/
CASifying Apache OFBiz

CASifying Apache OFBiz

Aug 27, 2008

 Scenes Supported

 OFBiz-CAS-LDAP component supports the following scenes: OFBiz-CAS-OpenLDAP, OFBiz-CAS-ActiveDirectory, OFBiz-OpenLDAP and OFBiz-ActiveDirectory.

 OFBiz-CAS-LDAP Login Procedure

 The new OFBiz login procedure as following:

OFBiz-CAS Logout Procedure

 The new OFBiz logout procedure as following:

Deploy OFBiz-CAS-LDAP Component in OFBiz 4.0

Here are the steps on deploying OFBiz-CAS-LDAP Component in OFBiz 4.0:

  1. Use Eclipse SVN plugin download OFBiz-LDAP component from http://www.langhua.cn/langhua/ofbiz-components/OFBiz-LDAP/branch/ofbiz4.0-cas3.2.1.1-openldap2.4.8/ as a new Java project(SVN username: anon, password: anon).

  2. Edit build.xml of the new project,  change ofbiz.home property to the path where your OFBiz is.

  3. Run ofbiz.copy of build.xml, OFBiz-LDAP component will be deployed to $(ofbiz.home)/specialpurpose/ldap/.

  4. Edit $(ofbiz.home)/specialpurpose/build.xml, add ldap/build.xml:

    specialpurpose/build.xml

    <filelist id="application-builds" dir="." files="pos/build.xml, hhfacility/build.xml, assetmaint/build.xml, ldap/build.xml"/>

  5. Edit $(ofbiz.home)/specialpurpose/component-load.xml, add:

    specialpurpose/build.xml

    <load-component component-location="${ofbiz.home}/specialpurpose/ldap"/>

  6. If nessecery, change getPartyId and getSecurityGroup in /cn/langhua/ofbiz/ldap/commons/A_OFBizAuthenticationHandler.java.

  7. Run build of $(ofbiz.home)/build.xml.

  8. If CAS is deployed in tomcat in the same computer with OFBiz, change tomcat's ssl port to another value such as 8444 and restart tomcat.

  9. Edit the configurations in $(ofbiz.home)/specialpurpose/ldap/config/ldap.xml, see Configuration for details.

  10. Change checkLogin, login and logout in every WEB-INF/controller.xml:

specialpurpose/build.xml
<!-- Security Mappings --> <request-map uri="checkLogin" edit="false"> <description>Verify a user is logged in.</description> <security https="true" auth="false"/> <event type="java" path="cn.langhua.ofbiz.ldap.LdapLoginWorker" invoke="checkLogin" /> <response name="success" type="view" value="main" /> <response name="error" type="view" value="login" /> </request-map> <request-map uri="login"> <security https="true" auth="false"/> <event type="java" path="cn.langhua.ofbiz.ldap.LdapLoginWorker" invoke="login"/> <response name="success" type="view" value="main"/> <response name="error" type="view" value="login"/> </request-map> <request-map uri="logout"> <security https="true" auth="true"/> <event type="java" path="cn.langhua.ofbiz.ldap.LdapLoginWorker" invoke="logout"/> <response name="success" type="request" value="checkLogin"/> <response name="error" type="view" value="main"/> </request-map> <!-- End of Security Mappings -->

  1. Run OFBiz. Try to login OFBiz, you'll be redirect to CAS login page. Input a correct username and password, you'll be able to login OFBiz.

  2. Click Logout in OFBiz, you'll be redirect to CAS logout page.

Configuration

The component can be configed by  $(ofbiz.home)/specialpurpose/ldap/config/ldap.xml. Here is a sample of its content:

specialpurpose/build.xml
<?xml version="1.0" encoding="UTF-8"?> <ldap> <!-- common configuration --> <Attribute>uid=%u</Attribute> <AuthenType>simple</AuthenType> <AuthenticationHandler>cn.langhua.ofbiz.ldap.cas.OFBizCasAuthenticationHandler</AuthenticationHandler> <AutoPartyId>admin</AutoPartyId> <AutoSecurityGroupId>FULLADMIN</AutoSecurityGroupId> <BaseDN>o=chinare,o=org,c=cn</BaseDN> <Filter>(objectclass=*)</Filter> <Scope>sub</Scope> <URL>ldap://localhost:389</URL> <UseOFBizLoginWhenLDAPFail>true</UseOFBizLoginWhenLDAPFail> <!-- for CAS-LDAP --> <CasLoginUri>/login</CasLoginUri> <CasLogoutUri>/logout</CasLogoutUri> <CasUrl>https://cms.chinare.org.cn:8444/cas</CasUrl> <CasValidateUri>/validate</CasValidateUri> <CasLdapHandler>cn.langhua.ofbiz.ldap.openldap.OFBizLdapAuthenticationHandler</CasLdapHandler> <!-- for MS Active Directory --> <SearchType/> <UserDNForSearch/> <PasswordForSearch/> </ldap>

 Currently, there are 3 AuthenticationHandlers:

  • cn.langhua.ofbiz.ldap.cas.OFBizCasAuthenticationHandler: CAS authentication handler.

  • cn.langhua.ofbiz.ldap.openldap.OFBizLdapAuthenticationHandler: OpenLDAP authentication handler.

  • cn.langhua.ofbiz.ldap.activedirectory.OFBizActiveDirectoryAuthenticationHandler: Active Directory authentication handler.

Enjoy it.
Shi Yusen/Beijing Langhua Ltd.

http://www.langhua.cn/