> and a JWT was issued to him.
>
> I will soon add an API endpoint to issue JWTs and will update README
> accordingly. I hope that answers your question.
>
> Best Regards,
> Girish
>
>
>
>
>
>
>
> On Sun, Aug 2, 2020 at 3:21 PM Daniel Watford <[hidden email]> wrote:
>
> > Hi Girish,
> >
> > I wanted to try out some REST calls using Swagger-ui (
> > https://localhost:8443/docs/swagger-ui.html) but don't know how to
> > authenticate to get a JWT.
> >
> > Apologies if I missed the instructions elsewhere but please could you
> > advise on how to authenticate against the REST api?
> >
> > Thanks,
> >
> > Dan.
> >
> > On Fri, 31 Jul 2020 at 09:34, Girish Vasmatkar <
> > [hidden email]> wrote:
> >
> > > Greetings!
> > >
> > > I have created a PR to add a REST component -
> > > https://github.com/apache/ofbiz-plugins/pull/35 . Please take a look
> > > and let me know what you think and let me know if you face any issues.
> I
> > > intend to merge it in a week from now.
> > >
> > > With the PR (https://github.com/apache/ofbiz-framework/pull/214) to
> add
> > > "action" attribute to the service definition now merged, this above
> > > component should be able to expose exportable (export=true) and
> > > actionable(action=GET|POST) services via REST.
> > >
> > > Once the changes for nested attributes (OFBIZ-11902
> > > <https://issues.apache.org/jira/browse/OFBIZ-11902>) are done, I will
> > also
> > > be making corresponding changes in the GraphQL plugin to account for
> > nested
> > > attributes. OFBIZ-11902
> > > <https://issues.apache.org/jira/browse/OFBIZ-11902> will
> > > help in defining complex GraphQL mutations.
> > >
> > > I am parallelly also working on designing an XML DSL for REST that
> should
> > > allow tying up REST resources with OFBiz services.
> > >
> > > Best,
> > > Girish
> > >
> > >
> > >
> > > On Thu, Jul 9, 2020 at 6:27 PM Shi Jinghai <[hidden email]>
> wrote:
> > >
> > > > Hi Girish,
> > > >
> > > > Yes, you got it.
> > > >
> > > > Web browser will popup a login dialog when response code is 401:
> > > > setResponseHeader("WWW-Authenticate", "Bearer realm=\"authentication
> > > > required\"");
> > > >
> > > > The popup is skipped and then react/vue/angular can handle the
> > response:
> > > > setResponseHeader("WWW-Authenticate", "OFBiz realm=\"authentication
> > > > required\"");
> > > >
> > > >
> > > > 发件人: Girish Vasmatkar<mailto:[hidden email]>
> > > > 发送时间: 2020年7月9日 14:54
> > > > 收件人: [hidden email]<mailto:[hidden email]>
> > > > 主题: Re: REST implementation
> > > >
> > > > Hi Shi
> > > >
> > > > Thanks for taking a look at it. I have a question on
> "WWW-Authenticate"
> > > > header so please clarify and I can make appropriate changes
> > accordingly -
> > > >
> > > > All I am finding is that to prevent the pop-up, either return 403
> > (which
> > > I
> > > > do not want to do) or not include "WWW-Authenticate" header at all
> (not
> > > > inclined to do this as well because then we would be violating the
> > spec).
> > > > Do you mean to NOT start the value of the header with "Bearer" ?
> > > > so instead of below
> > > >
> > > > *WWW-Authenticate: Bearer realm="Access to OFBiz", charset="UTF-8"*
> > > >
> > > > should we change it to
> > > >
> > > > *WWW-Authenticate: xBearer realm="Access to OFBiz", charset="UTF-8"*
> > > >
> > > > I did not test it, but I can just change it like this without testing
> > if
> > > > you can please confirm it will prevent the browser dialog.
> > > >
> > > > Thanks again for the review.
> > > >
> > > > Best,
> > > > Girish
> > > >
> > > > On Wed, Jul 8, 2020 at 8:45 PM Shi Jinghai <[hidden email]>
> > wrote:
> > > >
> > > > > Hi Girish,
> > > > >
> > > > > Excellent.
> > > > >
> > > > > Only one suggestion from my quick view, when response code is 401,
> > the
> > > > > "WWW-Authenticate" header should be set to start with a word NOT
> > > “Bearer
> > > > > …”, this can prevent web browser from popping up a login dialog.
> > > > >
> > > > > Kind Regards,
> > > > >
> > > > > Shi Jinghai
> > > > >
> > > > > 发件人: Girish Vasmatkar<mailto:[hidden email]>
> > > > > 发送时间: 2020年7月8日 20:47
> > > > > 收件人: [hidden email]<mailto:[hidden email]>
> > > > > 主题: Re: REST implementation
> > > > >
> > > > > Hi Folks
> > > > >
> > > > > I have added support for OpenApi Integration. The updated code can
> be
> > > > found
> > > > > here : https://github.com/girishvasmatkar/ofbiz-rest-impl. Please
> go
> > > > > through the changes and test at your end and let me know your
> > thoughts.
> > > > >
> > > > > I am planning to do some refactoring and then raise initial PR for
> > the
> > > > > plug-in if the changes look good to everyone.
> > > > >
> > > > > Best,
> > > > > Girish
> > > > >
> > > > >
> > > > > On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer <
> > > > > [hidden email]> wrote:
> > > > >
> > > > > > Hi Girish,
> > > > > >
> > > > > > Thanks to clarify :)
> > > > > > What caught me on the OpenAPI integration is the snippet quoted
> > below
> > > > and
> > > > > > I realize I should have read it in context. Actually then it is
> > > aligned
> > > > > > with my view.
> > > > > >
> > > > > > Warm regards
> > > > > >
> > > > > > Carsten
> > > > > >
> > > > > > >>>>> Initial implementation does not contain OpenApi integration
> > > yet.
> > > > > And
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> >
> >
> > --
> > Daniel Watford
> >
>

> Hi Girish,
>
> I've been able to authenticate with the REST api using the token you
> mentioned.
>
> I find the REST service very interesting as I think it has the potential to
> drastically simplify some of the lookup-style functionality currently
> implemented.
>
> As an extension to your PR I tried out a couple of things that might be
> useful while you continue to explore REST service opportunities.
>
> Please see this branch:
>
> https://github.com/danwatford/ofbiz-framework/commits/rest-experiements-based-on-pr214
>
>
> There are two commits on top of PR214.
>
> The first commit uses REST to look up State/Province values for a given
> country. This functionality is used when editing postal addresses. In this
> commit I've modified the editcontactmech form to use a REST endpoint to
> retrieve state/province information. If you have demo data loaded locally
> you can see the result here:
>
> https://localhost:8443/partymgr/control/editcontactmech?partyId=Company&contactMechId=10000
>
> There wasn't too much of a saving here as the controller servlet is already
> configured to return JSON in response to these lookups, but making use of
> REST would sidestep the need to create controller.xml entries.
>
>
> The second commit uses REST to look up User Logins for the autocomplete
> field displayed here: https://localhost:8443/partymgr/control/main
>
> As you type into the User Login ID field REST calls are made to endpoint
> https://localhost:8443/rest/services/lookupUserLogin to search for
> matching
> user logins.
>
> The potential savings for this style of lookup are a reduction in
> complexity on the client and server side.
>
> At the moment AJAX lookup requests are processed as regular screen
> renderings, but with a decorator-loaded screen detecting that the
> ajaxLookup parameter is set and then triggering
> common/groovyScripts/FindAutocompleteOptions.groovy to run to perform the
> search. The search results are then encoded as a piece of javascript inside
> an HTML response.
> The client loads that HTML response into an automatically generated div,
> causing the javascript to execute and populate a global variable.
> The client then reads that global variable to generate the options to be
> displayed by the autocomplete widget.
>
> It is quite a convoluted chain of code to follow, but I imagine it was
> necessary at the time to make lookups work with the screen view rendering
> approach. Calling REST services instead will remove the need to generate
> javascript scripts embedded in HTML responses.
>
> Please note, the code written is very hacky at the moment and hardcoded to
> have ofbiz accessible at https://localhost:8443/. Notifying the client
> code
> of REST endpoints has been done by 'inappropriately reusing' other
> configuration items.
>
> Looking forward to seeing what comes next. Perhaps we could create a new
> ModelForm.RestLookupField to work similarly to ModelForm.LookupField, but
> making use of REST calls instead.
>
> Thanks,
>
> Dan.
>
>
> On Sun, 2 Aug 2020 at 11:03, Girish Vasmatkar <
> [hidden email]> wrote:
>
> > Hi Daniel
> >
> > You can use the JWT token in the README of. Sorry, if it is not clearly
> > documented, this will be improved upon further as I make more changes.
> >
> https://github.com/girishvasmatkar/ofbiz-plugins/tree/trunk/ofbiz-rest-impl
> >
> > I need to implement an API endpoint that eventually generates a JWT token
> > that can be issued to the client to make subsequent API calls. Until
> then,
> > please use the once mentioned in the README examples. That JWT has userId
> > claim value as admin assuming admin would have got himself authenticated
> > and a JWT was issued to him.
> >
> > I will soon add an API endpoint to issue JWTs and will update README
> > accordingly. I hope that answers your question.
> >
> > Best Regards,
> > Girish
> >
> >
> >
> >
> >
> >
> >
> > On Sun, Aug 2, 2020 at 3:21 PM Daniel Watford <[hidden email]> wrote:
> >
> > > Hi Girish,
> > >
> > > I wanted to try out some REST calls using Swagger-ui (
> > > https://localhost:8443/docs/swagger-ui.html) but don't know how to
> > > authenticate to get a JWT.
> > >
> > > Apologies if I missed the instructions elsewhere but please could you
> > > advise on how to authenticate against the REST api?
> > >
> > > Thanks,
> > >
> > > Dan.
> > >
> > > On Fri, 31 Jul 2020 at 09:34, Girish Vasmatkar <
> > > [hidden email]> wrote:
> > >
> > > > Greetings!
> > > >
> > > > I have created a PR to add a REST component -
> > > > https://github.com/apache/ofbiz-plugins/pull/35 . Please take a look
> > > > and let me know what you think and let me know if you face any
> issues.
> > I
> > > > intend to merge it in a week from now.
> > > >
> > > > With the PR (https://github.com/apache/ofbiz-framework/pull/214) to
> > add
> > > > "action" attribute to the service definition now merged, this above
> > > > component should be able to expose exportable (export=true) and
> > > > actionable(action=GET|POST) services via REST.
> > > >
> > > > Once the changes for nested attributes (OFBIZ-11902
> > > > <https://issues.apache.org/jira/browse/OFBIZ-11902>) are done, I
> will
> > > also
> > > > be making corresponding changes in the GraphQL plugin to account for
> > > nested
> > > > attributes. OFBIZ-11902
> > > > <https://issues.apache.org/jira/browse/OFBIZ-11902> will
> > > > help in defining complex GraphQL mutations.
> > > >
> > > > I am parallelly also working on designing an XML DSL for REST that
> > should
> > > > allow tying up REST resources with OFBiz services.
> > > >
> > > > Best,
> > > > Girish
> > > >
> > > >
> > > >
> > > > On Thu, Jul 9, 2020 at 6:27 PM Shi Jinghai <[hidden email]>
> > wrote:
> > > >
> > > > > Hi Girish,
> > > > >
> > > > > Yes, you got it.
> > > > >
> > > > > Web browser will popup a login dialog when response code is 401:
> > > > > setResponseHeader("WWW-Authenticate", "Bearer
> realm=\"authentication
> > > > > required\"");
> > > > >
> > > > > The popup is skipped and then react/vue/angular can handle the
> > > response:
> > > > > setResponseHeader("WWW-Authenticate", "OFBiz realm=\"authentication
> > > > > required\"");
> > > > >
> > > > >
> > > > > 发件人: Girish Vasmatkar<mailto:[hidden email]>
> > > > > 发送时间: 2020年7月9日 14:54
> > > > > 收件人: [hidden email]<mailto:[hidden email]>
> > > > > 主题: Re: REST implementation
> > > > >
> > > > > Hi Shi
> > > > >
> > > > > Thanks for taking a look at it. I have a question on
> > "WWW-Authenticate"
> > > > > header so please clarify and I can make appropriate changes
> > > accordingly -
> > > > >
> > > > > All I am finding is that to prevent the pop-up, either return 403
> > > (which
> > > > I
> > > > > do not want to do) or not include "WWW-Authenticate" header at all
> > (not
> > > > > inclined to do this as well because then we would be violating the
> > > spec).
> > > > > Do you mean to NOT start the value of the header with "Bearer" ?
> > > > > so instead of below
> > > > >
> > > > > *WWW-Authenticate: Bearer realm="Access to OFBiz", charset="UTF-8"*
> > > > >
> > > > > should we change it to
> > > > >
> > > > > *WWW-Authenticate: xBearer realm="Access to OFBiz",
> charset="UTF-8"*
> > > > >
> > > > > I did not test it, but I can just change it like this without
> testing
> > > if
> > > > > you can please confirm it will prevent the browser dialog.
> > > > >
> > > > > Thanks again for the review.
> > > > >
> > > > > Best,
> > > > > Girish
> > > > >
> > > > > On Wed, Jul 8, 2020 at 8:45 PM Shi Jinghai <[hidden email]>
> > > wrote:
> > > > >
> > > > > > Hi Girish,
> > > > > >
> > > > > > Excellent.
> > > > > >
> > > > > > Only one suggestion from my quick view, when response code is
> 401,
> > > the
> > > > > > "WWW-Authenticate" header should be set to start with a word NOT
> > > > “Bearer
> > > > > > …”, this can prevent web browser from popping up a login dialog.
> > > > > >
> > > > > > Kind Regards,
> > > > > >
> > > > > > Shi Jinghai
> > > > > >
> > > > > > 发件人: Girish Vasmatkar<mailto:[hidden email]>
> > > > > > 发送时间: 2020年7月8日 20:47
> > > > > > 收件人: [hidden email]<mailto:[hidden email]>
> > > > > > 主题: Re: REST implementation
> > > > > >
> > > > > > Hi Folks
> > > > > >
> > > > > > I have added support for OpenApi Integration. The updated code
> can
> > be
> > > > > found
> > > > > > here : https://github.com/girishvasmatkar/ofbiz-rest-impl.
> Please
> > go
> > > > > > through the changes and test at your end and let me know your
> > > thoughts.
> > > > > >
> > > > > > I am planning to do some refactoring and then raise initial PR
> for
> > > the
> > > > > > plug-in if the changes look good to everyone.
> > > > > >
> > > > > > Best,
> > > > > > Girish
> > > > > >
> > > > > >
> > > > > > On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer <
> > > > > > [hidden email]> wrote:
> > > > > >
> > > > > > > Hi Girish,
> > > > > > >
> > > > > > > Thanks to clarify :)
> > > > > > > What caught me on the OpenAPI integration is the snippet quoted
> > > below
> > > > > and
> > > > > > > I realize I should have read it in context. Actually then it is
> > > > aligned
> > > > > > > with my view.
> > > > > > >
> > > > > > > Warm regards
> > > > > > >
> > > > > > > Carsten
> > > > > > >
> > > > > > > >>>>> Initial implementation does not contain OpenApi
> integration
> > > > yet.
> > > > > > And
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > >
> > >
> > > --
> > > Daniel Watford
> > >
> >
>
>
> --
> Daniel Watford
>