Module Installation

Steps to enable this module in your custom Broadleaf Commerce project

Steps

Step 1 Pull this dependency into your core/pom.xml:

<dependency>
    <groupId>org.broadleafcommerce</groupId>
    <artifactId>broadleaf-enterprise</artifactId>
</dependency>

This assumes that you are using the Broadleaf BOM that pins all version information. If not, you will need to also add a <version> qualifier

Data Changes

Schema Changes

To add all of the necessary database tables and columns for this module, please follow the Liquibase update documentation.

Admin Security Changes

The data in the following SQL file is required to establish Admin sections and permissions for this module:

classpath:/config/bc/sql/load_enterprise_admin_security.sql

This file is automatically included if you have set blPU.hibernate.hbm2ddl.auto=create and you have not set import.sql.enabled=false in your properties files. If you are not using Hibernate's auto DDL process and are using Liquibase, you can add a new changeSet that references this file:

<?xml version="1.1" encoding="UTF-8" standalone="no"?>
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:ext="http://www.liquibase.org/xml/ns/dbchangelog-ext" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog-ext http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-ext.xsd http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
    <changeSet author="broadleaf" id="some-unique-id">
        <sqlFile path="config/bc/sql/load_enterprise_admin_security.sql" encoding="utf8" stripComments="true" />
    </changeSet>
</databaseChangeLog>

Finally, you can unpack the downloaded .jar file and look at the files in the config/bc/sql folder to execute this sql manually.

Sandbox Ribbon

To get the sandbox ribbon to show up on your site when previewing changes from the admin interface, you will need to modify your site to include some additional files.

1. You will want to make sure that the following stylesheets are loaded in the Heat Clinic demo site's head.html when in sandbox mode:

   <th:block th:if="${#brc.sandboxMode}">
       <blc:bundle name="sandbox.css"
                   mapping-prefix="/css/"
                   files="jquery-ui-1.13.2.custom.css,
                          font-awesome-6.1.7.min.css,
                          sandbox-client.css" />
   </th:block>
   

2. You will want to make sure the following scripts are loaded in the Heat Clinic demo site's footer.html when in sandbox mode:

   <th:block th:if="${#brc.sandboxMode}">
       <a id="adminDeepLink" th:unless="${#strings.isEmpty(adminDeepLink?.fullUrl)}" th:href="@{${adminDeepLink.fullUrl}}" />
       <blc:bundle name="sandbox.js"
                   mapping-prefix="/js/"
                   files="sandbox-client.js,
                          lib/moment-timezone.min.js,
                          lib/moment-timezone-with-data.min.js,
                          lib/plugins/jquery-ui-1.13.2.custom.js,
                          lib/plugins/jquery-ui-timepicker-addon.js" />
   </th:block>
   

Additional Items to Verify

1. In site/applicationContext.xml, make sure that the following line does not appear:

   <task:annotation-driven />
   

2. In schema.xml, make sure that the following two fields are defined:

   <field name="sandboxId" type="long" indexed="true" stored="true" />
   <field name="sandboxPriority" type="long" indexed="true" stored="true" />
   

3. Ensure load time weaving is enabled for your application server
   This module uses load time weaving. If you haven't already done so, you will need to modify the provided site and admin build.xml commands (e.g. jetty-demo) to include the following line:

   <jvmarg value="-javaagent:${spring.instrument.path}" />
   

4. In site/applicationContext-security.xml, make sure you add the following line to the <sec:http></> configuration:

   <sec:http auto-config="false" authentication-manager-ref="blAuthenticationManager" >
       ...
       <sec:intercept-url pattern="/crossappauth" requires-channel="https"/>
       ...
   </sec:http>
   

Additional Items to Verify for Non-Spring Boot Projects

1. In applicationContext-admin-filter.xml, verify that the pre-security filter chain does not include the blAdminRequestFilter, and that instead the blAdminRequestFilter is the first item in the post-security filter chain. Additionally, the post-security filter chain should not make a reference to the blAdminSandBoxFilter.

Note: If you have a Spring Boot based project, then all of the filter registration has already been taken care of.