ofbiz-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacques Le Roux" <jacques.le.r...@les7arts.com>
Subject Re: how to set security and permissions precedence
Date Sun, 03 Aug 2008 22:47:50 GMT
Did you try an "ant clean" ? There have been some changes recently that implie this cleanup.

Jacques

From: "Milind W" <mailinglist@mymunshi.com>
> Looks like I have a problem making this example work with revision#679258
> 
> It worked fine (i.e I was redirected to login screen before I could get to
> main) with rev#677863
> 
> Looks like the view
> <view-map name="login" type="screen"
> page="component://marketing/widget/CommonScreens.xml#login" />
> is part of the problem. The CommonScreens.xml has moved and does no longer
> seem to have the 'login' screen.
> 
> I tried finding another screen with the 'login' view. I found another one
> in the 'common' component and modified my hello controller to point to
> <view-map name="login" type="screen"
> page="component://common/widget/CommonScreens.xml#login"/>
> but it is no acting the same as previously.
> 
> Please let me know what is missing (or any suggestion how best to
> illustrate login) so I can complete and contribute my tutorial for
> security. Would hate to create a tutorial that worked with one specific
> build.
> 
> http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results
> 
> Thanks
> -Milind
> 
>> hi,
>> I got login to work by adding the changes below to my controller using
>> ofbiz4.0.
>> I don't think I follow the reason with OFBTOOLS base persmission not
>> taking effect in the ofbiz-component as explained in OFBIZ-829.
>> But I agree with Si Chen on OFBIZ-829
>> "The right way is to assume no permission until one of the list of
>> permissions is met." Seems more intitutive.
>> For now I can workaround it so thanks all.
>> -Milind
>>
>>
>>
>> <preprocessor>
>>         <!-- Events to run on every request before security (chains
>> exempt) -->
>>         <!-- <event type="java" path="org.ofbiz.webapp.event.TestEvent"
>> invoke="test"/> -->
>>         <event type="java" path="org.ofbiz.webapp.control.LoginWorker"
>> invoke="checkExternalLoginKey"/>
>>     </preprocessor>
>>
>> <!-- Request Mappings -->
>>
>>   <request-map uri="checkLogin" edit="false">
>>         <description>Verify a user is logged in.</description>
>>         <security https="false" auth="false"/>
>>         <event type="java" path="org.ofbiz.webapp.control.LoginWorker"
>> invoke="checkLogin" />
>>         <response name="success" type="view" value="main" />
>>         <response name="error" type="view" value="login" />
>>     </request-map>
>>
>>     <request-map uri="login">
>>         <security https="false" auth="false"/>
>>         <event type="java" path="org.ofbiz.webapp.control.LoginWorker"
>> invoke="login"/>
>>         <response name="success" type="view" value="main"/>
>>         <response name="error" type="view" value="login"/>
>>     </request-map>
>>
>>
>> <request-map uri="main">
>> <security https="false" auth="true" />
>> <response name="success" type="view" value="main"/>
>> </request-map>
>>
>> <view-map name="login" type="screen"
>> page="component://marketing/widget/CommonScreens.xml#login" />
>>
>>
>>> Not with a direct link to the comment where is the explanation ;p
>>> Actually it was more a didactic post
>>>
>>> Jacques
>>>
>>> From: "BJ Freeman" <bjfree@free-man.net>
>>>> LOL
>>>> that was the first link I sent on this thread.
>>>>
>>>> Jacques Le Roux sent the following on 7/30/2008 2:18 PM:
>>>>> OFBiz Wiki is your friend. Just look for OFBTOOLS.
>>>>>
>>>>> You would have get
>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615
>>>>>
>>>>>
>>>>> Jacques
>>>>>
>>>>> ----- Original Message ----- From: "Milind W"
>>>>> <mailinglist@mymunshi.com>
>>>>> To: <user@ofbiz.apache.org>
>>>>> Sent: Wednesday, July 30, 2008 8:31 PM
>>>>> Subject: Re: how to set security and permissions precedence
>>>>>
>>>>>
>>>>>> Let me try to break up questions.
>>>>>> Should'nt adding
>>>>>> base-permission="OFBTOOLS"
>>>>>> to the ofbiz-entity.xml force the user to login with a user id that
>>>>>> is
>>>>>> associated to the OFBTOOLS security group?
>>>>>> I can see the application I created and the line seems to have no
>>>>>> effect.
>>>>>> What is the purpose of the line?
>>>>>> Thanks
>>>>>> -Milind
>>>>>>
>>>>>>> Please not that opentaps is not at the same level of revision
that
>>>>>>> ofbiz
>>>>>>> it
>>>>>>> there have been  changes to security.
>>>>>>> there are examples in the
>>>>>>> framework/example
>>>>>>> and
>>>>>>> framework/exampleext
>>>>>>> I believe this to better tutorial
>>>>>>> since they work already.
>>>>>>>
>>>>>>>
>>>>>>> Balaji Sundar sent the following on 7/29/2008 9:40 PM:
>>>>>>>>
>>>>>>>>
>>>>>>>> BJ Freeman wrote:
>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security
>>>>>>>>>
>>>>>>>>> Milind W sent the following on 7/29/2008 7:58 PM:
>>>>>>>>>> hi,
>>>>>>>>>> Security Permissions
>>>>>>>>>> I am using ofbiz rev.79258
>>>>>>>>>> I want to understand how security works so I made
the following
>>>>>>>>>> modifications to hello1
>>>>>>>>>> 1)I added base-permission="OFBTOOLS" to the ofbiz-component.xml
>>>>>>>>>> I could still see the application I was assuming
the application
>>>>>>>>>> would
>>>>>>>>>> as
>>>>>>>>>> me to login or prevent me from seeing the page.
>>>>>>>>>> 2)I added <security> to the main request
>>>>>>>>>> <request-map uri="main">
>>>>>>>>>> <security https="false" auth="true"/>
>>>>>>>>>> <response name="success" type="view" value="main"/>
>>>>>>>>>> </request-map>
>>>>>>>>>> This displays "java.lang.NullPointerException" in
the browser.
>>>>>>>>>> How do permissions precedence work starting from
the UI to the
>>>>>>>>>> entity
>>>>>>>>>> layer.
>>>>>>>>>> Help appreciated.
>>>>>>>>>> Thanks
>>>>>>>>>> -Milind
>>>>>>>>>>
>>>>>>>>>> Here is the log
>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [
>>>>>>>>>> RequestHandler.java:243:INFO ] [Processing Request]:
main
>>>>>>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1
>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [
>>>>>>>>>> RequestManager.java:159:WARN ] [RequestManager.getEventType]
Type
>>>>>>>>>> of
>>>>>>>>>> event
>>>>>>>>>> for request "checkLogin" not found
>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [
>>>>>>>>>> RequestManager.java:146:WARN ] [RequestManager.getEventPath]
Path
>>>>>>>>>> of
>>>>>>>>>> event
>>>>>>>>>> for request "checkLogin" not found
>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [
>>>>>>>>>> RequestManager.java:172:WARN ] [RequestManager.getEventMethod]
>>>>>>>>>> Method
>>>>>>>>>> of
>>>>>>>>>> event for request "checkLogin" not found
>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [
>>>>>>>>>> ControlServlet.java:205:ERROR]
>>>>>>>>>> ---- runtime exception report
>>>>>>>>>> --------------------------------------------------
>>>>>>>>>> Error in request handler:
>>>>>>>>>> Exception: java.lang.NullPointerException
>>>>>>>>>> Message: null
>>>>>>>>>> ---- stack trace
>>>>>>>>>> ---------------------------------------------------------------
>>>>>>>>>> java.lang.NullPointerException
>>>>>>>>>> javolution.util.FastMap.getEntry(Unknown Source)
>>>>>>>>>> javolution.util.FastMap.containsKey(Unknown Source)
>>>>>>>>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78)
>>>>>>>>>>
>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102)
>>>>>>>>>>
>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86)
>>>>>>>>>>
>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453)
>>>>>>>>>>
>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259)
>>>>>>>>>>
>>>>>>>>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198)
>>>>>>>>>>
>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>>>>>>>>>>
>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>>>>>>>>>
>>>>>>>>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255)
>>>>>>>>>>
>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>>>>>>>>>>
>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>>>>>>>>>
>>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>>>>>>>>>>
>>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>>>>>>>>>>
>>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>>>>>>>>>>
>>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>>>>>>>>>>
>>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>>>>>>>>>
>>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568)
>>>>>>>>>>
>>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>>>>>>>>>>
>>>>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>>>>>>>>>>
>>>>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>>>>>>>>>>
>>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>>>>>>>>>
>>>>>>>>>> java.lang.Thread.run(Thread.java:595)
>>>>>>>>>> --------------------------------------------------------------------------------
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php
>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>>
> 
>

Mime
View raw message