ofbiz-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Milind W" <mailingl...@mymunshi.com>
Subject Re: how to set security and permissions precedence
Date Sun, 03 Aug 2008 22:10:27 GMT
Looks like I have a problem making this example work with revision#679258

It worked fine (i.e I was redirected to login screen before I could get to
main) with rev#677863

Looks like the view
<view-map name="login" type="screen"
page="component://marketing/widget/CommonScreens.xml#login" />
is part of the problem. The CommonScreens.xml has moved and does no longer
seem to have the 'login' screen.

I tried finding another screen with the 'login' view. I found another one
in the 'common' component and modified my hello controller to point to
<view-map name="login" type="screen"
page="component://common/widget/CommonScreens.xml#login"/>
but it is no acting the same as previously.

Please let me know what is missing (or any suggestion how best to
illustrate login) so I can complete and contribute my tutorial for
security. Would hate to create a tutorial that worked with one specific
build.

http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results

Thanks
-Milind

> hi,
> I got login to work by adding the changes below to my controller using
> ofbiz4.0.
> I don't think I follow the reason with OFBTOOLS base persmission not
> taking effect in the ofbiz-component as explained in OFBIZ-829.
> But I agree with Si Chen on OFBIZ-829
> "The right way is to assume no permission until one of the list of
> permissions is met." Seems more intitutive.
> For now I can workaround it so thanks all.
> -Milind
>
>
>
> <preprocessor>
>         <!-- Events to run on every request before security (chains
> exempt) -->
>         <!-- <event type="java" path="org.ofbiz.webapp.event.TestEvent"
> invoke="test"/> -->
>         <event type="java" path="org.ofbiz.webapp.control.LoginWorker"
> invoke="checkExternalLoginKey"/>
>     </preprocessor>
>
> <!-- Request Mappings -->
>
>   <request-map uri="checkLogin" edit="false">
>         <description>Verify a user is logged in.</description>
>         <security https="false" auth="false"/>
>         <event type="java" path="org.ofbiz.webapp.control.LoginWorker"
> 	invoke="checkLogin" />
>         <response name="success" type="view" value="main" />
>         <response name="error" type="view" value="login" />
>     </request-map>
>
>     <request-map uri="login">
>         <security https="false" auth="false"/>
>         <event type="java" path="org.ofbiz.webapp.control.LoginWorker"
> 	invoke="login"/>
>         <response name="success" type="view" value="main"/>
>         <response name="error" type="view" value="login"/>
>     </request-map>
>
>
> 	<request-map uri="main">
> 	<security https="false" auth="true" />
> 	<response name="success" type="view" value="main"/>
> 	</request-map>
>
> <view-map name="login" type="screen"
> page="component://marketing/widget/CommonScreens.xml#login" />
>
>
>> Not with a direct link to the comment where is the explanation ;p
>> Actually it was more a didactic post
>>
>> Jacques
>>
>> From: "BJ Freeman" <bjfree@free-man.net>
>>> LOL
>>> that was the first link I sent on this thread.
>>>
>>> Jacques Le Roux sent the following on 7/30/2008 2:18 PM:
>>>> OFBiz Wiki is your friend. Just look for OFBTOOLS.
>>>>
>>>> You would have get
>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615
>>>>
>>>>
>>>> Jacques
>>>>
>>>> ----- Original Message ----- From: "Milind W"
>>>> <mailinglist@mymunshi.com>
>>>> To: <user@ofbiz.apache.org>
>>>> Sent: Wednesday, July 30, 2008 8:31 PM
>>>> Subject: Re: how to set security and permissions precedence
>>>>
>>>>
>>>>> Let me try to break up questions.
>>>>> Should'nt adding
>>>>> base-permission="OFBTOOLS"
>>>>> to the ofbiz-entity.xml force the user to login with a user id that
>>>>> is
>>>>> associated to the OFBTOOLS security group?
>>>>> I can see the application I created and the line seems to have no
>>>>> effect.
>>>>> What is the purpose of the line?
>>>>> Thanks
>>>>> -Milind
>>>>>
>>>>>> Please not that opentaps is not at the same level of revision that
>>>>>> ofbiz
>>>>>> it
>>>>>> there have been  changes to security.
>>>>>> there are examples in the
>>>>>> framework/example
>>>>>> and
>>>>>> framework/exampleext
>>>>>> I believe this to better tutorial
>>>>>> since they work already.
>>>>>>
>>>>>>
>>>>>> Balaji Sundar sent the following on 7/29/2008 9:40 PM:
>>>>>>>
>>>>>>>
>>>>>>> BJ Freeman wrote:
>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security
>>>>>>>>
>>>>>>>> Milind W sent the following on 7/29/2008 7:58 PM:
>>>>>>>>> hi,
>>>>>>>>> Security Permissions
>>>>>>>>> I am using ofbiz rev.79258
>>>>>>>>> I want to understand how security works so I made the
following
>>>>>>>>> modifications to hello1
>>>>>>>>> 1)I added base-permission="OFBTOOLS" to the ofbiz-component.xml
>>>>>>>>> I could still see the application I was assuming the
application
>>>>>>>>> would
>>>>>>>>> as
>>>>>>>>> me to login or prevent me from seeing the page.
>>>>>>>>> 2)I added <security> to the main request
>>>>>>>>> <request-map uri="main">
>>>>>>>>> <security https="false" auth="true"/>
>>>>>>>>> <response name="success" type="view" value="main"/>
>>>>>>>>> </request-map>
>>>>>>>>> This displays "java.lang.NullPointerException" in the
browser.
>>>>>>>>> How do permissions precedence work starting from the
UI to the
>>>>>>>>> entity
>>>>>>>>> layer.
>>>>>>>>> Help appreciated.
>>>>>>>>> Thanks
>>>>>>>>> -Milind
>>>>>>>>>
>>>>>>>>> Here is the log
>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [
>>>>>>>>> RequestHandler.java:243:INFO ] [Processing Request]:
main
>>>>>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1
>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [
>>>>>>>>> RequestManager.java:159:WARN ] [RequestManager.getEventType]
Type
>>>>>>>>> of
>>>>>>>>> event
>>>>>>>>> for request "checkLogin" not found
>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [
>>>>>>>>> RequestManager.java:146:WARN ] [RequestManager.getEventPath]
Path
>>>>>>>>> of
>>>>>>>>> event
>>>>>>>>> for request "checkLogin" not found
>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [
>>>>>>>>> RequestManager.java:172:WARN ] [RequestManager.getEventMethod]
>>>>>>>>> Method
>>>>>>>>> of
>>>>>>>>> event for request "checkLogin" not found
>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1) [
>>>>>>>>> ControlServlet.java:205:ERROR]
>>>>>>>>> ---- runtime exception report
>>>>>>>>> --------------------------------------------------
>>>>>>>>> Error in request handler:
>>>>>>>>> Exception: java.lang.NullPointerException
>>>>>>>>> Message: null
>>>>>>>>> ---- stack trace
>>>>>>>>> ---------------------------------------------------------------
>>>>>>>>> java.lang.NullPointerException
>>>>>>>>> javolution.util.FastMap.getEntry(Unknown Source)
>>>>>>>>> javolution.util.FastMap.containsKey(Unknown Source)
>>>>>>>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78)
>>>>>>>>>
>>>>>>>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102)
>>>>>>>>>
>>>>>>>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86)
>>>>>>>>>
>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453)
>>>>>>>>>
>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259)
>>>>>>>>>
>>>>>>>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198)
>>>>>>>>>
>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>>>>>>>>>
>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>>>>>>>>
>>>>>>>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255)
>>>>>>>>>
>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>>>>>>>>>
>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>>>>>>>>
>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>>>>>>>>>
>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>>>>>>>>>
>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>>>>>>>>>
>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>>>>>>>>>
>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>>>>>>>>
>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568)
>>>>>>>>>
>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>>>>>>>>>
>>>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>>>>>>>>>
>>>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>>>>>>>>>
>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>>>>>>>>
>>>>>>>>> java.lang.Thread.run(Thread.java:595)
>>>>>>>>> --------------------------------------------------------------------------------
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php
>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>
>
>



Mime
View raw message