REST implementation

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
28 messages Options
12
grv
Reply | Threaded
Open this post in threaded view
|

REST implementation

grv
Hi All

I am again bringing up this discussion on having a REST implementation for
OFBiz. I know we have had discussions before and I was looking at some of
the past discussions about this topic and seems we are not there quite yet
(correct me if I am wrong).

I had developed a POC plug-in based on Jersey (that I am currently
enhancing) and recently started evaluating Apache Juneau as well. I wanted
to bring everybody on the same page as far as REST implementation is
concerned so I had initiated a discussion on slack today. I am listing down
a few points below that can be perceived as comment/question/understanding
based on my general understanding of the matter and today's slack
discussion.

   - Anything we start on can be part of a plug-in for the start and later
   can become part of the framework (as separate plug-in) once it is
   developed. A dedicated API application will allow it to be lightweight in
   terms of request processing. Should have separate auth mechanism bypassing
   ControlerServlet/ContextFiler/ControlFilter. I opine we do not need the API
   request to go through these three. Please correct me.
   - We want to have mechanism to expose services (export=true) to be
   available as a REST resources. Possibly extending existing service
   definition by a new attribute verb="get|post". Also, if we also want to
   expose out REST interface as an OpenApi specification, then it will
   possibly help if we show in the spec an example of request for a specific
   service. In that case, the service definition can be expanded to allow for
   defining a JSON example (in a CDATA element)?
   -  Any service that declares one of the verbs and not called with
   declared verb will result in 405(Method not found) or 404(Resource does not
   exist) error.
      - GET /api/services/{serviceName}?inParams={JSON}
      - POST /api/services/{serviceName} (Request Body will contain in
      params as JSON)
      - GET /api/services : We list all services(export=true) along with
      HATEOS Links (self link describing where the specific service can be
      located)
   - Do we want to have a similar resource for entities?. I think entities
   should not be exposed directly as a REST resource even though they are a
   good example of being a resource.
   - We can take one day at a time approach here and just start with
   exposing services as REST.
   - Auth : I had provided JWT based auth for the plug-in I had developed.
   This can further be expanded and allow for Digest auth as well? Can have
   separate API endpoint to generate JWT token.

Please share your thoughts on this and apologies for long email.

Best Regards,
Girish
Reply | Threaded
Open this post in threaded view
|

Re: REST implementation

Al Byers
I am curious as to whether or not you have looked at what Moqui has done?
I'm not up to speed on it enough to comment on how it stacks up against
your list, but it seems logical to look at it since OFBiz and Moqui share a
lot of DNA.

Al Byers

On Wed, Jun 10, 2020 at 9:43 AM Girish Vasmatkar <
[hidden email]> wrote:

> Hi All
>
> I am again bringing up this discussion on having a REST implementation for
> OFBiz. I know we have had discussions before and I was looking at some of
> the past discussions about this topic and seems we are not there quite yet
> (correct me if I am wrong).
>
> I had developed a POC plug-in based on Jersey (that I am currently
> enhancing) and recently started evaluating Apache Juneau as well. I wanted
> to bring everybody on the same page as far as REST implementation is
> concerned so I had initiated a discussion on slack today. I am listing down
> a few points below that can be perceived as comment/question/understanding
> based on my general understanding of the matter and today's slack
> discussion.
>
>    - Anything we start on can be part of a plug-in for the start and later
>    can become part of the framework (as separate plug-in) once it is
>    developed. A dedicated API application will allow it to be lightweight
> in
>    terms of request processing. Should have separate auth mechanism
> bypassing
>    ControlerServlet/ContextFiler/ControlFilter. I opine we do not need the
> API
>    request to go through these three. Please correct me.
>    - We want to have mechanism to expose services (export=true) to be
>    available as a REST resources. Possibly extending existing service
>    definition by a new attribute verb="get|post". Also, if we also want to
>    expose out REST interface as an OpenApi specification, then it will
>    possibly help if we show in the spec an example of request for a
> specific
>    service. In that case, the service definition can be expanded to allow
> for
>    defining a JSON example (in a CDATA element)?
>    -  Any service that declares one of the verbs and not called with
>    declared verb will result in 405(Method not found) or 404(Resource does
> not
>    exist) error.
>       - GET /api/services/{serviceName}?inParams={JSON}
>       - POST /api/services/{serviceName} (Request Body will contain in
>       params as JSON)
>       - GET /api/services : We list all services(export=true) along with
>       HATEOS Links (self link describing where the specific service can be
>       located)
>    - Do we want to have a similar resource for entities?. I think entities
>    should not be exposed directly as a REST resource even though they are a
>    good example of being a resource.
>    - We can take one day at a time approach here and just start with
>    exposing services as REST.
>    - Auth : I had provided JWT based auth for the plug-in I had developed.
>    This can further be expanded and allow for Digest auth as well? Can have
>    separate API endpoint to generate JWT token.
>
> Please share your thoughts on this and apologies for long email.
>
> Best Regards,
> Girish
>
Reply | Threaded
Open this post in threaded view
|

Re: REST implementation

Pierre Smits-3
Hi Al,

Great to see you still present.


Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz <https://ofbiz.apache.org/> since
2008 (without privileges)

*Apache Trafodion <https://trafodion.apache.org>, Vice President*
*Apache Directory <https://directory.apache.org>, PMC Member*
Apache Incubator <https://incubator.apache.org>, committer
Apache Steve <https://steve.apache.org>, committer


On Wed, Jun 10, 2020 at 6:19 PM Al Byers <[hidden email]> wrote:

> I am curious as to whether or not you have looked at what Moqui has done?
> I'm not up to speed on it enough to comment on how it stacks up against
> your list, but it seems logical to look at it since OFBiz and Moqui share a
> lot of DNA.
>
> Al Byers
>
> On Wed, Jun 10, 2020 at 9:43 AM Girish Vasmatkar <
> [hidden email]> wrote:
>
> > Hi All
> >
> > I am again bringing up this discussion on having a REST implementation
> for
> > OFBiz. I know we have had discussions before and I was looking at some of
> > the past discussions about this topic and seems we are not there quite
> yet
> > (correct me if I am wrong).
> >
> > I had developed a POC plug-in based on Jersey (that I am currently
> > enhancing) and recently started evaluating Apache Juneau as well. I
> wanted
> > to bring everybody on the same page as far as REST implementation is
> > concerned so I had initiated a discussion on slack today. I am listing
> down
> > a few points below that can be perceived as
> comment/question/understanding
> > based on my general understanding of the matter and today's slack
> > discussion.
> >
> >    - Anything we start on can be part of a plug-in for the start and
> later
> >    can become part of the framework (as separate plug-in) once it is
> >    developed. A dedicated API application will allow it to be lightweight
> > in
> >    terms of request processing. Should have separate auth mechanism
> > bypassing
> >    ControlerServlet/ContextFiler/ControlFilter. I opine we do not need
> the
> > API
> >    request to go through these three. Please correct me.
> >    - We want to have mechanism to expose services (export=true) to be
> >    available as a REST resources. Possibly extending existing service
> >    definition by a new attribute verb="get|post". Also, if we also want
> to
> >    expose out REST interface as an OpenApi specification, then it will
> >    possibly help if we show in the spec an example of request for a
> > specific
> >    service. In that case, the service definition can be expanded to allow
> > for
> >    defining a JSON example (in a CDATA element)?
> >    -  Any service that declares one of the verbs and not called with
> >    declared verb will result in 405(Method not found) or 404(Resource
> does
> > not
> >    exist) error.
> >       - GET /api/services/{serviceName}?inParams={JSON}
> >       - POST /api/services/{serviceName} (Request Body will contain in
> >       params as JSON)
> >       - GET /api/services : We list all services(export=true) along with
> >       HATEOS Links (self link describing where the specific service can
> be
> >       located)
> >    - Do we want to have a similar resource for entities?. I think
> entities
> >    should not be exposed directly as a REST resource even though they
> are a
> >    good example of being a resource.
> >    - We can take one day at a time approach here and just start with
> >    exposing services as REST.
> >    - Auth : I had provided JWT based auth for the plug-in I had
> developed.
> >    This can further be expanded and allow for Digest auth as well? Can
> have
> >    separate API endpoint to generate JWT token.
> >
> > Please share your thoughts on this and apologies for long email.
> >
> > Best Regards,
> > Girish
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: REST implementation

Jacques Le Roux
Administrator
In reply to this post by Al Byers
Hi Al,

Welcome back :)

Your message has been moderated, else it would not have reached this Mailing List.

Please subscribe to the dev ML.

Thanks

Jacques

Le 10/06/2020 à 18:07, Al Byers a écrit :

> I am curious as to whether or not you have looked at what Moqui has done?
> I'm not up to speed on it enough to comment on how it stacks up against
> your list, but it seems logical to look at it since OFBiz and Moqui share a
> lot of DNA.
>
> Al Byers
>
> On Wed, Jun 10, 2020 at 9:43 AM Girish Vasmatkar <
> [hidden email]> wrote:
>
>> Hi All
>>
>> I am again bringing up this discussion on having a REST implementation for
>> OFBiz. I know we have had discussions before and I was looking at some of
>> the past discussions about this topic and seems we are not there quite yet
>> (correct me if I am wrong).
>>
>> I had developed a POC plug-in based on Jersey (that I am currently
>> enhancing) and recently started evaluating Apache Juneau as well. I wanted
>> to bring everybody on the same page as far as REST implementation is
>> concerned so I had initiated a discussion on slack today. I am listing down
>> a few points below that can be perceived as comment/question/understanding
>> based on my general understanding of the matter and today's slack
>> discussion.
>>
>>     - Anything we start on can be part of a plug-in for the start and later
>>     can become part of the framework (as separate plug-in) once it is
>>     developed. A dedicated API application will allow it to be lightweight
>> in
>>     terms of request processing. Should have separate auth mechanism
>> bypassing
>>     ControlerServlet/ContextFiler/ControlFilter. I opine we do not need the
>> API
>>     request to go through these three. Please correct me.
>>     - We want to have mechanism to expose services (export=true) to be
>>     available as a REST resources. Possibly extending existing service
>>     definition by a new attribute verb="get|post". Also, if we also want to
>>     expose out REST interface as an OpenApi specification, then it will
>>     possibly help if we show in the spec an example of request for a
>> specific
>>     service. In that case, the service definition can be expanded to allow
>> for
>>     defining a JSON example (in a CDATA element)?
>>     -  Any service that declares one of the verbs and not called with
>>     declared verb will result in 405(Method not found) or 404(Resource does
>> not
>>     exist) error.
>>        - GET /api/services/{serviceName}?inParams={JSON}
>>        - POST /api/services/{serviceName} (Request Body will contain in
>>        params as JSON)
>>        - GET /api/services : We list all services(export=true) along with
>>        HATEOS Links (self link describing where the specific service can be
>>        located)
>>     - Do we want to have a similar resource for entities?. I think entities
>>     should not be exposed directly as a REST resource even though they are a
>>     good example of being a resource.
>>     - We can take one day at a time approach here and just start with
>>     exposing services as REST.
>>     - Auth : I had provided JWT based auth for the plug-in I had developed.
>>     This can further be expanded and allow for Digest auth as well? Can have
>>     separate API endpoint to generate JWT token.
>>
>> Please share your thoughts on this and apologies for long email.
>>
>> Best Regards,
>> Girish
>>
Reply | Threaded
Open this post in threaded view
|

Re: REST implementation

Jacques Le Roux
Administrator
In reply to this post by grv

Hi Girish,

Inline...

Le 10/06/2020 à 17:42, Girish Vasmatkar a écrit :

> Hi All
>
> I am again bringing up this discussion on having a REST implementation for
> OFBiz. I know we have had discussions before and I was looking at some of
> the past discussions about this topic and seems we are not there quite yet
> (correct me if I am wrong).
>
> I had developed a POC plug-in based on Jersey (that I am currently
> enhancing) and recently started evaluating Apache Juneau as well. I wanted
> to bring everybody on the same page as far as REST implementation is
> concerned so I had initiated a discussion on slack today. I am listing down
> a few points below that can be perceived as comment/question/understanding
> based on my general understanding of the matter and today's slack
> discussion.
>
>     - Anything we start on can be part of a plug-in for the start and later
>     can become part of the framework (as separate plug-in) once it is
>     developed. A dedicated API application will allow it to be lightweight in
>     terms of request processing. Should have separate auth mechanism bypassing
>     ControlerServlet/ContextFiler/ControlFilter. I opine we do not need the API
>     request to go through these three. Please correct me.

Though I did not look at the code (is it already somewhere?) I tend to agree on that.
REST is something else and should not be hampered by those, if it's the case.


>     - We want to have mechanism to expose services (export=true) to be
>     available as a REST resources. Possibly extending existing service
>     definition by a new attribute verb="get|post".

+1


>     Also, if we also want to
>     expose out REST interface as an OpenApi specification, then it will
>     possibly help if we show in the spec an example of request for a specific
>     service. In that case, the service definition can be expanded to allow for
>     defining a JSON example (in a CDATA element)?

That's an interesting point. Maybe we could prefer YAML over JSON.
Because YAML is a superset of JSON and that could be useful in future:
https://stackoverflow.com/questions/1726802/what-is-the-difference-between-yaml-and-json
But it might complicate things in request bodies...


>     -  Any service that declares one of the verbs and not called with
>     declared verb will result in 405(Method not found) or 404(Resource does not
>     exist) error.
>        - GET /api/services/{serviceName}?inParams={JSON}
>        - POST /api/services/{serviceName} (Request Body will contain in
>        params as JSON)
>        - GET /api/services : We list all services(export=true) along with
>        HATEOS Links (self link describing where the specific service can be
>        located)

+1


>     - Do we want to have a similar resource for entities?. I think entities
>     should not be exposed directly as a REST resource even though they are a
>     good example of being a resource.
>     - We can take one day at a time approach here and just start with
>     exposing services as REST.

I agree, can be decided later...


>     - Auth : I had provided JWT based auth for the plug-in I had developed.

Sounds good to me.


>     This can further be expanded and allow for Digest auth as well? Can have
>     separate API endpoint to generate JWT token.

That could definitely be interesting.


>
> Please share your thoughts on this and apologies for long email.

Don't apologize, perfect summary to me :)

Thank you, this is long awaited and game changing feature!

Jacques

>
> Best Regards,
> Girish

Reply | Threaded
Open this post in threaded view
|

Re: REST implementation

Pritam Kute
Hello Girish,

+1 for having REST implementation using Jersey as a separate plugin and not
to disturb the OFBiz default Control servlets and filters.

IMO we should also think about the end-point security implementations
alongside as it is one of the crucial things that users look into while
adopting any framework.

Kind Regards,
--
Pritam Kute


On Fri, Jun 12, 2020 at 2:58 PM Jacques Le Roux <
[hidden email]> wrote:

>
> Hi Girish,
>
> Inline...
>
> Le 10/06/2020 à 17:42, Girish Vasmatkar a écrit :
> > Hi All
> >
> > I am again bringing up this discussion on having a REST implementation
> for
> > OFBiz. I know we have had discussions before and I was looking at some of
> > the past discussions about this topic and seems we are not there quite
> yet
> > (correct me if I am wrong).
> >
> > I had developed a POC plug-in based on Jersey (that I am currently
> > enhancing) and recently started evaluating Apache Juneau as well. I
> wanted
> > to bring everybody on the same page as far as REST implementation is
> > concerned so I had initiated a discussion on slack today. I am listing
> down
> > a few points below that can be perceived as
> comment/question/understanding
> > based on my general understanding of the matter and today's slack
> > discussion.
> >
> >     - Anything we start on can be part of a plug-in for the start and
> later
> >     can become part of the framework (as separate plug-in) once it is
> >     developed. A dedicated API application will allow it to be
> lightweight in
> >     terms of request processing. Should have separate auth mechanism
> bypassing
> >     ControlerServlet/ContextFiler/ControlFilter. I opine we do not need
> the API
> >     request to go through these three. Please correct me.
>
> Though I did not look at the code (is it already somewhere?) I tend to
> agree on that.
> REST is something else and should not be hampered by those, if it's the
> case.
>
>
> >     - We want to have mechanism to expose services (export=true) to be
> >     available as a REST resources. Possibly extending existing service
> >     definition by a new attribute verb="get|post".
>
> +1
>
>
> >     Also, if we also want to
> >     expose out REST interface as an OpenApi specification, then it will
> >     possibly help if we show in the spec an example of request for a
> specific
> >     service. In that case, the service definition can be expanded to
> allow for
> >     defining a JSON example (in a CDATA element)?
>
> That's an interesting point. Maybe we could prefer YAML over JSON.
> Because YAML is a superset of JSON and that could be useful in future:
>
> https://stackoverflow.com/questions/1726802/what-is-the-difference-between-yaml-and-json
> But it might complicate things in request bodies...
>
>
> >     -  Any service that declares one of the verbs and not called with
> >     declared verb will result in 405(Method not found) or 404(Resource
> does not
> >     exist) error.
> >        - GET /api/services/{serviceName}?inParams={JSON}
> >        - POST /api/services/{serviceName} (Request Body will contain in
> >        params as JSON)
> >        - GET /api/services : We list all services(export=true) along with
> >        HATEOS Links (self link describing where the specific service can
> be
> >        located)
>
> +1
>
>
> >     - Do we want to have a similar resource for entities?. I think
> entities
> >     should not be exposed directly as a REST resource even though they
> are a
> >     good example of being a resource.
> >     - We can take one day at a time approach here and just start with
> >     exposing services as REST.
>
> I agree, can be decided later...
>
>
> >     - Auth : I had provided JWT based auth for the plug-in I had
> developed.
>
> Sounds good to me.
>
>
> >     This can further be expanded and allow for Digest auth as well? Can
> have
> >     separate API endpoint to generate JWT token.
>
> That could definitely be interesting.
>
>
> >
> > Please share your thoughts on this and apologies for long email.
>
> Don't apologize, perfect summary to me :)
>
> Thank you, this is long awaited and game changing feature!
>
> Jacques
>
> >
> > Best Regards,
> > Girish
>
>
grv
Reply | Threaded
Open this post in threaded view
|

Re: REST implementation

grv
Hi All

I have tried to implement a draft proposal here -
https://github.com/girishvasmatkar/ofbiz-rest-impl.git
The readme contains details.

In order to support the changes, I have made a corresponding change in the
service definition to include a new attribute named "verb". This can also
be named "method". These changes are in my forked ofbiz repo (it is very
much in sync with ofbiz trunk):
https://github.com/girishvasmatkar/ofbiz-framework/tree/feature/add-service-verb

Initial implementation does not contain OpenApi integration yet. And yes,
we should be fine doing both JSON and YAML.

Please take a look at it and let me know what you think of this. I am open
to suggestions, improvements, discussions.

Best Regards,
Girish


On Mon, Jun 15, 2020 at 7:02 PM Pritam Kute <[hidden email]>
wrote:

> Hello Girish,
>
> +1 for having REST implementation using Jersey as a separate plugin and not
> to disturb the OFBiz default Control servlets and filters.
>
> IMO we should also think about the end-point security implementations
> alongside as it is one of the crucial things that users look into while
> adopting any framework.
>
> Kind Regards,
> --
> Pritam Kute
>
>
> On Fri, Jun 12, 2020 at 2:58 PM Jacques Le Roux <
> [hidden email]> wrote:
>
> >
> > Hi Girish,
> >
> > Inline...
> >
> > Le 10/06/2020 à 17:42, Girish Vasmatkar a écrit :
> > > Hi All
> > >
> > > I am again bringing up this discussion on having a REST implementation
> > for
> > > OFBiz. I know we have had discussions before and I was looking at some
> of
> > > the past discussions about this topic and seems we are not there quite
> > yet
> > > (correct me if I am wrong).
> > >
> > > I had developed a POC plug-in based on Jersey (that I am currently
> > > enhancing) and recently started evaluating Apache Juneau as well. I
> > wanted
> > > to bring everybody on the same page as far as REST implementation is
> > > concerned so I had initiated a discussion on slack today. I am listing
> > down
> > > a few points below that can be perceived as
> > comment/question/understanding
> > > based on my general understanding of the matter and today's slack
> > > discussion.
> > >
> > >     - Anything we start on can be part of a plug-in for the start and
> > later
> > >     can become part of the framework (as separate plug-in) once it is
> > >     developed. A dedicated API application will allow it to be
> > lightweight in
> > >     terms of request processing. Should have separate auth mechanism
> > bypassing
> > >     ControlerServlet/ContextFiler/ControlFilter. I opine we do not need
> > the API
> > >     request to go through these three. Please correct me.
> >
> > Though I did not look at the code (is it already somewhere?) I tend to
> > agree on that.
> > REST is something else and should not be hampered by those, if it's the
> > case.
> >
> >
> > >     - We want to have mechanism to expose services (export=true) to be
> > >     available as a REST resources. Possibly extending existing service
> > >     definition by a new attribute verb="get|post".
> >
> > +1
> >
> >
> > >     Also, if we also want to
> > >     expose out REST interface as an OpenApi specification, then it will
> > >     possibly help if we show in the spec an example of request for a
> > specific
> > >     service. In that case, the service definition can be expanded to
> > allow for
> > >     defining a JSON example (in a CDATA element)?
> >
> > That's an interesting point. Maybe we could prefer YAML over JSON.
> > Because YAML is a superset of JSON and that could be useful in future:
> >
> >
> https://stackoverflow.com/questions/1726802/what-is-the-difference-between-yaml-and-json
> > But it might complicate things in request bodies...
> >
> >
> > >     -  Any service that declares one of the verbs and not called with
> > >     declared verb will result in 405(Method not found) or 404(Resource
> > does not
> > >     exist) error.
> > >        - GET /api/services/{serviceName}?inParams={JSON}
> > >        - POST /api/services/{serviceName} (Request Body will contain in
> > >        params as JSON)
> > >        - GET /api/services : We list all services(export=true) along
> with
> > >        HATEOS Links (self link describing where the specific service
> can
> > be
> > >        located)
> >
> > +1
> >
> >
> > >     - Do we want to have a similar resource for entities?. I think
> > entities
> > >     should not be exposed directly as a REST resource even though they
> > are a
> > >     good example of being a resource.
> > >     - We can take one day at a time approach here and just start with
> > >     exposing services as REST.
> >
> > I agree, can be decided later...
> >
> >
> > >     - Auth : I had provided JWT based auth for the plug-in I had
> > developed.
> >
> > Sounds good to me.
> >
> >
> > >     This can further be expanded and allow for Digest auth as well? Can
> > have
> > >     separate API endpoint to generate JWT token.
> >
> > That could definitely be interesting.
> >
> >
> > >
> > > Please share your thoughts on this and apologies for long email.
> >
> > Don't apologize, perfect summary to me :)
> >
> > Thank you, this is long awaited and game changing feature!
> >
> > Jacques
> >
> > >
> > > Best Regards,
> > > Girish
> >
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: REST implementation

Carsten Schinzer
Hello,


Certainly +1 for a REST API Implementation including JWT.

I am implementing a REST API for internal use in my job based upon PHP and Symfony framework (FOS REST and NELMIO Bundle just in case someone is interested) and find VERY cool that the NELMIO API Doc Bundle comes with an adopted Swagger documentation done through Annotations on the documentation comment for the very method implementation, i.e. avoiding the various different files to define the invocation, URI endpoint, implementation.

A good REST API design usually obsoletes the need to include the CRUD action into service naming (createXService, updateYService, ...). I liked the following article most and have implemented along this guidelines on my internal tool mentioned above: https://www.vinaysahni.com/best-practices-for-a-pragmatic-restful-api <https://www.vinaysahni.com/best-practices-for-a-pragmatic-restful-api>.

It is a bit trickier to keep a good overview of verbs & methods on such APIs, but that can easily be handled by warnings/errors at Integration time. And the generated API documentation is always your friend, too!

I would therefore prefer to combine a REST API implementation with OpenAPI integration right away. Maybe worth a dedicated discussion and kick-off in the upcoming Community Days in August? Could be worth a dedicated team / slack channel that aligns on major concepts and side-by-side options of Service Engine vs. OpenAPI and gets a first implementation going.


If we decide to take that path, there will be interference with the Service Engine view and the Swagger Documentation will replace it on the long run I would expect. We would also need to consider cross-effects onto the Minilang-to-GroovyDSL migration. Design and Architecture decisions made could mean a change of direction on that activity.

Hope my 0.02 EUR make sense.
Warm regards


Carsten


> Am 15.06.2020 um 17:59 schrieb Girish Vasmatkar <[hidden email]>:
>
> Hi All
>
> I have tried to implement a draft proposal here -
> https://github.com/girishvasmatkar/ofbiz-rest-impl.git
> The readme contains details.
>
> In order to support the changes, I have made a corresponding change in the
> service definition to include a new attribute named "verb". This can also
> be named "method". These changes are in my forked ofbiz repo (it is very
> much in sync with ofbiz trunk):
> https://github.com/girishvasmatkar/ofbiz-framework/tree/feature/add-service-verb
>
> Initial implementation does not contain OpenApi integration yet. And yes,
> we should be fine doing both JSON and YAML.
>
> Please take a look at it and let me know what you think of this. I am open
> to suggestions, improvements, discussions.
>
> Best Regards,
> Girish
>
>
> On Mon, Jun 15, 2020 at 7:02 PM Pritam Kute <[hidden email]>
> wrote:
>
>> Hello Girish,
>>
>> +1 for having REST implementation using Jersey as a separate plugin and not
>> to disturb the OFBiz default Control servlets and filters.
>>
>> IMO we should also think about the end-point security implementations
>> alongside as it is one of the crucial things that users look into while
>> adopting any framework.
>>
>> Kind Regards,
>> --
>> Pritam Kute
>>
>>
>> On Fri, Jun 12, 2020 at 2:58 PM Jacques Le Roux <
>> [hidden email]> wrote:
>>
>>>
>>> Hi Girish,
>>>
>>> Inline...
>>>
>>> Le 10/06/2020 à 17:42, Girish Vasmatkar a écrit :
>>>> Hi All
>>>>
>>>> I am again bringing up this discussion on having a REST implementation
>>> for
>>>> OFBiz. I know we have had discussions before and I was looking at some
>> of
>>>> the past discussions about this topic and seems we are not there quite
>>> yet
>>>> (correct me if I am wrong).
>>>>
>>>> I had developed a POC plug-in based on Jersey (that I am currently
>>>> enhancing) and recently started evaluating Apache Juneau as well. I
>>> wanted
>>>> to bring everybody on the same page as far as REST implementation is
>>>> concerned so I had initiated a discussion on slack today. I am listing
>>> down
>>>> a few points below that can be perceived as
>>> comment/question/understanding
>>>> based on my general understanding of the matter and today's slack
>>>> discussion.
>>>>
>>>>    - Anything we start on can be part of a plug-in for the start and
>>> later
>>>>    can become part of the framework (as separate plug-in) once it is
>>>>    developed. A dedicated API application will allow it to be
>>> lightweight in
>>>>    terms of request processing. Should have separate auth mechanism
>>> bypassing
>>>>    ControlerServlet/ContextFiler/ControlFilter. I opine we do not need
>>> the API
>>>>    request to go through these three. Please correct me.
>>>
>>> Though I did not look at the code (is it already somewhere?) I tend to
>>> agree on that.
>>> REST is something else and should not be hampered by those, if it's the
>>> case.
>>>
>>>
>>>>    - We want to have mechanism to expose services (export=true) to be
>>>>    available as a REST resources. Possibly extending existing service
>>>>    definition by a new attribute verb="get|post".
>>>
>>> +1
>>>
>>>
>>>>    Also, if we also want to
>>>>    expose out REST interface as an OpenApi specification, then it will
>>>>    possibly help if we show in the spec an example of request for a
>>> specific
>>>>    service. In that case, the service definition can be expanded to
>>> allow for
>>>>    defining a JSON example (in a CDATA element)?
>>>
>>> That's an interesting point. Maybe we could prefer YAML over JSON.
>>> Because YAML is a superset of JSON and that could be useful in future:
>>>
>>>
>> https://stackoverflow.com/questions/1726802/what-is-the-difference-between-yaml-and-json
>>> But it might complicate things in request bodies...
>>>
>>>
>>>>    -  Any service that declares one of the verbs and not called with
>>>>    declared verb will result in 405(Method not found) or 404(Resource
>>> does not
>>>>    exist) error.
>>>>       - GET /api/services/{serviceName}?inParams={JSON}
>>>>       - POST /api/services/{serviceName} (Request Body will contain in
>>>>       params as JSON)
>>>>       - GET /api/services : We list all services(export=true) along
>> with
>>>>       HATEOS Links (self link describing where the specific service
>> can
>>> be
>>>>       located)
>>>
>>> +1
>>>
>>>
>>>>    - Do we want to have a similar resource for entities?. I think
>>> entities
>>>>    should not be exposed directly as a REST resource even though they
>>> are a
>>>>    good example of being a resource.
>>>>    - We can take one day at a time approach here and just start with
>>>>    exposing services as REST.
>>>
>>> I agree, can be decided later...
>>>
>>>
>>>>    - Auth : I had provided JWT based auth for the plug-in I had
>>> developed.
>>>
>>> Sounds good to me.
>>>
>>>
>>>>    This can further be expanded and allow for Digest auth as well? Can
>>> have
>>>>    separate API endpoint to generate JWT token.
>>>
>>> That could definitely be interesting.
>>>
>>>
>>>>
>>>> Please share your thoughts on this and apologies for long email.
>>>
>>> Don't apologize, perfect summary to me :)
>>>
>>> Thank you, this is long awaited and game changing feature!
>>>
>>> Jacques
>>>
>>>>
>>>> Best Regards,
>>>> Girish
>>>
>>>
>>

Reply | Threaded
Open this post in threaded view
|

Re: REST implementation

Jacques Le Roux
Administrator
In reply to this post by grv
Thanks Girish,

I did not have time to look into details yet but your README is very promising :)

Jacques

Le 15/06/2020 à 17:59, Girish Vasmatkar a écrit :

> Hi All
>
> I have tried to implement a draft proposal here -
> https://github.com/girishvasmatkar/ofbiz-rest-impl.git
> The readme contains details.
>
> In order to support the changes, I have made a corresponding change in the
> service definition to include a new attribute named "verb". This can also
> be named "method". These changes are in my forked ofbiz repo (it is very
> much in sync with ofbiz trunk):
> https://github.com/girishvasmatkar/ofbiz-framework/tree/feature/add-service-verb
>
> Initial implementation does not contain OpenApi integration yet. And yes,
> we should be fine doing both JSON and YAML.
>
> Please take a look at it and let me know what you think of this. I am open
> to suggestions, improvements, discussions.
>
> Best Regards,
> Girish
>
>
> On Mon, Jun 15, 2020 at 7:02 PM Pritam Kute <[hidden email]>
> wrote:
>
>> Hello Girish,
>>
>> +1 for having REST implementation using Jersey as a separate plugin and not
>> to disturb the OFBiz default Control servlets and filters.
>>
>> IMO we should also think about the end-point security implementations
>> alongside as it is one of the crucial things that users look into while
>> adopting any framework.
>>
>> Kind Regards,
>> --
>> Pritam Kute
>>
>>
>> On Fri, Jun 12, 2020 at 2:58 PM Jacques Le Roux <
>> [hidden email]> wrote:
>>
>>> Hi Girish,
>>>
>>> Inline...
>>>
>>> Le 10/06/2020 à 17:42, Girish Vasmatkar a écrit :
>>>> Hi All
>>>>
>>>> I am again bringing up this discussion on having a REST implementation
>>> for
>>>> OFBiz. I know we have had discussions before and I was looking at some
>> of
>>>> the past discussions about this topic and seems we are not there quite
>>> yet
>>>> (correct me if I am wrong).
>>>>
>>>> I had developed a POC plug-in based on Jersey (that I am currently
>>>> enhancing) and recently started evaluating Apache Juneau as well. I
>>> wanted
>>>> to bring everybody on the same page as far as REST implementation is
>>>> concerned so I had initiated a discussion on slack today. I am listing
>>> down
>>>> a few points below that can be perceived as
>>> comment/question/understanding
>>>> based on my general understanding of the matter and today's slack
>>>> discussion.
>>>>
>>>>      - Anything we start on can be part of a plug-in for the start and
>>> later
>>>>      can become part of the framework (as separate plug-in) once it is
>>>>      developed. A dedicated API application will allow it to be
>>> lightweight in
>>>>      terms of request processing. Should have separate auth mechanism
>>> bypassing
>>>>      ControlerServlet/ContextFiler/ControlFilter. I opine we do not need
>>> the API
>>>>      request to go through these three. Please correct me.
>>> Though I did not look at the code (is it already somewhere?) I tend to
>>> agree on that.
>>> REST is something else and should not be hampered by those, if it's the
>>> case.
>>>
>>>
>>>>      - We want to have mechanism to expose services (export=true) to be
>>>>      available as a REST resources. Possibly extending existing service
>>>>      definition by a new attribute verb="get|post".
>>> +1
>>>
>>>
>>>>      Also, if we also want to
>>>>      expose out REST interface as an OpenApi specification, then it will
>>>>      possibly help if we show in the spec an example of request for a
>>> specific
>>>>      service. In that case, the service definition can be expanded to
>>> allow for
>>>>      defining a JSON example (in a CDATA element)?
>>> That's an interesting point. Maybe we could prefer YAML over JSON.
>>> Because YAML is a superset of JSON and that could be useful in future:
>>>
>>>
>> https://stackoverflow.com/questions/1726802/what-is-the-difference-between-yaml-and-json
>>> But it might complicate things in request bodies...
>>>
>>>
>>>>      -  Any service that declares one of the verbs and not called with
>>>>      declared verb will result in 405(Method not found) or 404(Resource
>>> does not
>>>>      exist) error.
>>>>         - GET /api/services/{serviceName}?inParams={JSON}
>>>>         - POST /api/services/{serviceName} (Request Body will contain in
>>>>         params as JSON)
>>>>         - GET /api/services : We list all services(export=true) along
>> with
>>>>         HATEOS Links (self link describing where the specific service
>> can
>>> be
>>>>         located)
>>> +1
>>>
>>>
>>>>      - Do we want to have a similar resource for entities?. I think
>>> entities
>>>>      should not be exposed directly as a REST resource even though they
>>> are a
>>>>      good example of being a resource.
>>>>      - We can take one day at a time approach here and just start with
>>>>      exposing services as REST.
>>> I agree, can be decided later...
>>>
>>>
>>>>      - Auth : I had provided JWT based auth for the plug-in I had
>>> developed.
>>>
>>> Sounds good to me.
>>>
>>>
>>>>      This can further be expanded and allow for Digest auth as well? Can
>>> have
>>>>      separate API endpoint to generate JWT token.
>>> That could definitely be interesting.
>>>
>>>
>>>> Please share your thoughts on this and apologies for long email.
>>> Don't apologize, perfect summary to me :)
>>>
>>> Thank you, this is long awaited and game changing feature!
>>>
>>> Jacques
>>>
>>>> Best Regards,
>>>> Girish
>>>
grv
Reply | Threaded
Open this post in threaded view
|

Re: REST implementation

grv
Hi Carsten -

Your points make a lot of sense and that's the general consensus of the
community as well. However, I believe we want to have the option of
exposing the services via "REST". The existing frameworks services
obviously are not named, thinking them as Resources and in the REST work
resources are perceived as nouns.

This is obviously not a complete implementation and we would obviously like
to tie up entities and services with resources. For example - consider the
service cancelProductionRun.

If we expose it under services resource (considering services as
resources), we could do it like this -
PATCH /rest/services/cancelProductionRun
{
    "productionRunId": 1234
}

While this may not sound RESTFul, but this in a way adds capability for
OFBiz to expose the services via a "REST" interface. A truly RESTFul
approach that I am working on might do something like this -

PATCH /rest/productionruns/{productionRunId}

Internally it will hook up the service cancelProductionRun with this
resource URL. This obviously has to be configured somewhere in XML and such
details can be chalked out.

Best,
Girish










On Tue, Jun 16, 2020 at 12:45 PM Jacques Le Roux <
[hidden email]> wrote:

> Thanks Girish,
>
> I did not have time to look into details yet but your README is very
> promising :)
>
> Jacques
>
> Le 15/06/2020 à 17:59, Girish Vasmatkar a écrit :
> > Hi All
> >
> > I have tried to implement a draft proposal here -
> > https://github.com/girishvasmatkar/ofbiz-rest-impl.git
> > The readme contains details.
> >
> > In order to support the changes, I have made a corresponding change in
> the
> > service definition to include a new attribute named "verb". This can also
> > be named "method". These changes are in my forked ofbiz repo (it is very
> > much in sync with ofbiz trunk):
> >
> https://github.com/girishvasmatkar/ofbiz-framework/tree/feature/add-service-verb
> >
> > Initial implementation does not contain OpenApi integration yet. And yes,
> > we should be fine doing both JSON and YAML.
> >
> > Please take a look at it and let me know what you think of this. I am
> open
> > to suggestions, improvements, discussions.
> >
> > Best Regards,
> > Girish
> >
> >
> > On Mon, Jun 15, 2020 at 7:02 PM Pritam Kute <
> [hidden email]>
> > wrote:
> >
> >> Hello Girish,
> >>
> >> +1 for having REST implementation using Jersey as a separate plugin and
> not
> >> to disturb the OFBiz default Control servlets and filters.
> >>
> >> IMO we should also think about the end-point security implementations
> >> alongside as it is one of the crucial things that users look into while
> >> adopting any framework.
> >>
> >> Kind Regards,
> >> --
> >> Pritam Kute
> >>
> >>
> >> On Fri, Jun 12, 2020 at 2:58 PM Jacques Le Roux <
> >> [hidden email]> wrote:
> >>
> >>> Hi Girish,
> >>>
> >>> Inline...
> >>>
> >>> Le 10/06/2020 à 17:42, Girish Vasmatkar a écrit :
> >>>> Hi All
> >>>>
> >>>> I am again bringing up this discussion on having a REST implementation
> >>> for
> >>>> OFBiz. I know we have had discussions before and I was looking at some
> >> of
> >>>> the past discussions about this topic and seems we are not there quite
> >>> yet
> >>>> (correct me if I am wrong).
> >>>>
> >>>> I had developed a POC plug-in based on Jersey (that I am currently
> >>>> enhancing) and recently started evaluating Apache Juneau as well. I
> >>> wanted
> >>>> to bring everybody on the same page as far as REST implementation is
> >>>> concerned so I had initiated a discussion on slack today. I am listing
> >>> down
> >>>> a few points below that can be perceived as
> >>> comment/question/understanding
> >>>> based on my general understanding of the matter and today's slack
> >>>> discussion.
> >>>>
> >>>>      - Anything we start on can be part of a plug-in for the start and
> >>> later
> >>>>      can become part of the framework (as separate plug-in) once it is
> >>>>      developed. A dedicated API application will allow it to be
> >>> lightweight in
> >>>>      terms of request processing. Should have separate auth mechanism
> >>> bypassing
> >>>>      ControlerServlet/ContextFiler/ControlFilter. I opine we do not
> need
> >>> the API
> >>>>      request to go through these three. Please correct me.
> >>> Though I did not look at the code (is it already somewhere?) I tend to
> >>> agree on that.
> >>> REST is something else and should not be hampered by those, if it's the
> >>> case.
> >>>
> >>>
> >>>>      - We want to have mechanism to expose services (export=true) to
> be
> >>>>      available as a REST resources. Possibly extending existing
> service
> >>>>      definition by a new attribute verb="get|post".
> >>> +1
> >>>
> >>>
> >>>>      Also, if we also want to
> >>>>      expose out REST interface as an OpenApi specification, then it
> will
> >>>>      possibly help if we show in the spec an example of request for a
> >>> specific
> >>>>      service. In that case, the service definition can be expanded to
> >>> allow for
> >>>>      defining a JSON example (in a CDATA element)?
> >>> That's an interesting point. Maybe we could prefer YAML over JSON.
> >>> Because YAML is a superset of JSON and that could be useful in future:
> >>>
> >>>
> >>
> https://stackoverflow.com/questions/1726802/what-is-the-difference-between-yaml-and-json
> >>> But it might complicate things in request bodies...
> >>>
> >>>
> >>>>      -  Any service that declares one of the verbs and not called with
> >>>>      declared verb will result in 405(Method not found) or
> 404(Resource
> >>> does not
> >>>>      exist) error.
> >>>>         - GET /api/services/{serviceName}?inParams={JSON}
> >>>>         - POST /api/services/{serviceName} (Request Body will contain
> in
> >>>>         params as JSON)
> >>>>         - GET /api/services : We list all services(export=true) along
> >> with
> >>>>         HATEOS Links (self link describing where the specific service
> >> can
> >>> be
> >>>>         located)
> >>> +1
> >>>
> >>>
> >>>>      - Do we want to have a similar resource for entities?. I think
> >>> entities
> >>>>      should not be exposed directly as a REST resource even though
> they
> >>> are a
> >>>>      good example of being a resource.
> >>>>      - We can take one day at a time approach here and just start with
> >>>>      exposing services as REST.
> >>> I agree, can be decided later...
> >>>
> >>>
> >>>>      - Auth : I had provided JWT based auth for the plug-in I had
> >>> developed.
> >>>
> >>> Sounds good to me.
> >>>
> >>>
> >>>>      This can further be expanded and allow for Digest auth as well?
> Can
> >>> have
> >>>>      separate API endpoint to generate JWT token.
> >>> That could definitely be interesting.
> >>>
> >>>
> >>>> Please share your thoughts on this and apologies for long email.
> >>> Don't apologize, perfect summary to me :)
> >>>
> >>> Thank you, this is long awaited and game changing feature!
> >>>
> >>> Jacques
> >>>
> >>>> Best Regards,
> >>>> Girish
> >>>
>
Reply | Threaded
Open this post in threaded view
|

Re: REST implementation

Carsten Schinzer
Hello Giresh,


Thanks for the example, it makes clearer what you want to achieve.

General considerations on RESTful or not:
If you want to stop a productionRun, why do you use PATCH and not DELETE? Well, I know the connotation of Delete is „dismantle“ rather than „stop“, but PATCH also considers and exposes config/data changes, not only status changes

PATCH /rest/productionruns/{productionRunId}?action=cancel
… would probably be the best

Here is how an Annotation based implementation would achieve this:

@Route /productionrun/{productionRunId}, requirement={productionRunid, \d+}
@ApiDoc(title=„A service to patch MRP Production Runs“, description="It allows to change the run configuration and status“)
public patchProductionRunAction(int productionRunId, string[] urlParameters)
{
        ...
        if urlParameters[‚action‘] == ‚cancel‘:
                call service cancelProductionRun(productionRunId)
        ...
}

Forgive this pseudo-code, but I think you get what I mean.

It would not avoid that some matching layer of code is reuqired in-between the exposed REST API methods like patchProductionRunAction and the actual service call, but this layer would remain code instead of being in XML or somewhere else that requires a context switch.

In my other application (the PHP) the classes are clearly separated by responsibility, i.e. Repository classes interact wit the persistence layer, Service classes are manipulating things and RestController classes are wrapping up the REST API methods and properly annotated with the Routes and validation constraints. The important point is that it is all coded in the same language and therefore the context is exposed to the IDE I am working with. No lookups to be made into an XML file to understand parameters and return types of services etc. That is quite an advantage IMO.

IMO that is the complexity in the current way of dealing with this in OFBiz and that’s why I believe the OpenAPI integration should be going along with REST implementation.

Warm regards


Carsten


> Am 17.06.2020 um 08:38 schrieb Girish Vasmatkar <[hidden email]>:
>
> Hi Carsten -
>
> Your points make a lot of sense and that's the general consensus of the
> community as well. However, I believe we want to have the option of
> exposing the services via "REST". The existing frameworks services
> obviously are not named, thinking them as Resources and in the REST work
> resources are perceived as nouns.
>
> This is obviously not a complete implementation and we would obviously like
> to tie up entities and services with resources. For example - consider the
> service cancelProductionRun.
>
> If we expose it under services resource (considering services as
> resources), we could do it like this -
> PATCH /rest/services/cancelProductionRun
> {
>    "productionRunId": 1234
> }
>
> While this may not sound RESTFul, but this in a way adds capability for
> OFBiz to expose the services via a "REST" interface. A truly RESTFul
> approach that I am working on might do something like this -
>
> PATCH /rest/productionruns/{productionRunId}
>
> Internally it will hook up the service cancelProductionRun with this
> resource URL. This obviously has to be configured somewhere in XML and such
> details can be chalked out.
>
> Best,
> Girish
>
>
>
>
>
>
>
>
>
>
> On Tue, Jun 16, 2020 at 12:45 PM Jacques Le Roux <
> [hidden email]> wrote:
>
>> Thanks Girish,
>>
>> I did not have time to look into details yet but your README is very
>> promising :)
>>
>> Jacques
>>
>> Le 15/06/2020 à 17:59, Girish Vasmatkar a écrit :
>>> Hi All
>>>
>>> I have tried to implement a draft proposal here -
>>> https://github.com/girishvasmatkar/ofbiz-rest-impl.git
>>> The readme contains details.
>>>
>>> In order to support the changes, I have made a corresponding change in
>> the
>>> service definition to include a new attribute named "verb". This can also
>>> be named "method". These changes are in my forked ofbiz repo (it is very
>>> much in sync with ofbiz trunk):
>>>
>> https://github.com/girishvasmatkar/ofbiz-framework/tree/feature/add-service-verb
>>>
>>> Initial implementation does not contain OpenApi integration yet. And yes,
>>> we should be fine doing both JSON and YAML.
>>>
>>> Please take a look at it and let me know what you think of this. I am
>> open
>>> to suggestions, improvements, discussions.
>>>
>>> Best Regards,
>>> Girish
>>>
>>>
>>> On Mon, Jun 15, 2020 at 7:02 PM Pritam Kute <
>> [hidden email]>
>>> wrote:
>>>
>>>> Hello Girish,
>>>>
>>>> +1 for having REST implementation using Jersey as a separate plugin and
>> not
>>>> to disturb the OFBiz default Control servlets and filters.
>>>>
>>>> IMO we should also think about the end-point security implementations
>>>> alongside as it is one of the crucial things that users look into while
>>>> adopting any framework.
>>>>
>>>> Kind Regards,
>>>> --
>>>> Pritam Kute
>>>>
>>>>
>>>> On Fri, Jun 12, 2020 at 2:58 PM Jacques Le Roux <
>>>> [hidden email]> wrote:
>>>>
>>>>> Hi Girish,
>>>>>
>>>>> Inline...
>>>>>
>>>>> Le 10/06/2020 à 17:42, Girish Vasmatkar a écrit :
>>>>>> Hi All
>>>>>>
>>>>>> I am again bringing up this discussion on having a REST implementation
>>>>> for
>>>>>> OFBiz. I know we have had discussions before and I was looking at some
>>>> of
>>>>>> the past discussions about this topic and seems we are not there quite
>>>>> yet
>>>>>> (correct me if I am wrong).
>>>>>>
>>>>>> I had developed a POC plug-in based on Jersey (that I am currently
>>>>>> enhancing) and recently started evaluating Apache Juneau as well. I
>>>>> wanted
>>>>>> to bring everybody on the same page as far as REST implementation is
>>>>>> concerned so I had initiated a discussion on slack today. I am listing
>>>>> down
>>>>>> a few points below that can be perceived as
>>>>> comment/question/understanding
>>>>>> based on my general understanding of the matter and today's slack
>>>>>> discussion.
>>>>>>
>>>>>>     - Anything we start on can be part of a plug-in for the start and
>>>>> later
>>>>>>     can become part of the framework (as separate plug-in) once it is
>>>>>>     developed. A dedicated API application will allow it to be
>>>>> lightweight in
>>>>>>     terms of request processing. Should have separate auth mechanism
>>>>> bypassing
>>>>>>     ControlerServlet/ContextFiler/ControlFilter. I opine we do not
>> need
>>>>> the API
>>>>>>     request to go through these three. Please correct me.
>>>>> Though I did not look at the code (is it already somewhere?) I tend to
>>>>> agree on that.
>>>>> REST is something else and should not be hampered by those, if it's the
>>>>> case.
>>>>>
>>>>>
>>>>>>     - We want to have mechanism to expose services (export=true) to
>> be
>>>>>>     available as a REST resources. Possibly extending existing
>> service
>>>>>>     definition by a new attribute verb="get|post".
>>>>> +1
>>>>>
>>>>>
>>>>>>     Also, if we also want to
>>>>>>     expose out REST interface as an OpenApi specification, then it
>> will
>>>>>>     possibly help if we show in the spec an example of request for a
>>>>> specific
>>>>>>     service. In that case, the service definition can be expanded to
>>>>> allow for
>>>>>>     defining a JSON example (in a CDATA element)?
>>>>> That's an interesting point. Maybe we could prefer YAML over JSON.
>>>>> Because YAML is a superset of JSON and that could be useful in future:
>>>>>
>>>>>
>>>>
>> https://stackoverflow.com/questions/1726802/what-is-the-difference-between-yaml-and-json
>>>>> But it might complicate things in request bodies...
>>>>>
>>>>>
>>>>>>     -  Any service that declares one of the verbs and not called with
>>>>>>     declared verb will result in 405(Method not found) or
>> 404(Resource
>>>>> does not
>>>>>>     exist) error.
>>>>>>        - GET /api/services/{serviceName}?inParams={JSON}
>>>>>>        - POST /api/services/{serviceName} (Request Body will contain
>> in
>>>>>>        params as JSON)
>>>>>>        - GET /api/services : We list all services(export=true) along
>>>> with
>>>>>>        HATEOS Links (self link describing where the specific service
>>>> can
>>>>> be
>>>>>>        located)
>>>>> +1
>>>>>
>>>>>
>>>>>>     - Do we want to have a similar resource for entities?. I think
>>>>> entities
>>>>>>     should not be exposed directly as a REST resource even though
>> they
>>>>> are a
>>>>>>     good example of being a resource.
>>>>>>     - We can take one day at a time approach here and just start with
>>>>>>     exposing services as REST.
>>>>> I agree, can be decided later...
>>>>>
>>>>>
>>>>>>     - Auth : I had provided JWT based auth for the plug-in I had
>>>>> developed.
>>>>>
>>>>> Sounds good to me.
>>>>>
>>>>>
>>>>>>     This can further be expanded and allow for Digest auth as well?
>> Can
>>>>> have
>>>>>>     separate API endpoint to generate JWT token.
>>>>> That could definitely be interesting.
>>>>>
>>>>>
>>>>>> Please share your thoughts on this and apologies for long email.
>>>>> Don't apologize, perfect summary to me :)
>>>>>
>>>>> Thank you, this is long awaited and game changing feature!
>>>>>
>>>>> Jacques
>>>>>
>>>>>> Best Regards,
>>>>>> Girish
>>>>>
>>

grv
Reply | Threaded
Open this post in threaded view
|

Re: REST implementation

grv
Hi Carsten

OpenAPI integration and the implementation go hand in hand so no reason
separating them. I think what this draft does is just trying to see how
this might work. I am also parallelly working on OpenAPI spec but I wanted
the developers to review this work to get a better understanding of how to
proceed further.

As for the PATCH example that I quoted, that was just for
demonstration purposes to show the two approaches.

Best Regards,
Girish




On Wed, Jun 17, 2020 at 2:42 PM Carsten Schinzer <
[hidden email]> wrote:

> Hello Giresh,
>
>
> Thanks for the example, it makes clearer what you want to achieve.
>
> General considerations on RESTful or not:
> If you want to stop a productionRun, why do you use PATCH and not DELETE?
> Well, I know the connotation of Delete is „dismantle“ rather than „stop“,
> but PATCH also considers and exposes config/data changes, not only status
> changes
>
> PATCH /rest/productionruns/{productionRunId}?action=cancel
> … would probably be the best
>
> Here is how an Annotation based implementation would achieve this:
>
> @Route /productionrun/{productionRunId}, requirement={productionRunid, \d+}
> @ApiDoc(title=„A service to patch MRP Production Runs“, description="It
> allows to change the run configuration and status“)
> public patchProductionRunAction(int productionRunId, string[]
> urlParameters)
> {
>         ...
>         if urlParameters[‚action‘] == ‚cancel‘:
>                 call service cancelProductionRun(productionRunId)
>         ...
> }
>
> Forgive this pseudo-code, but I think you get what I mean.
>
> It would not avoid that some matching layer of code is reuqired in-between
> the exposed REST API methods like patchProductionRunAction and the actual
> service call, but this layer would remain code instead of being in XML or
> somewhere else that requires a context switch.
>
> In my other application (the PHP) the classes are clearly separated by
> responsibility, i.e. Repository classes interact wit the persistence layer,
> Service classes are manipulating things and RestController classes are
> wrapping up the REST API methods and properly annotated with the Routes and
> validation constraints. The important point is that it is all coded in the
> same language and therefore the context is exposed to the IDE I am working
> with. No lookups to be made into an XML file to understand parameters and
> return types of services etc. That is quite an advantage IMO.
>
> IMO that is the complexity in the current way of dealing with this in
> OFBiz and that’s why I believe the OpenAPI integration should be going
> along with REST implementation.
>
> Warm regards
>
>
> Carsten
>
>
> > Am 17.06.2020 um 08:38 schrieb Girish Vasmatkar <
> [hidden email]>:
> >
> > Hi Carsten -
> >
> > Your points make a lot of sense and that's the general consensus of the
> > community as well. However, I believe we want to have the option of
> > exposing the services via "REST". The existing frameworks services
> > obviously are not named, thinking them as Resources and in the REST work
> > resources are perceived as nouns.
> >
> > This is obviously not a complete implementation and we would obviously
> like
> > to tie up entities and services with resources. For example - consider
> the
> > service cancelProductionRun.
> >
> > If we expose it under services resource (considering services as
> > resources), we could do it like this -
> > PATCH /rest/services/cancelProductionRun
> > {
> >    "productionRunId": 1234
> > }
> >
> > While this may not sound RESTFul, but this in a way adds capability for
> > OFBiz to expose the services via a "REST" interface. A truly RESTFul
> > approach that I am working on might do something like this -
> >
> > PATCH /rest/productionruns/{productionRunId}
> >
> > Internally it will hook up the service cancelProductionRun with this
> > resource URL. This obviously has to be configured somewhere in XML and
> such
> > details can be chalked out.
> >
> > Best,
> > Girish
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > On Tue, Jun 16, 2020 at 12:45 PM Jacques Le Roux <
> > [hidden email]> wrote:
> >
> >> Thanks Girish,
> >>
> >> I did not have time to look into details yet but your README is very
> >> promising :)
> >>
> >> Jacques
> >>
> >> Le 15/06/2020 à 17:59, Girish Vasmatkar a écrit :
> >>> Hi All
> >>>
> >>> I have tried to implement a draft proposal here -
> >>> https://github.com/girishvasmatkar/ofbiz-rest-impl.git
> >>> The readme contains details.
> >>>
> >>> In order to support the changes, I have made a corresponding change in
> >> the
> >>> service definition to include a new attribute named "verb". This can
> also
> >>> be named "method". These changes are in my forked ofbiz repo (it is
> very
> >>> much in sync with ofbiz trunk):
> >>>
> >>
> https://github.com/girishvasmatkar/ofbiz-framework/tree/feature/add-service-verb
> >>>
> >>> Initial implementation does not contain OpenApi integration yet. And
> yes,
> >>> we should be fine doing both JSON and YAML.
> >>>
> >>> Please take a look at it and let me know what you think of this. I am
> >> open
> >>> to suggestions, improvements, discussions.
> >>>
> >>> Best Regards,
> >>> Girish
> >>>
> >>>
> >>> On Mon, Jun 15, 2020 at 7:02 PM Pritam Kute <
> >> [hidden email]>
> >>> wrote:
> >>>
> >>>> Hello Girish,
> >>>>
> >>>> +1 for having REST implementation using Jersey as a separate plugin
> and
> >> not
> >>>> to disturb the OFBiz default Control servlets and filters.
> >>>>
> >>>> IMO we should also think about the end-point security implementations
> >>>> alongside as it is one of the crucial things that users look into
> while
> >>>> adopting any framework.
> >>>>
> >>>> Kind Regards,
> >>>> --
> >>>> Pritam Kute
> >>>>
> >>>>
> >>>> On Fri, Jun 12, 2020 at 2:58 PM Jacques Le Roux <
> >>>> [hidden email]> wrote:
> >>>>
> >>>>> Hi Girish,
> >>>>>
> >>>>> Inline...
> >>>>>
> >>>>> Le 10/06/2020 à 17:42, Girish Vasmatkar a écrit :
> >>>>>> Hi All
> >>>>>>
> >>>>>> I am again bringing up this discussion on having a REST
> implementation
> >>>>> for
> >>>>>> OFBiz. I know we have had discussions before and I was looking at
> some
> >>>> of
> >>>>>> the past discussions about this topic and seems we are not there
> quite
> >>>>> yet
> >>>>>> (correct me if I am wrong).
> >>>>>>
> >>>>>> I had developed a POC plug-in based on Jersey (that I am currently
> >>>>>> enhancing) and recently started evaluating Apache Juneau as well. I
> >>>>> wanted
> >>>>>> to bring everybody on the same page as far as REST implementation is
> >>>>>> concerned so I had initiated a discussion on slack today. I am
> listing
> >>>>> down
> >>>>>> a few points below that can be perceived as
> >>>>> comment/question/understanding
> >>>>>> based on my general understanding of the matter and today's slack
> >>>>>> discussion.
> >>>>>>
> >>>>>>     - Anything we start on can be part of a plug-in for the start
> and
> >>>>> later
> >>>>>>     can become part of the framework (as separate plug-in) once it
> is
> >>>>>>     developed. A dedicated API application will allow it to be
> >>>>> lightweight in
> >>>>>>     terms of request processing. Should have separate auth mechanism
> >>>>> bypassing
> >>>>>>     ControlerServlet/ContextFiler/ControlFilter. I opine we do not
> >> need
> >>>>> the API
> >>>>>>     request to go through these three. Please correct me.
> >>>>> Though I did not look at the code (is it already somewhere?) I tend
> to
> >>>>> agree on that.
> >>>>> REST is something else and should not be hampered by those, if it's
> the
> >>>>> case.
> >>>>>
> >>>>>
> >>>>>>     - We want to have mechanism to expose services (export=true) to
> >> be
> >>>>>>     available as a REST resources. Possibly extending existing
> >> service
> >>>>>>     definition by a new attribute verb="get|post".
> >>>>> +1
> >>>>>
> >>>>>
> >>>>>>     Also, if we also want to
> >>>>>>     expose out REST interface as an OpenApi specification, then it
> >> will
> >>>>>>     possibly help if we show in the spec an example of request for a
> >>>>> specific
> >>>>>>     service. In that case, the service definition can be expanded to
> >>>>> allow for
> >>>>>>     defining a JSON example (in a CDATA element)?
> >>>>> That's an interesting point. Maybe we could prefer YAML over JSON.
> >>>>> Because YAML is a superset of JSON and that could be useful in
> future:
> >>>>>
> >>>>>
> >>>>
> >>
> https://stackoverflow.com/questions/1726802/what-is-the-difference-between-yaml-and-json
> >>>>> But it might complicate things in request bodies...
> >>>>>
> >>>>>
> >>>>>>     -  Any service that declares one of the verbs and not called
> with
> >>>>>>     declared verb will result in 405(Method not found) or
> >> 404(Resource
> >>>>> does not
> >>>>>>     exist) error.
> >>>>>>        - GET /api/services/{serviceName}?inParams={JSON}
> >>>>>>        - POST /api/services/{serviceName} (Request Body will contain
> >> in
> >>>>>>        params as JSON)
> >>>>>>        - GET /api/services : We list all services(export=true) along
> >>>> with
> >>>>>>        HATEOS Links (self link describing where the specific service
> >>>> can
> >>>>> be
> >>>>>>        located)
> >>>>> +1
> >>>>>
> >>>>>
> >>>>>>     - Do we want to have a similar resource for entities?. I think
> >>>>> entities
> >>>>>>     should not be exposed directly as a REST resource even though
> >> they
> >>>>> are a
> >>>>>>     good example of being a resource.
> >>>>>>     - We can take one day at a time approach here and just start
> with
> >>>>>>     exposing services as REST.
> >>>>> I agree, can be decided later...
> >>>>>
> >>>>>
> >>>>>>     - Auth : I had provided JWT based auth for the plug-in I had
> >>>>> developed.
> >>>>>
> >>>>> Sounds good to me.
> >>>>>
> >>>>>
> >>>>>>     This can further be expanded and allow for Digest auth as well?
> >> Can
> >>>>> have
> >>>>>>     separate API endpoint to generate JWT token.
> >>>>> That could definitely be interesting.
> >>>>>
> >>>>>
> >>>>>> Please share your thoughts on this and apologies for long email.
> >>>>> Don't apologize, perfect summary to me :)
> >>>>>
> >>>>> Thank you, this is long awaited and game changing feature!
> >>>>>
> >>>>> Jacques
> >>>>>
> >>>>>> Best Regards,
> >>>>>> Girish
> >>>>>
> >>
>
>
Reply | Threaded
Open this post in threaded view
|

Re: REST implementation

Carsten Schinzer
Hi Girish,

Thanks to clarify :)
What caught me on the OpenAPI integration is the snippet quoted below and I realize I should have read it in context. Actually then it is aligned with my view.

Warm regards

Carsten

>>>>> Initial implementation does not contain OpenApi integration yet. And

grv
Reply | Threaded
Open this post in threaded view
|

Re: REST implementation

grv
Hi Folks

I have added support for OpenApi Integration. The updated code can be found
here : https://github.com/girishvasmatkar/ofbiz-rest-impl. Please go
through the changes and test at your end and let me know your thoughts.

I am planning to do some refactoring and then raise initial PR for the
plug-in if the changes look good to everyone.

Best,
Girish


On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer <
[hidden email]> wrote:

> Hi Girish,
>
> Thanks to clarify :)
> What caught me on the OpenAPI integration is the snippet quoted below and
> I realize I should have read it in context. Actually then it is aligned
> with my view.
>
> Warm regards
>
> Carsten
>
> >>>>> Initial implementation does not contain OpenApi integration yet. And
>
>
Reply | Threaded
Open this post in threaded view
|

Re: REST implementation

Shi Jinghai-3
Hi Girish,

Excellent.

Only one suggestion from my quick view, when response code is 401, the "WWW-Authenticate" header should be set to start with a word NOT “Bearer …”, this can prevent web browser from popping up a login dialog.

Kind Regards,

Shi Jinghai

发件人: Girish Vasmatkar<mailto:[hidden email]>
发送时间: 2020年7月8日 20:47
收件人: [hidden email]<mailto:[hidden email]>
主题: Re: REST implementation

Hi Folks

I have added support for OpenApi Integration. The updated code can be found
here : https://github.com/girishvasmatkar/ofbiz-rest-impl. Please go
through the changes and test at your end and let me know your thoughts.

I am planning to do some refactoring and then raise initial PR for the
plug-in if the changes look good to everyone.

Best,
Girish


On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer <
[hidden email]> wrote:

> Hi Girish,
>
> Thanks to clarify :)
> What caught me on the OpenAPI integration is the snippet quoted below and
> I realize I should have read it in context. Actually then it is aligned
> with my view.
>
> Warm regards
>
> Carsten
>
> >>>>> Initial implementation does not contain OpenApi integration yet. And
>
>

grv
Reply | Threaded
Open this post in threaded view
|

Re: REST implementation

grv
Hi Shi

Thanks for taking a look at it. I have a question on "WWW-Authenticate"
header so please clarify and I can make appropriate changes accordingly -

All I am finding is that to prevent the pop-up, either return 403 (which I
do not want to do) or not include "WWW-Authenticate" header at all (not
inclined to do this as well because then we would be violating the spec).
Do you mean to NOT start the value of the header with "Bearer" ?
so instead of below

*WWW-Authenticate: Bearer realm="Access to OFBiz", charset="UTF-8"*

should we change it to

*WWW-Authenticate: xBearer realm="Access to OFBiz", charset="UTF-8"*

I did not test it, but I can just change it like this without testing if
you can please confirm it will prevent the browser dialog.

Thanks again for the review.

Best,
Girish

On Wed, Jul 8, 2020 at 8:45 PM Shi Jinghai <[hidden email]> wrote:

> Hi Girish,
>
> Excellent.
>
> Only one suggestion from my quick view, when response code is 401, the
> "WWW-Authenticate" header should be set to start with a word NOT “Bearer
> …”, this can prevent web browser from popping up a login dialog.
>
> Kind Regards,
>
> Shi Jinghai
>
> 发件人: Girish Vasmatkar<mailto:[hidden email]>
> 发送时间: 2020年7月8日 20:47
> 收件人: [hidden email]<mailto:[hidden email]>
> 主题: Re: REST implementation
>
> Hi Folks
>
> I have added support for OpenApi Integration. The updated code can be found
> here : https://github.com/girishvasmatkar/ofbiz-rest-impl. Please go
> through the changes and test at your end and let me know your thoughts.
>
> I am planning to do some refactoring and then raise initial PR for the
> plug-in if the changes look good to everyone.
>
> Best,
> Girish
>
>
> On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer <
> [hidden email]> wrote:
>
> > Hi Girish,
> >
> > Thanks to clarify :)
> > What caught me on the OpenAPI integration is the snippet quoted below and
> > I realize I should have read it in context. Actually then it is aligned
> > with my view.
> >
> > Warm regards
> >
> > Carsten
> >
> > >>>>> Initial implementation does not contain OpenApi integration yet.
> And
> >
> >
>
>
Reply | Threaded
Open this post in threaded view
|

Re: REST implementation

Shi Jinghai-3
Hi Girish,

Yes, you got it.

Web browser will popup a login dialog when response code is 401:
setResponseHeader("WWW-Authenticate", "Bearer realm=\"authentication required\"");

The popup is skipped and then react/vue/angular can handle the response:
setResponseHeader("WWW-Authenticate", "OFBiz realm=\"authentication required\"");


发件人: Girish Vasmatkar<mailto:[hidden email]>
发送时间: 2020年7月9日 14:54
收件人: [hidden email]<mailto:[hidden email]>
主题: Re: REST implementation

Hi Shi

Thanks for taking a look at it. I have a question on "WWW-Authenticate"
header so please clarify and I can make appropriate changes accordingly -

All I am finding is that to prevent the pop-up, either return 403 (which I
do not want to do) or not include "WWW-Authenticate" header at all (not
inclined to do this as well because then we would be violating the spec).
Do you mean to NOT start the value of the header with "Bearer" ?
so instead of below

*WWW-Authenticate: Bearer realm="Access to OFBiz", charset="UTF-8"*

should we change it to

*WWW-Authenticate: xBearer realm="Access to OFBiz", charset="UTF-8"*

I did not test it, but I can just change it like this without testing if
you can please confirm it will prevent the browser dialog.

Thanks again for the review.

Best,
Girish

On Wed, Jul 8, 2020 at 8:45 PM Shi Jinghai <[hidden email]> wrote:

> Hi Girish,
>
> Excellent.
>
> Only one suggestion from my quick view, when response code is 401, the
> "WWW-Authenticate" header should be set to start with a word NOT “Bearer
> …”, this can prevent web browser from popping up a login dialog.
>
> Kind Regards,
>
> Shi Jinghai
>
> 发件人: Girish Vasmatkar<mailto:[hidden email]>
> 发送时间: 2020年7月8日 20:47
> 收件人: [hidden email]<mailto:[hidden email]>
> 主题: Re: REST implementation
>
> Hi Folks
>
> I have added support for OpenApi Integration. The updated code can be found
> here : https://github.com/girishvasmatkar/ofbiz-rest-impl. Please go
> through the changes and test at your end and let me know your thoughts.
>
> I am planning to do some refactoring and then raise initial PR for the
> plug-in if the changes look good to everyone.
>
> Best,
> Girish
>
>
> On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer <
> [hidden email]> wrote:
>
> > Hi Girish,
> >
> > Thanks to clarify :)
> > What caught me on the OpenAPI integration is the snippet quoted below and
> > I realize I should have read it in context. Actually then it is aligned
> > with my view.
> >
> > Warm regards
> >
> > Carsten
> >
> > >>>>> Initial implementation does not contain OpenApi integration yet.
> And
> >
> >
>
>

grv
Reply | Threaded
Open this post in threaded view
|

Re: REST implementation

grv
Greetings!

I have created a PR to add a REST component -
https://github.com/apache/ofbiz-plugins/pull/35 . Please take a look
and let me know what you think and let me know if you face any issues. I
intend to merge it in a week from now.

With the PR (https://github.com/apache/ofbiz-framework/pull/214) to add
"action" attribute to the service definition now merged, this above
component should be able to expose exportable (export=true) and
actionable(action=GET|POST) services via REST.

Once the changes for nested attributes (OFBIZ-11902
<https://issues.apache.org/jira/browse/OFBIZ-11902>) are done, I will also
be making corresponding changes in the GraphQL plugin to account for nested
attributes. OFBIZ-11902
<https://issues.apache.org/jira/browse/OFBIZ-11902> will
help in defining complex GraphQL mutations.

I am parallelly also working on designing an XML DSL for REST that should
allow tying up REST resources with OFBiz services.

Best,
Girish



On Thu, Jul 9, 2020 at 6:27 PM Shi Jinghai <[hidden email]> wrote:

> Hi Girish,
>
> Yes, you got it.
>
> Web browser will popup a login dialog when response code is 401:
> setResponseHeader("WWW-Authenticate", "Bearer realm=\"authentication
> required\"");
>
> The popup is skipped and then react/vue/angular can handle the response:
> setResponseHeader("WWW-Authenticate", "OFBiz realm=\"authentication
> required\"");
>
>
> 发件人: Girish Vasmatkar<mailto:[hidden email]>
> 发送时间: 2020年7月9日 14:54
> 收件人: [hidden email]<mailto:[hidden email]>
> 主题: Re: REST implementation
>
> Hi Shi
>
> Thanks for taking a look at it. I have a question on "WWW-Authenticate"
> header so please clarify and I can make appropriate changes accordingly -
>
> All I am finding is that to prevent the pop-up, either return 403 (which I
> do not want to do) or not include "WWW-Authenticate" header at all (not
> inclined to do this as well because then we would be violating the spec).
> Do you mean to NOT start the value of the header with "Bearer" ?
> so instead of below
>
> *WWW-Authenticate: Bearer realm="Access to OFBiz", charset="UTF-8"*
>
> should we change it to
>
> *WWW-Authenticate: xBearer realm="Access to OFBiz", charset="UTF-8"*
>
> I did not test it, but I can just change it like this without testing if
> you can please confirm it will prevent the browser dialog.
>
> Thanks again for the review.
>
> Best,
> Girish
>
> On Wed, Jul 8, 2020 at 8:45 PM Shi Jinghai <[hidden email]> wrote:
>
> > Hi Girish,
> >
> > Excellent.
> >
> > Only one suggestion from my quick view, when response code is 401, the
> > "WWW-Authenticate" header should be set to start with a word NOT “Bearer
> > …”, this can prevent web browser from popping up a login dialog.
> >
> > Kind Regards,
> >
> > Shi Jinghai
> >
> > 发件人: Girish Vasmatkar<mailto:[hidden email]>
> > 发送时间: 2020年7月8日 20:47
> > 收件人: [hidden email]<mailto:[hidden email]>
> > 主题: Re: REST implementation
> >
> > Hi Folks
> >
> > I have added support for OpenApi Integration. The updated code can be
> found
> > here : https://github.com/girishvasmatkar/ofbiz-rest-impl. Please go
> > through the changes and test at your end and let me know your thoughts.
> >
> > I am planning to do some refactoring and then raise initial PR for the
> > plug-in if the changes look good to everyone.
> >
> > Best,
> > Girish
> >
> >
> > On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer <
> > [hidden email]> wrote:
> >
> > > Hi Girish,
> > >
> > > Thanks to clarify :)
> > > What caught me on the OpenAPI integration is the snippet quoted below
> and
> > > I realize I should have read it in context. Actually then it is aligned
> > > with my view.
> > >
> > > Warm regards
> > >
> > > Carsten
> > >
> > > >>>>> Initial implementation does not contain OpenApi integration yet.
> > And
> > >
> > >
> >
> >
>
>
Reply | Threaded
Open this post in threaded view
|

Re: REST implementation

Jacques Le Roux
Administrator
Hi Girish,

I'm just starting to review so I may miss things. Just a question for now. We have an option at

https://demo-trunk.ofbiz.apache.org/webtools/control/ServiceList?sel_service_name=testScv

to  (Show wsdl <https://demo-trunk.ofbiz.apache.org:443/webtools/control/ServiceList?sel_service_name=testScv&show_wsdl=true>)

Would it be possible to have the same for REST?

Thanks

Jacques

Le 31/07/2020 à 10:32, Girish Vasmatkar a écrit :

> Greetings!
>
> I have created a PR to add a REST component -
> https://github.com/apache/ofbiz-plugins/pull/35 . Please take a look
> and let me know what you think and let me know if you face any issues. I
> intend to merge it in a week from now.
>
> With the PR (https://github.com/apache/ofbiz-framework/pull/214) to add
> "action" attribute to the service definition now merged, this above
> component should be able to expose exportable (export=true) and
> actionable(action=GET|POST) services via REST.
>
> Once the changes for nested attributes (OFBIZ-11902
> <https://issues.apache.org/jira/browse/OFBIZ-11902>) are done, I will also
> be making corresponding changes in the GraphQL plugin to account for nested
> attributes. OFBIZ-11902
> <https://issues.apache.org/jira/browse/OFBIZ-11902> will
> help in defining complex GraphQL mutations.
>
> I am parallelly also working on designing an XML DSL for REST that should
> allow tying up REST resources with OFBiz services.
>
> Best,
> Girish
>
>
>
> On Thu, Jul 9, 2020 at 6:27 PM Shi Jinghai <[hidden email]> wrote:
>
>> Hi Girish,
>>
>> Yes, you got it.
>>
>> Web browser will popup a login dialog when response code is 401:
>> setResponseHeader("WWW-Authenticate", "Bearer realm=\"authentication
>> required\"");
>>
>> The popup is skipped and then react/vue/angular can handle the response:
>> setResponseHeader("WWW-Authenticate", "OFBiz realm=\"authentication
>> required\"");
>>
>>
>> 发件人: Girish Vasmatkar<mailto:[hidden email]>
>> 发送时间: 2020年7月9日 14:54
>> 收件人: [hidden email]<mailto:[hidden email]>
>> 主题: Re: REST implementation
>>
>> Hi Shi
>>
>> Thanks for taking a look at it. I have a question on "WWW-Authenticate"
>> header so please clarify and I can make appropriate changes accordingly -
>>
>> All I am finding is that to prevent the pop-up, either return 403 (which I
>> do not want to do) or not include "WWW-Authenticate" header at all (not
>> inclined to do this as well because then we would be violating the spec).
>> Do you mean to NOT start the value of the header with "Bearer" ?
>> so instead of below
>>
>> *WWW-Authenticate: Bearer realm="Access to OFBiz", charset="UTF-8"*
>>
>> should we change it to
>>
>> *WWW-Authenticate: xBearer realm="Access to OFBiz", charset="UTF-8"*
>>
>> I did not test it, but I can just change it like this without testing if
>> you can please confirm it will prevent the browser dialog.
>>
>> Thanks again for the review.
>>
>> Best,
>> Girish
>>
>> On Wed, Jul 8, 2020 at 8:45 PM Shi Jinghai <[hidden email]> wrote:
>>
>>> Hi Girish,
>>>
>>> Excellent.
>>>
>>> Only one suggestion from my quick view, when response code is 401, the
>>> "WWW-Authenticate" header should be set to start with a word NOT “Bearer
>>> …”, this can prevent web browser from popping up a login dialog.
>>>
>>> Kind Regards,
>>>
>>> Shi Jinghai
>>>
>>> 发件人: Girish Vasmatkar<mailto:[hidden email]>
>>> 发送时间: 2020年7月8日 20:47
>>> 收件人: [hidden email]<mailto:[hidden email]>
>>> 主题: Re: REST implementation
>>>
>>> Hi Folks
>>>
>>> I have added support for OpenApi Integration. The updated code can be
>> found
>>> here : https://github.com/girishvasmatkar/ofbiz-rest-impl. Please go
>>> through the changes and test at your end and let me know your thoughts.
>>>
>>> I am planning to do some refactoring and then raise initial PR for the
>>> plug-in if the changes look good to everyone.
>>>
>>> Best,
>>> Girish
>>>
>>>
>>> On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer <
>>> [hidden email]> wrote:
>>>
>>>> Hi Girish,
>>>>
>>>> Thanks to clarify :)
>>>> What caught me on the OpenAPI integration is the snippet quoted below
>> and
>>>> I realize I should have read it in context. Actually then it is aligned
>>>> with my view.
>>>>
>>>> Warm regards
>>>>
>>>> Carsten
>>>>
>>>>>>>>> Initial implementation does not contain OpenApi integration yet.
>>> And
>>>>
>>>
>>
Reply | Threaded
Open this post in threaded view
|

Re: REST implementation

Jacques Le Roux
Administrator
Not a big deal, saw that when applying as a patch:

git apply 35.patch
35.patch:364: trailing whitespace.
* GET /rest/services/{serviceName}?inParams=<URLEncodedJSON>
35.patch:765: trailing whitespace.
     xmlns:xl="http://www.w3.org/1999/xlink"
35.patch:2813: trailing whitespace.

35.patch:486: new blank line at EOF.
+
35.patch:772: new blank line at EOF.
+
warning: 5 lines add whitespace errors.

Jacques

Le 02/08/2020 à 09:40, Jacques Le Roux a écrit :

> Hi Girish,
>
> I'm just starting to review so I may miss things. Just a question for now. We have an option at
>
> https://demo-trunk.ofbiz.apache.org/webtools/control/ServiceList?sel_service_name=testScv
>
> to  (Show wsdl <https://demo-trunk.ofbiz.apache.org:443/webtools/control/ServiceList?sel_service_name=testScv&show_wsdl=true>)
>
> Would it be possible to have the same for REST?
>
> Thanks
>
> Jacques
>
> Le 31/07/2020 à 10:32, Girish Vasmatkar a écrit :
>> Greetings!
>>
>> I have created a PR to add a REST component -
>> https://github.com/apache/ofbiz-plugins/pull/35 . Please take a look
>> and let me know what you think and let me know if you face any issues. I
>> intend to merge it in a week from now.
>>
>> With the PR (https://github.com/apache/ofbiz-framework/pull/214) to add
>> "action" attribute to the service definition now merged, this above
>> component should be able to expose exportable (export=true) and
>> actionable(action=GET|POST) services via REST.
>>
>> Once the changes for nested attributes (OFBIZ-11902
>> <https://issues.apache.org/jira/browse/OFBIZ-11902>) are done, I will also
>> be making corresponding changes in the GraphQL plugin to account for nested
>> attributes. OFBIZ-11902
>> <https://issues.apache.org/jira/browse/OFBIZ-11902> will
>> help in defining complex GraphQL mutations.
>>
>> I am parallelly also working on designing an XML DSL for REST that should
>> allow tying up REST resources with OFBiz services.
>>
>> Best,
>> Girish
>>
>>
>>
>> On Thu, Jul 9, 2020 at 6:27 PM Shi Jinghai <[hidden email]> wrote:
>>
>>> Hi Girish,
>>>
>>> Yes, you got it.
>>>
>>> Web browser will popup a login dialog when response code is 401:
>>> setResponseHeader("WWW-Authenticate", "Bearer realm=\"authentication
>>> required\"");
>>>
>>> The popup is skipped and then react/vue/angular can handle the response:
>>> setResponseHeader("WWW-Authenticate", "OFBiz realm=\"authentication
>>> required\"");
>>>
>>>
>>> 发件人: Girish Vasmatkar<mailto:[hidden email]>
>>> 发送时间: 2020年7月9日 14:54
>>> 收件人: [hidden email]<mailto:[hidden email]>
>>> 主题: Re: REST implementation
>>>
>>> Hi Shi
>>>
>>> Thanks for taking a look at it. I have a question on "WWW-Authenticate"
>>> header so please clarify and I can make appropriate changes accordingly -
>>>
>>> All I am finding is that to prevent the pop-up, either return 403 (which I
>>> do not want to do) or not include "WWW-Authenticate" header at all (not
>>> inclined to do this as well because then we would be violating the spec).
>>> Do you mean to NOT start the value of the header with "Bearer" ?
>>> so instead of below
>>>
>>> *WWW-Authenticate: Bearer realm="Access to OFBiz", charset="UTF-8"*
>>>
>>> should we change it to
>>>
>>> *WWW-Authenticate: xBearer realm="Access to OFBiz", charset="UTF-8"*
>>>
>>> I did not test it, but I can just change it like this without testing if
>>> you can please confirm it will prevent the browser dialog.
>>>
>>> Thanks again for the review.
>>>
>>> Best,
>>> Girish
>>>
>>> On Wed, Jul 8, 2020 at 8:45 PM Shi Jinghai <[hidden email]> wrote:
>>>
>>>> Hi Girish,
>>>>
>>>> Excellent.
>>>>
>>>> Only one suggestion from my quick view, when response code is 401, the
>>>> "WWW-Authenticate" header should be set to start with a word NOT “Bearer
>>>> …”, this can prevent web browser from popping up a login dialog.
>>>>
>>>> Kind Regards,
>>>>
>>>> Shi Jinghai
>>>>
>>>> 发件人: Girish Vasmatkar<mailto:[hidden email]>
>>>> 发送时间: 2020年7月8日 20:47
>>>> 收件人: [hidden email]<mailto:[hidden email]>
>>>> 主题: Re: REST implementation
>>>>
>>>> Hi Folks
>>>>
>>>> I have added support for OpenApi Integration. The updated code can be
>>> found
>>>> here : https://github.com/girishvasmatkar/ofbiz-rest-impl. Please go
>>>> through the changes and test at your end and let me know your thoughts.
>>>>
>>>> I am planning to do some refactoring and then raise initial PR for the
>>>> plug-in if the changes look good to everyone.
>>>>
>>>> Best,
>>>> Girish
>>>>
>>>>
>>>> On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer <
>>>> [hidden email]> wrote:
>>>>
>>>>> Hi Girish,
>>>>>
>>>>> Thanks to clarify :)
>>>>> What caught me on the OpenAPI integration is the snippet quoted below
>>> and
>>>>> I realize I should have read it in context. Actually then it is aligned
>>>>> with my view.
>>>>>
>>>>> Warm regards
>>>>>
>>>>> Carsten
>>>>>
>>>>>>>>>> Initial implementation does not contain OpenApi integration yet.
>>>> And
>>>>>
>>>>
>>>
12