[jira] [Commented] (OFBIZ-10805) OFBiz shell
Locked
[jira] [Commented] (OFBIZ-10805) OFBiz shell
 
|
[ https://issues.apache.org/jira/browse/OFBIZ-10805?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16741409#comment-16741409 ] Mathieu Lirzin commented on OFBIZ-10805: ---------------------------------------- Hello Michael, Here is sample shell session that would hopefully show what kind of things are possible: {code} mthl@token ~/src/ofbiz$ java -jar build/libs/ofbiz.jar -i Config.java using configuration file start.properties Set OFBIZ_HOME to - /home/mthl/src/ofbiz SHELL Groovy Shell (2.4.16, JVM: 1.8.0_161) Type ':help' or ':h' for help. ------------------------------------------------------------------------------- groovy:000> import org.apache.ofbiz.entity.util.EntityQuery ===> org.apache.ofbiz.entity.util.EntityQuery groovy:000> def system = EntityQuery.use(delegator).from('UserLogin').where(userLoginId: 'system').queryOne() ===> [lastUpdatedStamp:2019-01-07 23:48:33.674, successiveFailedLogins:null, passwordHint:null, createdTxStamp:2019-01-07 23:48:23.512, createdStamp:2019-01-07 23:48:23.653, externalAuthId:null, lastUpdatedTxStamp:2019-01-07 23:48:32.721, lastTimeZone:null, enabled:N, lastLocale:null, currentPassword:null, userLoginId:system, isSystem:Y, disabledDateTime:null, disabledBy:null, hasLoggedOut:null, userLdapDn:null, requirePasswordChange:null, lastCurrencyUom:null, partyId:system] groovy:000> dispatcher.runSync('echoService', [userLogin: system]) ===> [userLogin:[lastUpdatedStamp:2019-01-07 23:48:33.674, successiveFailedLogins:null, passwordHint:null, createdTxStamp:2019-01-07 23:48:23.512, createdStamp:2019-01-07 23:48:23.653, externalAuthId:null, lastUpdatedTxStamp:2019-01-07 23:48:32.721, lastTimeZone:null, enabled:N, lastLocale:null, currentPassword:null, userLoginId:system, isSystem:Y, disabledDateTime:null, disabledBy:null, hasLoggedOut:null, userLdapDn:null, requirePasswordChange:null, lastCurrencyUom:null, partyId:system], locale:en, responseMessage:success] {code} Given the experimental state of the implementation there are still a lot of ruff edges (one major one is concerning the UI Labels which are not handle properly). Regarding the security issues, yes this is sensitive. Like for {{java -jar build/libs/ofbiz.jar --shutdown}}, anyone knowing the {{ofbiz.admin.key}} property and able to connect to the admin socket can start a shell session. The difference is that the shell feature has wider consequences since the attacker can do far more thing than just shuting OFBiz down. > OFBiz shell > ----------- > > Key: OFBIZ-10805 > URL: https://issues.apache.org/jira/browse/OFBIZ-10805 > Project: OFBiz > Issue Type: Improvement > Components: framework > Affects Versions: Trunk > Reporter: Mathieu Lirzin > Priority: Major > Fix For: Upcoming Branch > > Attachments: OFBIZ-10805_OFBiz-shell.patch > > > One issue with the current way of writing Groovy tests is that the feedback between writing an instruction and checking its result is slow because one has to rerun the corresponding test case. > Providing a Groovy shell access with a delegator and dispatcher allows developers to interactively execute commands and check their results instantly. > The shell access has been done via Remote Procedure Call (RPC) which was already implemented by the {{AdminClient}} and {{AdminServer}} classes. > In order to test, you must start the server first: > {code} > $ ./gradlew ofbiz > {code} > then you can run the following command in another terminal: > {code} > $ java -jar build/libs/ofbiz.jar --shell > {code} > or this equivalent one which uses the corresponding short option: > {code} > $ java -jar build/libs/ofbiz.jar -i > {code} > *Limitation*: It is currently not possible to connect multiple shells at > the same time. -- This message was sent by Atlassian JIRA (v7.6.3#76005) |
«
Return to OFBiz - Notifications
|
1 view|%1 views
| Free forum by Nabble | Edit this page |