by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Tanner Donovan
    @ttdonovan
    setting up travis-ci or circle-ci?
    just something that could build the sites and curl an end-point
    Jay Aisenbrey
    @cja769
    That's a great idea. Unfortunately this bug flew under the radar because it only affects our community version
    Tanner Donovan
    @ttdonovan
    is the coummunity demo site not used a base test for enterpise edition?
    or again maybe my lack of understanding on how java apps are configured and ran
    Jay Aisenbrey
    @cja769
    It is not. We have a separate private repository for our enterprise demo site that we provide to our enterprise customers. It targets the same BroadleafCommerce/BroadleafCommerce repository however it also has some of our Enterprise modules such as MultiTenant-SingleSchema and OMS
    Both applications are ran the same, there's just different dependencies
    magaton
    @magaton
    Hello. I've seen quite a few articles and webinars about microservices reference impl, but cannot find any source code. Is this only meant to be used for commercial purposes?
    danielcolgrove
    @danielcolgrove
    @magaton Microservices is a commercial product. However, Broadleaf does provides source code to our commercial clients. We will be releasing tutorials that allow developers to get a good sense of working with Broadleaf Microservices in the near future.
    magaton
    @magaton
    Thanks, besides the obvious architecture difference, is there any feature comparison between broadleaf monolith and microservices?
    danielcolgrove
    @danielcolgrove
    @magaton Sorry for the delay on this reply. We don't have a feature comparison chart between the two products. The goal is to have feature parity but the solutions will certainly be different including different nomenclatures and differences on how a feature is implemented (improvements based on lessons learned).
    Vishal Nigam
    @vishalnigamoff_twitter
    Hey Guys
    Can anyone help me with this error
    not sure what is wrong
    using this as the ref to install in on ubuntu
    everytime i am running mvn spring-boot:run
    i am getting the build failuer
    *failure
    image.png
    danielcolgrove
    @danielcolgrove
    @vishalnigamoff_twitter I'm not able to reproduce your error (on 6.0.8.1-GA). The screenshot you shared doesn't show the root cause, just that there was an error. Can you look farther up in the logs to find the root cause issue? Note there is a known SQL WARN message that gets thrown related to "user lacks privilege or object not found: SITE_DISC" but this does not prevent the application from starting. This WARN will be removed in the next release.
    chiranjitsaha1108
    @chiranjitsaha1108
    When I'm trying to extend the class UsernamePasswordAuthenticationFilter with my own implementation. I'm unable to invoke the overridden method. Kindly let me know the procedure for creating the application context in the site and what is the procedure of creating the application context and where are the places I need to do the changes. Please let me know asap.
    danielcolgrove
    @danielcolgrove
    Hi @chiranjitsaha1108 Broadleaf uses Spring Security so you can tie into that ecosystem. Assuming you are using version 5.2 or higher, the UsernamePasswordAuthenticationFilter can be replaced in the SecurityConfig class (for example, SiteSecurityConfig or AdminSecurityConfig). See https://github.com/BroadleafCommerce/DemoSite/blob/6065ad92e23474cfeff32be6c6d9fc974ecfc67d/site/src/main/java/com/community/configuration/SiteSecurityConfig.java#L150. There is a good SpringSecurity article on creating a custom UsernamePasswordAuthenticationFilter - https://leaks.wanari.com/2017/11/28/how-to-make-custom-usernamepasswordauthenticationfilter-with-spring-security.
    chiranjitsaha1108
    @chiranjitsaha1108
    @danielcolgrove Hi Daniel
    Thank you so much for the reply. I have place the class name in the SiteSecutiyConfig file at addFilterBefore with the new custom class name but in the debug mode it is still not getting inside my custom class and instead of that it is still going into the OOTB class. Please let me know if I can share my screen and can show you the issue so that you can help me out. Actually I'm stuck with the issue and if you can help me out it would be very nice.
    chiranjitsaha1108
    @chiranjitsaha1108
    Thank you so much for the reply. I have place the class name in the SiteSecutiyConfig file at addFilterBefore with the new custom class name but in the debug mode it is still not getting inside my custom class and instead of that it is still going into the OOTB class.
    danielcolgrove
    @danielcolgrove

    Hi @chiranjitsaha1108 Since we are dealing with Spring Security, there are a lot of references on how to do this. There is nothing special going on with Broadleaf.

    I found an similar post on stackoverflow that mimics your issue exactly - https://stackoverflow.com/questions/30287568/springboot-usernamepasswordauthenticationfilter-issue.

    I followed the recommended answer and it worked for me. The steps:
    1) extend UsernamePasswordAuthenticationFilter
    2) in SiteSecurityConfig add a new bean with your new filter but there are a couple properties you have to set so it knows when to engage the filter:

        @Bean
        public MyUsernamePasswordAuthenticationFilter authenticationFilter()
            throws Exception {
            MyUsernamePasswordAuthenticationFilter customUsernamePasswordAuthenticationFilter = new MyUsernamePasswordAuthenticationFilter();
            customUsernamePasswordAuthenticationFilter
                .setAuthenticationManager(authenticationManagerBean());
            customUsernamePasswordAuthenticationFilter
                .setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/login_post.htm","POST"));
            return customUsernamePasswordAuthenticationFilter;
        }

    3) Add the new authenticationFilter to your security configuraiton before the default UsernamePasswordAuthenticationFilter.

    .addFilterBefore(authenticationFilter(), UsernamePasswordAuthenticationFilter.class)

    That should be all. This worked for me locally.

    chiranjitsaha1108
    @chiranjitsaha1108
    @danielcolgrove THanks for the reply. Can you please let me know the login flow. The java classes associated with it.
    danielcolgrove
    @danielcolgrove
    Hi @chiranjitsaha1108 This is a Spring Security question. All that Broadleaf does is tap into the Spring Security flow (based on Spring's documentation). If you are extending the security, please read about Spring Security and research stackoverflow (and similar sites). There is a ton of information available. For example - https://stackoverflow.com/questions/41480102/how-spring-security-filter-chain-works
    chiranjitsaha1108
    @chiranjitsaha1108
    @danielcolgrove I would say first of all thanks to you. I really worked and it is working in my application. I would like to understand the Login(java classes) in DemoSite of Broadleaf commerce. I'm working on an AES encrytion. So it is a good architecture if I extend the UsernamePasswordAuthenticationFilter.class and then modify the request with the encrypted pass and then it checks with the value of the DB. Or if there is any better idea can you please share it with me.
    chiranjitsaha1108
    @chiranjitsaha1108
    @danielcolgrove Say if I want to extend LoginServiceImpl then what are changes that we need to do can you please let me know. Also, I'm bit struggling with applicationContext.xml. As the applicationContext.xml is not present in the core module. How can we create the applicationContext.xml and what are the bean value changes we need to do for LoginServiceImpl. Can you please give me an example like the UsernamePasswordAuthenticationFilter.class. Or if there is any other example of creating a new bean in applicationcontext.xml also its fine for me.
    danielcolgrove
    @danielcolgrove

    @chiranjitsaha1108 Spring security provides an AES encryption approach using bcrypt. That encryption algorithm can be enabled in the product using the following setting (in perhaps common-shared.properties or production-shared.properties)

    password.site.encoder=org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder

    For the bean overrides, the more recent versions of Broadleaf have moved to using Java Classes for configuration. That is supported in Spring and is a nicer way to configuration your application.

    See https://docs.spring.io/spring-javaconfig/docs/1.0.0.m3/reference/html/creating-bean-definitions.html

    For example, to override the LoginServiceImpl class, you would create an @Configuration class and add the bean. Note that here is already a SiteConfig.java class defined in the DemoSite project but you could add another @Configuration class if desired:

    @Configuration
    public class NewConfigurationClass {
    
        // The bean name is the method name (blLoginService)
        @Bean
        public LoginService blLoginService() {
          return new MyLoginService();
        }
    }

    You can have multiple beans defined in your configuration class.

    You can revert to (or include) using an applicationContext.xml file, if you choose. You would simply add the following ImportResource to one of your @Configuration classes:

    @ImportResource({"classpath*:applicationContext.xml"})

    With that setup you could defined beans in Java or in xml. See https://www.javaguides.net/2018/09/spring-importresource-annotation-example.html

    While this is certainly achievable, I would recommend you eventually migration to using the Java Config approach.

    chiranjitsaha1108
    @chiranjitsaha1108
    @danielcolgrove Thanks. Can you please let me know where exactly the login flow is written. This means the controller class to service and Dao. Just an overview and name of the classes are fine for me. I just want to put a debug into the login flow.
    danielcolgrove
    @danielcolgrove

    @chiranjitsaha1108 The security classes can be found in the JavaDocs.

    https://www.broadleafcommerce.com/javadocs/core/6.1.1-SNAPSHOT/index.html?

    The base packages you would be interested in are:

    org.broadleafcommerce.openadmin.security
    org.broadleafcommerce.openadmin.server.security
    org.broadleafcommerce.common.security
    org.broadleafcommerce.common.web.security
    org.broadleafcommerce.core.web.order.security
    org.broadleafcommerce.profile.web.core.security
    org.broadleafcommerce.profile.web.site.security

    The key interfaces that we integrate into are the UserDetails and Success/Failure Handlers. We also have filters setup for elements of the security (e.g. UsernamePasswordAuthenticationFilter). Beyond that, Spring Security drives the functionality. Here is a good article with the details of the flow:

    https://medium.com/@satyakm.dev/understanding-spring-security-internals-with-code-walkthrough-850d5749252c

    Here are some of the classes you are asking for:

    • Admin
      org.broadleafcommerce.openadmin.web.controller.AdminLoginController
      org.broadleafcommerce.openadmin.server.security.service.user.AdminUserDetailsServiceImpl
      org.broadleafcommerce.openadmin.server.security.dao.AdminUserDaoImpl
    • Site
      org.broadleafcommerce.core.web.controller.account.BroadleafLoginController
      org.broadleafcommerce.profile.core.service.UserDetailsServiceImpl
      org.broadleafcommerce.profile.core.service.CustomerServiceImpl
      org.broadleafcommerce.profile.core.dao.CustomerDaoImpl

    You will want to start with the UserDetails classes. They have references to the Services and the Services have references to the Daos.

    chiranjitsaha1108
    @chiranjitsaha1108
    @danielcolgrove Thanks. Okay I will check and get back to you.
    chiranjitsaha1108
    @chiranjitsaha1108
    How to register a new properties file in Site module. What are the changes required ?
    danielcolgrove
    @danielcolgrove
    I would recommend you use the default property files used in Broadleaf. These property files are configured to be merged so that you can override the property values. See https://www.broadleafcommerce.com/docs/core/current/appendix/all-runtime-properties If you have a need to use a properties file outside the standard property files, you can register a new one using Spring. Here is one example: https://www.baeldung.com/properties-with-spring
    Usama
    @usamasheikh2010_gitlab
    Hi Guys - Would it be a good idea to use broadleaf api’s and build a standalone admin SPA?
    chiranjitsaha1108
    @chiranjitsaha1108
    Hi Team, How can i create my own Address-orm.xml file. What are places I need to register for the file, in which module, under which package stucture and how to access in the service class.
    danielcolgrove
    @danielcolgrove
    Hi @chiranjitsaha1108 I assume you would create the orm.xml file and reference in your persistence-core.xml file. You would have to build your own service class(es), register them as Spring beans, and then use them through the Spring context.
    chiranjitsaha1108
    @chiranjitsaha1108
    Hi All,
    Can you please let me know the procedure for adding Apache Solr separately to the Broadleaf application. I don't want to use the embedded solr into the application and I want to integrate the apache solr server separately to the application. Please let me know the steps required to make changes to the Broadleaf Commerce framework. I'm using BLC version as 6.0.
    Kindly reply.
    chiranjitsaha1108
    @chiranjitsaha1108
    Hi @danielcolgrove ,
    Can you please let me know the procedure for adding Apache Solr separately to the Broadleaf application. I don't want to use the embedded solr into the application and I want to integrate the apache solr server separately to the application. Please let me know the steps required to make changes to the Broadleaf Commerce framework. I'm using BLC version as 6.0.
    Kindly reply.
    Cade Rea
    @cade-rea
    @chiranjitsaha1108 With how autoconfiguration works, you should be able to start an external Solr instance before you run the Broadleaf app. The Spring autoconfiguration will detect that Solr is already running and will not create its own instance. You can look at com.blcdemo.core.config.ApplicationSolrConfiguration to see the configurations for the Solr URLs for Broadleaf
    chiranjitsaha1108
    @chiranjitsaha1108
    Thanks @cade-rea
    One more question I have and it given below:
    Im working on a standalone solr for my blc application. So this is what is given in the BLC documentation " Once you have a stand-alone Solr server configured, you need to change the way that Broadleaf attempts to communicate with Solr. First, you need to navigate to site/src/main/webapp/WEB-INF/applicationContext.xml. " - If applicationContext.xml is not present then can I create a new applicationContext.xml in the same path and for that do I need to make any other changes for the newly created file "applicationContext.xml"?
    chiranjitsaha1108
    @chiranjitsaha1108
    Hi All
    One more question I have and it is given below:
    I'm working on a standalone solr for my blc application. So this is what is given in the BLC documentation " Once you have a stand-alone Solr server configured, you need to change the way that Broadleaf attempts to communicate with Solr. First, you need to navigate to site/src/main/webapp/WEB-INF/applicationContext.xml. " - If applicationContext.xml is not present then can I create a new applicationContext.xml in the same path and for that do I need to make any other changes for the newly created file "applicationContext.xml"?
    Cade Rea
    @cade-rea
    @chiranjitsaha1108 BLC 6 does not need an appliationContext.xml. Unfortunately it looks like our documentation is out of date for this. Instead of appliationContext.xml, you can use Java config files (@Configuration). Look at com.mycompany.core.config.ApplicationSolrConfiguration to see the properties that should be set for connecting to solr
    If you have created an applicationContext.xml already, put it in /resources and use @ImportResource in a config file to use it
    chiranjitsaha1108
    @chiranjitsaha1108
    Okay. @cade-rea Can you please help me once about the solr. We can connect over skype or teamviewer. My solr is not working and the indexing is not happening. Please let me know if we can connect.
    danielcolgrove
    @danielcolgrove
    @chiranjitsaha1108 You should be able to follow these instructions - https://www.broadleafcommerce.com/docs/core/6.0/broadleaf-concepts/catalog-and-search/deployment-models/stand-alone. The instructions for the 1st step (Copy the files from the resource standalone directory of the SolrStarter project resources/solr/standalone/solrhome/ into the /path/to/solr-7.3.1/server/solr) refers to resource files found in this jar http://nexus.broadleafcommerce.org/nexus/content/groups/community-source-releases/com/broadleafcommerce/broadleaf-boot-starter-solr/2.0.1-GA/broadleaf-boot-starter-solr-2.0.1-GA.jar.