commit | d76abb624f23f33d9e7ff36853a009104c92f862 | [log] [tgz] |
---|---|---|
author | Jacques Le Roux <jleroux@apache.org> | Thu Jan 05 11:29:26 2017 +0000 |
committer | Jacques Le Roux <jleroux@apache.org> | Thu Jan 05 11:29:26 2017 +0000 |
tree | e80603985b7eb71cef20ec10b0d5a4e9c9ce4954 | |
parent | 8fdfe58ff9b466c492eaaf03ad30115efc01ea3e [diff] |
Implemented: Create and use an OWASP PolicyFactory for content sanitization in ContentWorker for Birt Report Builder (OFBIZ-9166) This is still an incomplete feature because I did not find yet a way to complete the BIRT_REPORT_BUILDER_USAGE_POLICY and had to bypass the sanitization for this case, WIP... This commit has no effect on OFBiz yet. I need to commit this now to continue to work on the main task: OFBIZ-6919 "New implementation of Birt. Easier user possibility of report creation". git-svn-id: https://svn.apache.org/repos/asf/ofbiz/trunk@1777451 13f79535-47bb-0310-9956-ffa450edef68
Welcome to Apache OFBiz®! A powerful top level Apache software project. OFBiz is an Enterprise Resource Planning (ERP) System written in Java and houses a large set of libraries, entities, services and features to run all aspects of your business.
For more details about OFBiz please visit the OFBiz Documentation page:
The only requirement to run OFBiz is to have the Java Development Kit (JDK) version 8 installed on your system (not just the JRE, but the full JDK) which you can download from the below link.
Note: if you are using Eclipse, make sure of running the appropriate Eclipse command
gradlew eclipse
before creating the project in Eclipse. This command will prepare OFBiz for Eclipse with the correct classpath and settings by creating the.classpath and .project files.
You can trust the OFBiz Project Management Committee members and committers do their best to keep OFBiz secure from external exploits, and fix vulnerabilities as soon as they are known. Despite these efforts, if ever you find and want to report a security issue, please report at: security @ ofbiz.apache.org, before disclosing them in a public forum.
Note: Be sure to read this Wiki page if ever you plan to use RMI, JNDI, JMX or Spring and maybe other Java classes OFBiz does not use Out Of The Box (OOTB): The infamous Java serialization vulnerability
You can find more information about security in OFBiz at Keeping OFBiz secure
To quickly install and fire-up OFBiz, please follow the below instructions from the command line at the OFBiz top level directory (folder)
Note: Depending on your Internet connection speed it might take a long time for this step to complete if you are using OFBiz for the first time as it needs to download all dependencies. So please be patient!
MS Windows: gradlew cleanAll loadDefault
Unix-like OS: ./gradlew cleanAll loadDefault
MS Windows: gradlew ofbiz
Unix-like OS: ./gradlew ofbiz
You can log in with the user admin and password ofbiz.
Note: the default configuration uses an embedded Java database (Apache Derby) and embedded application server components such as Apache Tomcat®, Apache Geronimo (transaction manager), etc.
All build tasks are executed using the Gradle build system which is embedded in OFBiz. To execute build tasks go to OFBiz top-level directory (folder) and execute tasks from there.
The syntax for tasks differ slightly between windows and Unix-like systems
Windows: gradlew <tasks-in-here>
Unix-like: ./gradlew <tasks-in-here>
For the rest of this document, we will use the windows syntax, if you are on a Unix-like system, you need to add the ./
to gradlew
There are two types of tasks designed for OFBiz in Gradle:
Standard tasks: To execute general standard Gradle tasks
OFBiz server tasks: To execute OFBiz startup commands. These tasks start with one of the following words:
Tips:
OFBiz server commands require “quoting” the commands. For example: gradlew "ofbiz --help"
Shortcuts to task names can be used by writing the first letter of every word in a task name. However, you cannot use the shortcut form for OFBiz server tasks. Example: gradlew loadAdminUserLogin -PuserLoginId=myadmin
= gradlew lAUL -PuserLoginId=myadmin
gradlew build
gradlew cleanAll loadDefault testIntegration
gradlew "ofbiz --help"
gradlew "ofbizDebug --test"
gradlew "ofbizBackground --start --portoffset 10000"
gradlew "ofbiz --shutdown --portoffset 10000"
gradlew ofbiz
(default is --start)
gradlew cleanAll loadDefault "ofbiz --start"
You can use the below common list of tasks as a quick reference for controlling the system. This document uses the windows task syntax, if you are on a Unix-like system, you need to add the ./
to gradlew i.e. ./gradlew
List all available commands to control the OFBiz server
gradlew "ofbiz --help"
List all available tasks from the build system
gradlew tasks
List all available projects in the build system
gradlew projects
Show usage and options for the Gradle build system
gradlew --help
gradlew "ofbiz --start"
start is the default server task so this also works:
gradlew ofbiz
gradlew "ofbiz --shutdown"
gradlew "ofbiz --status"
Terminate all running OFBiz server instances by calling the appropriate operating system kill command. Use this command to force OFBiz termination if the --shutdown command does not work. Usually this is needed when in the middle of data loading or testing in OFBiz.
Warning: Be careful in using this command as force termination might lead to inconsistent state / data
gradlew terminateOfbiz
Starts OFBiz in remote debug mode and waits for debugger or IDEs to connect on port 5005
gradlew "ofbizDebug --start"
OR
gradlew ofbizDebug
Start OFBiz of the network port offsetted by the range provided in the argument to --portoffset
gradlew "ofbiz --start --portoffset 10000"
Start OFBiz in the background by forking it to a new process and redirecting the output to runtime/logs/console.log
gradlew "ofbizBackground --start"
OR
gradlew ofbizBackground
You can also offset the port, for example:
gradlew "ofbizBackground --start --portoffset 10000"
OFBiz contains the following data reader types:
you can choose which data readers to pass in the following syntax:
gradlew "ofbiz --load-data readers=<readers-here-comma-separated>"
Example:
gradlew "ofbiz --load-data readers=seed,seed-initial,ext,ext-demo"
Loads default data set; meant for initial loading of generic OFBiz data. Can be applied for development, testing, demonstration, etc. purposes. Be aware that executing this task can result in your data being overwritten in your database of choice. Use with caution in production environments. The default data set is defined by datasource using the read-data attribute, followed by the name of the data set, into the datasource element of the ‘entityengine.xml’ file.
gradlew loadDefault
OR
gradlew "ofbiz --load-data"
Load ONLY the seed data (not seed-initial, demo, ext* or anything else); meant for use after an update of the code to reload the seed data as it is generally maintained along with the code and needs to be in sync for operation
gradlew "ofbiz --load-data readers=seed"
Load seed, seed-initial and ext data; meant for manual/generic testing, development, or going into production with a derived system based on stock OFBiz where the ext data basically replaces the demo data
gradlew "ofbiz --load-data readers=seed,seed-initial,ext"
Load seed, seed-initial, ext and ext-test data; meant for automated testing with a derived system based on stock OFBiz
gradlew "ofbiz --load-data readers=seed,seed-initial,ext,ext-test"
Load data from an XML file holding entity data.
gradlew "ofbiz --load-data file=foo/bar/FileNameHere.xml"
Create a new tenant in your environment, create the delegator, load initial data with admin-user and password (needs multitenant=Y in general.properties). The following project parameters are passed:
gradlew createTenant -PtenantId=mytenant
gradlew createTenant -PtenantId=mytenant -PtenantName="My Name" -PdomainName=com.example -PtenantReaders=seed,seed-initial,ext -PdbPlatform=M -PdbIp=127.0.0.1 -PdbUser=mydbuser -PdbPassword=mydbpass
If run successfully, the system creates a new tenant having:
Load data for one specific tenant in a multitenant environment. Note that you must set multitenant=Y in general.properties and the following project parameters are passed:
gradlew loadTenant -PtenantId=mytenant
gradlew loadTenant -PtenantId=mytenant -PtenantReaders=seed,seed-initial,demo -PtenantComponent=base
gradlew test
gradlew testIntegration
OR
gradlew 'ofbiz --test'
run a test case, in this example the component is “entity” and the case name is “entity-tests”
gradlew "ofbiz --test component=entity --test case=entity-tests"
listens on port 5005
gradlew "ofbizDebug --test component=entity --test case=entity-tests"
gradlew "ofbiz --test component=widget --test suitename=org.apache.ofbiz.widget.test.WidgetMacroLibraryTests"
listens on port 5005
gradlew "ofbizDebug --test component=widget --test suitename=org.apache.ofbiz.widget.test.WidgetMacroLibraryTests"
This is a very convenient feature of Gradle which allows the user to interact with Gradle through a swing GUI. You can save frequently used commands in a list of favorites for frequent reuse.
gradlew --gui
gradlew cleanAll loadDefault testIntegration
gradlew cleanAll
gradlew clean build
Create an admin user with login name MyUserName and default password with value “ofbiz”. Upon first login OFBiz will request changing the default password
gradlew loadAdminUserLogin -PuserLoginId=MyUserName
Xlint prints output of all warnings detected by the compiler
gradlew -PXlint build
The below command activates a gradle plugin (OWASP) and Identifies and reports known vulnerabilities (CVEs) in OFBiz library dependencies. This command takes a long time to execute because it needs to download all plugin dependencies and the CVE identification process is also time consuming
gradlew -PenableOwasp dependencyCheck
Setting up OFBiz on eclipse is easy by simply running the below command and then importing the project to eclipse. This command will generate the necessary .classpath and .project files for eclipse and it will also make the source code for external libraries available in eclipse (i.e. you can view source through Ctrl + Click)
The first time you run this command it will take a long time to execute because it will download source packages available for project dependencies.
gradlew eclipse
OFBiz provides an extension mechanism through plugins. Plugins are standard OFBiz components that reside in the specialpurpose directory. Plugins can be added manually or fetched from a maven repository. The standard tasks for managing plugins are listed below.
Note: OFBiz plugin versions follow Semantic Versioning 2.0.0
Download a plugin with all its dependencies (plugins) and install them one-by-one starting with the dependencies and ending with the plugin itself.
gradlew pullPlugin -PdependencyId="org.apache.ofbiz.plugin:myplugin:0.1.0"
If the plugin resides in a custom maven repository (not jcenter or localhost) then you can use specify the repository using below command:
gradlew pullPlugin -PrepoUrl="http://www.example.com/custom-maven" -PdependencyId="org.apache.ofbiz.plugin:myplugin:0.1.0"
If you need username and password to access the custom repository:
gradlew pullPlugin -PrepoUrl="http://www.example.com/custom-maven" -PrepoUser=myuser -PrepoPassword=mypassword -PdependencyId="org.apache.ofbiz.plugin:myplugin:0.1.0"
If you have a plugin called mycustomplugin and want to install it in OFBiz follow the below instructions:
gradlew installPlugin -PpluginId=myplugin
The above commands achieve the following:
If you have an existing plugin called mycustomplugin and you wish to uninstall run the below command
gradlew uninstallPlugin -PpluginId=myplugin
The above commands achieve the following:
Calls uninstallPlugin on an existing plugin and then delete it from the file-system
gradlew removePlugin -PpluginId=myplugin
Create a new plugin. The following project parameters are passed:
gradlew createPlugin -PpluginId=myplugin
gradlew createPlugin -PpluginId=myplugin -PpluginResourceName=MyPlugin -PwebappName=mypluginweb -PbasePermission=MYSECURITY
The above commands achieve the following:
This task publishes an OFBiz plugin into a maven package and then uploads it to a maven repository. Currently, pushing is limited to localhost maven repository (work in progress). To push a plugin the following parameters are passed:
gradlew pushPlugin -PpluginId=myplugin
gradlew pushPlugin -PpluginId=mycompany -PpluginGroup=com.mycompany.ofbiz.plugin -PpluginVersion=1.2.3 -PpluginDescription="Introduce special functionality X"
To get tab completion (auto complete gradle commands by pressing tab) you can download the script from the below link and place it in the appropriate location for your system.
For example, on debian based systems, you can use the following command:
sudo curl -L -s https://gist.github.com/Ea87/46401a96df31cd208a87/raw/gradle-tab-completion.bash -o /etc/bash_completion.d/gradle-tab-completion.bash
This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See http://www.wassenaar.org/ for more information.
The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this Apache Software Foundation distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.
The following provides more details on the included cryptographic software: