ofbiz-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Milind W" <mailingl...@mymunshi.com>
Subject Re: how to set security and permissions precedence
Date Mon, 04 Aug 2008 00:35:43 GMT
I got the updated files.
Did ant clean and then a new build.
I still see the SAME behavior described in my previous email.
I am attaching my controller.xml

> here is the fix
> http://svn.apache.org/viewvc?rev=682228&view=rev
>
> Milind W sent the following on 8/3/2008 4:27 PM:
>> Just tried "ant clean" it made no difference.
>> I can proceed to main without being redirected to login with rev#679258.
>>
>>
>> Relevant log for rev#679258
>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1)
>> [RequestHandler.java:243:INFO ] [Processing Request]: main
>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1
>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1)
>> [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response is
>> a
>> view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1
>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1)
>> [RequestHandler.java:584:INFO ] servletName=control, view=main
>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1
>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [
>> UtilJ2eeCompat.java:69
>> :INFO ] serverInfo: apache tomcat/6.0.16
>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [
>> UtilJ2eeCompat.java:78
>> :INFO ] Apache Tomcat detected, using response.getWriter to write text
>> out
>> instead of response.getOutputStream
>>
>> and with rev#677863
>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>> RequestHandler.java:236:INFO ] [Processing Request]: main
>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1
>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>> LoginWorker.java:262:INFO ] reqParams Map: []
>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>> LoginWorker.java:263:INFO ] queryString:
>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>> LoginWorker.java:273:INFO ] checkLogin: queryString=
>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>> LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main
>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>> RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response is a
>> view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1
>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>> RequestHandler.java:578:INFO ] servletName=control, view=login
>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1
>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>> UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20
>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>> UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using
>> response.getWriter to write text out instead of response.getOutputStream
>>
>> The loginworker seems to be invoked with rev#677863 and not with
>> rev#679258.
>> Any Idea?
>>
>>> Did you try an "ant clean" ? There have been some changes recently that
>>> implie this cleanup.
>>>
>>> Jacques
>>>
>>> From: "Milind W" <mailinglist@mymunshi.com>
>>>> Looks like I have a problem making this example work with
>>>> revision#679258
>>>>
>>>> It worked fine (i.e I was redirected to login screen before I could
>>>> get
>>>> to
>>>> main) with rev#677863
>>>>
>>>> Looks like the view
>>>> <view-map name="login" type="screen"
>>>> page="component://marketing/widget/CommonScreens.xml#login" />
>>>> is part of the problem. The CommonScreens.xml has moved and does no
>>>> longer
>>>> seem to have the 'login' screen.
>>>>
>>>> I tried finding another screen with the 'login' view. I found another
>>>> one
>>>> in the 'common' component and modified my hello controller to point to
>>>> <view-map name="login" type="screen"
>>>> page="component://common/widget/CommonScreens.xml#login"/>
>>>> but it is no acting the same as previously.
>>>>
>>>> Please let me know what is missing (or any suggestion how best to
>>>> illustrate login) so I can complete and contribute my tutorial for
>>>> security. Would hate to create a tutorial that worked with one
>>>> specific
>>>> build.
>>>>
>>>> http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results
>>>>
>>>> Thanks
>>>> -Milind
>>>>
>>>>> hi,
>>>>> I got login to work by adding the changes below to my controller
>>>>> using
>>>>> ofbiz4.0.
>>>>> I don't think I follow the reason with OFBTOOLS base persmission not
>>>>> taking effect in the ofbiz-component as explained in OFBIZ-829.
>>>>> But I agree with Si Chen on OFBIZ-829
>>>>> "The right way is to assume no permission until one of the list of
>>>>> permissions is met." Seems more intitutive.
>>>>> For now I can workaround it so thanks all.
>>>>> -Milind
>>>>>
>>>>>
>>>>>
>>>>> <preprocessor>
>>>>>         <!-- Events to run on every request before security (chains
>>>>> exempt) -->
>>>>>         <!-- <event type="java"
>>>>> path="org.ofbiz.webapp.event.TestEvent"
>>>>> invoke="test"/> -->
>>>>>         <event type="java"
>>>>> path="org.ofbiz.webapp.control.LoginWorker"
>>>>> invoke="checkExternalLoginKey"/>
>>>>>     </preprocessor>
>>>>>
>>>>> <!-- Request Mappings -->
>>>>>
>>>>>   <request-map uri="checkLogin" edit="false">
>>>>>         <description>Verify a user is logged in.</description>
>>>>>         <security https="false" auth="false"/>
>>>>>         <event type="java"
>>>>> path="org.ofbiz.webapp.control.LoginWorker"
>>>>> invoke="checkLogin" />
>>>>>         <response name="success" type="view" value="main" />
>>>>>         <response name="error" type="view" value="login" />
>>>>>     </request-map>
>>>>>
>>>>>     <request-map uri="login">
>>>>>         <security https="false" auth="false"/>
>>>>>         <event type="java"
>>>>> path="org.ofbiz.webapp.control.LoginWorker"
>>>>> invoke="login"/>
>>>>>         <response name="success" type="view" value="main"/>
>>>>>         <response name="error" type="view" value="login"/>
>>>>>     </request-map>
>>>>>
>>>>>
>>>>> <request-map uri="main">
>>>>> <security https="false" auth="true" />
>>>>> <response name="success" type="view" value="main"/>
>>>>> </request-map>
>>>>>
>>>>> <view-map name="login" type="screen"
>>>>> page="component://marketing/widget/CommonScreens.xml#login" />
>>>>>
>>>>>
>>>>>> Not with a direct link to the comment where is the explanation ;p
>>>>>> Actually it was more a didactic post
>>>>>>
>>>>>> Jacques
>>>>>>
>>>>>> From: "BJ Freeman" <bjfree@free-man.net>
>>>>>>> LOL
>>>>>>> that was the first link I sent on this thread.
>>>>>>>
>>>>>>> Jacques Le Roux sent the following on 7/30/2008 2:18 PM:
>>>>>>>> OFBiz Wiki is your friend. Just look for OFBTOOLS.
>>>>>>>>
>>>>>>>> You would have get
>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615
>>>>>>>>
>>>>>>>>
>>>>>>>> Jacques
>>>>>>>>
>>>>>>>> ----- Original Message ----- From: "Milind W"
>>>>>>>> <mailinglist@mymunshi.com>
>>>>>>>> To: <user@ofbiz.apache.org>
>>>>>>>> Sent: Wednesday, July 30, 2008 8:31 PM
>>>>>>>> Subject: Re: how to set security and permissions precedence
>>>>>>>>
>>>>>>>>
>>>>>>>>> Let me try to break up questions.
>>>>>>>>> Should'nt adding
>>>>>>>>> base-permission="OFBTOOLS"
>>>>>>>>> to the ofbiz-entity.xml force the user to login with
a user id
>>>>>>>>> that
>>>>>>>>> is
>>>>>>>>> associated to the OFBTOOLS security group?
>>>>>>>>> I can see the application I created and the line seems
to have no
>>>>>>>>> effect.
>>>>>>>>> What is the purpose of the line?
>>>>>>>>> Thanks
>>>>>>>>> -Milind
>>>>>>>>>
>>>>>>>>>> Please not that opentaps is not at the same level
of revision
>>>>>>>>>> that
>>>>>>>>>> ofbiz
>>>>>>>>>> it
>>>>>>>>>> there have been  changes to security.
>>>>>>>>>> there are examples in the
>>>>>>>>>> framework/example
>>>>>>>>>> and
>>>>>>>>>> framework/exampleext
>>>>>>>>>> I believe this to better tutorial
>>>>>>>>>> since they work already.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Balaji Sundar sent the following on 7/29/2008 9:40
PM:
>>>>>>>>>>>
>>>>>>>>>>> BJ Freeman wrote:
>>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security
>>>>>>>>>>>>
>>>>>>>>>>>> Milind W sent the following on 7/29/2008
7:58 PM:
>>>>>>>>>>>>> hi,
>>>>>>>>>>>>> Security Permissions
>>>>>>>>>>>>> I am using ofbiz rev.79258
>>>>>>>>>>>>> I want to understand how security works
so I made the
>>>>>>>>>>>>> following
>>>>>>>>>>>>> modifications to hello1
>>>>>>>>>>>>> 1)I added base-permission="OFBTOOLS"
to the
>>>>>>>>>>>>> ofbiz-component.xml
>>>>>>>>>>>>> I could still see the application I was
assuming the
>>>>>>>>>>>>> application
>>>>>>>>>>>>> would
>>>>>>>>>>>>> as
>>>>>>>>>>>>> me to login or prevent me from seeing
the page.
>>>>>>>>>>>>> 2)I added <security> to the main
request
>>>>>>>>>>>>> <request-map uri="main">
>>>>>>>>>>>>> <security https="false" auth="true"/>
>>>>>>>>>>>>> <response name="success" type="view"
value="main"/>
>>>>>>>>>>>>> </request-map>
>>>>>>>>>>>>> This displays "java.lang.NullPointerException"
in the
>>>>>>>>>>>>> browser.
>>>>>>>>>>>>> How do permissions precedence work starting
from the UI to
>>>>>>>>>>>>> the
>>>>>>>>>>>>> entity
>>>>>>>>>>>>> layer.
>>>>>>>>>>>>> Help appreciated.
>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>> -Milind
>>>>>>>>>>>>>
>>>>>>>>>>>>> Here is the log
>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1)
[
>>>>>>>>>>>>> RequestHandler.java:243:INFO ] [Processing
Request]: main
>>>>>>>>>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1
>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1)
[
>>>>>>>>>>>>> RequestManager.java:159:WARN ] [RequestManager.getEventType]
>>>>>>>>>>>>> Type
>>>>>>>>>>>>> of
>>>>>>>>>>>>> event
>>>>>>>>>>>>> for request "checkLogin" not found
>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1)
[
>>>>>>>>>>>>> RequestManager.java:146:WARN ] [RequestManager.getEventPath]
>>>>>>>>>>>>> Path
>>>>>>>>>>>>> of
>>>>>>>>>>>>> event
>>>>>>>>>>>>> for request "checkLogin" not found
>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1)
[
>>>>>>>>>>>>> RequestManager.java:172:WARN ]
>>>>>>>>>>>>> [RequestManager.getEventMethod]
>>>>>>>>>>>>> Method
>>>>>>>>>>>>> of
>>>>>>>>>>>>> event for request "checkLogin" not found
>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1)
[
>>>>>>>>>>>>> ControlServlet.java:205:ERROR]
>>>>>>>>>>>>> ---- runtime exception report
>>>>>>>>>>>>> --------------------------------------------------
>>>>>>>>>>>>> Error in request handler:
>>>>>>>>>>>>> Exception: java.lang.NullPointerException
>>>>>>>>>>>>> Message: null
>>>>>>>>>>>>> ---- stack trace
>>>>>>>>>>>>> ---------------------------------------------------------------
>>>>>>>>>>>>> java.lang.NullPointerException
>>>>>>>>>>>>> javolution.util.FastMap.getEntry(Unknown
Source)
>>>>>>>>>>>>> javolution.util.FastMap.containsKey(Unknown
Source)
>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78)
>>>>>>>>>>>>>
>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102)
>>>>>>>>>>>>>
>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86)
>>>>>>>>>>>>>
>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453)
>>>>>>>>>>>>>
>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259)
>>>>>>>>>>>>>
>>>>>>>>>>>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198)
>>>>>>>>>>>>>
>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>>>>>>>>>>>>>
>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>>>>>>>>>>>>
>>>>>>>>>>>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255)
>>>>>>>>>>>>>
>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>>>>>>>>>>>>>
>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>>>>>>>>>>>>
>>>>>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>>>>>>>>>>>>>
>>>>>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>>>>>>>>>>>>>
>>>>>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>>>>>>>>>>>>>
>>>>>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>>>>>>>>>>>>>
>>>>>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>>>>>>>>>>>>
>>>>>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568)
>>>>>>>>>>>>>
>>>>>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>>>>>>>>>>>>>
>>>>>>>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>>>>>>>>>>>>>
>>>>>>>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>>>>>>>>>>>>>
>>>>>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>>>>>>>>>>>>
>>>>>>>>>>>>> java.lang.Thread.run(Thread.java:595)
>>>>>>>>>>>>> --------------------------------------------------------------------------------
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php
>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>
>>>>
>>
>>
>>
>>
>>
>
>

Mime
View raw message