* IDEMPIERE-5346 : Adding SSO support
* IDEMPIERE-5346 : Fix as per peer review feedback.
Valid user should have password not null
removing #SSO_IS_ALREADY_AUTHENTICATE context variable due to security risk
Cross site scripting issue on error.htm
Making show role panel as system configurable
Adding language selection on role panel
Adding SSO support on iDempiere monitor and osgi console
* IDEMPIERE-5346: Redirect to console using static URL to avoid security vulenarabilit
* Committing patch from Carlos pr1571PR
* IDEMPIERE-5565: fixing NPE issue on Role change
* IDEMPIERE-5346: Appling pr1571PR2 from Carlos
* 1. IDEMPIERE-5346: Fix idempiereMonitor goes in a loop of sign-in
- Fix NPE when changing role
- Fix NPE when a user with single role & sysconfig: SSO_SELECT_ROLE is 'N'
* IDEMPIERE-5346 : IDempiere Monitor, use out of box login when SSO is not configured.
* IDEMPIERE-5346: Adding Authorization type on User and Tenant window. Created /webui/admin page for login with application credential.
* IDEMPIERE-5346: Implementing Hengsi's Code review comments
Showing meaning full error when Identity Provider returns error
In SSO filter, ignoreing css, zkau, images and resource URL
Correcting typo in Principal name.
Updated Documentation
* IDEMPIERE-5346 : Fixed documentation, typo and pending review comments
* IDEMPIERE-5346: Use token & SSO principal service to validate in Login.GetClient
* IDEMPIERE-5346: Remove the Domain URL column and refactor the code.
* IDEMPIERE-5346: Adding flag ENABLE_SSO_IDEMPIERE_MONITOR and ENABLE_SSO_OSGI_CONSOLE, using cache for SSOService, defaulting Authentication type on client to “Application and SSO”
* IDEMPIERE-5346: Fixed issue of User SSO type not respected and support for Zoom URL
* IDEMPIERE-5448 2023 June Platform Update
- update to final tycho 3.0.5 release.
* IDEMPIERE-5448 2023 June Platform Update
- remove obsolete junit dependency and test code.
* IDEMPIERE-5448 Can't launch unit test with Eclipse 2022-09
- upgrade to tycho 3.1.0-SNAPSHOT
- set maven compiler source and target level to 11
- upgrade to junit 5.9.1
* IDEMPIERE-5448 Can't launch unit test with Eclipse 2022-09
- Change tycho version to 3.0.3
* IDEMPIERE-5448 2023 June Platform Update
* IDEMPIERE-5448 2023 June Platform Update
- Explicitly set target, source and release level to JavaSE 11
* IDEMPIERE-5448 2023 June Platform Update
- Use 3.0.5-SNAPSHOT to fix stack overflow error.
* IDEMPIERE-5448 2023 June Platform Update
- Change source, target and release level to JDK 17
- Update target platform name to idempiere-230620
* IDEMPIERE-5448 2023 June Platform Update
- Fix LogFactory ClassNotFound exception with Eclipse 2023-06
* IDEMPIERE-4842 Easier model registration
- Change from https://github.com/atteo/classindex to
https://github.com/classgraph/classgraph, remove annotation processor
config.
- Change service.ranking of DefaultModelFactory to -1 and
service.ranking of AnnotationBasedModelFactory to 0. This give
AnnotationBasedModelFactory higher priority over DefaultModelFactory and
allow plugins to have higher priority over AnnotationBasedModelFactory
with server.ranking of 1 (the common practise before the introduction of
AnnotationBasedModelFactory).
- Added resultset constructor to MTree. This is to allow the use of
MTree with model factory.
- Remove classindex annotation from org.adempiere.base.Model and X_*
model classes.
- Added unit test for table to model class mapping
- AnnotationBasedModelFactory: Change from using annotation processor to
runtime annotation scanning using the classgraph library. The default
setting scans all the X_* model class and travels the inheritance
hierarchy to discover the M* model class. Plugin needs to create a
subclass of AnnotationBasedModelFactory and register it as an OSGi
component to scan the plugin's annotated model classes (the plugin's
custom AnnotationBasedModelFactory component should have service.ranking
> 0).
* IDEMPIERE-4842 Easier model registration
minor refinement
* Minor changes
Co-authored-by: hengsin <hengsin@gmail.com>
* Preliminary support for automatic model class registration
Model classes can be tagged with a new @Model annotation that allows for
easy/fast class scanning/registration, based on the ClassIndex library.
The list of annotated model classes is generated at compile time, thus
reducing reflection reliance to a bare minimum.
NOTE: Eclipse uses its own Java compiler which is not strictly standard
compliant and requires extra configuration. In Java Compiler ->
Annotation Processing -> Factory Path you need to add ClassIndex jar
file
* Annotation based model factory
* Improve classloader determination for annotation scanning
ClassIndex default annotation scanning method determines the classloader
to be used by calling Thread.currentThread().getContextClassLoader(),
which should not be used in an OSGi environment.
* Enable ClassIndex's annotation processor under Eclipse
Make sure annotation processing is enabled at Module Properties -> Java
Compiler -> Annotation Processing
* Refactoring annotation-based model class detection
Eliminated the need of annotating M* classes, by using ClassIndex's
@IndexSubclasses annotation.
* Minor change
* Minor changes
* Creation of AbstractModelFactory
* Documentation
* Make AnnotationBasedModelFactory extend AbstractModelFactory
* IDEMPIERE-4842 Easier model registration
- add annotation processor jdt settings
- fix @Component annotation for AnnotationBasedModelFactory
- fix generated x_* class missing "org.atteo.classindex.IndexSubclasses"
import
* Expose ClassIndex lib to other bundles
* Updated model classes
Co-authored-by: hengsin <hengsin@gmail.com>
* IDEMPIERE-4894 OSGi Interface to support custom header and footer
* IDEMPIERE-4894 OSGi Interface to support custom header and footer
incorporate migration script fix from Carlos
* IDEMPIERE-4782 Multi-factor authentication (FHCA-2034)
Implement suggestions from Heng Sin
* IDEMPIERE-4782 Multi-factor authentication (FHCA-2034)
Fix security warning advised by github/CodeQL
* IDEMPIERE-4782 Multi-factor authentication (FHCA-2034)
Implement an incremental delay in zk when the validation code is wrong (to avoid brute-force attacks)
As suggested by Ricardo Santana:
* ensures one-time only use of an OTP
* Log failures in AuthFailure.log
* IDEMPIERE-4782 Multi-factor authentication (FHCA-2034)
* Log failures in AuthFailure.log - add case for login with email
* Implement incremental delay also for login panel
* IDEMPIERE-4771 add Cloud Upload interface to report viewer and scheduler
* IDEMPIERE-4771 add Cloud Upload interface to report viewer and scheduler
Fix initial output type selection for csv. Fix handling of binary vs
text media type.
* IDEMPIERE-4771 add Cloud Upload interface to report viewer and scheduler
- Change AD_AuthorizationAccount scope from single value to multiple
selection list (AD_AuthorizationScopes replace AD_AuthorizationScope)
* IDEMPIERE-4771 add Cloud Upload interface to report viewer and scheduler
Fix isIntersectCSV db function
* IDEMPIERE-4771 add Cloud Upload interface to report viewer and scheduler
add back AD_AuthorizationScope Configured dynamic validation filter
* IDEMPIERE-4749 Allow to use OAuth2 libraries on plugins
- move oauth libraries and dependency to target platform
- require Tycho 2.3.0+ and Eclipse 2021-03+
* IDEMPIERE-4749 Allow to use OAuth2 libraries on plugins
Fix launch configuration.
* IDEMPIERE-3101 implement OAuth2 for mail (gmail, outlook and other mail system)
WIP - initial version working on zk with google apps mail using OAuth2 Authorization Code Flow and Client Type = web application
* Enable imap reading with OAuth2 in RequestEMailProcessor
* Simplify the code - tested plain and OAuth2 can use the same methods
* Add +SCOPE parameter to AddAuthorizationForm according to IDEMPIERE-4713
* Rename the form AddAuthorizationMailForm to AddAuthorizationForm as is now more generic
* IDEMPIERE-4713
* Rename migration scripts to make it newer than IDEMPIERE-4713
* Add list of scopes attended by a credential
* Change form to accept other scopes, if no scope parameter is passed, then a list is shown, change the menu to fix the EMail scope
* Add MAuthorizationAccount.refreshAndGetAccessToken
* Add translation for messages
* make call generic oauth, avoid using specific google API
* Tests with microsoft as OAuth2 provider
* Add record for microsoft as provider
* Increase size of tokens
* Define mandatory and secure columns
* Update refresh token when it comes on the refresh call
* Revoke endpoint is optional
* Change the approach to a process instead of a form (WIP)
* Implement servlet to process the OAuth2 code
* Solve context suggestion from hengsin
* Implement the form in an automatic popup approach for running on zkwebui
* i18n - add translations for all messages that are shown to user
* on the form opted for click to avoid the problem with browsers forbidding popups
* clean spaces and tabs on line endings
* avoid logging and copy of the secure columns
* Fix problem reported by @d-ruiz about hidden NPE when SMTP Authentication is disabled
* Add writing to AD_PInstance_Para and AD_PInstance_Log the results of processing the servlet
* Control to avoid using the same authorization URL twice
* IDEMPIERE-4694 Implement thread safe, annotation based osgi event handling
Make sure the component register in the event handler unit test cases
wouldn't have impact on other unit test cases.
* IDEMPIERE-4287 Cache API not thread safe and inconsistent with Context
add support to make PO immutable
* IDEMPIERE-4287 Cache API not thread safe and inconsistent with Context
- added thread safe Immutable and Copy cache implementation for PO.
- migrate most of PO cache to immutable and copy cache.
- added pos sales order test.
* IDEMPIERE-4287 Cache API not thread safe and inconsistent with Context
- add test case for initial client setup and bank statement
- fix error for image editor, location editor, locator editor, initial
client setup, complete bank statement and migrate storage provider.
* IDEMPIERE-4287 Cache API not thread safe and inconsistent with Context
- added ImmutablePOSupport interface. Model class implement this
interface for immutable PO support.
- remove usage of cache for transaction table (rfq, invoice, inventory).
- add getCopy method to some model class to support getting an
updateable copy of PO from the otherwise immutable PO cache.
- the added getCopy method is use to return updateable PO for indirect
PO reference, for e.g MColumn.getAD_Table() and MOrderLine.getProduct.
* IDEMPIERE-4298: remove Bundle-RequiredExecutionEnvironment
when build by tycho value of Bundle-RequiredExecutionEnvironment and jdt need to compatibility
in case we use Bundle-RequiredExecutionEnvironment = 11 then can't build by jdk != 11
so stick on fix value isn't good
eclipse now also support Require-Capability, so don't need Bundle-RequiredExecutionEnvironment anymore
* IDEMPIERE-4298:support update jdk (jdk 12 13 14)
default environment still jdk-11 but you can build for any jdk by below command
export JAVA_HOME=path to jdk
mvn verify -Djdk.version=11
in case on JAVA_HOME is jdk 14 then can set jdk.version for 11, 12, 13, 14 and same for other jdk
at moment java 14 just support on eclipse 2020-03 with install plugin
Java 14 Support for Eclipse 2020-03 (4.15)
1007781 Fix barcode text bug
1009003 add QR Code as Barcode Type for Print Formats
1006829 Add "Print Barcode Text" flag to print format item. Fix wrong scaling for barcode image. Fix barcode print format item doesn't respect max height.
IDEMPIERE-3948 Implement QRCode support in report engine
IDEMPIERE-1854 Barcode issue: Code Missing from barcodes in Code 128 B
IDEMPIERE-1838 Adding UPC-A barcode support in print format and adding setting fonts from print format item
1. new version of cxf need new version of spring so get osgi version from org.apache.servicemix but spring of cxf limit to 4.0 so take 4.3.19.RELEASE_1
http://cxf.apache.org/docs/30-migration-guide.html
2. eclipse auto add --add-modules=ALL-SYSTEM when run eclipse launcher, so when run idempiere server from eclipse encounter bellow condition
javax.activity, javax.xml.ws is depricate package to remove on jdk11
that why this module is exclusive from build class path (but by --add-modules=ALL-SYSTEM it appear at runtime)
we use some replace jar for that package (com.sun.activation for javax.activation)