ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacques Le Roux (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OFBIZ-9206) Login and logout process in demos shows a certificate issue
Date Tue, 28 Feb 2017 14:51:45 GMT

    [ https://issues.apache.org/jira/browse/OFBIZ-9206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15888142#comment-15888142

Jacques Le Roux commented on OFBIZ-9206:

OK I was ready to close this issue with this message
Fixed in
trunk r1784549 + r1784558
R16.11 r1784550 + r1784559
R15.11 & 14.11 r1784556+ r1784560
R13.07 r1784745

I even wrote that
It was an easy fix, I just imported
<SystemProperty systemPropertyId="port.https" systemResourceId="url" systemPropertyValue=""/>
in trunk demo and all work perfectly.

But I missed one point: how deep the ecommerce webapp is entrenched in some applications components.
This can at least be tested with product and catalog webapp.
# Get to https://demo-stable.ofbiz.apache.org/catalog/control/EditProduct?productId=GZ-1000
# Click on the "Product Page" button (you may notice an error which has been "fixed", more
a workaround, at OFBIZ-9234)
# Click on the logout link you get to https://demo-stable.ofbiz.apache.org/ecommerce/control/main
but also to blank page, you just got a 404. The same happens locally, it's not related to
demos, the letsencrypt certificate or the HTTPD frontend config.

If you replace ecommerce/control/main by ecomseo in the URL, it works again. IIRW this was
the initial reason I switched the trunk demo link from the site home page to ecomseo.

Also if you replace ecommerce by ecomseo in CatalogMenus.xml then all works really perfectly.
What I could do is to make this a parameter, but if you look for "ecommerce" in applications
you find 96 harcoded "ecommerce" strings. Among the 96 harcoded "ecommerce" strings I could
replace those that have a relation with URLs generation by "ecomseo" and that would be it.

But at this stage I think we need to think more about it. I see 3 alternatives:
# Fixes the underlying problems with ecommerce, good luck while shaving the yak! See OFBIZ-9234
and OFBIZ-9235 I already crossed while working on the current issue, for instance.
# My proposition above to replace "ecommerce" strings by "ecomseo". But I know some are reluctants
about that because the ecomseo specifications have not been defined. Though we also have no
specifications for ecommerce, I can understand this concern. It would be good to have ecomseo
specifications defined before definitely switching to it. I thought about reverting and keep
up later. But I fear it's a risk of loosing momentum and have to do it again if other changes
stack on. I'll rather retroengineer ecomseo to explain what really changes. If I can't explain
all at a functional level, I'll ask Jinghai and especially Jonathan Schikowski, anyway I already
planned to do so.
# This is only related to the logout when coming from catalog/product, and a simpler way is
to remove all ecommerce links from applications. We anyway want to remove dependencies from
plugins in applications. And I believe it's where we should start.

I'm inclided to the 3rd option, I'll create a thread on dev ML to discuss about the 3 points

In the meantime, I'll now restart the demos and change the link from the site home page, for
at least test and let test.

> Login and logout process in demos shows a certificate issue
> -----------------------------------------------------------
>                 Key: OFBIZ-9206
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9206
>             Project: OFBiz
>          Issue Type: Bug
>          Components: Demo
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Minor
>         Attachments: OFBIZ-9206.patch, ofbiz-vm2.apache.org.yaml
> When, from the site main page http://ofbiz.apache.org/, you get to the demos depending
on browser (tested on Windows 7) you get some issues:
> * FF
> ** Management Apps: OK
> ** Ecommerce: OK
> * Chrome (Management Apps or Ecommerce)
> ** stable: OK
> ** old: KO - If you copy the URL by hand it works, and after even from the main page
it works.
> ** trunk: OK
> * IE, same than Chrome
> If, from any browser, you logout from Management Apps you get a certificate issue. Actually
as we use HSTS the browsers protect us from any 3rd party intrusions... Same issue when login
> So it seems we have a certificate issue after OFBIZ-7928 and INFRA-11960. Maybe it's
due to how OFBiz redirects when login in or login out because, so far, only the login page
is concerned...

This message was sent by Atlassian JIRA

View raw message