Permission Design for OFBiz

Introduction

Apache Open For Business (Apache OFBiz) is a classic Open-source Apache ERP project. It provides a set of enterprise applications for integrating and automating the "Business Processes" of some enterprises ".

From the perspective of learning, it is also a very good enterprise-level application framework. This article introduces the permission Design of OFBiz for the application system from the perspective of OFBiz permission design.

Brief Introduction to design ideas

OFBiz uses the Security Group to associate "Permissions" with "users. The system has several types of permissions, such as preset permissions, user-defined permissions, resource permissions, and Operation permissions, these permissions will be associated with the security group (many-to-many relationship), and the user will establish a relationship with the security group (also many-to-many relationship ).

The system preset permissions are used to import data tables in XML configuration. The common path of these configuration files is {Component/Application baseDir}/data/XXXSecurityData. xml. Here we have the initialization data for the entire permission design related table.

Permission control level

OFBiz has the following control levels for permissions:

Logon level

Under the ofbiz-component.xml file under the root directory of each Component, there is a "Basic permission" definition for accessing this component. The most basic permission is that the user logging on to the component must have at least the permissions defined in the file to access the component. Example:

See the "base-permission" attribute. We can see that it contains two permission values: OFBTOOLS/FACILITY, which means that you must have both permissions to access the component. Usually a Component also contains the permission "OFBTOOLS" and the permission "COMPONNENT-NAME_VIEW", the purpose of this configuration is OFBTOOLS for web app access control, the COMPONNENT-NAME_VIEW is used to control the information that browses web apps.

Component menu level

Components displayed in the component's top-level menu are displayed only to logged-on users who have at least WEBAPP-NAME_VIEW or COMPONENT_NAME-ADMIN permissions, similar to logon-level restrictions. This level of access control is implemented in "appbar. ftl" to control the tab bar of which applications are displayed.

Request (controller. xml) level

Here there are two important parameters in the controller under each component webapp. each request (<request-map) tag in xml has a security (<security) tag, which contains two attributes:

 

• Https: whether to apply SSL encryption to the request
• Auth: defines whether you need to log on to execute the request. Therefore, the request will be executed only after the login is successful and the security check at other levels passes.

<! -- Request Mappings -->
<Request-map uri = "MarketingReport">
<Security https = "true" auth = "true"/>
<Response name = "success" type = "view" value = "MarketingReport"/>
</Request-map>

In the screen configuration file under the widget folder of each component, the <condition subnode under the <section node has a node named <if-has-permission, it has two attributes:

• Permission: identifies the component
• Action: identifies the action to be executed

Permission_action exactly constitutes a permission, for example:

For more information about OFBiz, click here.
OFBiz: click here

Getting started with OFBiz Development

1 2 3 Next Page