/
CASifying Apache OFBiz

CASifying Apache OFBiz

Aug 27, 2008

 Scenes Supported

 OFBiz-CAS-LDAP component supports the following scenes: OFBiz-CAS-OpenLDAP, OFBiz-CAS-ActiveDirectory, OFBiz-OpenLDAP and OFBiz-ActiveDirectory.

 OFBiz-CAS-LDAP Login Procedure

 The new OFBiz login procedure as following:

OFBiz-CAS Logout Procedure

 The new OFBiz logout procedure as following:


 

Deploy OFBiz-CAS-LDAP Component in OFBiz 4.0

Here are the steps on deploying OFBiz-CAS-LDAP Component in OFBiz 4.0:

  1. Use Eclipse SVN plugin download OFBiz-LDAP component from http://www.langhua.cn/langhua/ofbiz-components/OFBiz-LDAP/branch/ofbiz4.0-cas3.2.1.1-openldap2.4.8/ as a new Java project(SVN username: anon, password: anon).
  2. Edit build.xml of the new project,  change ofbiz.home property to the path where your OFBiz is.
  3. Run ofbiz.copy of build.xml, OFBiz-LDAP component will be deployed to $(ofbiz.home)/specialpurpose/ldap/.
  4. Edit $(ofbiz.home)/specialpurpose/build.xml, add ldap/build.xml:
    specialpurpose/build.xml
    <filelist id="application-builds" dir="." files="pos/build.xml, hhfacility/build.xml, assetmaint/build.xml, ldap/build.xml"/>
  5. Edit $(ofbiz.home)/specialpurpose/component-load.xml, add:
    specialpurpose/build.xml
    <load-component 	component-location="${ofbiz.home}/specialpurpose/ldap"/>
  6. If nessecery, change getPartyId and getSecurityGroup in /cn/langhua/ofbiz/ldap/commons/A_OFBizAuthenticationHandler.java.
  7. Run build of $(ofbiz.home)/build.xml.
  8. If CAS is deployed in tomcat in the same computer with OFBiz, change tomcat's ssl port to another value such as 8444 and restart tomcat.
  9. Edit the configurations in $(ofbiz.home)/specialpurpose/ldap/config/ldap.xml, see Configuration for details.
  10. Change checkLogin, login and logout in every WEB-INF/controller.xml:
specialpurpose/build.xml
<!-- 	Security Mappings -->
<request-map uri="checkLogin" edit="false">
<description>Verify a user is logged in.</description>
<security https="true" auth="false"/>
<event type="java" path="cn.langhua.ofbiz.ldap.LdapLoginWorker" invoke="checkLogin" />
<response name="success" type="view" value="main" />
<response name="error" type="view" value="login" />
</request-map>
<request-map uri="login">
<security https="true" auth="false"/>
<event type="java" path="cn.langhua.ofbiz.ldap.LdapLoginWorker" invoke="login"/>
<response name="success" type="view" value="main"/>
<response name="error" type="view" value="login"/>
</request-map>
<request-map uri="logout">
<security https="true" auth="true"/>
<event type="java" path="cn.langhua.ofbiz.ldap.LdapLoginWorker" invoke="logout"/>
<response name="success" type="request" value="checkLogin"/>
<response name="error" type="view" value="main"/>
</request-map>
<!-- End of Security Mappings -->
  1. Run OFBiz. Try to login OFBiz, you'll be redirect to CAS login page. Input a correct username and password, you'll be able to login OFBiz.
  2. Click Logout in OFBiz, you'll be redirect to CAS logout page.

Configuration

The component can be configed by  $(ofbiz.home)/specialpurpose/ldap/config/ldap.xml. Here is a sample of its content:

specialpurpose/build.xml
<?xml version="1.0" encoding="UTF-8"?>

<ldap>
    <!-- common configuration -->
    <Attribute>uid=%u</Attribute>
    <AuthenType>simple</AuthenType>
    <AuthenticationHandler>cn.langhua.ofbiz.ldap.cas.OFBizCasAuthenticationHandler</AuthenticationHandler>
    <AutoPartyId>admin</AutoPartyId>
    <AutoSecurityGroupId>FULLADMIN</AutoSecurityGroupId>
    <BaseDN>o=chinare,o=org,c=cn</BaseDN>
    <Filter>(objectclass=*)</Filter>
    <Scope>sub</Scope>
    <URL>ldap://localhost:389</URL>
    <UseOFBizLoginWhenLDAPFail>true</UseOFBizLoginWhenLDAPFail>

    <!-- for CAS-LDAP -->
    <CasLoginUri>/login</CasLoginUri>
    <CasLogoutUri>/logout</CasLogoutUri>
    <CasUrl>https://cms.chinare.org.cn:8444/cas</CasUrl>
    <CasValidateUri>/validate</CasValidateUri>
    <CasLdapHandler>cn.langhua.ofbiz.ldap.openldap.OFBizLdapAuthenticationHandler</CasLdapHandler>

    <!-- for MS Active Directory -->
    <SearchType/>
    <UserDNForSearch/>
    <PasswordForSearch/>
</ldap>

 Currently, there are 3 AuthenticationHandlers:

  • cn.langhua.ofbiz.ldap.cas.OFBizCasAuthenticationHandler: CAS authentication handler.
  • cn.langhua.ofbiz.ldap.openldap.OFBizLdapAuthenticationHandler: OpenLDAP authentication handler.
  • cn.langhua.ofbiz.ldap.activedirectory.OFBizActiveDirectoryAuthenticationHandler: Active Directory authentication handler.

Enjoy it.
Shi Yusen/Beijing Langhua Ltd.

http://www.langhua.cn/