Access to add and change pages is restricted. See:


I am working on integrating the 3D Secure Credit Card with ofbiz. In this process, I got it working(using protx simulator) by changing some of ofbiz files but still it is not generic, so I want to discuss it with the user community to make it generic for general usage. I am bit new to ofbiz so bear with me if I  misunderstood anything.

Here the brief of changes that I have done to make it work:
Brief of 3DES: This is simple yet very good added security protocol while doing the online shopping.According to this protocol authentication/authorization takes the following flow:

 1. Send the request on Issuance bank and it returns the MD(unique id), PaReq, ACSURL  ( authetication page for user) where user enter his password for creadit card to authenticate himsef on issuance bank server.

2. Send MD,PaReq and temURL ( callback url, where you recieve the response) to ACSURL .

3. Resd the ACSURL response on termURL(specified as callback URL by you) and Send the issuance bank authetication result + TermURL(callbackurl) to Payment Processor Authorization server

4. Read the response from  Payment Processor Authorization server on termURL(specified as callback URL by you). This response contain the authentication/authorization status/result as (OK/INVALID etc)

Implementation Changes:

1)  map3DesAttributes : This map should have minimum following attributes key/value pairs
        attribute name="md" type="String"
        attribute name="paReq" type="String"
        attribute name="acsUrl" type="String"
        attribute name="termUrl" type="String"
        attribute name="authStatus" type="String"  ( possible values: Authorized, Pending, Invalid)
        attribute name="threeDSecureStatus" type="String" ( possible values: OK, Invalid)

2) Added this map in following services to pass map3DesAttributes info acros s the system:
<service name="authOrderPayments" engine="java"
                    location="org.ofbiz.accounting.payment.PaymentGatewayServices" invoke="authOrderPayments" auth="true">
        <attribute name="map3DesAttributes" type="Map" mode="OUT" optional="true"/>

3) Create the following request map in "controller.xml"  to handle 3Des Secure Authentication:
 <request-map uri="process3DAuth">
        <security https="true" direct-request="false"/>
        <event type="java" path="org.ofbiz.order.shoppingcart.CheckOutEvents" invoke="process3DAuth"/>
        <response name="success" type="none"/>
    <request-map uri="process3DAuthResponse">
        <security https="true" direct-request="true"/>
        <event type="java" path="org.ofbiz.order.shoppingcart.CheckOutEvents" invoke="process3DAuthResponse"/>
        <response name="success" type="request" value="clearcartfororder"/>
        <response name="error" type="view" value="checkoutreview"/>

4) Added following methods to handle in "org.ofbiz.order.shoppingcart.CheckOutEvents" class to handle  3Des Secure Authentication:

    public static String process3DAuth(HttpServletRequest request, HttpServletResponse response)

Unknown macro: {                       1. get the ACSURL         2. send request data + callback url to ACSURL                  }

    public static String process3DAuthResponse(HttpServletRequest request, HttpServletResponse response)

Unknown macro: {                  1. Collect response from ACSURL                  2. Process response and send it to  Payment Processor along with callback url                  3. collect response , process it and delegate it for futhere payment processing    }

1. Since in general ofbiz service work in request/response manner. But in case of 3Des integration as it is 2 step process:

        Setp1: Issuance bank authentication 

        Step2: Payment Processor Authorization

     So, How I implement it in generic way. Currently i have tempered the "org.ofbiz.order.shoppingcart.CheckOutEvents" to handle it as I couldn't figure out elegent way of returning the controll back to PaymentGatewayServices.

2.  While supporting the 3Des security we need extra status to indecate the Authentication Status (Step1: Issuance bank authentication done successfully) but Authorization is pendending(Step2: Payment Processor Authorization yet to be complete). Authentication is still pending as even if both the steps ok as this decision has to be taken at Payment Gatway service.



  • No labels


  1. Unknown User (

    to integrate this into ofbiz as a payment service
    where the emails and retry ect work, you have to create a service for this gateway.
    look at the third party code under
    your service should provide:
    at a minimum
    if the provider supports them.

  2. I propose to remove this page, moved to trash.

  3. What a pity that such a contribution didn't invoke some interaction from privileged contributors....

  4. We can also move this to the Feature Proposals and see if anyone picks it up. I haven't checked if there is a JIRA for it.

    I you'd like to support this, just take some action.

  5. Nah... It is old news. And if I would, I expect to get the same treatment. 

  6. Sorry, then I don't understand why you commented on this in the first place.