OFBiz OFBiz - Commits

svn commit: r1814363 - in /ofbiz/ofbiz-framework/trunk/framework: common/webcommon/WEB-INF/common-controller.xml security/config/security.properties webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
jleroux@apache.org
Reply | Threaded
Open this post in threaded view
|

svn commit: r1814363 - in /ofbiz/ofbiz-framework/trunk/framework: common/webcommon/WEB-INF/common-controller.xml security/config/security.properties webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java

jleroux@apache.org
Author: jleroux
Date: Sun Nov  5 17:33:30 2017
New Revision: 1814363

URL: http://svn.apache.org/viewvc?rev=1814363&view=rev
Log:
Implemented: Token Based Authentication
(OFBIZ-9833)

I have tested the Token Based Authentication between my local machine and the
trunk demo. It works as expected.

This completes the previous commit by:
  adding a new externalServerLoginCheck pre processor
  Documenting how to set the ExternalServerJwtMasterSecretKey in production
    using sed and uuidgen
  Adding documenting properties in security.properties, not set to be used OOTB
   but ready to be set in production

Modified:
    ofbiz/ofbiz-framework/trunk/framework/common/webcommon/WEB-INF/common-controller.xml
    ofbiz/ofbiz-framework/trunk/framework/security/config/security.properties
    ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java

Modified: ofbiz/ofbiz-framework/trunk/framework/common/webcommon/WEB-INF/common-controller.xml
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/common/webcommon/WEB-INF/common-controller.xml?rev=1814363&r1=1814362&r2=1814363&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/common/webcommon/WEB-INF/common-controller.xml (original)
+++ ofbiz/ofbiz-framework/trunk/framework/common/webcommon/WEB-INF/common-controller.xml Sun Nov  5 17:33:30 2017
@@ -31,6 +31,7 @@ under the License.
         <event name="checkRequestHeaderLogin" type="java" path="org.apache.ofbiz.webapp.control.LoginWorker" invoke="checkRequestHeaderLogin"/>
         <event name="checkServletRequestRemoteUserLogin" type="java" path="org.apache.ofbiz.webapp.control.LoginWorker" invoke="checkServletRequestRemoteUserLogin"/>
         <event name="checkExternalLoginKey" type="java" path="org.apache.ofbiz.webapp.control.ExternalLoginKeysManager" invoke="checkExternalLoginKey"/>
+        <event name="externalServerLoginCheck" type="java" path="org.apache.ofbiz.webapp.control.ExternalLoginKeysManager" invoke="externalServerLoginCheck"/>
         <event name="checkProtectedView" type="java" path="org.apache.ofbiz.webapp.control.ProtectViewWorker" invoke="checkProtectedView"/>
         <event name="extensionConnectLogin" type="java" path="org.apache.ofbiz.webapp.control.LoginWorker" invoke="extensionConnectLogin"/>
     </preprocessor>

Modified: ofbiz/ofbiz-framework/trunk/framework/security/config/security.properties
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/security/config/security.properties?rev=1814363&r1=1814362&r2=1814363&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/security/config/security.properties (original)
+++ ofbiz/ofbiz-framework/trunk/framework/security/config/security.properties Sun Nov  5 17:33:30 2017
@@ -128,3 +128,12 @@ default.error.response.view=view:viewBlo
 
 # -- If false, then no externalLoginKey parameters will be added to cross-webapp urls
 security.login.externalLoginKey.enabled=true
+
+# -- If true, then it's possible to connect to another webapp on another server w/o signing in
+use-external-server=N
+# -- Name of the external server (DNS)  
+external-server-name=localhost:8443
+# -- Query part of the URL to use
+external-server-query=/example/control/
+# -- Time To Live of the token send to the external server
+external-server-token-duration=30

Modified: ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java?rev=1814363&r1=1814362&r2=1814363&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java (original)
+++ ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java Sun Nov  5 17:33:30 2017
@@ -63,6 +63,7 @@ public class ExternalLoginKeysManager {
     // As we sign on on several servers, so have different sessions, we can't use the externalLoginKey way to create the JWT masterSecretKey.
     // The best way to create the JWT masterSecretKey is to use a temporary way to load in a static final key when compiling.
     // This is simple and most secure. One of the proposed way is to use sed and uuidgen to modify the masterSecretKey value
+    // This: sed -i /ExternalServerJwtMasterSecretKey/s//$(uuidgen)/\2 framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java
     // The magic words here are TEMPORARY and FINAL!
     private static final String ExternalServerJwtMasterSecretKey = "ExternalServerJwtMasterSecretKey";
 


Free forum by Nabble Edit this page