Access to add and change pages is restricted. See: https://cwiki.apache.org/confluence/display/OFBIZ/Wiki+access

Hi,

I am working on integrating the 3D Secure Credit Card with ofbiz. In this process, I got it working(using protx simulator) by changing some of ofbiz files but still it is not generic, so I want to discuss it with the user community to make it generic for general usage. I am bit new to ofbiz so bear with me if I  misunderstood anything.

Here the brief of changes that I have done to make it work:
-------------------------------------------------------------------------------------------------------------------------------
Brief of 3DES: This is simple yet very good added security protocol while doing the online shopping.According to this protocol authentication/authorization takes the following flow:

 1. Send the request on Issuance bank and it returns the MD(unique id), PaReq, ACSURL  ( authetication page for user) where user enter his password for creadit card to authenticate himsef on issuance bank server.

2. Send MD,PaReq and temURL ( callback url, where you recieve the response) to ACSURL .

3. Resd the ACSURL response on termURL(specified as callback URL by you) and Send the issuance bank authetication result + TermURL(callbackurl) to Payment Processor Authorization server

4. Read the response from  Payment Processor Authorization server on termURL(specified as callback URL by you). This response contain the authentication/authorization status/result as (OK/INVALID etc)

Implementation Changes:

1)  map3DesAttributes : This map should have minimum following attributes key/value pairs
        attribute name="md" type="String"
        attribute name="paReq" type="String"
        attribute name="acsUrl" type="String"
        attribute name="termUrl" type="String"
        attribute name="authStatus" type="String"  ( possible values: Authorized, Pending, Invalid)
        attribute name="threeDSecureStatus" type="String" ( possible values: OK, Invalid)

2) Added this map in following services to pass map3DesAttributes info acros s the system:
<service name="authOrderPayments" engine="java"
                    location="org.ofbiz.accounting.payment.PaymentGatewayServices" invoke="authOrderPayments" auth="true">
         .........
         .........
         .........
        <attribute name="map3DesAttributes" type="Map" mode="OUT" optional="true"/>
</service>

3) Create the following request map in "controller.xml"  to handle 3Des Secure Authentication:
 <request-map uri="process3DAuth">
        <security https="true" direct-request="false"/>
        <event type="java" path="org.ofbiz.order.shoppingcart.CheckOutEvents" invoke="process3DAuth"/>
        <response name="success" type="none"/>
    </request-map>
   
    <request-map uri="process3DAuthResponse">
        <security https="true" direct-request="true"/>
        <event type="java" path="org.ofbiz.order.shoppingcart.CheckOutEvents" invoke="process3DAuthResponse"/>
        <response name="success" type="request" value="clearcartfororder"/>
        <response name="error" type="view" value="checkoutreview"/>
    </request-map>

4) Added following methods to handle in "org.ofbiz.order.shoppingcart.CheckOutEvents" class to handle  3Des Secure Authentication:

    public static String process3DAuth(HttpServletRequest request, HttpServletResponse response)

Unknown macro: {                       1. get the ACSURL         2. send request data + callback url to ACSURL                  }

    public static String process3DAuthResponse(HttpServletRequest request, HttpServletResponse response)

Unknown macro: {                  1. Collect response from ACSURL                  2. Process response and send it to  Payment Processor along with callback url                  3. collect response , process it and delegate it for futhere payment processing    }

issues:
1. Since in general ofbiz service work in request/response manner. But in case of 3Des integration as it is 2 step process:

        Setp1: Issuance bank authentication 

        Step2: Payment Processor Authorization

     So, How I implement it in generic way. Currently i have tempered the "org.ofbiz.order.shoppingcart.CheckOutEvents" to handle it as I couldn't figure out elegent way of returning the controll back to PaymentGatewayServices.

2.  While supporting the 3Des security we need extra status to indecate the Authentication Status (Step1: Issuance bank authentication done successfully) but Authorization is pendending(Step2: Payment Processor Authorization yet to be complete). Authentication is still pending as even if both the steps ok as this decision has to be taken at Payment Gatway service.

Thanks

Sarvesh

  • No labels

7 Comments

  1. Unknown User (bjfree@free-man.net)

    to integrate this into ofbiz as a payment service
    where the emails and retry ect work, you have to create a service for this gateway.
    look at the third party code under
    applications\accounting\src\org\ofbiz\accounting\thirdparty
    your service should provide:
    ccAuth
    ccCapture
    at a minimum
    and
    ccRefund
    ccRelease
    ccCredit
    ccAuthCapture
    if the provider supports them.

  2. Michael Brohl

    I propose to remove this page, moved to trash.

  3. Pierre Smits

    What a pity that such a contribution didn't invoke some interaction from privileged contributors....

  4. Michael Brohl

    We can also move this to the Feature Proposals and see if anyone picks it up. I haven't checked if there is a JIRA for it.

    I you'd like to support this, just take some action.

  5. Pierre Smits

    Nah... It is old news. And if I would, I expect to get the same treatment. 

  6. Michael Brohl

    Sorry, then I don't understand why you commented on this in the first place.

  7. Pierre Smits

    That is a pity too.