ofbiz-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Milind W" <mailingl...@mymunshi.com>
Subject Re: how to set security and permissions precedence
Date Sun, 03 Aug 2008 23:27:52 GMT
Just tried "ant clean" it made no difference.
I can proceed to main without being redirected to login with rev#679258.


Relevant log for rev#679258
2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1)
[RequestHandler.java:243:INFO ] [Processing Request]: main
sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1
2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1)
[RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response is a
view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1
2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1)
[RequestHandler.java:584:INFO ] servletName=control, view=main
sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1
2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [     UtilJ2eeCompat.java:69
:INFO ] serverInfo: apache tomcat/6.0.16
2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [     UtilJ2eeCompat.java:78
:INFO ] Apache Tomcat detected, using response.getWriter to write text out
instead of response.getOutputStream

and with rev#677863
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [    
RequestHandler.java:236:INFO ] [Processing Request]: main
sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [       
LoginWorker.java:262:INFO ] reqParams Map: []
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [       
LoginWorker.java:263:INFO ] queryString:
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [       
LoginWorker.java:273:INFO ] checkLogin: queryString=
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [       
LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [    
RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response is a
view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [    
RequestHandler.java:578:INFO ] servletName=control, view=login
sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [    
UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20
2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [    
UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using
response.getWriter to write text out instead of response.getOutputStream

The loginworker seems to be invoked with rev#677863 and not with rev#679258.
Any Idea?

> Did you try an "ant clean" ? There have been some changes recently that
> implie this cleanup.
>
> Jacques
>
> From: "Milind W" <mailinglist@mymunshi.com>
>> Looks like I have a problem making this example work with
>> revision#679258
>>
>> It worked fine (i.e I was redirected to login screen before I could get
>> to
>> main) with rev#677863
>>
>> Looks like the view
>> <view-map name="login" type="screen"
>> page="component://marketing/widget/CommonScreens.xml#login" />
>> is part of the problem. The CommonScreens.xml has moved and does no
>> longer
>> seem to have the 'login' screen.
>>
>> I tried finding another screen with the 'login' view. I found another
>> one
>> in the 'common' component and modified my hello controller to point to
>> <view-map name="login" type="screen"
>> page="component://common/widget/CommonScreens.xml#login"/>
>> but it is no acting the same as previously.
>>
>> Please let me know what is missing (or any suggestion how best to
>> illustrate login) so I can complete and contribute my tutorial for
>> security. Would hate to create a tutorial that worked with one specific
>> build.
>>
>> http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results
>>
>> Thanks
>> -Milind
>>
>>> hi,
>>> I got login to work by adding the changes below to my controller using
>>> ofbiz4.0.
>>> I don't think I follow the reason with OFBTOOLS base persmission not
>>> taking effect in the ofbiz-component as explained in OFBIZ-829.
>>> But I agree with Si Chen on OFBIZ-829
>>> "The right way is to assume no permission until one of the list of
>>> permissions is met." Seems more intitutive.
>>> For now I can workaround it so thanks all.
>>> -Milind
>>>
>>>
>>>
>>> <preprocessor>
>>>         <!-- Events to run on every request before security (chains
>>> exempt) -->
>>>         <!-- <event type="java" path="org.ofbiz.webapp.event.TestEvent"
>>> invoke="test"/> -->
>>>         <event type="java" path="org.ofbiz.webapp.control.LoginWorker"
>>> invoke="checkExternalLoginKey"/>
>>>     </preprocessor>
>>>
>>> <!-- Request Mappings -->
>>>
>>>   <request-map uri="checkLogin" edit="false">
>>>         <description>Verify a user is logged in.</description>
>>>         <security https="false" auth="false"/>
>>>         <event type="java" path="org.ofbiz.webapp.control.LoginWorker"
>>> invoke="checkLogin" />
>>>         <response name="success" type="view" value="main" />
>>>         <response name="error" type="view" value="login" />
>>>     </request-map>
>>>
>>>     <request-map uri="login">
>>>         <security https="false" auth="false"/>
>>>         <event type="java" path="org.ofbiz.webapp.control.LoginWorker"
>>> invoke="login"/>
>>>         <response name="success" type="view" value="main"/>
>>>         <response name="error" type="view" value="login"/>
>>>     </request-map>
>>>
>>>
>>> <request-map uri="main">
>>> <security https="false" auth="true" />
>>> <response name="success" type="view" value="main"/>
>>> </request-map>
>>>
>>> <view-map name="login" type="screen"
>>> page="component://marketing/widget/CommonScreens.xml#login" />
>>>
>>>
>>>> Not with a direct link to the comment where is the explanation ;p
>>>> Actually it was more a didactic post
>>>>
>>>> Jacques
>>>>
>>>> From: "BJ Freeman" <bjfree@free-man.net>
>>>>> LOL
>>>>> that was the first link I sent on this thread.
>>>>>
>>>>> Jacques Le Roux sent the following on 7/30/2008 2:18 PM:
>>>>>> OFBiz Wiki is your friend. Just look for OFBTOOLS.
>>>>>>
>>>>>> You would have get
>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615
>>>>>>
>>>>>>
>>>>>> Jacques
>>>>>>
>>>>>> ----- Original Message ----- From: "Milind W"
>>>>>> <mailinglist@mymunshi.com>
>>>>>> To: <user@ofbiz.apache.org>
>>>>>> Sent: Wednesday, July 30, 2008 8:31 PM
>>>>>> Subject: Re: how to set security and permissions precedence
>>>>>>
>>>>>>
>>>>>>> Let me try to break up questions.
>>>>>>> Should'nt adding
>>>>>>> base-permission="OFBTOOLS"
>>>>>>> to the ofbiz-entity.xml force the user to login with a user id
that
>>>>>>> is
>>>>>>> associated to the OFBTOOLS security group?
>>>>>>> I can see the application I created and the line seems to have
no
>>>>>>> effect.
>>>>>>> What is the purpose of the line?
>>>>>>> Thanks
>>>>>>> -Milind
>>>>>>>
>>>>>>>> Please not that opentaps is not at the same level of revision
that
>>>>>>>> ofbiz
>>>>>>>> it
>>>>>>>> there have been  changes to security.
>>>>>>>> there are examples in the
>>>>>>>> framework/example
>>>>>>>> and
>>>>>>>> framework/exampleext
>>>>>>>> I believe this to better tutorial
>>>>>>>> since they work already.
>>>>>>>>
>>>>>>>>
>>>>>>>> Balaji Sundar sent the following on 7/29/2008 9:40 PM:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> BJ Freeman wrote:
>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security
>>>>>>>>>>
>>>>>>>>>> Milind W sent the following on 7/29/2008 7:58 PM:
>>>>>>>>>>> hi,
>>>>>>>>>>> Security Permissions
>>>>>>>>>>> I am using ofbiz rev.79258
>>>>>>>>>>> I want to understand how security works so I
made the following
>>>>>>>>>>> modifications to hello1
>>>>>>>>>>> 1)I added base-permission="OFBTOOLS" to the ofbiz-component.xml
>>>>>>>>>>> I could still see the application I was assuming
the
>>>>>>>>>>> application
>>>>>>>>>>> would
>>>>>>>>>>> as
>>>>>>>>>>> me to login or prevent me from seeing the page.
>>>>>>>>>>> 2)I added <security> to the main request
>>>>>>>>>>> <request-map uri="main">
>>>>>>>>>>> <security https="false" auth="true"/>
>>>>>>>>>>> <response name="success" type="view" value="main"/>
>>>>>>>>>>> </request-map>
>>>>>>>>>>> This displays "java.lang.NullPointerException"
in the browser.
>>>>>>>>>>> How do permissions precedence work starting from
the UI to the
>>>>>>>>>>> entity
>>>>>>>>>>> layer.
>>>>>>>>>>> Help appreciated.
>>>>>>>>>>> Thanks
>>>>>>>>>>> -Milind
>>>>>>>>>>>
>>>>>>>>>>> Here is the log
>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1)
[
>>>>>>>>>>> RequestHandler.java:243:INFO ] [Processing Request]:
main
>>>>>>>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1
>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1)
[
>>>>>>>>>>> RequestManager.java:159:WARN ] [RequestManager.getEventType]
>>>>>>>>>>> Type
>>>>>>>>>>> of
>>>>>>>>>>> event
>>>>>>>>>>> for request "checkLogin" not found
>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1)
[
>>>>>>>>>>> RequestManager.java:146:WARN ] [RequestManager.getEventPath]
>>>>>>>>>>> Path
>>>>>>>>>>> of
>>>>>>>>>>> event
>>>>>>>>>>> for request "checkLogin" not found
>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1)
[
>>>>>>>>>>> RequestManager.java:172:WARN ] [RequestManager.getEventMethod]
>>>>>>>>>>> Method
>>>>>>>>>>> of
>>>>>>>>>>> event for request "checkLogin" not found
>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1)
[
>>>>>>>>>>> ControlServlet.java:205:ERROR]
>>>>>>>>>>> ---- runtime exception report
>>>>>>>>>>> --------------------------------------------------
>>>>>>>>>>> Error in request handler:
>>>>>>>>>>> Exception: java.lang.NullPointerException
>>>>>>>>>>> Message: null
>>>>>>>>>>> ---- stack trace
>>>>>>>>>>> ---------------------------------------------------------------
>>>>>>>>>>> java.lang.NullPointerException
>>>>>>>>>>> javolution.util.FastMap.getEntry(Unknown Source)
>>>>>>>>>>> javolution.util.FastMap.containsKey(Unknown Source)
>>>>>>>>>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78)
>>>>>>>>>>>
>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102)
>>>>>>>>>>>
>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86)
>>>>>>>>>>>
>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453)
>>>>>>>>>>>
>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259)
>>>>>>>>>>>
>>>>>>>>>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198)
>>>>>>>>>>>
>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>>>>>>>>>>>
>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>>>>>>>>>>
>>>>>>>>>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255)
>>>>>>>>>>>
>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>>>>>>>>>>>
>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>>>>>>>>>>
>>>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>>>>>>>>>>>
>>>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>>>>>>>>>>>
>>>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>>>>>>>>>>>
>>>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>>>>>>>>>>>
>>>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>>>>>>>>>>
>>>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568)
>>>>>>>>>>>
>>>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>>>>>>>>>>>
>>>>>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>>>>>>>>>>>
>>>>>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>>>>>>>>>>>
>>>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>>>>>>>>>>
>>>>>>>>>>> java.lang.Thread.run(Thread.java:595)
>>>>>>>>>>> --------------------------------------------------------------------------------
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php
>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>>
>>
>>
>



Mime
View raw message