ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacques Le Roux (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (OFBIZ-9206) Login and logout process in demos shows a certificate issue
Date Tue, 28 Feb 2017 15:41:55 GMT

    [ https://issues.apache.org/jira/browse/OFBIZ-9206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15888142#comment-15888142
] 

Jacques Le Roux edited comment on OFBIZ-9206 at 2/28/17 3:40 PM:
-----------------------------------------------------------------

OK I was ready to close this issue with this message
{quote}
Fixed in
trunk r1784549 + r1784555 + r1784558
R16.11 r1784550 + r1784559
R15.11 & 14.11 r1784556+ r1784560
R13.07 r1784745
{quote}

I even wrote that
{quote}
It was an easy fix, I just imported
<SystemProperty systemPropertyId="port.https" systemResourceId="url" systemPropertyValue=""/>
in trunk demo and all work perfectly.
{quote}

But I missed one point: how deep the ecommerce webapp is entrenched in some applications components.
This can at least be tested with product and catalog webapp.
# Get to https://demo-stable.ofbiz.apache.org/catalog/control/EditProduct?productId=GZ-1000
# Click on the "Product Page" button (you may notice an error which has been "fixed", more
a workaround, at OFBIZ-9234)
# Click on the logout link you get to https://demo-stable.ofbiz.apache.org/ecommerce/control/main
but also to blank page, you just got a 404. The same happens locally, it's not related to
demos, the letsencrypt certificate or the HTTPD frontend config.

If you replace ecommerce/control/main by ecomseo in the URL, it works again. IIRW this was
the initial reason I switched the trunk demo link from the site home page to ecomseo.

Also if you replace ecommerce by ecomseo in CatalogMenus.xml then all works really perfectly.
What I could do is to make this a parameter, but if you look for "ecommerce" in applications
you find 96 harcoded "ecommerce" strings. Among the 96 harcoded "ecommerce" strings I could
replace those that have a relation with URLs generation by "ecomseo" and that would be it.

But at this stage I think we need to think more about it. I see 3 alternatives:
# Fixes the underlying problems with ecommerce, good luck while shaving the yak! See OFBIZ-9234
and OFBIZ-9235 I already crossed while working on the current issue, for instance.
# My proposition above to replace "ecommerce" strings by "ecomseo". But I know some are reluctants
about that because the ecomseo specifications have not been defined. Though we also have no
specifications for ecommerce, I can understand this concern. It would be good to have ecomseo
specifications defined before definitely switching to it. I thought about reverting and keep
up later. But I fear it's a risk of loosing momentum and have to do it again if other changes
stack on. I'll rather retroengineer ecomseo to explain what really changes. If I can't explain
all at a functional level, I'll ask Jinghai and especially Jonathan Schikowski, anyway I already
planned to do so.
# This is only related to the logout when coming from catalog/product, and a simpler way is
to remove all ecommerce links from applications. We anyway want to remove dependencies from
plugins in applications. And I believe it's where we should start.

I'm inclided to the 3rd option, I'll create a thread on dev ML to discuss about the 3 points
above.

In the meantime, I'll now restart the demos and change the link from the site home page, for
at least test and let test.



was (Author: jacques.le.roux):
OK I was ready to close this issue with this message
{quote}
Fixed in
trunk r1784549 + r1784558
R16.11 r1784550 + r1784559
R15.11 & 14.11 r1784556+ r1784560
R13.07 r1784745
{quote}

I even wrote that
{quote}
It was an easy fix, I just imported
<SystemProperty systemPropertyId="port.https" systemResourceId="url" systemPropertyValue=""/>
in trunk demo and all work perfectly.
{quote}

But I missed one point: how deep the ecommerce webapp is entrenched in some applications components.
This can at least be tested with product and catalog webapp.
# Get to https://demo-stable.ofbiz.apache.org/catalog/control/EditProduct?productId=GZ-1000
# Click on the "Product Page" button (you may notice an error which has been "fixed", more
a workaround, at OFBIZ-9234)
# Click on the logout link you get to https://demo-stable.ofbiz.apache.org/ecommerce/control/main
but also to blank page, you just got a 404. The same happens locally, it's not related to
demos, the letsencrypt certificate or the HTTPD frontend config.

If you replace ecommerce/control/main by ecomseo in the URL, it works again. IIRW this was
the initial reason I switched the trunk demo link from the site home page to ecomseo.

Also if you replace ecommerce by ecomseo in CatalogMenus.xml then all works really perfectly.
What I could do is to make this a parameter, but if you look for "ecommerce" in applications
you find 96 harcoded "ecommerce" strings. Among the 96 harcoded "ecommerce" strings I could
replace those that have a relation with URLs generation by "ecomseo" and that would be it.

But at this stage I think we need to think more about it. I see 3 alternatives:
# Fixes the underlying problems with ecommerce, good luck while shaving the yak! See OFBIZ-9234
and OFBIZ-9235 I already crossed while working on the current issue, for instance.
# My proposition above to replace "ecommerce" strings by "ecomseo". But I know some are reluctants
about that because the ecomseo specifications have not been defined. Though we also have no
specifications for ecommerce, I can understand this concern. It would be good to have ecomseo
specifications defined before definitely switching to it. I thought about reverting and keep
up later. But I fear it's a risk of loosing momentum and have to do it again if other changes
stack on. I'll rather retroengineer ecomseo to explain what really changes. If I can't explain
all at a functional level, I'll ask Jinghai and especially Jonathan Schikowski, anyway I already
planned to do so.
# This is only related to the logout when coming from catalog/product, and a simpler way is
to remove all ecommerce links from applications. We anyway want to remove dependencies from
plugins in applications. And I believe it's where we should start.

I'm inclided to the 3rd option, I'll create a thread on dev ML to discuss about the 3 points
above.

In the meantime, I'll now restart the demos and change the link from the site home page, for
at least test and let test.


> Login and logout process in demos shows a certificate issue
> -----------------------------------------------------------
>
>                 Key: OFBIZ-9206
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9206
>             Project: OFBiz
>          Issue Type: Bug
>          Components: Demo
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Minor
>         Attachments: OFBIZ-9206.patch, ofbiz-vm2.apache.org.yaml
>
>
> When, from the site main page http://ofbiz.apache.org/, you get to the demos depending
on browser (tested on Windows 7) you get some issues:
> * FF
> ** Management Apps: OK
> ** Ecommerce: OK
> * Chrome (Management Apps or Ecommerce)
> ** stable: OK
> ** old: KO - If you copy the URL by hand it works, and after even from the main page
it works.
> ** trunk: OK
> * IE, same than Chrome
> If, from any browser, you logout from Management Apps you get a certificate issue. Actually
as we use HSTS the browsers protect us from any 3rd party intrusions... Same issue when login
in.
> So it seems we have a certificate issue after OFBIZ-7928 and INFRA-11960. Maybe it's
due to how OFBiz redirects when login in or login out because, so far, only the login page
is concerned...



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message