Apache OFBiz Developer Manual Release 18.12

# Apache OFBiz Developer Manual Release 18.12 Summary ## 1. **Control Servlet** - **Requests**: OFBiz uses the control servlet to handle incoming requests, which are mapped to responses in `controller.xml`. - **Views**: The control servlet manages the transfer of routing to the appropriate views. ## 2. **Entity Engine** - **Entities**: - **Standard Entities**: Core entities for the data model. - **View Entities**: Virtual entities combining multiple tables. - **Extended Entities**: Customizations of standard entities. - **Dynamic View Entities**: Generated at runtime based on criteria. - **XML Data**: Data is loaded into the database using XML files. - **Configuration**: Entity engine configuration is managed through properties and XML files. - **Supported Databases**: OFBiz supports multiple databases, with specific configurations required for each. ## 3. **Data Model Changes** - **Entity Changes**: - **Added**: 77 new entities (e.g., `JobRequisition`, `ProductAverageCostType`). - **Removed/Deprecated**: `ProductPromoCodeEmail` entity, replaced with `ProdPromoCodeContactMech`. - **Field Changes**: Updates to field types and configurations. ## 4. **Security** ### 4.1. **CSRF Defense** - Uses the `SameSite` attribute to mitigate CSRF attacks. - Default value: `'strict'`. - Configurable via `SameSiteCookieAttribute` in `security.properties`. ### 4.2. **Passwords and JWT** - **Passwords**: Stored in files loaded through `security.xml`. - **JWT**: - Used for token-based authentication. - Configuration properties include token expiration and secret keys. - KeyProvider implementation is recommended for security. ### 4.3. **Impersonation** - Allows users to log in as another user to view their data. ## 5. **Directory Structure** - Each component has a standardized directory structure containing entities, data, services, and UI components. - Components are self-contained and can function as standalone applications. ## 6. **Example Workflow** - User enters a URL (e.g., `https://localhost:8443/accounting/control/findInvoices`). - The control servlet processes the request and routes it to the appropriate response. ## 7. **Database and Data Migration** - **Field Type Changes**: Deprecated field types replaced with newer ones (e.g., `id-ne` replaced with `id`). - **Migration Scripts**: Available for transitioning data between versions (e.g., `ProductPromoCodeEmail` to `ProdPromoCodeContactMech`). ## 8. **Data Model Changes (OFBiz 9 to 16)** - Added entities: `JobRequisition`, `ProductAverageCostType`, `WorkEffortSurveyAppl`, etc. - Removed entities: `ProductPromoCodeEmail`. ## 9. **Component Structure** - Components are organized into directories for configuration, data, entities, services, and UI elements. - Both core applications and plugins are treated as components. ## 10. **Key Configuration and Properties** - **Security**: - `security.login.externalLoginKey.enabled` for external login keys. - `security.jwt.token.expireTime` for token expiration. - `security.internal.sso.enabled` for internal SSO. - **Entity Configuration**: Properties like `security.token.key` are recommended to be set via `SystemProperty` for security. This summary provides a concise overview of the key features, configurations, and changes in Apache OFBiz Release 18.12, focusing on core components, security, and data model updates.