ofbiz-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nicolas Malin <nicolas.ma...@nereide.fr>
Subject Re: Minilang to Groovy: login-required tag questions
Date Wed, 24 Jan 2018 23:27:34 GMT
As simplify the permission management, I prefer to manage all 
authentication access by the SOA. So only service will manage the 
authentication.

So if you convert a minilang to groovy report the problematic to the 
service definition related. Otherwise normally you haven't this problem 
on groovy. Maybe I missed something, don't hesitate to send a patch with 
the problem not solved for help my mind :)

Nicolas


On 22/01/2018 09:17, Jacques Le Roux wrote:
> Hi Dennis,
>
> That's a good question! I just saw that you also put a comment in the 
> current OFBIZ-10031 patch:
>
> // login-required tag?
>
> If we refer to the available documentation we have
>
> "Require a user login to run this method. Defaults to "true". 
> Optional. Attribute type:  constant."
>
> and
>
> "If auth=false when you hit the request, even if you're not logged in, 
> it will allow you to go through. If auth=true, when you hit the 
> request if you're not logged in it will forward you over to the login 
> page"
>
> The later comes from an old David's E. Jones document: the "Apache 
> OFBiz Advanced Framework - Training Video Transcription"
>
> Here we have 2 options
>
> 1. We consider it simply as a service and then login-required is not 
> needed. This is for instance what has been done for
>    getPartyAccountingPreferences in 
> http://svn.apache.org/viewvc?view=revision&revision=1796731 There the 
> default (login-required=true) was used
> 2. It seems redundant if you look at it from a service POV. But a 
> simple method can also be used in another context and I guess that's 
> why we have
>    this apparent redundancy. So we can do only 1 if it's only used as 
> a service (I guess for a service implementation much of the time, if not
>    always) else we need to change the call (in other simple-method/s) 
> to service call/s and then do 1.
>
> About
>
> >Where does this get checked and when?
>
> It's checked in SimpleMethod.exec(MethodContext methodContext) But 
> given my proposition above it should not be needed to port this part.
>
> About auth=true when you are not in the context of an UI (jobs): 
> runShoppingListAutoReorder shows that's then userLogin is supposed to 
> be in context.
> I did not check but I guess, if auth=true, at this stage the service 
> engine would have already rejected the call if the userLogin is not in 
> the context.
>
> More thoughts are welcome.
>
> Jacques
>
> Le 05/01/2018 à 14:06, Dennis Balkir a écrit :
>> Hi Devs,
>>
>> at the moment I am doing some Minilang to Groovy conversions 
>> (CategoryServices to be precise) and I found a simple method 
>> (getAssociatedProductsList), which set the tag „login-required“ to 
>> false.
>> I then checked the service-definition of this method (which it had), 
>> and there it also sets the „auth“ tag to false.
>> I tried to find, where these tags get checked in the Engine-Codes, 
>> specifically the serviceengine.xml, SimpleServiceEngine.java, 
>> ServiceEngine.java and SimpleMethod.java, but I cannot find for sure, 
>> where the authentication gets checked.
>>
>> The question for me is now: Is it necessary for the simple method to 
>> have the „login-required“ tag set to false, if the service definition 
>> set "auth" to false already?
>> Where does this get checked and when?
>> And of course: When the set of the „login-required“ tag in the 
>> simple-method is necessary, as well as the set „auth“ tag, how do I 
>> implement the „login-required=false“ in Groovy?
>>
>> Thanks in advance for your help
>>
>> Kind regards
>
>


Mime
View raw message