svn commit: r1847177 - in /ofbiz: ofbiz-framework/trunk/framework/webapp/src/docs/asciidoc/_include/ ofbiz-plugins/trunk/birt/src/docs/asciidoc/_include/

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r1847177 - in /ofbiz: ofbiz-framework/trunk/framework/webapp/src/docs/asciidoc/_include/ ofbiz-plugins/trunk/birt/src/docs/asciidoc/_include/

jleroux@apache.org
Author: jleroux
Date: Thu Nov 22 15:07:19 2018
New Revision: 1847177

URL: http://svn.apache.org/viewvc?rev=1847177&view=rev
Log:
Documented: no functional changes

Formats too long lines in wa-cross-domains-SSO.adoc
Fixes references in bt-creating reports.adoc
Fixes text in bt-report master creation.adoc

Modified:
    ofbiz/ofbiz-framework/trunk/framework/webapp/src/docs/asciidoc/_include/wa-cross-domains-SSO.adoc
    ofbiz/ofbiz-plugins/trunk/birt/src/docs/asciidoc/_include/bt-creating reports.adoc
    ofbiz/ofbiz-plugins/trunk/birt/src/docs/asciidoc/_include/bt-report master creation.adoc

Modified: ofbiz/ofbiz-framework/trunk/framework/webapp/src/docs/asciidoc/_include/wa-cross-domains-SSO.adoc
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/docs/asciidoc/_include/wa-cross-domains-SSO.adoc?rev=1847177&r1=1847176&r2=1847177&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/webapp/src/docs/asciidoc/_include/wa-cross-domains-SSO.adoc (original)
+++ ofbiz/ofbiz-framework/trunk/framework/webapp/src/docs/asciidoc/_include/wa-cross-domains-SSO.adoc Thu Nov 22 15:07:19 2018
@@ -18,11 +18,14 @@ under the License.
 ////
 ==== Cross-domains Single Sign On (SSO)
 
-In some cases you need to split the OFBiz applications on different servers, and possibly in production on different domains. This can happen for different reasons, most often for performance reason.
+In some cases you need to split the OFBiz applications on different servers, and possibly in production on different domains.
+This can happen for different reasons, most often for performance reason.
 
-As it's annoying to give each time a credential when changing from an OFBiz application to another on the same server, the same applies when changing from an OFBiz application to another on another domain.
+As it's annoying to give each time a credential when changing from an OFBiz application to another on the same server,
+the same applies when changing from an OFBiz application to another on another domain.
 
-To prevent that on the same server, the ExternalLoginKey mechanism is used. The cross-domains SSO feature allows to navigate from a domain to another with automated SSO.
+To prevent that on the same server, the ExternalLoginKey mechanism is used.
+The cross-domains SSO feature allows to navigate from a domain to another with automated SSO.
 
 It based on 3 technologies:
 
@@ -36,28 +39,43 @@ Ajax:: Ajax, now well known I guess, in
 The mechanism is simple.
 
 .On the source side:
-. When an user log in in an application (webApp) a webappName.securedLoginId cookie is created. This cookie will be used by the mechanism to know the current logged in user. _Note that all webappName.securedLoginId cookies are deleted when the user session is closed or time out. Hence (apart also using an intrinsically secured cookie) the mechanim is secured, even on shared machines. Of course if people are sharing a machine during their sessions, things could get complicated. This unlikely later case is not taken in account._
+. When an user log in in an application (webApp) a webappName.securedLoginId cookie is created.
+This cookie will be used by the mechanism to know the current logged in user.
+_Note that all webappName.securedLoginId cookies are deleted when the user session is closed or time out.
+Hence (apart also using an intrinsically secured cookie) the mechanim is secured, even on shared machines.
+Of course if people are sharing a machine during their sessions, things could get complicated.
+This unlikely later case is not taken in account._
+
+. The user is given a JavaScript link which passes the URL to reach and the calling webapp name to
+the sendJWT() Ajax function.
 
-. The user is given a JavaScript link which passes the URL to reach and the calling webapp name to the sendJWT() Ajax function.
+. The sendJWT() Ajax function calls the loadJWT() Ajax function which in turn calls
+the CommonEvents::loadJWT method through the common controller.
 
-. The sendJWT() Ajax function calls the loadJWT() Ajax function which in turn calls the CommonEvents::loadJWT method through the common controller.
+. The CommonEvents::loadJWT method uses the calling webapp name to retrieve the userLoginId from the secured
+webappName.securedLoginId cookie, creates a JWT containing the userLoginId, and returns it to the loadJWT() Ajax function.
 
-. The CommonEvents::loadJWT method uses the calling webapp name to retrieve the userLoginId from the secured webappName.securedLoginId cookie, creates a JWT containing the userLoginId, and returns it to the loadJWT() Ajax function.
-
-. Then the sendJWT() Ajax function sends an Authorization header containing the JWT to the URL to reach. At this stage, if all things are correct, the flow leaves the source side.
+. Then the sendJWT() Ajax function sends an Authorization header containing the JWT to the URL to reach.
+At this stage, if all things are correct, the flow leaves the source side.
 
 .On the server side:
-. A CORS policy is needed. _Without it, the Authorization token containing the JWT will be rejected. It's a simple policy but you need to strictly define the authorized domains. Never use the lazy "*" for domains (ie all domains), else the https://en.wikipedia.org/wiki/Cross-origin_resource_sharing#Preflight_example[preflight request] will not work._ Here is an example for Apache HTTPD (domain value is "https://localhost:8443" for official OFBiz demo):
-
-* Header set Access-Control-Allow-Origin domain
-* Header set Access-Control-Allow-Headers "Authorization"
-* Header set Access-Control-Allow-Credentials "true"
+. A CORS policy is needed. _Without it, the Authorization token containing the JWT will be rejected.
+It's a simple policy but you need to strictly define the authorized domains. Never use the lazy "*" for domains
+(ie all domains), else the https://en.wikipedia.org/wiki/Cross-origin_resource_sharing#Preflight_example[preflight request] will not work._
+Here is an example for Apache HTTPD (domain value is "https://localhost:8443" for official OFBiz demo):
+
+[source,]
+----
+Header set Access-Control-Allow-Origin domain
+Header set Access-Control-Allow-Headers "Authorization"
+Header set Access-Control-Allow-Credentials "true"
+----
 
-. The checkJWTLogin preprocessor, similar to the checkExternalLoginKey, intercepts the JWT, checks it and if all is OK signs the user on. That's it !
+. The checkJWTLogin preprocessor, similar to the checkExternalLoginKey, intercepts the JWT, checks it and
+if all is OK signs the user on. That's it !
 
-In the example component, the FormWidgetExamples screen contains 2 new fields in the LinksExampleForm which demonstrate the use from a local instance to the trunk demo instance.
+In the example component, the FormWidgetExamples screen contains 2 new fields in the LinksExampleForm which
+demonstrate the use from a local instance to the trunk demo instance.
 
 
 If you are interested in more details you may refer to  https://issues.apache.org/jira/browse/OFBIZ-10307
-
-

Modified: ofbiz/ofbiz-plugins/trunk/birt/src/docs/asciidoc/_include/bt-creating reports.adoc
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-plugins/trunk/birt/src/docs/asciidoc/_include/bt-creating%20reports.adoc?rev=1847177&r1=1847176&r2=1847177&view=diff
==============================================================================
--- ofbiz/ofbiz-plugins/trunk/birt/src/docs/asciidoc/_include/bt-creating reports.adoc (original)
+++ ofbiz/ofbiz-plugins/trunk/birt/src/docs/asciidoc/_include/bt-creating reports.adoc Thu Nov 22 15:07:19 2018
@@ -10,7 +10,7 @@ A flexible report is an OFBiz content of
 
 * OFBiz framework
 * The Birt plugin
-* The BIRT Report Designer: <<bt-using the birt report designer.adoc#_using_the_birt_report_designer,Using the Birt Report Designer>>
+* The BIRT Report Designer: <<#_using_the_birt_report_designer,Using the Birt Report Designer>>
 
 ==== Report creation
 
@@ -37,7 +37,7 @@ This first panel allows you to change th
 
 ==== The .rptdesign report file: download, edit, upload and publish it
 
-To really use the report you need to download the .rptdesign file from the server in a location from where you can edit it with the BIRT Report Designer. So you need to install first the BIRT Report Designer. Then you can edit the .rptdesign file in the BIRT Report Designer. For that refer to <<bt-using the birt report designer.adoc#_using_the_birt_report_designer,Using the Birt Report Designer>>.
+To really use the report you need to download the .rptdesign file from the server in a location from where you can edit it with the BIRT Report Designer. So you need to install first the BIRT Report Designer. Then you can edit the .rptdesign file in the BIRT Report Designer. For that refer to <<#_using_the_birt_report_designer,Using the Birt Report Designer>>.
 
 ===== Editing the downloaded file
 

Modified: ofbiz/ofbiz-plugins/trunk/birt/src/docs/asciidoc/_include/bt-report master creation.adoc
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-plugins/trunk/birt/src/docs/asciidoc/_include/bt-report%20master%20creation.adoc?rev=1847177&r1=1847176&r2=1847177&view=diff
==============================================================================
--- ofbiz/ofbiz-plugins/trunk/birt/src/docs/asciidoc/_include/bt-report master creation.adoc (original)
+++ ofbiz/ofbiz-plugins/trunk/birt/src/docs/asciidoc/_include/bt-report master creation.adoc Thu Nov 22 15:07:19 2018
@@ -55,9 +55,9 @@ Your Report Master is created ! You can
 
 ==== Report Master based on a service
 
-Create in plugins/birt/src/org/ofbiz/birt/birt/BirtMasterReportServices.java 2 dedicated services (see examples there)
+In plugins/birt/src/main/java/org/apache/ofbiz/birt/flexible/BirtMasterReportServices.java there is 2 sets of dedicated services (see examples there)
 
-. The first one, which name will return 4 items:
+. In each set the first service, will return 4 items:
  ** an object of type Map<String, String> called dataMap. *Keys*: data field names. *Values*: data types (OFBiz types).
  ** an object of type Map<String, String> called fieldDisplayLabels. *Keys*: data field names. *Values*: the names displayed to the user. This output is optional, should it be missing, the keys will be displayed.
  ** an object of type Map<String, String> called filterMap. *Keys*: data filtering field names (exact names used for the form fields). *Values*: data type (OFBiz type). This output is optional, if missing, filters can not be displayed on the report.
@@ -66,14 +66,16 @@ Create in plugins/birt/src/org/ofbiz/bir
 
 [source,java]
 ----
-    Map<String, Object> parameters = (Map<String, Object>) reportContext.getParameterValue("parameters");
+    Map<String, Object> parameters = UtilGenerics.checkMap(reportContext.getParameterValue("parameters"));
 ----
 
 This Map will give access fields of the filtering form.
-This service will return a list called list of type List+++<GenericValue>+++, containing the data. A Map<String, Object> would also do.+++</GenericValue>+++
+This service will return a list of type List<GenericValue>, containing the data. A Map<String, Object> would also do.
+
+Then,
 
 . create the parent form in the file plugins/birt/widget/birt/BirtMasterForms.xml.
-Field names created here must be then names used on the Map parameters of the previous service, and also corresponding to the map filterMap.
+Field names created here must be the names used on the Map parameters of the previous service, and also corresponding to the map filterMap.
 
 [source,xml]
 ----